451 files changed, 0 insertions, 165721 deletions

diff --git a/base/common/src/com/netscape/cms/authentication/AVAPattern.java b/base/common/src/com/netscape/cms/authentication/AVAPattern.java
deleted file mode 100644
index 3e984c0cc..000000000
--- a/base/common/src/com/netscape/cms/authentication/AVAPattern.java
+++ /dev/null
@@ -1,557 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authentication;
-
-import java.io.IOException;
-import java.io.PushbackReader;
-import java.io.StringReader;
-import java.util.Enumeration;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPDN;
-import netscape.ldap.LDAPEntry;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.AVA;
-import netscape.security.x509.LdapV3DNStrConverter;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.EAuthException;
-import com.netscape.certsrv.authentication.ECompSyntaxErr;
-
-/**
- * class for parsing a DN pattern used to construct a certificate
- * subject name from ldap attributes and dn.
- * <p>
- *
- * dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If
- * empty or not set, the ldap entry DN will be used as the certificate subject name.
- * <p>
- *
- * The syntax is
- *
- * <pre>
- * 	dnPattern := rdnPattern *[ "," rdnPattern ]
- * 	rdnPattern := avaPattern *[ "+" avaPattern ]
- * 		avaPattern := name "=" value |
- * 			      name "=" "$attr" "." attrName [ "." attrNumber ] |
- * 			      name "=" "$dn" "." attrName [ "." attrNumber ] |
- * 			 	  "$dn" "." "$rdn" "." number
- * </pre>
- *
- * <pre>
- * Example1: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US </i>
- * Ldap entry: dn:  UID=jjames, OU=IS, OU=people, O=acme.org
- * Ldap attributes: cn: Jesse James
- * Ldap attributes: mail: jjames@acme.org
- * <p>
- * The subject name formulated will be : <br>
- *     E=jjames@acme.org, CN=Jesse James, OU=people, O=acme.org, C=US
- * <p>
- *     E = the first 'mail' ldap attribute value in user's entry. <br>
- *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
- *     OU = the second 'ou' value in the user's entry DN. <br>
- *     O = the (first) 'o' value in the user's entry DN. <br>
- *     C = the string "US"
- * <p>
- * Example2: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US</i>
- * Ldap entry: dn:  UID=jjames, OU=IS+OU=people, O=acme.org
- * Ldap attributes: cn: Jesse James
- * Ldap attributes: mail: jjames@acme.org
- * <p>
- * The subject name formulated will be : <br>
- *     E=jjames@acme.org, CN=Jesse James, OU=people, O=acme.org, C=US
- * <p>
- *     E = the first 'mail' ldap attribute value in user's entry. <br>
- *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
- *     OU = the second 'ou' value in the user's entry DN. note multiple AVAs
- * 	    in a RDN in this example. <br>
- *     O = the (first) 'o' value in the user's entry DN. <br>
- *     C = the string "US"
- * <p>
- * </pre>
- *
- * <pre>
- * Example3: <i>CN=$attr.cn, $rdn.2, O=$dn.o, C=US</i>
- * Ldap entry: dn:  UID=jjames, OU=IS+OU=people, O=acme.org
- * Ldap attributes: cn: Jesse James
- * Ldap attributes: mail: jjames@acme.org
- * <p>
- * The subject name formulated will be : <br>
- *     CN=Jesse James, OU=IS+OU=people, O=acme.org, C=US
- * <p>
- *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
- *     followed by the second RDN in the user's entry DN. <br>
- *     O = the (first) 'o' value in the user's entry DN. <br>
- *     C = the string "US"
- * <p>
- * Example4: <i>CN=$attr.cn, OU=$dn.ou.2+OU=$dn.ou.1, O=$dn.o, C=US</i>
- * Ldap entry: dn:  UID=jjames, OU=IS+OU=people, O=acme.org
- * Ldap attributes: cn: Jesse James
- * Ldap attributes: mail: jjames@acme.org
- * <p>
- * The subject name formulated will be : <br>
- *     CN=Jesse James, OU=people+OU=IS, O=acme.org, C=US
- * <p>
- *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
- *     OU = the second 'ou' value in the user's entry DN followed by the
- * 		first 'ou' value in the user's entry. note multiple AVAs
- * 	    in a RDN in this example. <br>
- *     O = the (first) 'o' value in the user's entry DN. <br>
- *     C = the string "US"
- * <p>
- * </pre>
- *
- * If an attribute or subject DN component does not exist the attribute is skipped.
- *
- * @version $Revision$, $Date$
- */
-class AVAPattern {
-
-    /* the value type of the dn component */
-    public static final String TYPE_ATTR = "$attr";
-    public static final String TYPE_DN = "$dn";
-    public static final String TYPE_RDN = "$rdn";
-    public static final String TYPE_CONSTANT = "constant";
-
-    private static final LdapV3DNStrConverter mLdapDNStrConverter =
-            new LdapV3DNStrConverter();
-
-    /* ldap attributes needed by this AVA (to retrieve from ldap) */
-    protected String[] mLdapAttrs = null;
-
-    /* value type */
-    protected String mType = null;
-
-    /* the attribute in the AVA pair */
-    protected String mAttr = null;
-
-    /* value - could be name of an ldap attribute or entry dn attribute. */
-    protected String mValue = null;
-
-    /* nth value of the ldap or dn attribute */
-    protected int mElement = 0;
-
-    protected String mTestDN = null;
-
-    public AVAPattern(String component)
-            throws EAuthException {
-        if (component == null || component.length() == 0)
-            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component));
-        parse(new PushbackReader(new StringReader(component)));
-    }
-
-    public AVAPattern(PushbackReader in)
-            throws EAuthException {
-        parse(in);
-    }
-
-    private void parse(PushbackReader in)
-            throws EAuthException {
-        int c;
-
-        // mark ava beginning.
-
-        // skip spaces
-        //System.out.println("============ AVAPattern Begin ===========");
-        //System.out.println("skip spaces");
-
-        try {
-            while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces read "+(char)c);
-                ;
-            }
-        } catch (IOException e) {
-            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
-        }
-        if (c == -1)
-            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
-
-        // $rdn "." number syntax.
-
-        if (c == '$') {
-            //System.out.println("$rdn syntax");
-            mType = TYPE_RDN;
-            try {
-                if (in.read() != 'r' ||
-                        in.read() != 'd' ||
-                        in.read() != 'n' ||
-                        in.read() != '.')
-                    throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                            "Invalid $ syntax, expecting $rdn"));
-            } catch (IOException e) {
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                        "Invalid $ syntax, expecting $rdn"));
-            }
-
-            StringBuffer rdnNumberBuf = new StringBuffer();
-
-            try {
-                while ((c = in.read()) != ',' && c != -1 && c != '+') {
-                    //System.out.println("rdnNumber read "+(char)c);
-                    rdnNumberBuf.append((char) c);
-                }
-                if (c != -1) // either ',' or '+'
-                    in.unread(c);
-            } catch (IOException e) {
-                throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
-            }
-
-            String rdnNumber = rdnNumberBuf.toString().trim();
-
-            if (rdnNumber.length() == 0)
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                        "$rdn number not set in ava pattern"));
-            try {
-                mElement = Integer.parseInt(rdnNumber) - 1;
-            } catch (NumberFormatException e) {
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                        "Invalid $rdn number in ava pattern"));
-            }
-            return;
-        }
-
-        // name "=" ... syntax.
-
-        // read name
-        //System.out.println("reading name");
-
-        StringBuffer attrBuf = new StringBuffer();
-
-        try {
-            while (c != '=' && c != -1 && c != ',' && c != '+') {
-                attrBuf.append((char) c);
-                c = in.read();
-                //System.out.println("name read "+(char)c);
-            }
-            if (c == ',' || c == '+')
-                in.unread(c);
-        } catch (IOException e) {
-            throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
-        }
-        if (c != '=')
-            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                    "Missing \"=\" in ava pattern"));
-
-        // read value
-        //System.out.println("reading value");
-
-        // skip spaces
-        //System.out.println("skip spaces for value");
-        try {
-            while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces2 read "+(char)c);
-                ;
-            }
-        } catch (IOException e) {
-            throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
-        }
-        if (c == -1)
-            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                    "no value after = in ava pattern"));
-
-        if (c == '$') {
-            // check for $dn or $attr
-            try {
-                c = in.read();
-                //System.out.println("check $dn or $attr read "+(char)c);
-            } catch (IOException e) {
-                throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
-            }
-            if (c == -1)
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                            "expecting $dn or $attr in ava pattern"));
-            if (c == 'a') {
-                try {
-                    if (in.read() != 't' ||
-                            in.read() != 't' ||
-                            in.read() != 'r' ||
-                            in.read() != '.')
-                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                                    "expecting $attr in ava pattern"));
-                } catch (IOException e) {
-                    throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
-                }
-                mType = TYPE_ATTR;
-                //System.out.println("---- mtype $attr");
-            } else if (c == 'd') {
-                try {
-                    if (in.read() != 'n' ||
-                            in.read() != '.')
-                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                                    "expecting $dn in ava pattern"));
-                } catch (IOException e) {
-                    throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
-                }
-                mType = TYPE_DN;
-                //System.out.println("----- mtype $dn");
-            } else {
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                            "unknown keyword. expecting $dn or $attr."));
-            }
-
-            // get attr name of dn pattern from above.
-            String attrName = attrBuf.toString().trim();
-
-            //System.out.println("----- attrName "+attrName);
-            if (attrName.length() == 0)
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                        "attribute name expected"));
-            try {
-                ObjectIdentifier attrOid =
-                        mLdapDNStrConverter.parseAVAKeyword(attrName);
-
-                mAttr = mLdapDNStrConverter.encodeOID(attrOid);
-                //System.out.println("----- mAttr "+mAttr);
-            } catch (IOException e) {
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage()));
-            }
-
-            // get dn or attribute from ldap search.
-            StringBuffer valueBuf = new StringBuffer();
-
-            try {
-                while ((c = in.read()) != ',' &&
-                        c != -1 && c != '.' && c != '+') {
-                    //System.out.println("mValue read "+(char)c);
-                    valueBuf.append((char) c);
-                }
-                if (c == '+' || c == ',') // either ',' or '+'
-                    in.unread(c); // pushback last , or +
-            } catch (IOException e) {
-                throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
-            }
-
-            mValue = valueBuf.toString().trim();
-            if (mValue.length() == 0)
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                            "$dn or $attr attribute name expected"));
-            //System.out.println("----- mValue "+mValue);
-
-            // get nth dn or attribute from ldap search.
-            if (c == '.') {
-                StringBuffer attrNumberBuf = new StringBuffer();
-
-                try {
-                    while ((c = in.read()) != ',' && c != -1 && c != '+') {
-                        //System.out.println("mElement read "+(char)c);
-                        attrNumberBuf.append((char) c);
-                    }
-                    if (c != -1) // either ',' or '+'
-                        in.unread(c); // pushback last , or +
-                } catch (IOException e) {
-                    throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
-                }
-                String attrNumber = attrNumberBuf.toString().trim();
-
-                if (attrNumber.length() == 0)
-                    throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                                "nth element $dn or $attr expected"));
-                try {
-                    mElement = Integer.parseInt(attrNumber) - 1;
-                } catch (NumberFormatException e) {
-                    throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                                "Invalid format in nth element $dn or $attr"));
-                }
-            }
-            //System.out.println("----- mElement "+mElement);
-        } else {
-            // value is constant. treat as regular ava.
-            mType = TYPE_CONSTANT;
-            //System.out.println("----- mType constant");
-            // parse ava value.
-            StringBuffer valueBuf = new StringBuffer();
-
-            valueBuf.append((char) c);
-            try {
-                while ((c = in.read()) != ',' &&
-                        c != -1) {
-                    valueBuf.append((char) c);
-                }
-                if (c == '+' || c == ',') { // either ',' or '+'
-                    in.unread(c); // pushback last , or +
-                }
-            } catch (IOException e) {
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage()));
-            }
-            try {
-                AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf);
-
-                mValue = ava.toLdapDNString();
-                //System.out.println("----- mValue "+mValue);
-            } catch (IOException e) {
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage()));
-            }
-        }
-    }
-
-    public String formAVA(LDAPEntry entry)
-            throws EAuthException {
-        if (mType == TYPE_CONSTANT)
-            return mValue;
-
-        if (mType == TYPE_RDN) {
-            String dn = entry.getDN();
-
-            if (mTestDN != null)
-                dn = mTestDN;
-            //System.out.println("AVAPattern Using dn "+mTestDN);
-            String[] rdns = LDAPDN.explodeDN(dn, false);
-
-            if (mElement >= rdns.length)
-                return null;
-            return rdns[mElement];
-        }
-
-        if (mType == TYPE_DN) {
-            String dn = entry.getDN();
-
-            if (mTestDN != null)
-                dn = mTestDN;
-            //System.out.println("AVAPattern Using dn "+mTestDN);
-            String[] rdns = LDAPDN.explodeDN(dn, false);
-            String value = null;
-            int nFound = -1;
-
-            for (int i = 0; i < rdns.length; i++) {
-                String[] avas = explodeRDN(rdns[i]);
-
-                for (int j = 0; j < avas.length; j++) {
-                    String[] exploded = explodeAVA(avas[j]);
-
-                    if (exploded[0].equalsIgnoreCase(mValue) &&
-                            ++nFound == mElement) {
-                        value = exploded[1];
-                        break;
-                    }
-                }
-            }
-            if (value == null)
-                return null;
-            return mAttr + "=" + value;
-        }
-
-        if (mType == TYPE_ATTR) {
-            LDAPAttribute ldapAttr = entry.getAttribute(mValue);
-
-            if (ldapAttr == null)
-                return null;
-            String value = null;
-            @SuppressWarnings("unchecked")
-            Enumeration<String> ldapValues = ldapAttr.getStringValues();
-
-            for (int i = 0; ldapValues.hasMoreElements(); i++) {
-                String val = ldapValues.nextElement();
-
-                if (i == mElement) {
-                    value = val;
-                    break;
-                }
-            }
-            if (value == null)
-                return null;
-            String v = escapeLdapString(value);
-
-            return mAttr + "=" + v;
-        }
-
-        return null;
-    }
-
-    private String escapeLdapString(String value) {
-        int len = value.length();
-        char[] c = new char[len];
-        char[] newc = new char[len * 2];
-
-        value.getChars(0, len, c, 0);
-        int j = 0;
-
-        for (int i = 0; i < c.length; i++) {
-            // escape special characters that directory does not.
-            if ((c[i] == ',' || c[i] == '=' || c[i] == '+' || c[i] == '<' ||
-                    c[i] == '>' || c[i] == '#' || c[i] == ';')) {
-                if (i == 0 || c[i - 1] != '\\') {
-                    newc[j++] = '\\';
-                    newc[j++] = c[i];
-                }
-            } // escape "\"
-            else if (c[i] == '\\') {
-                int k = i + 1;
-
-                if (i == len - 1 ||
-                        (c[k] == ',' || c[k] == '=' || c[k] == '+' || c[k] == '<' ||
-                                c[k] == '>' || c[k] == '#' || c[k] == ';')) {
-                    newc[j++] = '\\';
-                    newc[j++] = c[i];
-                }
-            } // escape QUOTATION
-            else if (c[i] == '"') {
-                if ((i == 0 && c[len - 1] != '"') ||
-                        (i == len - 1 && c[0] != '"') ||
-                        (i > 0 && i < len - 1)) {
-                    newc[j++] = '\\';
-                    newc[j++] = c[i];
-                }
-            } else
-                newc[j++] = c[i];
-        }
-        return new String(newc, 0, j);
-    }
-
-    public String getLdapAttr() {
-        if (mType == TYPE_ATTR)
-            return mValue;
-        else
-            return null;
-    }
-
-    /**
-     * Explode RDN into AVAs.
-     * Does not handle escaped '+'
-     * Java ldap library does not yet support multiple avas per rdn.
-     * If RDN is malformed returns empty array.
-     */
-    public static String[] explodeRDN(String rdn) {
-        int plus = rdn.indexOf('+');
-
-        if (plus == -1)
-            return new String[] { rdn };
-        Vector<String> avas = new Vector<String>();
-        StringTokenizer token = new StringTokenizer(rdn, "+");
-
-        while (token.hasMoreTokens())
-            avas.addElement(token.nextToken());
-        String[] theAvas = new String[avas.size()];
-
-        avas.copyInto(theAvas);
-        return theAvas;
-    }
-
-    /**
-     * Explode AVA into name and value.
-     * Does not handle escaped '='
-     * If AVA is malformed empty array is returned.
-     */
-    public static String[] explodeAVA(String ava) {
-        int equals = ava.indexOf('=');
-
-        if (equals == -1)
-            return null;
-        return new String[] {
-                ava.substring(0, equals).trim(), ava.substring(equals + 1).trim() };
-    }
-}
diff --git a/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java b/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java
deleted file mode 100644
index c65dd3971..000000000
--- a/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java
+++ /dev/null
@@ -1,327 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authentication;
-
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.Enumeration;
-import java.util.Locale;
-
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.EInvalidCredentials;
-import com.netscape.certsrv.authentication.EMissingCredential;
-import com.netscape.certsrv.authentication.IAuthCredentials;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authentication.ISSLClientCertProvider;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileAuthenticator;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.usrgrp.Certificates;
-import com.netscape.certsrv.usrgrp.EUsrGrpException;
-import com.netscape.certsrv.usrgrp.ICertUserLocator;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.certsrv.usrgrp.IUser;
-
-/**
- * Certificate server agent authentication.
- * Maps a SSL client authenticate certificate to a user (agent) entry in the
- * internal database.
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public class AgentCertAuthentication implements IAuthManager,
-        IProfileAuthenticator {
-
-    /* result auth token attributes */
-    public static final String TOKEN_USERDN = "user";
-    public static final String TOKEN_USER_DN = "userdn";
-    public static final String TOKEN_USERID = "userid";
-    public static final String TOKEN_UID = "uid";
-    public static final String TOKEN_GROUP = "group";
-
-    /* required credentials */
-    public static final String CRED_CERT = IAuthManager.CRED_SSL_CLIENT_CERT;
-    protected String[] mRequiredCreds = { CRED_CERT };
-
-    /* config parameters to pass to console (none) */
-    protected static String[] mConfigParams = null;
-
-    private String mName = null;
-    private String mImplName = null;
-    private IConfigStore mConfig = null;
-
-    private IUGSubsystem mUGSub = null;
-    private ICertUserLocator mCULocator = null;
-
-    public AgentCertAuthentication() {
-    }
-
-    /**
-     * initializes the CertUserDBAuthentication auth manager
-     * <p>
-     * called by AuthSubsystem init() method, when initializing all available authentication managers.
-     *
-     * @param name The name of this authentication manager instance.
-     * @param implName The name of the authentication manager plugin.
-     * @param config The configuration store for this authentication manager.
-     */
-    public void init(String name, String implName, IConfigStore config)
-            throws EBaseException {
-        mName = name;
-        mImplName = implName;
-        mConfig = config;
-
-        mUGSub = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
-        mCULocator = mUGSub.getCertUserLocator();
-    }
-
-    /**
-     * Gets the name of this authentication manager.
-     */
-    public String getName() {
-        return mName;
-    }
-
-    /**
-     * Gets the plugin name of authentication manager.
-     */
-    public String getImplName() {
-        return mImplName;
-    }
-
-    public boolean isSSLClientRequired() {
-        return true;
-    }
-
-    /**
-     * authenticates user(agent) by certificate
-     * <p>
-     * called by other subsystems or their servlets to authenticate users (agents)
-     *
-     * @param authCred - authentication credential that contains
-     *            an usrgrp.Certificates of the user (agent)
-     * @return the authentication token that contains the following
-     *
-     * @exception EMissingCredential If a required credential for this
-     *                authentication manager is missing.
-     * @exception EInvalidCredentials If credentials cannot be authenticated.
-     * @exception EBaseException If an internal error occurred.
-     * @see com.netscape.certsrv.authentication.AuthToken
-     * @see com.netscape.certsrv.usrgrp.Certificates
-     */
-    public IAuthToken authenticate(IAuthCredentials authCred)
-            throws EMissingCredential, EInvalidCredentials, EBaseException {
-
-        CMS.debug("AgentCertAuthentication: start");
-        CMS.debug("authenticator instance name is " + getName());
-
-        // force SSL handshake
-        SessionContext context = SessionContext.getExistingContext();
-        ISSLClientCertProvider provider = (ISSLClientCertProvider)
-                context.get("sslClientCertProvider");
-
-        if (provider == null) {
-            CMS.debug("AgentCertAuthentication: No SSL Client Cert Provider Found");
-            throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-        }
-        CMS.debug("AgentCertAuthenticator: got provider");
-        CMS.debug("AgentCertAuthenticator: retrieving client certificate");
-        X509Certificate[] allCerts = provider.getClientCertificateChain();
-
-        if (allCerts == null) {
-            CMS.debug("AgentCertAuthentication: No SSL Client Certs Found");
-            throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-        }
-        CMS.debug("AgentCertAuthenticator: got certificates");
-
-        // retreive certificate from socket
-        AuthToken authToken = new AuthToken(this);
-        X509Certificate[] x509Certs = allCerts;
-
-        // default certificate default has bugs in version
-        // version(3) is returned as 3, which should be 2
-        X509CertImpl ci[] = new X509CertImpl[x509Certs.length];
-
-        try {
-            for (int i = 0; i < x509Certs.length; i++) {
-                ci[i] = new X509CertImpl(x509Certs[i].getEncoded());
-            }
-        } catch (CertificateException e) {
-            CMS.debug(e.toString());
-        }
-
-        // check if certificate(s) is revoked
-        boolean checkRevocation = true;
-        try {
-            checkRevocation = mConfig.getBoolean("checkRevocation", true);
-        } catch (EBaseException e) {
-            // do nothing; default to true
-        }
-        if (checkRevocation) {
-            if (CMS.isRevoked(ci)) {
-                CMS.debug("AgentCertAuthentication: certificate revoked");
-                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-            }
-        }
-
-        // map cert to user
-        IUser user = null;
-        Certificates certs = new Certificates(ci);
-
-        try {
-            user = mCULocator.locateUser(certs);
-        } catch (EUsrGrpException e) {
-            throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-        } catch (netscape.ldap.LDAPException e) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                        e.toString()));
-        }
-
-        // any unexpected error occurs like internal db down,
-        // UGSubsystem only returns null for user.
-        if (user == null) {
-            throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-        }
-
-        // get group name from configuration file
-        IConfigStore sconfig = CMS.getConfigStore();
-        String groupname = "";
-        try {
-            groupname = sconfig.getString("auths.instance." + getName() + ".agentGroup",
-                    "");
-        } catch (EBaseException ee) {
-        }
-
-        if (!groupname.equals("")) {
-            CMS.debug("check if " + user.getUserID() + " is  in group " + groupname);
-            IUGSubsystem uggroup = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
-            if (!uggroup.isMemberOf(user, groupname)) {
-                CMS.debug(user.getUserID() + " is not in this group " + groupname);
-                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHORIZATION_ERROR"));
-            }
-        }
-        authToken.set(TOKEN_USERDN, user.getUserDN());
-        authToken.set(TOKEN_USER_DN, user.getUserDN());
-        authToken.set(TOKEN_USERID, user.getUserID());
-        authToken.set(TOKEN_UID, user.getUserID());
-        authToken.set(TOKEN_GROUP, groupname);
-        authToken.set(CRED_CERT, certs);
-
-        CMS.debug("AgentCertAuthentication: authenticated " + user.getUserDN());
-
-        return authToken;
-    }
-
-    /**
-     * get the list of authentication credential attribute names
-     * required by this authentication manager. Generally used by
-     * the servlets that handle agent operations to authenticate its
-     * users. It calls this method to know which are the
-     * required credentials from the user (e.g. Javascript form data)
-     *
-     * @return attribute names in Vector
-     */
-    public String[] getRequiredCreds() {
-        return (mRequiredCreds);
-    }
-
-    /**
-     * get the list of configuration parameter names
-     * required by this authentication manager. Generally used by
-     * the Certificate Server Console to display the table for
-     * configuration purposes. CertUserDBAuthentication is currently not
-     * exposed in this case, so this method is not to be used.
-     *
-     * @return configuration parameter names in Hashtable of Vectors
-     *         where each hashtable entry's key is the substore name, value is a
-     *         Vector of parameter names. If no substore, the parameter name
-     *         is the Hashtable key itself, with value same as key.
-     */
-    public String[] getConfigParams() {
-        return (mConfigParams);
-    }
-
-    /**
-     * prepare this authentication manager for shutdown.
-     */
-    public void shutdown() {
-    }
-
-    /**
-     * gets the configuretion substore used by this authentication
-     * manager
-     *
-     * @return configuration store
-     */
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    // Profile-related methods
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_AGENT_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_AGENT_TEXT");
-    }
-
-    /**
-     * Retrieves a list of names of the value parameter.
-     */
-    public Enumeration<String> getValueNames() {
-        return null;
-    }
-
-    public boolean isValueWriteable(String name) {
-        return false;
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        return null;
-    }
-
-    public void populate(IAuthToken token, IRequest request)
-            throws EProfileException {
-    }
-}
diff --git a/base/common/src/com/netscape/cms/authentication/CMCAuth.java b/base/common/src/com/netscape/cms/authentication/CMCAuth.java
deleted file mode 100644
index f2bf40241..000000000
--- a/base/common/src/com/netscape/cms/authentication/CMCAuth.java
+++ /dev/null
@@ -1,1109 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-// package statement //
-///////////////////////
-
-package com.netscape.cms.authentication;
-
-///////////////////////
-// import statements //
-///////////////////////
-
-/* cert server imports */
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.PublicKey;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.pkcs.PKCS10;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.CryptoManager.NotInitializedException;
-import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.crypto.PrivateKey;
-import org.mozilla.jss.asn1.ASN1Util;
-import org.mozilla.jss.asn1.INTEGER;
-import org.mozilla.jss.asn1.InvalidBERException;
-import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
-import org.mozilla.jss.asn1.OCTET_STRING;
-import org.mozilla.jss.asn1.SEQUENCE;
-import org.mozilla.jss.asn1.SET;
-import org.mozilla.jss.crypto.DigestAlgorithm;
-import org.mozilla.jss.pkcs10.CertificationRequest;
-import org.mozilla.jss.pkcs11.PK11PubKey;
-import org.mozilla.jss.pkcs11.PK11ECPublicKey;
-import org.mozilla.jss.pkix.cert.Certificate;
-import org.mozilla.jss.pkix.cert.CertificateInfo;
-import org.mozilla.jss.pkix.cmc.PKIData;
-import org.mozilla.jss.pkix.cmc.TaggedAttribute;
-import org.mozilla.jss.pkix.cmc.TaggedCertificationRequest;
-import org.mozilla.jss.pkix.cmc.TaggedRequest;
-import org.mozilla.jss.pkix.cms.EncapsulatedContentInfo;
-import org.mozilla.jss.pkix.cms.IssuerAndSerialNumber;
-import org.mozilla.jss.pkix.cms.SignedData;
-import org.mozilla.jss.pkix.cms.SignerIdentifier;
-import org.mozilla.jss.pkix.crmf.CertReqMsg;
-import org.mozilla.jss.pkix.crmf.CertRequest;
-import org.mozilla.jss.pkix.crmf.CertTemplate;
-import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier;
-import org.mozilla.jss.pkix.primitive.Name;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.EInvalidCredentials;
-import com.netscape.certsrv.authentication.EMissingCredential;
-import com.netscape.certsrv.authentication.IAuthCredentials;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileAuthenticator;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cmsutil.util.Utils;
-
-//import com.netscape.cmscore.util.*;
-//////////////////////
-// class definition //
-//////////////////////
-
-/**
- * UID/CMC authentication plug-in
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
-        IProfileAuthenticator {
-
-    ////////////////////////
-    // default parameters //
-    ////////////////////////
-
-    /////////////////////////////
-    // IAuthManager parameters //
-    /////////////////////////////
-
-    /* authentication plug-in configuration store */
-    private IConfigStore mConfig;
-    private static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----";
-    private static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----";
-    public static final String TOKEN_CERT_SERIAL = "certSerialToRevoke";
-    public static final String REASON_CODE = "reasonCode";
-    /* authentication plug-in name */
-    private String mImplName = null;
-
-    /* authentication plug-in instance name */
-    private String mName = null;
-
-    /* authentication plug-in fields */
-
-    /* Holds authentication plug-in fields accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
-     */
-    protected static String[] mConfigParams =
-            new String[] {};
-
-    /* authentication plug-in values */
-
-    /* authentication plug-in properties */
-
-    /* required credentials to authenticate. UID and CMC are strings. */
-    public static final String CRED_CMC = "cmcRequest";
-
-    protected static String[] mRequiredCreds = {};
-
-    ////////////////////////////////////
-    // IExtendedPluginInfo parameters //
-    ////////////////////////////////////
-
-    /* Vector of extendedPluginInfo strings */
-    protected static Vector<String> mExtendedPluginInfo = null;
-    //public static final String AGENT_AUTHMGR_ID = "agentAuthMgr";
-    //public static final String AGENT_PLUGIN_ID = "agentAuthPlugin";
-
-    /* actual help messages */
-    static {
-        mExtendedPluginInfo = new Vector<String>();
-
-        mExtendedPluginInfo
-                .add(IExtendedPluginInfo.HELP_TEXT +
-                    ";Authenticate the CMC request. The signer must be an agent. The \"Authentication Instance ID\" must be named \"CMCAuth\"");
-        mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-authentication");
-    }
-
-    ///////////////////////
-    // Logger parameters //
-    ///////////////////////
-
-    /* the system's logger */
-    private ILogger mLogger = CMS.getLogger();
-
-    /* signed audit parameters */
-    private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
-    private final static String SIGNED_AUDIT_ENROLLMENT_REQUEST_TYPE =
-            "enrollment";
-    private final static String SIGNED_AUDIT_REVOCATION_REQUEST_TYPE =
-            "revocation";
-    private final static String LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY =
-            "LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY_5";
-
-    /////////////////////
-    // default methods //
-    /////////////////////
-
-    /**
-     * Default constructor, initialization must follow.
-     */
-    public CMCAuth() {
-    }
-
-    //////////////////////////
-    // IAuthManager methods //
-    //////////////////////////
-
-    /**
-     * Initializes the CMCAuth authentication plug-in.
-     * <p>
-     *
-     * @param name The name for this authentication plug-in instance.
-     * @param implName The name of the authentication plug-in.
-     * @param config - The configuration store for this instance.
-     * @exception EBaseException If an error occurs during initialization.
-     */
-    public void init(String name, String implName, IConfigStore config)
-            throws EBaseException {
-        mName = name;
-        mImplName = implName;
-        mConfig = config;
-
-        log(ILogger.LL_INFO, "Initialization complete!");
-    }
-
-    /**
-     * Authenticates user by their CMC;
-     * resulting AuthToken sets a TOKEN_SUBJECT for the subject name.
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY used when CMC (agent-pre-signed) cert
-     * requests or revocation requests are submitted and signature is verified
-     * </ul>
-     *
-     * @param authCred Authentication credentials, CRED_UID and CRED_CMC.
-     * @return an AuthToken
-     * @exception com.netscape.certsrv.authentication.EMissingCredential
-     *                If a required authentication credential is missing.
-     * @exception com.netscape.certsrv.authentication.EInvalidCredentials
-     *                If credentials failed authentication.
-     * @exception com.netscape.certsrv.base.EBaseException
-     *                If an internal error occurred.
-     * @see com.netscape.certsrv.authentication.AuthToken
-     */
-    public IAuthToken authenticate(IAuthCredentials authCred) throws EMissingCredential, EInvalidCredentials,
-            EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditReqType = ILogger.UNIDENTIFIED;
-        String auditCertSubject = ILogger.UNIDENTIFIED;
-        String auditSignerInfo = ILogger.UNIDENTIFIED;
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            // get the CMC.
-
-            Object argblock = authCred.getArgBlock();
-            Object returnVal = null;
-            if (argblock == null) {
-                returnVal = authCred.get("cert_request");
-                if (returnVal == null)
-                    returnVal = authCred.get(CRED_CMC);
-            } else {
-                returnVal = authCred.get("cert_request");
-                if (returnVal == null)
-                    returnVal = authCred.getArgBlock().get(CRED_CMC);
-            }
-            String cmc = (String) returnVal;
-            if (cmc == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditReqType,
-                        auditCertSubject,
-                        auditSignerInfo);
-
-                audit(auditMessage);
-
-                throw new EMissingCredential(CMS.getUserMessage(
-                        "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC));
-            }
-
-            if (cmc.equals("")) {
-                log(ILogger.LL_FAILURE,
-                        "cmc : attempted login with empty CMC.");
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditReqType,
-                        auditCertSubject,
-                        auditSignerInfo);
-
-                audit(auditMessage);
-
-                throw new EInvalidCredentials(CMS.getUserMessage(
-                        "CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-            }
-
-            // authenticate by checking CMC.
-
-            // everything OK.
-            // now formulate the certificate info.
-            // set the subject name at a minimum.
-            // set anything else like version, extensions, etc.
-            // if nothing except subject name is set the rest of
-            // cert info will be filled in by policies and CA defaults.
-
-            AuthToken authToken = new AuthToken(this);
-
-            try {
-                String asciiBASE64Blob;
-
-                int startIndex = cmc.indexOf(HEADER);
-                int endIndex = cmc.indexOf(TRAILER);
-                if (startIndex != -1 && endIndex != -1) {
-                    startIndex = startIndex + HEADER.length();
-                    asciiBASE64Blob = cmc.substring(startIndex, endIndex);
-                } else
-                    asciiBASE64Blob = cmc;
-
-                byte[] cmcBlob = CMS.AtoB(asciiBASE64Blob);
-                ByteArrayInputStream cmcBlobIn = new
-                                                 ByteArrayInputStream(cmcBlob);
-
-                org.mozilla.jss.pkix.cms.ContentInfo cmcReq =
-                        (org.mozilla.jss.pkix.cms.ContentInfo)
-                        org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(
-                                cmcBlobIn);
-
-                if (!cmcReq.getContentType().equals(
-                        org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) ||
-                        !cmcReq.hasContent()) {
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditReqType,
-                            auditCertSubject,
-                            auditSignerInfo);
-
-                    audit(auditMessage);
-
-                    // throw new ECMSGWException(CMSGWResources.NO_CMC_CONTENT);
-
-                    throw new EBaseException("NO_CMC_CONTENT");
-                }
-
-                SignedData cmcFullReq = (SignedData)
-                                        cmcReq.getInterpretedContent();
-
-                IConfigStore cmc_config = CMS.getConfigStore();
-                boolean checkSignerInfo =
-                        cmc_config.getBoolean("cmc.signerInfo.verify", true);
-                String userid = "defUser";
-                String uid = "defUser";
-                if (checkSignerInfo) {
-                    IAuthToken agentToken = verifySignerInfo(authToken, cmcFullReq);
-                    if (agentToken == null) {
-                        CMS.debug("CMCAuth: authenticate() agentToken null");
-                        throw new EBaseException("CMCAuth: agent verifySignerInfo failure");
-                    }
-                    userid = agentToken.getInString("userid");
-                    uid = agentToken.getInString("cn");
-                } else {
-                    CMS.debug("CMCAuth: authenticate() signerInfo verification bypassed");
-                }
-                // reset value of auditSignerInfo
-                if (uid != null) {
-                    auditSignerInfo = uid.trim();
-                }
-
-                EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
-
-                OBJECT_IDENTIFIER id = ci.getContentType();
-
-                if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) ||
-                        !ci.hasContent()) {
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditReqType,
-                            auditCertSubject,
-                            auditSignerInfo);
-
-                    audit(auditMessage);
-
-                    //  throw new ECMSGWException(
-                    // CMSGWResources.NO_PKIDATA);
-
-                    throw new EBaseException("NO_PKIDATA");
-                }
-
-                OCTET_STRING content = ci.getContent();
-
-                ByteArrayInputStream s = new
-                        ByteArrayInputStream(content.toByteArray());
-                PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s);
-
-                SEQUENCE reqSequence = pkiData.getReqSequence();
-
-                int numReqs = reqSequence.size();
-
-                if (numReqs == 0) {
-                    // revocation request
-
-                    // reset value of auditReqType
-                    auditReqType = SIGNED_AUDIT_REVOCATION_REQUEST_TYPE;
-
-                    SEQUENCE controlSequence = pkiData.getControlSequence();
-                    int controlSize = controlSequence.size();
-
-                    if (controlSize > 0) {
-                        for (int i = 0; i < controlSize; i++) {
-                            TaggedAttribute taggedAttribute =
-                                    (TaggedAttribute) controlSequence.elementAt(i);
-                            OBJECT_IDENTIFIER type = taggedAttribute.getType();
-
-                            if (type.equals(
-                                    OBJECT_IDENTIFIER.id_cmc_revokeRequest)) {
-                                // if( i ==1 ) {
-                                //     taggedAttribute.getType() ==
-                                //       OBJECT_IDENTIFIER.id_cmc_revokeRequest
-                                // }
-
-                                SET values = taggedAttribute.getValues();
-                                int numVals = values.size();
-                                BigInteger[] bigIntArray = null;
-
-                                bigIntArray = new BigInteger[numVals];
-                                for (int j = 0; j < numVals; j++) {
-                                    // serialNumber    INTEGER
-
-                                    // SEQUENCE RevRequest = (SEQUENCE)
-                                    //     values.elementAt(j);
-                                    byte[] encoded = ASN1Util.encode(
-                                            values.elementAt(j));
-                                    org.mozilla.jss.asn1.ASN1Template template = new
-                                            org.mozilla.jss.pkix.cmmf.RevRequest.Template();
-                                    org.mozilla.jss.pkix.cmmf.RevRequest revRequest =
-                                            (org.mozilla.jss.pkix.cmmf.RevRequest)
-                                            ASN1Util.decode(template, encoded);
-
-                                    // SEQUENCE RevRequest = (SEQUENCE)
-                                    //     ASN1Util.decode(
-                                    //         SEQUENCE.getTemplate(),
-                                    //         ASN1Util.encode(
-                                    //         values.elementAt(j)));
-
-                                    // SEQUENCE RevRequest =
-                                    //     values.elementAt(j);
-                                    // int revReqSize = RevRequest.size();
-                                    // if( revReqSize > 3 ) {
-                                    //     INTEGER serialNumber =
-                                    //         new INTEGER((long)0);
-                                    // }
-
-                                    INTEGER temp = revRequest.getSerialNumber();
-
-                                    bigIntArray[j] = temp;
-                                    authToken.set(TOKEN_CERT_SERIAL, bigIntArray);
-
-                                    long reasonCode = revRequest.getReason().getValue();
-                                    Integer IntObject = Integer.valueOf((int) reasonCode);
-                                    authToken.set(REASON_CODE, IntObject);
-
-                                    authToken.set("uid", uid);
-                                    authToken.set("userid", userid);
-                                }
-                            }
-                        }
-
-                    }
-                } else {
-                    // enrollment request
-
-                    // reset value of auditReqType
-                    auditReqType = SIGNED_AUDIT_ENROLLMENT_REQUEST_TYPE;
-
-                    X509CertInfo[] certInfoArray = new X509CertInfo[numReqs];
-                    String[] reqIdArray = new String[numReqs];
-
-                    for (int i = 0; i < numReqs; i++) {
-                        // decode message.
-                        TaggedRequest taggedRequest =
-                                (TaggedRequest) reqSequence.elementAt(i);
-
-                        TaggedRequest.Type type = taggedRequest.getType();
-
-                        if (type.equals(TaggedRequest.PKCS10)) {
-                            CMS.debug("CMCAuth: type is PKCS10");
-                            TaggedCertificationRequest tcr =
-                                    taggedRequest.getTcr();
-                            int p10Id = tcr.getBodyPartID().intValue();
-
-                            reqIdArray[i] = String.valueOf(p10Id);
-
-                            CertificationRequest p10 =
-                                    tcr.getCertificationRequest();
-
-                            // transfer to sun class
-                            ByteArrayOutputStream ostream =
-                                    new ByteArrayOutputStream();
-
-                            p10.encode(ostream);
-                            boolean sigver = true;
-                            boolean tokenSwitched = false;
-                            CryptoManager cm = null;
-                            CryptoToken signToken = null;
-                            CryptoToken savedToken = null;
-                            sigver = CMS.getConfigStore().getBoolean("ca.requestVerify.enabled", true);
-                            try {
-                                cm = CryptoManager.getInstance();
-                                if (sigver == true) {
-                                    String tokenName =
-                                        CMS.getConfigStore().getString("ca.requestVerify.token", "internal");
-                                    savedToken = cm.getThreadToken();
-                                    if (tokenName.equals("internal")) {
-                                        signToken = cm.getInternalCryptoToken();
-                                    } else {
-                                        signToken = cm.getTokenByName(tokenName);
-                                    }
-                                    if (!savedToken.getName().equals(signToken.getName())) {
-                                        cm.setThreadToken(signToken);
-                                        tokenSwitched = true;
-                                    }
-                                }
-
-                                PKCS10 pkcs10 =
-                                        new PKCS10(ostream.toByteArray(), sigver);
-
-                                // xxx do we need to do anything else?
-                                X509CertInfo certInfo =
-                                        CMS.getDefaultX509CertInfo();
-
-                                // fillPKCS10(certInfo,pkcs10,authToken,null);
-
-                                // authToken.set(
-                                //     pkcs10.getSubjectPublicKeyInfo());
-
-                                X500Name tempName = pkcs10.getSubjectName();
-
-                                // reset value of auditCertSubject
-                                if (tempName != null) {
-                                    auditCertSubject =
-                                            tempName.toString().trim();
-                                    if (auditCertSubject.equals("")) {
-                                        auditCertSubject =
-                                                ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-                                    }
-                                    authToken.set(AuthToken.TOKEN_CERT_SUBJECT,
-                                              tempName.toString());
-                                }
-
-                                authToken.set("uid", uid);
-                                authToken.set("userid", userid);
-
-                                certInfoArray[i] = certInfo;
-                            } catch (Exception e) {
-                                // store a message in the signed audit log file
-                                auditMessage = CMS.getLogMessage(
-                                        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                                        auditSubjectID,
-                                        ILogger.FAILURE,
-                                        auditReqType,
-                                        auditCertSubject,
-                                        auditSignerInfo);
-
-                                audit(auditMessage);
-
-                                //throw new ECMSGWException(
-                                //CMSGWResources.ERROR_PKCS101, e.toString());
-
-                                e.printStackTrace();
-                                throw new EBaseException(e.toString());
-                            } finally {
-                                if ((sigver == true) && (tokenSwitched == true)){
-                                    cm.setThreadToken(savedToken);
-                                }
-                             }
-                        } else if (type.equals(TaggedRequest.CRMF)) {
-
-                            CMS.debug("CMCAuth: type is CRMF");
-                            try {
-                                CertReqMsg crm =
-                                        taggedRequest.getCrm();
-                                CertRequest certReq = crm.getCertReq();
-                                INTEGER reqID = certReq.getCertReqId();
-                                reqIdArray[i] = reqID.toString();
-                                CertTemplate template = certReq.getCertTemplate();
-                                Name name = template.getSubject();
-
-                                // xxx do we need to do anything else?
-                                X509CertInfo certInfo =
-                                        CMS.getDefaultX509CertInfo();
-
-                                // reset value of auditCertSubject
-                                if (name != null) {
-                                    String ss = name.getRFC1485();
-
-                                    auditCertSubject = ss;
-                                    if (auditCertSubject.equals("")) {
-                                        auditCertSubject =
-                                                ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-                                    }
-
-                                    authToken.set(AuthToken.TOKEN_CERT_SUBJECT, ss);
-                                    authToken.set("uid", uid);
-                                    authToken.set("userid", userid);
-                                }
-                                certInfoArray[i] = certInfo;
-                            } catch (Exception e) {
-                                // store a message in the signed audit log file
-                                auditMessage = CMS.getLogMessage(
-                                        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                                        auditSubjectID,
-                                        ILogger.FAILURE,
-                                        auditReqType,
-                                        auditCertSubject,
-                                        auditSignerInfo);
-
-                                audit(auditMessage);
-
-                                //throw new ECMSGWException(
-                                //CMSGWResources.ERROR_PKCS101, e.toString());
-
-                                e.printStackTrace();
-                                throw new EBaseException(e.toString());
-                            }
-                        }
-
-                        // authToken.set(AgentAuthentication.CRED_CERT, new
-                        //     com.netscape.certsrv.usrgrp.Certificates(
-                        //     x509Certs));
-                    }
-                }
-            } catch (Exception e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditReqType,
-                        auditCertSubject,
-                        auditSignerInfo);
-
-                audit(auditMessage);
-
-                //Debug.printStackTrace(e);
-                throw new EInvalidCredentials(CMS.getUserMessage(
-                        "CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-            }
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                    auditSubjectID,
-                    ILogger.SUCCESS,
-                    auditReqType,
-                    auditCertSubject,
-                    auditSignerInfo);
-
-            audit(auditMessage);
-
-            return authToken;
-        } catch (EMissingCredential eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditReqType,
-                    auditCertSubject,
-                    auditSignerInfo);
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (EInvalidCredentials eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditReqType,
-                    auditCertSubject,
-                    auditSignerInfo);
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-        } catch (EBaseException eAudit3) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditReqType,
-                    auditCertSubject,
-                    auditSignerInfo);
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit3;
-        }
-    }
-
-    /**
-     * Returns a list of configuration parameter names.
-     * The list is passed to the configuration console so instances of
-     * this implementation can be configured through the console.
-     * <p>
-     *
-     * @return String array of configuration parameter names.
-     */
-    public String[] getConfigParams() {
-        return (mConfigParams);
-    }
-
-    /**
-     * gets the configuration substore used by this authentication
-     * plug-in
-     * <p>
-     *
-     * @return configuration store
-     */
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    /**
-     * gets the plug-in name of this authentication plug-in.
-     */
-    public String getImplName() {
-        return mImplName;
-    }
-
-    /**
-     * gets the name of this authentication plug-in instance
-     */
-    public String getName() {
-        return mName;
-    }
-
-    /**
-     * get the list of required credentials.
-     * <p>
-     *
-     * @return list of required credentials as strings.
-     */
-    public String[] getRequiredCreds() {
-        return (mRequiredCreds);
-    }
-
-    /**
-     * prepares for shutdown.
-     */
-    public void shutdown() {
-    }
-
-    /////////////////////////////////
-    // IExtendedPluginInfo methods //
-    /////////////////////////////////
-
-    /**
-     * Activate the help system.
-     * <p>
-     *
-     * @return help messages
-     */
-    public String[] getExtendedPluginInfo() {
-        CMS.debug("CMCAuth: getExtendedPluginInfo()");
-        String[] s = Utils.getStringArrayFromVector(mExtendedPluginInfo);
-
-        CMS.debug("CMCAuth: s.length = " + s.length);
-        for (int i = 0; i < s.length; i++) {
-            CMS.debug("" + i + " " + s[i]);
-        }
-        return s;
-    }
-
-    ////////////////////
-    // Logger methods //
-    ////////////////////
-
-    /**
-     * Logs a message for this class in the system log file.
-     * <p>
-     *
-     * @param level The log level.
-     * @param msg The message to log.
-     * @see com.netscape.certsrv.logging.ILogger
-     */
-    protected void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-                level, "CMC Authentication: " + msg);
-    }
-
-    protected IAuthToken verifySignerInfo(AuthToken authToken, SignedData cmcFullReq) throws EBaseException {
-
-        EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
-        OBJECT_IDENTIFIER id = ci.getContentType();
-        OCTET_STRING content = ci.getContent();
-
-        boolean tokenSwitched = false;
-        CryptoToken signToken = null;
-        CryptoToken savedToken = null;
-        CryptoManager cm = null;
-        try {
-            cm = CryptoManager.getInstance();
-            ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray());
-            PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s);
-
-            SET dais = cmcFullReq.getDigestAlgorithmIdentifiers();
-            int numDig = dais.size();
-            Hashtable<String, byte[]> digs = new Hashtable<String, byte[]>();
-
-            //if request key is used for signing, there MUST be only one signerInfo
-            //object in the signedData object.
-            for (int i = 0; i < numDig; i++) {
-                AlgorithmIdentifier dai =
-                        (AlgorithmIdentifier) dais.elementAt(i);
-                String name =
-                        DigestAlgorithm.fromOID(dai.getOID()).toString();
-
-                MessageDigest md =
-                        MessageDigest.getInstance(name);
-
-                byte[] digest = md.digest(content.toByteArray());
-
-                digs.put(name, digest);
-            }
-
-            SET sis = cmcFullReq.getSignerInfos();
-            int numSis = sis.size();
-
-            for (int i = 0; i < numSis; i++) {
-                org.mozilla.jss.pkix.cms.SignerInfo si = (org.mozilla.jss.pkix.cms.SignerInfo) sis.elementAt(i);
-
-                String name = si.getDigestAlgorithm().toString();
-                byte[] digest = digs.get(name);
-
-                if (digest == null) {
-                    MessageDigest md = MessageDigest.getInstance(name);
-                    ByteArrayOutputStream ostream = new ByteArrayOutputStream();
-
-                    pkiData.encode(ostream);
-                    digest = md.digest(ostream.toByteArray());
-
-                }
-                // signed  by  previously certified signature key
-                SignerIdentifier sid = si.getSignerIdentifier();
-
-                if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
-                    IssuerAndSerialNumber issuerAndSerialNumber = sid.getIssuerAndSerialNumber();
-                    // find from the certs in the signedData
-                    java.security.cert.X509Certificate cert = null;
-
-                    if (cmcFullReq.hasCertificates()) {
-                        SET certs = cmcFullReq.getCertificates();
-                        int numCerts = certs.size();
-                        java.security.cert.X509Certificate[] x509Certs = new java.security.cert.X509Certificate[1];
-                        byte[] certByteArray = new byte[0];
-                        for (int j = 0; j < numCerts; j++) {
-                            Certificate certJss = (Certificate) certs.elementAt(j);
-                            CertificateInfo certI = certJss.getInfo();
-                            Name issuer = certI.getIssuer();
-
-                            byte[] issuerB = ASN1Util.encode(issuer);
-                            INTEGER sn = certI.getSerialNumber();
-                            // if this cert is the signer cert, not a cert in the chain
-                            if (new String(issuerB).equals(new String(
-                                    ASN1Util.encode(issuerAndSerialNumber.getIssuer())))
-                                    && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) {
-                                ByteArrayOutputStream os = new
-                                        ByteArrayOutputStream();
-
-                                certJss.encode(os);
-                                certByteArray = os.toByteArray();
-
-                                X509CertImpl tempcert = new X509CertImpl(os.toByteArray());
-
-                                cert = tempcert;
-                                x509Certs[0] = cert;
-                                // xxx validate the cert length
-
-                            }
-                        }
-                        CMS.debug("CMCAuth: start checking signature");
-                        if (cert == null) {
-                            // find from certDB
-                            CMS.debug("CMCAuth: verifying signature");
-                            si.verify(digest, id);
-                        } else {
-                            CMS.debug("CMCAuth: found signing cert... verifying");
-                            PublicKey signKey = cert.getPublicKey();
-                            PrivateKey.Type keyType = null;
-                            String alg = signKey.getAlgorithm();
-
-                            PK11PubKey pubK = null;
-                            if (alg.equals("RSA")) {
-                                CMS.debug("CMCAuth: signing key alg=RSA");
-                                keyType = PrivateKey.RSA;
-                                pubK = PK11PubKey.fromRaw(keyType, ((X509Key) signKey).getKey());
-                            } else if (alg.equals("EC")) {
-                                CMS.debug("CMCAuth: signing key alg=EC");
-                                keyType = PrivateKey.EC;
-                                byte publicKeyData[] = ((X509Key) signKey).getEncoded();
-                                pubK = (PK11PubKey) PK11ECPublicKey.fromSPKI(/*keyType,*/ publicKeyData);
-                            } else if (alg.equals("DSA")) {
-                                CMS.debug("CMCAuth: signing key alg=DSA");
-                                keyType = PrivateKey.DSA;
-                                pubK = PK11PubKey.fromSPKI(/*keyType,*/ ((X509Key) signKey).getKey());
-                            }
-
-                            String tokenName =
-                                CMS.getConfigStore().getString("ca.requestVerify.token", "internal");
-                            // by default JSS will use internal crypto token
-                            if (!tokenName.equals("internal")) {
-                                savedToken = cm.getThreadToken();
-                                signToken = cm.getTokenByName(tokenName);
-                                if(signToken != null) {
-                                    cm.setThreadToken(signToken);
-                                    tokenSwitched = true;
-                                    CMS.debug("CMCAuth: verifySignerInfo token switched:"+ tokenName);
-                                } else {
-                                    CMS.debug("CMCAuth: verifySignerInfo token not found:"+ tokenName+ ", trying internal");
-                                }
-                            }
-
-                            CMS.debug("CMCAuth: verifying signature with public key");
-                            si.verify(digest, id, pubK);
-                        }
-                        CMS.debug("CMCAuth: finished checking signature");
-                        // verify signer's certificate using the revocator
-                        if (!cm.isCertValid(certByteArray, true, CryptoManager.CertUsage.SSLClient))
-                            throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-
-                        // authenticate signer's certificate using the userdb
-                        IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-
-                        IAuthManager agentAuth = authSS.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);//AGENT_AUTHMGR_ID);
-                        if (agentAuth == null) {
-                            throw new EBaseException(CMS.getUserMessage("CMS_AUTHENTICATION_MANAGER_NOT_FOUND", IAuthSubsystem.CERTUSERDB_AUTHMGR_ID));
-                        }
-                        IAuthCredentials agentCred = new com.netscape.certsrv.authentication.AuthCredentials();
-
-                        agentCred.set(IAuthManager.CRED_SSL_CLIENT_CERT, x509Certs);
-
-                        IAuthToken tempToken = agentAuth.authenticate(agentCred);
-                        netscape.security.x509.X500Name tempPrincipal = (X500Name) x509Certs[0].getSubjectDN();
-                        String CN = tempPrincipal.getCommonName(); //tempToken.get("userid");
-
-                        BigInteger agentCertSerial = x509Certs[0].getSerialNumber();
-                        authToken.set(IAuthManager.CRED_SSL_CLIENT_CERT, agentCertSerial.toString());
-                        tempToken.set("cn", CN);
-                        return tempToken;
-
-                    }
-                    // find from internaldb if it's ca. (ra does not have that.)
-                    // find from internaldb usrgrp info
-
-                    // find from certDB
-                    si.verify(digest, id);
-
-                } //
-            }
-        } catch (InvalidBERException e) {
-            CMS.debug("CMCAuth: " + e.toString());
-        } catch (IOException e) {
-            CMS.debug("CMCAuth: " + e.toString());
-        } catch (NotInitializedException e) {
-            CMS.debug("CMCAuth: " + e.toString());
-        } catch (Exception e) {
-            CMS.debug("CMCAuth: " + e.toString());
-            throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-        } finally {
-            if ((tokenSwitched == true) && (savedToken != null)){
-                cm.setThreadToken(savedToken);
-                CMS.debug("CMCAuth: verifySignerInfo token restored");
-            }
-        }
-        return null;
-
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        return null;
-    }
-
-    // Profile-related methods
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_CMS_SIGN_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_CMS_SIGN_TEXT");
-    }
-
-    /**
-     * Retrieves a list of names of the value parameter.
-     */
-    public Enumeration<String> getValueNames() {
-        Vector<String> v = new Vector<String>();
-        v.addElement("cert_request");
-        return v.elements();
-    }
-
-    public boolean isValueWriteable(String name) {
-        return false;
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(CRED_CMC)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null, null,
-                    "CMC request");
-        }
-        return null;
-    }
-
-    public void populate(IAuthToken token, IRequest request)
-            throws EProfileException {
-        request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
-                token.getInString(AuthToken.TOKEN_CERT_SUBJECT));
-    }
-
-    public boolean isSSLClientRequired() {
-        return false;
-    }
-
-    /**
-     * Signed Audit Log
-     *
-     * This method is called to store messages to the signed audit log.
-     * <P>
-     *
-     * @param msg signed audit log message
-     */
-    private void audit(String msg) {
-        // in this case, do NOT strip preceding/trailing whitespace
-        // from passed-in String parameters
-
-        if (mSignedAuditLogger == null) {
-            return;
-        }
-
-        mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-                null,
-                ILogger.S_SIGNED_AUDIT,
-                ILogger.LL_SECURITY,
-                msg);
-    }
-
-    /**
-     * Signed Audit Log Subject ID
-     *
-     * This method is called to obtain the "SubjectID" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @return id string containing the signed audit log message SubjectID
-     */
-    private String auditSubjectID() {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        String subjectID = null;
-
-        // Initialize subjectID
-        SessionContext auditContext = SessionContext.getExistingContext();
-
-        if (auditContext != null) {
-            subjectID = (String)
-                    auditContext.get(SessionContext.USER_ID);
-
-            if (subjectID != null) {
-                subjectID = subjectID.trim();
-            } else {
-                subjectID = ILogger.NONROLEUSER;
-            }
-        } else {
-            subjectID = ILogger.UNIDENTIFIED;
-        }
-
-        return subjectID;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/authentication/Crypt.java b/base/common/src/com/netscape/cms/authentication/Crypt.java
deleted file mode 100644
index 867181138..000000000
--- a/base/common/src/com/netscape/cms/authentication/Crypt.java
+++ /dev/null
@@ -1,438 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authentication;
-
-public class Crypt {
-    // Static data:
-    static byte[]
-            IP = // Initial permutation
-            {
-                    58, 50, 42, 34, 26, 18, 10, 2,
-                    60, 52, 44, 36, 28, 20, 12, 4,
-                    62, 54, 46, 38, 30, 22, 14, 6,
-                    64, 56, 48, 40, 32, 24, 16, 8,
-                    57, 49, 41, 33, 25, 17, 9, 1,
-                    59, 51, 43, 35, 27, 19, 11, 3,
-                    61, 53, 45, 37, 29, 21, 13, 5,
-                    63, 55, 47, 39, 31, 23, 15, 7
-        },
-            FP = // Final permutation, FP = IP^(-1)
-            {
-                    40, 8, 48, 16, 56, 24, 64, 32,
-                    39, 7, 47, 15, 55, 23, 63, 31,
-                    38, 6, 46, 14, 54, 22, 62, 30,
-                    37, 5, 45, 13, 53, 21, 61, 29,
-                    36, 4, 44, 12, 52, 20, 60, 28,
-                    35, 3, 43, 11, 51, 19, 59, 27,
-                    34, 2, 42, 10, 50, 18, 58, 26,
-                    33, 1, 41, 9, 49, 17, 57, 25
-        },
-            // Permuted-choice 1 from the key bits to yield C and D.
-            // Note that bits 8,16... are left out:
-            // They are intended for a parity check.
-            PC1_C =
-        {
-                57, 49, 41, 33, 25, 17, 9,
-                1, 58, 50, 42, 34, 26, 18,
-                10, 2, 59, 51, 43, 35, 27,
-                19, 11, 3, 60, 52, 44, 36
-        },
-            PC1_D =
-        {
-                63, 55, 47, 39, 31, 23, 15,
-                7, 62, 54, 46, 38, 30, 22,
-                14, 6, 61, 53, 45, 37, 29,
-                21, 13, 5, 28, 20, 12, 4
-        },
-            shifts = // Sequence of shifts used for the key schedule.
-            {
-                    1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
-        },
-            // Permuted-choice 2, to pick out the bits from
-            // the CD array that generate the key schedule.
-            PC2_C =
-        {
-                14, 17, 11, 24, 1, 5,
-                3, 28, 15, 6, 21, 10,
-                23, 19, 12, 4, 26, 8,
-                16, 7, 27, 20, 13, 2
-        },
-            PC2_D =
-        {
-                41, 52, 31, 37, 47, 55,
-                30, 40, 51, 45, 33, 48,
-                44, 49, 39, 56, 34, 53,
-                46, 42, 50, 36, 29, 32
-        },
-            e2 = // The E-bit selection table. (see E below)
-            {
-                    32, 1, 2, 3, 4, 5,
-                    4, 5, 6, 7, 8, 9,
-                    8, 9, 10, 11, 12, 13,
-                    12, 13, 14, 15, 16, 17,
-                    16, 17, 18, 19, 20, 21,
-                    20, 21, 22, 23, 24, 25,
-                    24, 25, 26, 27, 28, 29,
-                    28, 29, 30, 31, 32, 1
-        },
-            // P is a permutation on the selected combination of
-            // the current L and key.
-            P =
-        {
-                16, 7, 20, 21,
-                29, 12, 28, 17,
-                1, 15, 23, 26,
-                5, 18, 31, 10,
-                2, 8, 24, 14,
-                32, 27, 3, 9,
-                19, 13, 30, 6,
-                22, 11, 4, 25
-        };
-    // The 8 selection functions.  For some reason, they gave a 0-origin
-    // index, unlike everything else.
-    static byte[][] S =
-        {
-                {
-                        14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
-                        0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
-                        4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
-                        15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
-                }, {
-                        15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
-                        3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
-                        0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
-                        13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
-                }, {
-                        10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
-                        13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
-                        13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
-                        1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
-                }, {
-                        7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
-                        13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
-                        10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
-                        3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
-                }, {
-                        2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
-                        14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
-                        4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
-                        11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
-                }, {
-                        12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
-                        10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
-                        9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
-                        4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
-                }, {
-                        4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
-                        13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
-                        1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
-                        6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
-                }, {
-                        13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
-                        1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
-                        7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
-                        2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
-                }
-        };
-
-    // Dynamic data:
-    byte[] C = new byte[28], // The C and D arrays used to
-            D = new byte[28], // calculate the key schedule.
-            E = new byte[48], // The E bit-selection table.
-            L = new byte[32], // The current block,
-            R = new byte[32], //  divided into two halves.
-            tempL = new byte[32],
-            f = new byte[32],
-            preS = new byte[48]; // The combination of the key and
-    // the input, before selection.
-    // The key schedule.  Generated from the key.
-    byte[][] KS = new byte[16][48];
-
-    // Object fields:
-    String Passwd, Salt, Encrypt;
-
-    // Public methods:
-    /**
-     * Create Crypt object with no passwd or salt set. Must use setPasswd()
-     * and setSalt() before getEncryptedPasswd().
-     */
-    public Crypt() {
-        Passwd = Salt = Encrypt = "";
-    }
-
-    /**
-     * Create a Crypt object with specified salt. Use setPasswd() before
-     * getEncryptedPasswd().
-     *
-     * @param salt the salt string for encryption
-     */
-    public Crypt(String salt) {
-        Passwd = "";
-        Salt = salt;
-        Encrypt = crypt();
-    }
-
-    /**
-     * Create a Crypt object with specified passwd and salt (often the
-     * already encypted passwd). Get the encrypted result with
-     * getEncryptedPasswd().
-     *
-     * @param passwd the passwd to encrypt
-     * @param salt the salt string for encryption
-     */
-    public Crypt(String passwd, String salt) {
-        Passwd = passwd;
-        Salt = salt;
-        Encrypt = crypt();
-    }
-
-    /**
-     * Retrieve the passwd string currently being encrypted.
-     *
-     * @return the current passwd string
-     */
-    public String getPasswd() {
-        return Passwd;
-    }
-
-    /**
-     * Retrieve the salt string currently being used for encryption.
-     *
-     * @return the current salt string
-     */
-    public String getSalt() {
-        return Salt;
-    }
-
-    /**
-     * Retrieve the resulting encrypted string from the current passwd and
-     * salt settings.
-     *
-     * @return the encrypted passwd
-     */
-    public String getEncryptedPasswd() {
-        return Encrypt;
-    }
-
-    /**
-     * Set a new passwd string for encryption. Use getEncryptedPasswd() to
-     * retrieve the new result.
-     *
-     * @param passwd the new passwd string
-     */
-    public void setPasswd(String passwd) {
-        Passwd = passwd;
-        Encrypt = crypt();
-    }
-
-    /**
-     * Set a new salt string for encryption. Use getEncryptedPasswd() to
-     * retrieve the new result.
-     *
-     * @param salt the new salt string
-     */
-    public void setSalt(String salt) {
-        Salt = salt;
-        Encrypt = crypt();
-    }
-
-    // Internal crypt methods:
-    String crypt() {
-        if (Salt.length() == 0)
-            return "";
-        int i, j, pwi;
-        byte c, temp;
-        byte[] block = new byte[66], iobuf = new byte[16], salt = new byte[2], pw = Passwd.getBytes(), //jdk1.1
-        saltbytes = Salt.getBytes(); //jdk1.1
-
-        //	  pw = new byte[Passwd.length()],	//jdk1.0.2
-        // saltbytes = new byte[Salt.length()];		//jdk1.0.2
-        //Passwd.getBytes(0,Passwd.length(),pw,0);	//jdk1.0.2
-        //Salt.getBytes(0,Salt.length(),saltbytes,0);	//jdk1.0.2
-
-        salt[0] = saltbytes[0];
-        salt[1] = (saltbytes.length > 1) ? saltbytes[1] : 0;
-
-        for (i = 0; i < 66; i++)
-            block[i] = 0;
-
-        for (i = 0, pwi = 0; (pwi < pw.length) && (i < 64); pwi++, i++) {
-            for (j = 0; j < 7; j++, i++) {
-                block[i] = (byte) ((pw[pwi] >> (6 - j)) & 1);
-            }
-        }
-
-        setkey(block);
-
-        for (i = 0; i < 66; i++)
-            block[i] = 0;
-
-        for (i = 0; i < 2; i++) {
-            c = salt[i];
-            iobuf[i] = c;
-            if (c > 'Z')
-                c -= 6;
-            if (c > '9')
-                c -= 7;
-            c -= '.';
-            for (j = 0; j < 6; j++) {
-                if (((c >> j) & 1) != 0) {
-                    temp = E[6 * i + j];
-                    E[6 * i + j] = E[6 * i + j + 24];
-                    E[6 * i + j + 24] = temp;
-                }
-            }
-        }
-
-        for (i = 0; i < 25; i++) {
-            encrypt(block, 0);
-        }
-
-        for (i = 0; i < 11; i++) {
-            c = 0;
-            for (j = 0; j < 6; j++) {
-                c <<= 1;
-                c |= block[6 * i + j];
-            }
-            c += '.';
-            if (c > '9')
-                c += 7;
-            if (c > 'Z')
-                c += 6;
-            iobuf[i + 2] = c;
-        }
-
-        iobuf[i + 2] = 0;
-        if (iobuf[1] == 0)
-            iobuf[1] = iobuf[0];
-
-        return new String(iobuf); //jdk1.1
-        //return new String(iobuf,0);		//jdk1.0.2
-    }
-
-    void setkey(byte[] key) // Set up the key schedule from the key.
-    {
-        int i, j, k;
-        byte t;
-
-        // First, generate C and D by permuting the key.  The low order bit
-        // of each 8-bit char is not used, so C and D are only 28 bits apiece.
-        for (i = 0; i < 28; i++) {
-            C[i] = key[PC1_C[i] - 1];
-            D[i] = key[PC1_D[i] - 1];
-        }
-
-        // To generate Ki, rotate C and D according to schedule
-        // and pick up a permutation using PC2.
-        for (i = 0; i < 16; i++) {
-            // rotate.
-            for (k = 0; k < shifts[i]; k++) {
-                t = C[0];
-                for (j = 0; j < 27; j++)
-                    C[j] = C[j + 1];
-                C[27] = t;
-                t = D[0];
-                for (j = 0; j < 27; j++)
-                    D[j] = D[j + 1];
-                D[27] = t;
-            }
-
-            // get Ki. Note C and D are concatenated.
-            for (j = 0; j < 24; j++) {
-                KS[i][j] = C[PC2_C[j] - 1];
-                KS[i][j + 24] = D[PC2_D[j] - 29];
-            }
-        }
-
-        for (i = 0; i < 48; i++) {
-            E[i] = e2[i];
-        }
-    }
-
-    // The payoff: encrypt a block.
-    void encrypt(byte[] block, int edflag) {
-        int i, j, ii, t;
-        byte k;
-
-        // First, permute the bits in the input
-        //for (j = 0; j < 64; j++)
-        //{
-        //    L[j] = block[IP[j]-1];
-        //}
-        for (j = 0; j < 32; j++)
-            L[j] = block[IP[j] - 1];
-        for (j = 32; j < 64; j++)
-            R[j - 32] = block[IP[j] - 1];
-
-        // Perform an encryption operation 16 times.
-        for (ii = 0; ii < 16; ii++) {
-            i = ii;
-            // Save the R array, which will be the new L.
-            for (j = 0; j < 32; j++)
-                tempL[j] = R[j];
-            // Expand R to 48 bits using the E selector;
-            //  exclusive-or with the current key bits.
-            for (j = 0; j < 48; j++)
-                preS[j] = (byte) (R[E[j] - 1] ^ KS[i][j]);
-
-            // The pre-select bits are now considered in 8 groups of
-            // 6 bits each.  The 8 selection functions map these 6-bit
-            // quantities into 4-bit quantities and the results permuted
-            // to make an f(R, K).  The indexing into the selection functions
-            // is peculiar; it could be simplified by rewriting the tables.
-            for (j = 0; j < 8; j++) {
-                t = 6 * j;
-                k = S[j][(preS[t] << 5) +
-                        (preS[t + 1] << 3) +
-                        (preS[t + 2] << 2) +
-                        (preS[t + 3] << 1) +
-                        (preS[t + 4]) +
-                        (preS[t + 5] << 4)];
-                t = 4 * j;
-                f[t] = (byte) ((k >> 3) & 1);
-                f[t + 1] = (byte) ((k >> 2) & 1);
-                f[t + 2] = (byte) ((k >> 1) & 1);
-                f[t + 3] = (byte) ((k) & 1);
-            }
-
-            // The new R is L ^ f(R, K).
-            // The f here has to be permuted first, though.
-            for (j = 0; j < 32; j++) {
-                R[j] = (byte) (L[j] ^ f[P[j] - 1]);
-            }
-
-            // Finally, the new L (the original R) is copied back.
-            for (j = 0; j < 32; j++) {
-                L[j] = tempL[j];
-            }
-        }
-
-        // The output L and R are reversed.
-        for (j = 0; j < 32; j++) {
-            k = L[j];
-            L[j] = R[j];
-            R[j] = k;
-        }
-
-        // The final output gets the inverse permutation of the very original.
-        for (j = 0; j < 64; j++) {
-            //block[j] = L[FP[j]-1];
-            block[j] = (FP[j] > 32) ? R[FP[j] - 33] : L[FP[j] - 1];
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/authentication/DNPattern.java b/base/common/src/com/netscape/cms/authentication/DNPattern.java
deleted file mode 100644
index ccee3b512..000000000
--- a/base/common/src/com/netscape/cms/authentication/DNPattern.java
+++ /dev/null
@@ -1,216 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authentication;
-
-import java.io.IOException;
-import java.io.PushbackReader;
-import java.io.StringReader;
-import java.util.Vector;
-
-import netscape.ldap.LDAPEntry;
-
-import com.netscape.certsrv.authentication.EAuthException;
-import com.netscape.certsrv.base.EBaseException;
-
-/**
- * class for parsing a DN pattern used to construct a certificate
- * subject name from ldap attributes and dn.
- * <p>
- *
- * dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If
- * empty or not set, the ldap entry DN will be used as the certificate subject name.
- * <p>
- *
- * The syntax is
- *
- * <pre>
- * 	dnPattern := rdnPattern *[ "," rdnPattern ]
- * 	rdnPattern := avaPattern *[ "+" avaPattern ]
- * 		avaPattern := name "=" value |
- * 			      name "=" "$attr" "." attrName [ "." attrNumber ] |
- * 			      name "=" "$dn" "." attrName [ "." attrNumber ] |
- * 			 	  "$dn" "." "$rdn" "." number
- * </pre>
- *
- * <pre>
- * Example1: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US </i>
- * Ldap entry: dn:  UID=jjames, OU=IS, OU=people, O=acme.org
- * Ldap attributes: cn: Jesse James
- * Ldap attributes: mail: jjames@acme.org
- * <p>
- * The subject name formulated will be : <br>
- *     E=jjames@acme.org, CN=Jesse James, OU=people, O=acme.org, C=US
- * <p>
- *     E = the first 'mail' ldap attribute value in user's entry. <br>
- *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
- *     OU = the second 'ou' value in the user's entry DN. <br>
- *     O = the (first) 'o' value in the user's entry DN. <br>
- *     C = the string "US"
- * <p>
- * Example2: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US</i>
- * Ldap entry: dn:  UID=jjames, OU=IS+OU=people, O=acme.org
- * Ldap attributes: cn: Jesse James
- * Ldap attributes: mail: jjames@acme.org
- * <p>
- * The subject name formulated will be : <br>
- *     E=jjames@acme.org, CN=Jesse James, OU=people, O=acme.org, C=US
- * <p>
- *     E = the first 'mail' ldap attribute value in user's entry. <br>
- *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
- *     OU = the second 'ou' value in the user's entry DN. note multiple AVAs
- * 	    in a RDN in this example. <br>
- *     O = the (first) 'o' value in the user's entry DN. <br>
- *     C = the string "US"
- * <p>
- * </pre>
- *
- * <pre>
- * Example3: <i>CN=$attr.cn, $rdn.2, O=$dn.o, C=US</i>
- * Ldap entry: dn:  UID=jjames, OU=IS+OU=people, O=acme.org
- * Ldap attributes: cn: Jesse James
- * Ldap attributes: mail: jjames@acme.org
- * <p>
- * The subject name formulated will be : <br>
- *     CN=Jesse James, OU=IS+OU=people, O=acme.org, C=US
- * <p>
- *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
- *     followed by the second RDN in the user's entry DN. <br>
- *     O = the (first) 'o' value in the user's entry DN. <br>
- *     C = the string "US"
- * <p>
- * Example4: <i>CN=$attr.cn, OU=$dn.ou.2+OU=$dn.ou.1, O=$dn.o, C=US</i>
- * Ldap entry: dn:  UID=jjames, OU=IS+OU=people, O=acme.org
- * Ldap attributes: cn: Jesse James
- * Ldap attributes: mail: jjames@acme.org
- * <p>
- * The subject name formulated will be : <br>
- *     CN=Jesse James, OU=people+OU=IS, O=acme.org, C=US
- * <p>
- *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
- *     OU = the second 'ou' value in the user's entry DN followed by the
- * 		first 'ou' value in the user's entry. note multiple AVAs
- * 	    in a RDN in this example. <br>
- *     O = the (first) 'o' value in the user's entry DN. <br>
- *     C = the string "US"
- * <p>
- * </pre>
- *
- * If an attribute or subject DN component does not exist the attribute is skipped.
- *
- * @version $Revision$, $Date$
- */
-public class DNPattern {
-
-    /* ldap attributes to retrieve */
-    private String[] mLdapAttrs = null;
-
-    /* rdn patterns */
-    protected RDNPattern[] mRDNPatterns = null;
-
-    /* original pattern string */
-    protected String mPatternString = null;
-
-    protected String mTestDN = null;
-
-    /**
-     * Construct a DN pattern by parsing a pattern string.
-     *
-     * @param pattern the DN pattern
-     * @exception EBaseException If parsing error occurs.
-     */
-    public DNPattern(String pattern)
-            throws EAuthException {
-        if (pattern == null || pattern.equals("")) {
-            // create an attribute list that is the dn.
-            mLdapAttrs = new String[] { "dn" };
-        } else {
-            mPatternString = pattern;
-            PushbackReader in = new PushbackReader(new StringReader(pattern));
-
-            parse(in);
-        }
-    }
-
-    public DNPattern(PushbackReader in)
-            throws EAuthException {
-        parse(in);
-    }
-
-    private void parse(PushbackReader in)
-            throws EAuthException {
-        Vector<RDNPattern> rdnPatterns = new Vector<RDNPattern>();
-        RDNPattern rdnPattern = null;
-        int lastChar = -1;
-
-        do {
-            rdnPattern = new RDNPattern(in);
-            rdnPatterns.addElement(rdnPattern);
-            try {
-                lastChar = in.read();
-            } catch (IOException e) {
-                throw new EAuthException("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString());
-            }
-        } while (lastChar == ',');
-
-        mRDNPatterns = new RDNPattern[rdnPatterns.size()];
-        rdnPatterns.copyInto(mRDNPatterns);
-
-        Vector<String> ldapAttrs = new Vector<String>();
-
-        for (int i = 0; i < mRDNPatterns.length; i++) {
-            String[] rdnAttrs = mRDNPatterns[i].getLdapAttrs();
-
-            if (rdnAttrs != null && rdnAttrs.length > 0)
-                for (int j = 0; j < rdnAttrs.length; j++)
-                    ldapAttrs.addElement(rdnAttrs[j]);
-        }
-        mLdapAttrs = new String[ldapAttrs.size()];
-        ldapAttrs.copyInto(mLdapAttrs);
-    }
-
-    /**
-     * Form a Ldap v3 DN string from results of a ldap search.
-     *
-     * @param entry LDAPentry from a ldap search
-     * @return Ldap v3 DN string to use for a subject name.
-     */
-    public String formDN(LDAPEntry entry)
-            throws EAuthException {
-        StringBuffer formedDN = new StringBuffer();
-
-        for (int i = 0; i < mRDNPatterns.length; i++) {
-            if (mTestDN != null)
-                mRDNPatterns[i].mTestDN = mTestDN;
-            String rdn = mRDNPatterns[i].formRDN(entry);
-
-            if (rdn != null) {
-                if (rdn != null && rdn.length() != 0) {
-                    if (formedDN.length() != 0)
-                        formedDN.append(",");
-                    formedDN.append(rdn);
-                }
-            }
-        }
-        //System.out.println("formed DN "+formedDN.toString());
-        return formedDN.toString();
-    }
-
-    public String[] getLdapAttrs() {
-        return mLdapAttrs.clone();
-    }
-}
diff --git a/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java b/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java
deleted file mode 100644
index f2d09df9e..000000000
--- a/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java
+++ /dev/null
@@ -1,675 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authentication;
-
-// ldap java sdk
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.EAuthException;
-import com.netscape.certsrv.authentication.EFormSubjectDN;
-import com.netscape.certsrv.authentication.EInvalidCredentials;
-import com.netscape.certsrv.authentication.EMissingCredential;
-import com.netscape.certsrv.authentication.IAuthCredentials;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.ldap.ILdapConnFactory;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * Abstract class for directory based authentication managers
- * Uses a pattern for formulating subject names.
- * The pattern is read from configuration file.
- * Syntax of the pattern is described in the init() method.
- *
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public abstract class DirBasedAuthentication
-        implements IAuthManager, IExtendedPluginInfo {
-
-    protected static final String USER_DN = "userDN";
-
-    /* configuration parameter keys */
-    protected static final String PROP_LDAP = "ldap";
-    protected static final String PROP_BASEDN = "basedn";
-    protected static final String PROP_DNPATTERN = "dnpattern";
-    protected static final String PROP_LDAPSTRINGATTRS = "ldapStringAttributes";
-    protected static final String PROP_LDAPBYTEATTRS = "ldapByteAttributes";
-
-    // members
-
-    /* name of this authentication manager instance */
-    protected String mName = null;
-
-    /* name of the authentication manager plugin */
-    protected String mImplName = null;
-
-    /* configuration store */
-    protected IConfigStore mConfig;
-
-    /* ldap configuration sub-store */
-    protected IConfigStore mLdapConfig;
-
-    /* ldap base dn */
-    protected String mBaseDN = null;
-
-    /* factory of anonymous ldap connections */
-    protected ILdapConnFactory mConnFactory = null;
-
-    /* the system logger */
-    protected ILogger mLogger = CMS.getLogger();
-
-    /* the subject DN pattern */
-    protected DNPattern mPattern = null;
-
-    /* the list of LDAP attributes with string values to retrieve to
-     * save in the auth token including ones from the dn pattern. */
-    protected String[] mLdapStringAttrs = null;
-
-    /* the list of LDAP attributes with byte[] values to retrive to save
-     * in authtoken. */
-    protected String[] mLdapByteAttrs = null;
-
-    /* the combined list of LDAP attriubutes to retrieve*/
-    protected String[] mLdapAttrs = null;
-
-    /* default dn pattern if left blank or not set in the config */
-    protected static String DEFAULT_DNPATTERN =
-            "E=$attr.mail, CN=$attr.cn, O=$dn.o, C=$dn.c";
-
-    /* Vector of extendedPluginInfo strings */
-    protected static Vector<String> mExtendedPluginInfo = null;
-
-    static {
-        mExtendedPluginInfo = new Vector<String>();
-        mExtendedPluginInfo.add(PROP_DNPATTERN + ";string;Template for cert" +
-                " Subject Name. ($dn.xxx - get value from user's LDAP " +
-                "DN.  $attr.yyy - get value from LDAP attributes in " +
-                "user's entry.) Default: " + DEFAULT_DNPATTERN);
-        mExtendedPluginInfo.add(PROP_LDAPSTRINGATTRS + ";string;" +
-                "Comma-separated list of LDAP attributes to copy from " +
-                "the user's LDAP entry into the AuthToken. e.g use " +
-                "'mail' to copy user's email address for subjectAltName");
-        mExtendedPluginInfo.add(PROP_LDAPBYTEATTRS + ";string;" +
-                "Comma-separated list of binary LDAP attributes to copy" +
-                " from the user's LDAP entry into the AuthToken");
-        mExtendedPluginInfo.add("ldap.ldapconn.host;string,required;" +
-                "LDAP host to connect to");
-        mExtendedPluginInfo.add("ldap.ldapconn.port;number,required;" +
-                "LDAP port number (use 389, or 636 if SSL)");
-        mExtendedPluginInfo.add("ldap.ldapconn.secureConn;boolean;" +
-                "Use SSL to connect to directory?");
-        mExtendedPluginInfo.add("ldap.ldapconn.version;choice(3,2);" +
-                "LDAP protocol version");
-        mExtendedPluginInfo.add("ldap.basedn;string,required;Base DN to start searching " +
-                "under. If your user's DN is 'uid=jsmith, o=company', you " +
-                "might want to use 'o=company' here");
-        mExtendedPluginInfo.add("ldap.minConns;number;number of connections " +
-                "to keep open to directory server. Default 5.");
-        mExtendedPluginInfo.add("ldap.maxConns;number;when needed, connection " +
-                "pool can grow to this many (multiplexed) connections. Default 1000.");
-    }
-
-    /**
-     * Default constructor, initialization must follow.
-     */
-    public DirBasedAuthentication() {
-    }
-
-    /**
-     * Initializes the UidPwdDirBasedAuthentication auth manager.
-     *
-     * Takes the following configuration parameters: <br>
-     *
-     * <pre>
-     * 	ldap.basedn             - the ldap base dn.
-     * 	ldap.ldapconn.host      - the ldap host.
-     * 	ldap.ldapconn.port      - the ldap port
-     * 	ldap.ldapconn.secureConn - whether port should be secure
-     * 	ldap.minConns           - minimum connections
-     * 	ldap.maxConns           - max connections
-     * 	dnpattern               - dn pattern.
-     * </pre>
-     * <p>
-     * <i><b>dnpattern</b></i> is a string representing a subject name pattern to formulate from the directory
-     * attributes and entry dn. If empty or not set, the ldap entry DN will be used as the certificate subject name.
-     * <p>
-     * The syntax is
-     *
-     * <pre>
-     *     dnpattern = SubjectNameComp *[ "," SubjectNameComp ]
-     *
-     *     SubjectNameComponent = DnComp | EntryComp | ConstantComp
-     *     DnComp = CertAttr "=" "$dn" "." DnAttr "." Num
-     *     EntryComp = CertAttr "=" "$attr" "." EntryAttr "." Num
-     *     ConstantComp = CertAttr "=" Constant
-     *     DnAttr    =  an attribute in the Ldap entry dn
-     *     EntryAttr =  an attribute in the Ldap entry
-     *     CertAttr  =  a Component in the Certificate Subject Name
-     *                  (multiple AVA in one RDN not supported)
-     *     Num       =  the nth value of tha attribute  in the dn or entry.
-     *     Constant  =  Constant String, with any accepted ldap string value.
-     *
-     * </pre>
-     * <p>
-     * <b>Example:</b>
-     *
-     * <pre>
-     * dnpattern:
-     *     E=$attr.mail.1, CN=$attr.cn, OU=$attr.ou.2, O=$dn.o, C=US
-     * <br>
-     * Ldap entry dn:
-     *     UID=joesmith, OU=people, O=Acme.com
-     * <br>
-     * Ldap attributes:
-     *     cn: Joe Smith
-     *     sn: Smith
-     *     mail: joesmith@acme.com
-     *     mail: joesmith@redhat.com
-     *     ou: people
-     *     ou: IS
-     *     <i>etc.</i>
-     * </pre>
-     * <p>
-     * The subject name formulated in the cert will be : <br>
-     *
-     * <pre>
-     *   E=joesmith@acme.com, CN=Joe Smith, OU=Human Resources, O=Acme.com, C=US
-     *
-     *      E = the first 'mail' ldap attribute value in user's entry - joesmithe@acme.com
-     *      CN = the (first) 'cn' ldap attribute value in the user's entry - Joe Smith
-     *      OU = the second 'ou' value in the ldap entry - IS
-     *      O = the (first) 'o' value in the user's entry DN - "Acme.com"
-     *      C = the constant string "US"
-     * </pre>
-     *
-     * @param name The name for this authentication manager instance.
-     * @param implName The name of the authentication manager plugin.
-     * @param config - The configuration store for this instance.
-     * @exception EBaseException If an error occurs during initialization.
-     */
-    public void init(String name, String implName, IConfigStore config)
-            throws EBaseException {
-        init(name, implName, config, true);
-    }
-
-    public void init(String name, String implName, IConfigStore config, boolean needBaseDN)
-            throws EBaseException {
-        mName = name;
-        mImplName = implName;
-        mConfig = config;
-
-        /* initialize ldap server configuration */
-        mLdapConfig = mConfig.getSubStore(PROP_LDAP);
-        if (needBaseDN)
-            mBaseDN = mLdapConfig.getString(PROP_BASEDN);
-        if (needBaseDN && ((mBaseDN == null) || (mBaseDN.length() == 0) || (mBaseDN.trim().equals(""))))
-            throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "basedn"));
-        mConnFactory = CMS.getLdapAnonConnFactory();
-        mConnFactory.init(mLdapConfig);
-
-        /* initialize dn pattern */
-        String pattern = mConfig.getString(PROP_DNPATTERN, null);
-
-        if (pattern == null || pattern.length() == 0)
-            pattern = DEFAULT_DNPATTERN;
-        mPattern = new DNPattern(pattern);
-        String[] patternLdapAttrs = mPattern.getLdapAttrs();
-
-        /* initialize ldap string attribute list */
-        String ldapStringAttrs = mConfig.getString(PROP_LDAPSTRINGATTRS, null);
-
-        if (ldapStringAttrs == null) {
-            mLdapStringAttrs = patternLdapAttrs;
-        } else {
-            StringTokenizer pAttrs =
-                    new StringTokenizer(ldapStringAttrs, ",", false);
-            int begin = 0;
-
-            if (patternLdapAttrs != null && patternLdapAttrs.length > 0) {
-                mLdapStringAttrs = new String[
-                        patternLdapAttrs.length + pAttrs.countTokens()];
-                System.arraycopy(patternLdapAttrs, 0,
-                        mLdapStringAttrs, 0, patternLdapAttrs.length);
-                begin = patternLdapAttrs.length;
-            } else {
-                mLdapStringAttrs = new String[pAttrs.countTokens()];
-            }
-            for (int i = begin; i < mLdapStringAttrs.length; i++) {
-                mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim();
-            }
-        }
-
-        /* initialize ldap byte[] attribute list */
-        String ldapByteAttrs = mConfig.getString(PROP_LDAPBYTEATTRS, null);
-
-        if (ldapByteAttrs == null) {
-            mLdapByteAttrs = new String[0];
-        } else {
-            StringTokenizer byteAttrs =
-                    new StringTokenizer(ldapByteAttrs, ",", false);
-
-            mLdapByteAttrs = new String[byteAttrs.countTokens()];
-            for (int j = 0; j < mLdapByteAttrs.length; j++) {
-                mLdapByteAttrs[j] = ((String) byteAttrs.nextElement()).trim();
-            }
-        }
-
-        /* make the combined list */
-        mLdapAttrs =
-                new String[mLdapStringAttrs.length + mLdapByteAttrs.length];
-        System.arraycopy(mLdapStringAttrs, 0, mLdapAttrs,
-                0, mLdapStringAttrs.length);
-        System.arraycopy(mLdapByteAttrs, 0, mLdapAttrs,
-                mLdapStringAttrs.length, mLdapByteAttrs.length);
-
-        log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_INIT_DONE"));
-    }
-
-    /**
-     * gets the name of this authentication manager instance
-     */
-    public String getName() {
-        return mName;
-    }
-
-    /**
-     * gets the plugin name of this authentication manager.
-     */
-    public String getImplName() {
-        return mImplName;
-    }
-
-    /**
-     * Authenticates user through LDAP by a set of credentials.
-     * Resulting AuthToken a TOKEN_CERTINFO field of a X509CertInfo
-     * <p>
-     *
-     * @param authCred Authentication credentials, CRED_UID and CRED_PWD.
-     * @return A AuthToken with a TOKEN_SUBJECT of X500name type.
-     * @exception com.netscape.certsrv.authentication.EMissingCredential
-     *                If a required authentication credential is missing.
-     * @exception com.netscape.certsrv.authentication.EInvalidCredentials
-     *                If credentials failed authentication.
-     * @exception com.netscape.certsrv.base.EBaseException
-     *                If an internal error occurred.
-     * @see com.netscape.certsrv.authentication.AuthToken
-     */
-    public IAuthToken authenticate(IAuthCredentials authCred)
-            throws EMissingCredential, EInvalidCredentials, EBaseException {
-        String userdn = null;
-        LDAPConnection conn = null;
-        AuthToken authToken = new AuthToken(this);
-
-        try {
-            if (mConnFactory == null) {
-                conn = null;
-            } else {
-                conn = mConnFactory.getConn();
-            }
-
-            // authenticate the user and get a user entry.
-            userdn = authenticate(conn, authCred, authToken);
-            authToken.set(USER_DN, userdn);
-
-            // formulate the cert info.
-            // set each seperatly since otherwise they won't serialize
-            // in the request queue.
-            X509CertInfo certInfo = new X509CertInfo();
-
-            formCertInfo(conn, userdn, certInfo, authToken);
-
-            // set subject name.
-            try {
-                CertificateSubjectName subjectname = (CertificateSubjectName)
-                        certInfo.get(X509CertInfo.SUBJECT);
-
-                if (subjectname != null)
-                    authToken.set(AuthToken.TOKEN_CERT_SUBJECT,
-                            subjectname.toString());
-            } // error means it's not set.
-            catch (CertificateException e) {
-            } catch (IOException e) {
-            }
-
-            // set validity if any
-            try {
-                CertificateValidity validity = (CertificateValidity)
-                        certInfo.get(X509CertInfo.VALIDITY);
-
-                if (validity != null) {
-                    // the gets throws IOException but only if attribute
-                    // not recognized. In these cases they are always.
-                    authToken.set(AuthToken.TOKEN_CERT_NOTBEFORE,
-                            (Date) validity.get(CertificateValidity.NOT_BEFORE));
-                    authToken.set(AuthToken.TOKEN_CERT_NOTAFTER,
-                            (Date) validity.get(CertificateValidity.NOT_AFTER));
-                }
-            } // error means it's not set.
-            catch (CertificateException e) {
-            } catch (IOException e) {
-            }
-
-            // set extensions if any.
-            try {
-                CertificateExtensions extensions = (CertificateExtensions)
-                        certInfo.get(X509CertInfo.EXTENSIONS);
-
-                if (extensions != null)
-                    authToken.set(AuthToken.TOKEN_CERT_EXTENSIONS, extensions);
-            } // error means it's not set.
-            catch (CertificateException e) {
-            } catch (IOException e) {
-            }
-
-        } finally {
-            if (conn != null)
-                mConnFactory.returnConn(conn);
-        }
-
-        return authToken;
-    }
-
-    /**
-     * get the list of required credentials.
-     *
-     * @return list of required credentials as strings.
-     */
-    public abstract String[] getRequiredCreds();
-
-    /**
-     * Returns a list of configuration parameter names.
-     * The list is passed to the configuration console so instances of
-     * this implementation can be configured through the console.
-     *
-     * @return String array of configuration parameter names.
-     */
-    public abstract String[] getConfigParams();
-
-    /**
-     * disconnects the ldap connections
-     */
-    public void shutdown() {
-        try {
-            if (mConnFactory != null) {
-                mConnFactory.reset();
-            }
-        } catch (ELdapException e) {
-            // ignore
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_SHUTDOWN_ERROR", e.toString()));
-        }
-    }
-
-    /**
-     * Gets the configuration substore used by this authentication manager
-     *
-     * @return configuration store
-     */
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    /**
-     * Authenticates a user through directory based a set of credentials.
-     *
-     * @param authCreds The authentication credentials.
-     * @return The user's ldap entry dn.
-     * @exception EInvalidCredentials If the uid and password are not valid
-     * @exception EBaseException If an internal error occurs.
-     */
-    protected abstract String authenticate(
-            LDAPConnection conn, IAuthCredentials authCreds, AuthToken token)
-            throws EBaseException;
-
-    /**
-     * Formulate the cert info.
-     *
-     * @param conn A LDAP Connection authenticated to user to use.
-     * @param userdn The user's dn.
-     * @param certinfo A certinfo object to fill.
-     * @param token A authentication token to fill.
-     * @exception EBaseException If an internal error occurs.
-     */
-    protected void formCertInfo(LDAPConnection conn,
-            String userdn,
-            X509CertInfo certinfo,
-            AuthToken token)
-            throws EBaseException {
-        String dn = null;
-        // get ldap attributes to retrieve.
-        String[] attrs = getLdapAttrs();
-
-        // retrieve the attributes.
-        try {
-            if (conn != null) {
-                LDAPEntry entry = null;
-                LDAPSearchResults results =
-                        conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*",
-                                attrs, false);
-
-                if (!results.hasMoreElements()) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_ATTR_ERROR"));
-                    throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_LDAPATTRIBUTES_NOT_FOUND"));
-                }
-                entry = results.next();
-
-                // formulate the subject dn
-                try {
-                    dn = formSubjectName(entry);
-                } catch (EBaseException e) {
-                    //e.printStackTrace();
-                    throw e;
-                }
-                // Put selected values from the entry into the token
-                setAuthTokenValues(entry, token);
-            } else {
-                dn = userdn;
-            }
-
-            // add anything else in cert info such as validity, extensions
-            // (nothing now)
-
-            // pack the dn into X500name and set subject name.
-            if (dn.length() == 0) {
-                EBaseException ex =
-                        new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_EMPTY_DN_FORMED", mName));
-
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_DN_ERROR", ex.toString()));
-                throw ex;
-            }
-            X500Name subjectdn = new X500Name(dn);
-
-            certinfo.set(X509CertInfo.SUBJECT,
-                    new CertificateSubjectName(subjectdn));
-        } catch (LDAPException e) {
-            switch (e.getLDAPResultCode()) {
-            case LDAPException.SERVER_DOWN:
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_AUTH_ATTR_ERROR"));
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
-
-            case LDAPException.NO_SUCH_OBJECT:
-            case LDAPException.LDAP_PARTIAL_RESULTS:
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_USER_ENTRY_ERROR", userdn));
-
-                // fall to below.
-            default:
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.toString()));
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
-                                e.errorCodeToString()));
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_CREATE_SUBJECT_ERROR", userdn, e.getMessage()));
-            throw new EFormSubjectDN(CMS.getUserMessage("CMS_AUTHENTICATION_FORM_SUBJECTDN_ERROR"));
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_CREATE_CERTINFO_ERROR", userdn, e.getMessage()));
-            throw new EFormSubjectDN(CMS.getUserMessage("CMS_AUTHENTICATION_FORM_SUBJECTDN_ERROR"));
-        }
-    }
-
-    /**
-     * Copy values from the LDAPEntry into the AuthToken. The
-     * list of values that should be store this way is given in
-     * a the ldapAttributes configuration parameter.
-     */
-    protected void setAuthTokenValues(LDAPEntry e, AuthToken tok) {
-        for (int i = 0; i < mLdapStringAttrs.length; i++)
-            setAuthTokenStringValue(mLdapStringAttrs[i], e, tok);
-        for (int j = 0; j < mLdapByteAttrs.length; j++)
-            setAuthTokenByteValue(mLdapByteAttrs[j], e, tok);
-    }
-
-    protected void setAuthTokenStringValue(
-            String name, LDAPEntry entry, AuthToken tok) {
-        LDAPAttribute values = entry.getAttribute(name);
-
-        if (values == null)
-            return;
-
-        Vector<String> v = new Vector<String>();
-        @SuppressWarnings("unchecked")
-        Enumeration<String> e = values.getStringValues();
-
-        while (e.hasMoreElements()) {
-            v.addElement(e.nextElement());
-        }
-
-        String a[] = new String[v.size()];
-
-        v.copyInto(a);
-
-        tok.set(name, a);
-    }
-
-    protected void setAuthTokenByteValue(
-            String name, LDAPEntry entry, AuthToken tok) {
-        LDAPAttribute values = entry.getAttribute(name);
-
-        if (values == null)
-            return;
-
-        Vector<byte[]> v = new Vector<byte[]>();
-        @SuppressWarnings("unchecked")
-        Enumeration<byte[]> e = values.getByteValues();
-
-        while (e.hasMoreElements()) {
-            v.addElement(e.nextElement());
-        }
-
-        byte[][] a = new byte[v.size()][];
-
-        v.copyInto(a);
-
-        tok.set(name, a);
-    }
-
-    /**
-     * Return a list of LDAP attributes with String values to retrieve.
-     * Subclasses can override to return any set of attributes.
-     *
-     * @return Array of LDAP attributes to retrieve from the directory.
-     */
-    protected String[] getLdapAttrs() {
-        return mLdapAttrs;
-    }
-
-    /**
-     * Return a list of LDAP attributes with byte[] values to retrieve.
-     * Subclasses can override to return any set of attributes.
-     *
-     * @return Array of LDAP attributes to retrieve from the directory.
-     */
-    protected String[] getLdapByteAttrs() {
-        return mLdapByteAttrs;
-    }
-
-    /**
-     * Formulate the subject name
-     *
-     * @param entry The LDAP entry
-     * @return The subject name string.
-     * @exception EBaseException If an internal error occurs.
-     */
-    protected String formSubjectName(LDAPEntry entry)
-            throws EAuthException {
-        if (mPattern.mPatternString == null)
-            return entry.getDN();
-
-        /*
-         if (mTestDNString != null) {
-         mPattern.mTestDN = mTestDNString;
-         //System.out.println("Set DNPattern.mTestDN to "+mPattern.mTestDN);
-        }
-        */
-
-        String dn = mPattern.formDN(entry);
-
-        CMS.debug("DirBasedAuthentication: formed DN '" + dn + "'");
-        return dn;
-    }
-
-    /**
-     * Logs a message for this class in the system log file.
-     *
-     * @param level The log level.
-     * @param msg The message to log.
-     * @see com.netscape.certsrv.logging.ILogger
-     */
-    protected void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-                level, msg);
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] s = Utils.getStringArrayFromVector(mExtendedPluginInfo);
-
-        return s;
-
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java b/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java
deleted file mode 100644
index 81537f707..000000000
--- a/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java
+++ /dev/null
@@ -1,686 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authentication;
-
-// ldap java sdk
-import java.io.BufferedReader;
-import java.io.BufferedWriter;
-import java.io.File;
-import java.io.FileReader;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.StringTokenizer;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.EInvalidCredentials;
-import com.netscape.certsrv.authentication.EMissingCredential;
-import com.netscape.certsrv.authentication.IAuthCredentials;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileAuthenticator;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This represents the authentication manager that authenticates
- * user against a file where id, and password are stored.
- *
- * @version $Revision$, $Date$
- */
-public class FlatFileAuth
-        implements IProfileAuthenticator, IExtendedPluginInfo {
-
-    /* configuration parameter keys */
-    protected static final String PROP_FILENAME = "fileName";
-    protected static final String PROP_KEYATTRIBUTES = "keyAttributes";
-    protected static final String PROP_AUTHATTRS = "authAttributes";
-    protected static final String PROP_DEFERONFAILURE = "deferOnFailure";
-
-    protected String mFilename = "config/pwfile";
-    protected long mFileLastRead = 0;
-    protected String mKeyAttributes = "UID";
-    protected String mAuthAttrs = "PWD";
-    protected boolean mDeferOnFailure = true;
-    private static final String DATE_PATTERN = "yyyy-MM-dd-HH-mm-ss";
-    private static SimpleDateFormat mDateFormat = new SimpleDateFormat(DATE_PATTERN);
-
-    protected static String[] mConfigParams =
-            new String[] {
-                    PROP_FILENAME,
-                    PROP_KEYATTRIBUTES,
-                    PROP_AUTHATTRS,
-                    PROP_DEFERONFAILURE
-        };
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String s[] = {
-                PROP_FILENAME + ";string;Pathname of password file",
-                PROP_KEYATTRIBUTES + ";string;Comma-separated list of attributes" +
-                        " which together form a unique identifier for the user",
-                PROP_AUTHATTRS + ";string;Comma-separated list of attributes" +
-                        " which are used for further authentication",
-                PROP_DEFERONFAILURE + ";boolean;if user is not found, defer the " +
-                        "request to the queue for manual-authentication (true), or " +
-                        "simply rejected the request (false)"
-            };
-
-        return s;
-    }
-
-    /** name of this authentication manager instance */
-    protected String mName = null;
-
-    protected String FFAUTH = "FlatFileAuth";
-
-    /** name of the authentication manager plugin */
-    protected String mImplName = null;
-
-    /** configuration store */
-    protected IConfigStore mConfig = null;
-
-    /** system logger */
-    protected ILogger mLogger = CMS.getLogger();
-
-    /**
-     * This array is created as to include all the requested attributes
-     *
-     */
-    String[] reqCreds = null;
-
-    String[] authAttrs = null;
-    String[] keyAttrs = null;
-
-    /**
-     * Hashtable of entries from Auth File. Hash index is the
-     * concatenation of the attributes from matchAttributes property
-     */
-    protected Hashtable<String, Hashtable<String, String>> entries = null;
-
-    /**
-     * Get the named property
-     * If the property is not set, use s as the default, and create
-     * a new value for the property in the config file.
-     *
-     * @param propertyName Property name
-     * @param s The default value of the property
-     */
-    protected String getPropertyS(String propertyName, String s)
-            throws EBaseException {
-        String p;
-
-        try {
-            p = mConfig.getString(propertyName);
-        } catch (EPropertyNotFound e) {
-            mConfig.put(propertyName, s);
-            p = s;
-        }
-        return p;
-    }
-
-    public boolean isSSLClientRequired() {
-        return false;
-    }
-
-    /**
-     * Get the named property,
-     * If the property is not set, use b as the default, and create
-     * a new value for the property in the config file.
-     *
-     * @param propertyName Property name
-     * @param b The default value of the property
-     */
-    protected boolean getPropertyB(String propertyName, boolean b)
-            throws EBaseException {
-        boolean p;
-
-        try {
-            p = mConfig.getBoolean(propertyName);
-        } catch (EPropertyNotFound e) {
-            mConfig.put(propertyName, b ? "true" : "false");
-            p = b;
-        }
-        return p;
-    }
-
-    public void init(String name, String implName, IConfigStore config)
-            throws EBaseException {
-        mName = name;
-        mImplName = implName;
-        mConfig = config;
-
-        try {
-            mFilename = getPropertyS(PROP_FILENAME, mFilename);
-            mKeyAttributes = getPropertyS(PROP_KEYATTRIBUTES, mKeyAttributes);
-            mAuthAttrs = getPropertyS(PROP_AUTHATTRS, mAuthAttrs);
-            mDeferOnFailure = getPropertyB(PROP_DEFERONFAILURE, mDeferOnFailure);
-        } catch (EBaseException e) {
-            return;
-        }
-
-        keyAttrs = splitOnComma(mKeyAttributes);
-        authAttrs = splitOnComma(mAuthAttrs);
-
-        String[][] stringArrays = new String[2][];
-
-        stringArrays[0] = keyAttrs;
-        stringArrays[1] = authAttrs;
-        reqCreds = unionOfStrings(stringArrays);
-
-        print("mFilename      = " + mFilename);
-        print("mKeyAttributes = " + mKeyAttributes);
-        print("mAuthAttrs     = " + mAuthAttrs);
-        for (int i = 0; i < stringArrays.length; i++) {
-            for (int j = 0; j < stringArrays[i].length; j++) {
-                print("stringArrays[" + i + "][" + j + "] = " + stringArrays[i][j]);
-            }
-        }
-
-        try {
-            File file = new File(mFilename);
-
-            mFileLastRead = file.lastModified();
-            entries = readFile(file, keyAttrs);
-            CMS.debug("FlatFileAuth: " + CMS.getLogMessage("CMS_AUTH_READ_ENTRIES", mFilename));
-            // printAllEntries();
-        } catch (IOException e) {
-            throw new EBaseException(mName
-                    + " authentication: Could not open file " + mFilename + "   (" + e.getMessage() + ")");
-        } catch (java.lang.StringIndexOutOfBoundsException ee) {
-            CMS.debug("FlatFileAuth: " + CMS.getLogMessage("OPERATION_ERROR", ee.toString()));
-        }
-
-    }
-
-    /**
-     * Log a message.
-     *
-     * @param level The logging level.
-     * @param msg The message to log.
-     */
-    private void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-                level, msg);
-    }
-
-    void print(String s) {
-        CMS.debug("FlatFileAuth: " + s);
-    }
-
-    /**
-     * Return a string array which is the union of all the string arrays
-     * passed in. The strings are treated as case sensitive
-     */
-
-    public String[] unionOfStrings(String[][] stringArrays) {
-        Hashtable<String, String> ht = new Hashtable<String, String>();
-
-        for (int i = 0; i < stringArrays.length; i++) {
-            String[] sa = stringArrays[i];
-
-            for (int j = 0; j < sa.length; j++) {
-                print("unionOfStrings: " + i + "," + j + " = " + sa[j]);
-                ht.put(sa[j], "");
-            }
-        }
-
-        String[] s = new String[ht.size()];
-        Enumeration<String> e = ht.keys();
-
-        for (int i = 0; e.hasMoreElements(); i++) {
-            s[i] = e.nextElement();
-        }
-        return s;
-
-    }
-
-    /**
-     * Split a comma-delimited String into an array of individual
-     * Strings.
-     */
-    private String[] splitOnComma(String s) {
-        print("Splitting String: " + s + " on commas");
-        StringTokenizer st = new StringTokenizer(s, ",", false);
-        String[] sa = new String[st.countTokens()];
-
-        print("   countTokens:" + st.countTokens());
-
-        for (int i = 0; i < sa.length; i++) {
-            String p = st.nextToken().trim();
-
-            print("   token " + i + " = " + p);
-            sa[i] = p;
-        }
-
-        return sa;
-    }
-
-    /**
-     * Join an array of Strings into one string, with
-     * the specified string between each string
-     */
-
-    private String joinStringArray(String[] s, String sep) {
-
-        StringBuffer sb = new StringBuffer();
-        for (int i = 0; i < s.length; i++) {
-            sb.append(s[i]);
-            if (i < (s.length - 1)) {
-                sb.append(sep);
-            }
-        }
-        return sb.toString();
-    }
-
-    private synchronized void updateFile(String key) {
-        try {
-            String name = writeFile(key);
-            if (name != null) {
-                File orgFile = new File(mFilename);
-                long lastModified = orgFile.lastModified();
-                File newFile = new File(name);
-                if (lastModified > mFileLastRead) {
-                    mFileLastRead = lastModified;
-                } else {
-                    mFileLastRead = newFile.lastModified();
-                }
-                if (orgFile.renameTo(new File(name.substring(0, name.length() - 1)))) {
-                    if (!newFile.renameTo(new File(mFilename))) {
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("RENAME_FILE_ERROR", name, mFilename));
-                        File file = new File(name.substring(0, name.length() - 1));
-                        file.renameTo(new File(mFilename));
-                    }
-                } else {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("RENAME_FILE_ERROR", mFilename,
-                                                              name.substring(0, name.length() - 1)));
-                }
-            }
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("FILE_ERROR", e.getMessage()));
-        }
-    }
-
-    private String writeFile(String key) {
-        BufferedReader reader = null;
-        BufferedWriter writer = null;
-        String name = null;
-        boolean commentOutNextLine = false;
-        boolean done = false;
-        String line = null;
-        try {
-            reader = new BufferedReader(new FileReader(mFilename));
-            name = mFilename + "." + mDateFormat.format(new Date()) + "~";
-            writer = new BufferedWriter(new FileWriter(name));
-            if (reader != null && writer != null) {
-                while ((line = reader.readLine()) != null) {
-                    if (commentOutNextLine) {
-                        writer.write("#");
-                        commentOutNextLine = false;
-                    }
-                    if (line.indexOf(key) > -1) {
-                        writer.write("#");
-                        commentOutNextLine = true;
-                    }
-                    writer.write(line);
-                    writer.newLine();
-                }
-                done = true;
-            }
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("FILE_ERROR", e.getMessage()));
-        }
-
-        try {
-            if (reader != null) {
-                reader.close();
-            }
-            if (writer != null) {
-                writer.flush();
-                writer.close();
-            }
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("FILE_ERROR", e.getMessage()));
-        }
-
-        try {
-            if (!done) {
-                long s1 = 0;
-                long s2 = 0;
-                File f1 = new File(mFilename);
-                File f2 = new File(name);
-                if (f1.exists())
-                    s1 = f1.length();
-                if (f2.exists())
-                    s2 = f2.length();
-                if (s1 > 0 && s2 > 0 && s2 > s1) {
-                    done = true;
-                } else {
-                    if (f2.exists())
-                        f2.delete();
-                    name = null;
-                }
-            }
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("FILE_ERROR", e.getMessage()));
-        }
-
-        return name;
-    }
-
-    /**
-     * Read a file with the following format:
-     * <p>
-     *
-     * <pre>
-     * param1: valuea
-     * param2: valueb
-     * -blank-line-
-     * param1: valuec
-     * param2: valued
-     * </pre>
-     *
-     * @param f The file to read
-     * @param keys The parameters to concat together to form the hash
-     *            key
-     * @return a hashtable of hashtables.
-     */
-    protected Hashtable<String, Hashtable<String, String>> readFile(File f, String[] keys)
-            throws IOException {
-        log(ILogger.LL_INFO, "Reading file: " + f.getName());
-        BufferedReader file = new BufferedReader(
-                new FileReader(f)
-                );
-
-        String line;
-        Hashtable<String, Hashtable<String, String>> allusers = new Hashtable<String, Hashtable<String, String>>();
-        Hashtable<String, String> entry = null;
-        int linenum = 0;
-
-        while ((line = file.readLine()) != null) {
-            linenum++;
-            line = line.trim();
-            if (line.length() > 0 && line.charAt(0) == '#') {
-                continue;
-            }
-            int colon = line.indexOf(':');
-
-            if (entry == null) {
-                entry = new Hashtable<String, String>();
-            }
-
-            if (colon == -1) { // no colon -> empty line signifies end of record
-                if (!line.trim().equals("")) {
-                    if (file != null) {
-                        file.close();
-                    }
-                    throw new IOException(FFAUTH + ": Parsing error, " +
-                            "colon missing from line " + linenum + " of " + f.getName());
-                }
-                if (entry.size() > 0) {
-                    putEntry(allusers, entry, keys);
-                    entry = null;
-                }
-                continue;
-            }
-
-            String attr = line.substring(0, colon).trim();
-            String val = line.substring(colon + 1).trim();
-
-            entry.put(attr, val);
-        }
-
-        putEntry(allusers, entry, keys);
-        if (file != null) {
-            file.close();
-        }
-        return allusers;
-    }
-
-    private void putEntry(Hashtable<String, Hashtable<String, String>> allUsers,
-            Hashtable<String, String> entry,
-            String[] keys) {
-        if (entry == null) {
-            return;
-        }
-        String key = "";
-
-        print("keys.length = " + keys.length);
-        for (int i = 0; i < keys.length; i++) {
-            String s = entry.get(keys[i]);
-
-            print(" concatenating: " + s);
-            if (s != null) {
-                key = key.concat(s);
-            }
-        }
-        print("putting: key " + key);
-        allUsers.put(key, entry);
-    }
-
-    void printAllEntries() {
-        Enumeration<String> e = entries.keys();
-
-        while (e.hasMoreElements()) {
-            String key = e.nextElement();
-
-            print("* " + key + " *");
-            Hashtable<String, String> ht = entries.get(key);
-            Enumeration<String> f = ht.keys();
-
-            while (f.hasMoreElements()) {
-                String fkey = f.nextElement();
-
-                print("   " + fkey + " -> " + ht.get(fkey));
-            }
-        }
-    }
-
-    /**
-     * Compare attributes provided by the user with those in
-     * in flat file.
-     *
-     */
-
-    private IAuthToken doAuthentication(Hashtable<String, String> user, IAuthCredentials authCred)
-            throws EMissingCredential, EInvalidCredentials, EBaseException {
-        AuthToken authToken = new AuthToken(this);
-
-        for (int i = 0; i < authAttrs.length; i++) {
-            String ffvalue = user.get(authAttrs[i]);
-            String uservalue = (String) authCred.get(authAttrs[i]);
-
-            // print("checking authentication token (" + authAttrs[i] + ": " + uservalue + " against ff value: " + ffvalue);
-            if (!ffvalue.equals(uservalue)) {
-                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-            }
-        }
-        return authToken;
-    }
-
-    private void reReadPwFile() {
-
-        try {
-            File file = new File(mFilename);
-            long pwfilelastmodified = file.lastModified();
-
-            if (pwfilelastmodified > mFileLastRead) {
-                mFileLastRead = pwfilelastmodified;
-                entries = readFile(file, keyAttrs);
-                // printAllEntries();
-            }
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("READ_FILE_ERROR", mFilename, e.getMessage()));
-        }
-    }
-
-    /**
-     * Authenticate the request
-     *
-     */
-    public IAuthToken authenticate(IAuthCredentials authCred)
-            throws EMissingCredential, EInvalidCredentials, EBaseException {
-        IAuthToken authToken = null;
-        String keyForUser = "";
-
-        /* First check if hashtable has been modified since we last read it in */
-
-        reReadPwFile();
-
-        /* Find the user in our hashtable */
-
-        for (int i = 0; i < keyAttrs.length; i++) {
-            print("concatenating string i=" + i + "  keyAttrs[" + i + "] = " + keyAttrs[i]);
-            String credential = (String) authCred.get(keyAttrs[i]);
-
-            if (credential == null) {
-                throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", keyAttrs[i]));
-            }
-            keyForUser = keyForUser.concat((String) authCred.get(keyAttrs[i]));
-        }
-        print("authenticating user: finding user from key: " + keyForUser);
-
-        Hashtable<String, String> user = entries.get(keyForUser);
-
-        try {
-            if (user != null) {
-                authToken = doAuthentication(user, authCred);
-            } else {
-                CMS.debug("FlatFileAuth: " + CMS.getLogMessage("CMS_AUTH_USER_NOT_FOUND"));
-                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-            }
-        } catch (EInvalidCredentials e) {
-            // If defer on failure is false, then we re-throw the exception
-            // which causes the request to be rejected
-            if (!mDeferOnFailure) {
-                throw e;
-            } else {
-                CMS.debug("FlatFileAuth: Since defering on failure - ignore invalid creds");
-            }
-        }
-
-        // if a dn was specified in the password file for this user,
-        // replace the requested dn with the one in the pwfile
-        if (user != null) {
-            String dn = user.get("dn");
-
-            if (dn != null && authToken != null) {
-                authToken.set(AuthToken.TOKEN_CERT_SUBJECT, dn);
-            }
-        }
-
-        // If defer on failure is true, and the auth failed, authToken will
-        // be null here, which causes the request to be deferred.
-
-        if (user != null && authToken != null) {
-            entries.remove(keyForUser);
-            updateFile(keyForUser);
-            // printAllEntries();
-        }
-        return authToken;
-    }
-
-    /**
-     * Return a list of HTTP parameters which will be taken from the
-     * request posting and placed into the AuthCredentials block
-     *
-     * Note that this method will not be called until after the
-     * init() method is called
-     */
-    public String[] getRequiredCreds() {
-        print("getRequiredCreds returning: " + joinStringArray(reqCreds, ","));
-        return reqCreds;
-
-    }
-
-    /**
-     * Returns a list of configuration parameters, so the console
-     * can prompt the user when configuring.
-     */
-    public String[] getConfigParams() {
-        return mConfigParams;
-    }
-
-    /**
-     * Returns the configuration store used by this authentication manager
-     */
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    public void shutdown() {
-    }
-
-    public String getName() {
-        return mName;
-    }
-
-    public String getImplName() {
-        return mImplName;
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_AGENT_NAME");
-    }
-
-    /**
-     * Retrieves a list of names of the value parameter.
-     */
-    public Enumeration<String> getValueNames() {
-        return null;
-    }
-
-    public boolean isValueWriteable(String name) {
-        return false;
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        return null;
-    }
-
-    public void populate(IAuthToken token, IRequest request)
-            throws EProfileException {
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_AGENT_TEXT");
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/authentication/HashAuthData.java b/base/common/src/com/netscape/cms/authentication/HashAuthData.java
deleted file mode 100644
index 0635c445a..000000000
--- a/base/common/src/com/netscape/cms/authentication/HashAuthData.java
+++ /dev/null
@@ -1,118 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authentication;
-
-// java sdk imports.
-import java.util.Hashtable;
-import java.util.Vector;
-
-/**
- * The structure stores the information of which machine is enabled for
- * the agent-initiated user enrollment, and whom agents enable this feature,
- * and the value of the timeout.
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public class HashAuthData extends Hashtable<String, Vector<Object>> {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -988354133432275910L;
-    public static final long TIMEOUT = 600000;
-    public static final long LASTLOGIN = 0;
-
-    public HashAuthData() {
-    }
-
-    public String getAgentName(String hostname) {
-        Vector<Object> val = get(hostname);
-
-        if (val != null)
-            return (String) val.elementAt(0);
-        return null;
-    }
-
-    public void setAgentName(String hostname, String agentName) {
-        Vector<Object> val = get(hostname);
-
-        if (val == null) {
-            val = new Vector<Object>();
-            put(hostname, val);
-        }
-        val.setElementAt(agentName, 0);
-    }
-
-    public long getTimeout(String hostname) {
-        Vector<Object> val = get(hostname);
-
-        if (val != null) {
-            return ((Long) val.elementAt(1)).longValue();
-        }
-        return TIMEOUT;
-    }
-
-    public void setTimeout(String hostname, long timeout) {
-        Vector<Object> val = get(hostname);
-
-        if (val == null) {
-            val = new Vector<Object>();
-            put(hostname, val);
-        }
-        val.setElementAt(Long.valueOf(timeout), 1);
-    }
-
-    public String getSecret(String hostname) {
-        Vector<Object> val = get(hostname);
-
-        if (val != null) {
-            return (String) val.elementAt(2);
-        }
-        return null;
-    }
-
-    public void setSecret(String hostname, String secret) {
-        Vector<Object> val = get(hostname);
-
-        if (val == null) {
-            val = new Vector<Object>();
-            put(hostname, val);
-        }
-        val.setElementAt(secret, 2);
-    }
-
-    public long getLastLogin(String hostname) {
-        Vector<Object> val = get(hostname);
-
-        if (val != null) {
-            return ((Long) val.elementAt(3)).longValue();
-        }
-        return LASTLOGIN;
-    }
-
-    public void setLastLogin(String hostname, long lastLogin) {
-        Vector<Object> val = get(hostname);
-
-        if (val == null) {
-            val = new Vector<Object>();
-            put(hostname, val);
-        }
-        val.setElementAt(Long.valueOf(lastLogin), 3);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/authentication/HashAuthentication.java b/base/common/src/com/netscape/cms/authentication/HashAuthentication.java
deleted file mode 100644
index 9ebf8a7c0..000000000
--- a/base/common/src/com/netscape/cms/authentication/HashAuthentication.java
+++ /dev/null
@@ -1,283 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authentication;
-
-// ldap java sdk
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.Vector;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.EAuthException;
-import com.netscape.certsrv.authentication.EInvalidCredentials;
-import com.netscape.certsrv.authentication.IAuthCredentials;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * Hash uid/pwd directory based authentication manager
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
-
-    public static final String SALT = "lala123";
-    public static final String CRED_UID = "uid";
-    public static final String CRED_FINGERPRINT = "fingerprint";
-    public static final String CRED_PAGEID = "pageID";
-    public static final String CRED_HOST = "hostname";
-    protected static String[] mRequiredCreds = { CRED_UID,
-            CRED_PAGEID, CRED_FINGERPRINT, CRED_HOST };
-    public static final long DEFAULT_TIMEOUT = 600000;
-
-    private MessageDigest mSHADigest = null;
-    private Hashtable<String, IAuthToken> mData = null;
-    private IConfigStore mConfig;
-    private String mName = null;
-    private String mImplName = null;
-    private ILogger mLogger = CMS.getLogger();
-    private static Vector<String> mExtendedPluginInfo = null;
-    private HashAuthData mHosts = null;
-
-    static String[] mConfigParams =
-            new String[] {};
-
-    static {
-        mExtendedPluginInfo = new Vector<String>();
-        mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT +
-                ";Authenticate the username and password provided " +
-                "by the user against an LDAP directory. Works with the " +
-                "Dir Based Enrollment HTML form");
-        mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-authrules-uidpwddirauth");
-    };
-
-    /**
-     * Default constructor, initialization must follow.
-     */
-    public HashAuthentication() {
-    }
-
-    public void init(String name, String implName, IConfigStore config)
-            throws EBaseException {
-        mName = name;
-        mImplName = implName;
-        mConfig = config;
-        mData = new Hashtable<String, IAuthToken>();
-        mHosts = new HashAuthData();
-
-        try {
-            mSHADigest = MessageDigest.getInstance("SHA1");
-        } catch (NoSuchAlgorithmException e) {
-            throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.getMessage()));
-        }
-
-    }
-
-    public IAuthToken getAuthToken(String key) {
-        return mData.remove(key);
-    }
-
-    public void addAuthToken(String pageID, IAuthToken token) {
-        mData.put(pageID, token);
-    }
-
-    public void deleteToken(String pageID) {
-        mData.remove(pageID);
-    }
-
-    public HashAuthData getData() {
-        return mHosts;
-    }
-
-    public void createEntry(String host, String dn, long timeout,
-            String secret, long lastLogin) {
-        Vector<Object> v = new Vector<Object>();
-
-        v.addElement(dn);
-        v.addElement(Long.valueOf(timeout));
-        v.addElement(secret);
-        v.addElement(Long.valueOf(lastLogin));
-        mHosts.put(host, v);
-    }
-
-    public void disable(String hostname) {
-        mHosts.remove(hostname);
-    }
-
-    public String getAgentName(String hostname) {
-        return mHosts.getAgentName(hostname);
-    }
-
-    public void setAgentName(String hostname, String agentName) {
-        mHosts.setAgentName(hostname, agentName);
-    }
-
-    public boolean isEnable(String hostname) {
-        return mHosts.containsKey(hostname);
-    }
-
-    public long getTimeout(String hostname) {
-        return mHosts.getTimeout(hostname);
-    }
-
-    public void setTimeout(String hostname, long timeout) {
-        mHosts.setTimeout(hostname, timeout);
-    }
-
-    public String getSecret(String hostname) {
-        return mHosts.getSecret(hostname);
-    }
-
-    public void setSecret(String hostname, String secret) {
-        mHosts.setSecret(hostname, secret);
-    }
-
-    public long getLastLogin(String hostname) {
-        return mHosts.getLastLogin(hostname);
-    }
-
-    public void setLastLogin(String hostname, long lastlogin) {
-        mHosts.setLastLogin(hostname, lastlogin);
-    }
-
-    public long getPageID() {
-        Date date = new Date();
-
-        return date.getTime();
-    }
-
-    public void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-                level, msg);
-    }
-
-    public boolean validFingerprint(String host, String pageID, String uid, String fingerprint) {
-        String val = hashFingerprint(host, pageID, uid);
-
-        if (val.equals(fingerprint))
-            return true;
-        return false;
-    }
-
-    public Enumeration<String> getHosts() {
-        return mHosts.keys();
-    }
-
-    public String hashFingerprint(String host, String pageID, String uid) {
-        byte[] hash =
-                mSHADigest.digest((SALT + pageID + getSecret(host) + uid).getBytes());
-        String b64E = Utils.base64encode(hash);
-
-        return "{SHA}" + b64E;
-    }
-
-    public void shutdown() {
-    }
-
-    /**
-     * Authenticates a user based on uid, pwd in the directory.
-     *
-     * @param authCreds The authentication credentials.
-     * @return The user's ldap entry dn.
-     * @exception EInvalidCredentials If the uid and password are not valid
-     * @exception EBaseException If an internal error occurs.
-     */
-    public IAuthToken authenticate(IAuthCredentials authCreds)
-            throws EBaseException {
-        AuthToken token = new AuthToken(this);
-        String fingerprint = (String) authCreds.get(CRED_FINGERPRINT);
-        String pageID = (String) authCreds.get(CRED_PAGEID);
-        String uid = (String) authCreds.get(CRED_UID);
-        String host = (String) authCreds.get(CRED_HOST);
-
-        if (fingerprint.equals("") ||
-                !validFingerprint(host, pageID, uid, fingerprint)) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_INVALID_FINGER_PRINT"));
-            throw new EAuthException("Invalid Fingerprint");
-        }
-
-        // set uid in the token.
-        token.set(CRED_UID, uid);
-
-        return token;
-    }
-
-    /**
-     * Returns array of required credentials for this authentication manager.
-     *
-     * @return Array of required credentials.
-     */
-    public String[] getRequiredCreds() {
-        return mRequiredCreds;
-    }
-
-    /**
-     * Gets the configuration substore used by this authentication manager
-     *
-     * @return configuration store
-     */
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    /**
-     * gets the name of this authentication manager instance
-     */
-    public String getName() {
-        return mName;
-    }
-
-    /**
-     * gets the plugin name of this authentication manager.
-     */
-    public String getImplName() {
-        return mImplName;
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] s = Utils.getStringArrayFromVector(mExtendedPluginInfo);
-
-        return s;
-
-    }
-
-    /**
-     * Returns a list of configuration parameter names.
-     * The list is passed to the configuration console so instances of
-     * this implementation can be configured through the console.
-     *
-     * @return String array of configuration parameter names.
-     */
-    public String[] getConfigParams() {
-        return (mConfigParams);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/authentication/PortalEnroll.java b/base/common/src/com/netscape/cms/authentication/PortalEnroll.java
deleted file mode 100644
index c94cec617..000000000
--- a/base/common/src/com/netscape/cms/authentication/PortalEnroll.java
+++ /dev/null
@@ -1,468 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authentication;
-
-// ldap java sdk
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPAttributeSet;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPObjectClassSchema;
-import netscape.ldap.LDAPSchema;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.EAuthInternalError;
-import com.netscape.certsrv.authentication.EAuthUserError;
-import com.netscape.certsrv.authentication.EInvalidCredentials;
-import com.netscape.certsrv.authentication.EMissingCredential;
-import com.netscape.certsrv.authentication.IAuthCredentials;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.ldap.ILdapConnFactory;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * uid/pwd directory based authentication manager
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public class PortalEnroll extends DirBasedAuthentication {
-
-    /* configuration parameter keys */
-    protected static final String PROP_LDAPAUTH = "ldapauth";
-    protected static final String PROP_AUTHTYPE = "authtype";
-    protected static final String PROP_BINDDN = "bindDN";
-    protected static final String PROP_BINDPW = "bindPW";
-    protected static final String PROP_LDAPCONN = "ldapconn";
-    protected static final String PROP_HOST = "host";
-    protected static final String PROP_PORT = "port";
-    protected static final String PROP_SECURECONN = "secureConn";
-    protected static final String PROP_VERSION = "version";
-    protected static final String PROP_OBJECTCLASS = "objectclass";
-
-    /* required credentials to authenticate. uid and pwd are strings. */
-    public static final String CRED_UID = "uid";
-    public static final String CRED_PWD = "userPassword";
-    protected static String[] mRequiredCreds = { CRED_UID, CRED_PWD };
-
-    /* ldap configuration sub-store */
-    private IArgBlock argblk = null;
-    private String mObjectClass = null;
-    private String mBindDN = null;
-    private String mBaseDN = null;
-    private ILdapConnFactory mLdapFactory = null;
-    private LDAPConnection mLdapConn = null;
-
-    // contains all nested superiors' required attrs in the form of a
-    //	vector of "required" attributes in Enumeration
-    Vector<Enumeration<String>> mRequiredAttrs = null;
-
-    // contains all nested superiors' optional attrs in the form of a
-    //	vector of "optional" attributes in Enumeration
-    Vector<Enumeration<String>> mOptionalAttrs = null;
-
-    // contains all the objclasses, including superiors and itself
-    Vector<String> mObjClasses = null;
-
-    /* Holds configuration parameters accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
-     */
-    protected static String[] mConfigParams =
-            new String[] {
-                    PROP_DNPATTERN,
-                    "ldap.ldapconn.host",
-                    "ldap.ldapconn.port",
-                    "ldap.ldapconn.secureConn",
-                    "ldap.ldapconn.version",
-                    "ldap.ldapauth.bindDN",
-                    "ldap.ldapauth.bindPWPrompt",
-                    "ldap.ldapauth.clientCertNickname",
-                    "ldap.ldapauth.authtype",
-                    "ldap.basedn",
-                    "ldap.objectclass",
-                    "ldap.minConns",
-                    "ldap.maxConns",
-        };
-
-    /**
-     * Default constructor, initialization must follow.
-     */
-    public PortalEnroll()
-            throws EBaseException {
-        super();
-    }
-
-    /**
-     * Initializes the PortalEnrollment auth manager.
-     * <p>
-     *
-     * @param name - The name for this authentication manager instance.
-     * @param implName - The name of the authentication manager plugin.
-     * @param config - The configuration store for this instance.
-     * @exception EBaseException If an error occurs during initialization.
-     */
-    public void init(String name, String implName, IConfigStore config)
-            throws EBaseException {
-        super.init(name, implName, config);
-
-        /* Get Bind DN for directory server */
-        mConfig = mLdapConfig.getSubStore(PROP_LDAPAUTH);
-        mBindDN = mConfig.getString(PROP_BINDDN);
-        if ((mBindDN == null) || (mBindDN.length() == 0) || (mBindDN == ""))
-            throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "binddn"));
-
-        /* Get Bind DN for directory server */
-        mBaseDN = mLdapConfig.getString(PROP_BASEDN);
-        if ((mBaseDN == null) || (mBaseDN.length() == 0) || (mBaseDN == ""))
-            throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "basedn"));
-
-        /* Get Object clase name for enrollment */
-        mObjectClass = mLdapConfig.getString(PROP_OBJECTCLASS);
-        if (mObjectClass == null || mObjectClass.length() == 0)
-            throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "objectclass"));
-
-        /* Get connect parameter */
-        mLdapFactory = CMS.getLdapBoundConnFactory();
-        mLdapFactory.init(mLdapConfig);
-        mLdapConn = mLdapFactory.getConn();
-
-        log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_PORTAL_INIT"));
-    }
-
-    /**
-     * Authenticates a user based on uid, pwd in the directory.
-     *
-     * @param authCreds The authentication credentials.
-     * @return The user's ldap entry dn.
-     * @exception EInvalidCredentials If the uid and password are not valid
-     * @exception EBaseException If an internal error occurs.
-     */
-    protected String authenticate(LDAPConnection conn,
-            IAuthCredentials authCreds,
-            AuthToken token)
-            throws EBaseException {
-        String uid = null;
-        String pwd = null;
-        String dn = null;
-
-        argblk = authCreds.getArgBlock();
-
-        // authenticate by binding to ldap server with password.
-        try {
-            // get the uid.
-            uid = (String) authCreds.get(CRED_UID);
-            if (uid == null) {
-                throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
-            }
-
-            // get the password.
-            pwd = (String) authCreds.get(CRED_PWD);
-            if (pwd == null) {
-                throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD));
-            }
-            if (pwd.equals("")) {
-                // anonymous binding not allowed
-                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-            }
-
-            // get user dn.
-            LDAPSearchResults res = conn.search(mBaseDN,
-                    LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false);
-
-            if (res.hasMoreElements()) {
-                res.nextElement(); // consume the entry
-
-                throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE",
-                        "UID already exists."));
-            } else {
-                dn = regist(token, uid);
-                if (dn == null)
-                    throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE",
-                            "Could not add user " + uid + "."));
-            }
-
-            // bind as user dn and pwd - authenticates user with pwd.
-            conn.authenticate(dn, pwd);
-
-            // set uid in the token.
-            token.set(CRED_UID, uid);
-
-            log(ILogger.LL_INFO, "portal authentication is done");
-
-            return dn;
-        } catch (ELdapException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.toString()));
-            throw e;
-        } catch (LDAPException e) {
-            switch (e.getLDAPResultCode()) {
-            case LDAPException.NO_SUCH_OBJECT:
-            case LDAPException.LDAP_PARTIAL_RESULTS:
-                log(ILogger.LL_SECURITY,
-                        CMS.getLogMessage("CMS_AUTH_ADD_USER_ERROR", conn.getHost(), Integer.toString(conn.getPort())));
-                throw new EAuthInternalError(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR",
-                        "Check Configuration detail."));
-
-            case LDAPException.INVALID_CREDENTIALS:
-                log(ILogger.LL_SECURITY,
-                        CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid));
-                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-
-            case LDAPException.SERVER_DOWN:
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_SERVER_DOWN"));
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
-
-            default:
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.getMessage()));
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
-                                e.errorCodeToString()));
-            }
-        } catch (EBaseException e) {
-            if (e.getMessage().equalsIgnoreCase(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true)
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_MAKE_DN_ERROR", e.toString()));
-            throw e;
-        }
-    }
-
-    /**
-     * Returns a list of configuration parameter names.
-     * The list is passed to the configuration console so instances of
-     * this implementation can be configured through the console.
-     *
-     * @return String array of configuration parameter names.
-     */
-    public String[] getConfigParams() {
-        return (mConfigParams);
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] s = {
-                PROP_DNPATTERN + ";string;Template for cert" +
-                        " Subject Name. ($dn.xxx - get value from user's LDAP " +
-                        "DN.  $attr.yyy - get value from LDAP attributes in " +
-                        "user's entry.) Default: " + DEFAULT_DNPATTERN,
-                "ldap.ldapconn.host;string,required;" + "LDAP host to connect to",
-                "ldap.ldapconn.port;number,required;" + "LDAP port number (default 389, or 636 if SSL)",
-                "ldap.objectclass;string,required;SEE DOCUMENTATION for Object Class. "
-                        + "Default is inetOrgPerson.",
-                "ldap.ldapconn.secureConn;boolean;" + "Use SSL to connect to directory?",
-                "ldap.ldapconn.version;choice(3,2);" + "LDAP protocol version",
-                "ldap.ldapauth.bindDN;string,required;DN to bind as for Directory Manager. "
-                        + "For example 'CN=Directory Manager'",
-                "ldap.ldapauth.bindPWPrompt;password;Enter password used to bind as " +
-                        "the above user",
-                "ldap.ldapauth.authtype;choice(BasicAuth,SslClientAuth);"
-                        + "How to bind to the directory (for pin removal only)",
-                "ldap.ldapauth.clientCertNickname;string;If you want to use "
-                        + "SSL client auth to the directory, set the client "
-                        + "cert nickname here",
-                "ldap.basedn;string,required;Base DN to start searching " +
-                        "under. If your user's DN is 'uid=jsmith, o=company', you " +
-                        "might want to use 'o=company' here",
-                "ldap.minConns;number;number of connections " +
-                        "to keep open to directory server",
-                "ldap.maxConns;number;when needed, connection " +
-                        "pool can grow to this many connections",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";This authentication plugin checks to see if a user " +
-                        "exists in the directory. If not, then the user is created " +
-                        "with the requested password.",
-                IExtendedPluginInfo.HELP_TOKEN + ";configuration-authrules-portalauth"
-            };
-
-        return s;
-    }
-
-    /**
-     * Returns array of required credentials for this authentication manager.
-     *
-     * @return Array of required credentials.
-     */
-    public String[] getRequiredCreds() {
-        return mRequiredCreds;
-    }
-
-    /**
-     * adds a user to the directory.
-     *
-     * @return dn upon success and null upon failure.
-     * @param token authentication token
-     * @param uid the user's id.
-     */
-    public String regist(AuthToken token, String uid) {
-        String dn = "uid=" + uid + "," + mBaseDN;
-
-        /* Specify the attributes of the entry */
-        Vector<String> objectclass_values = null;
-
-        LDAPAttributeSet attrs = new LDAPAttributeSet();
-        LDAPAttribute attr = new LDAPAttribute("objectclass");
-
-        // initialized to new
-        mRequiredAttrs = new Vector<Enumeration<String>>();
-        mOptionalAttrs = new Vector<Enumeration<String>>();
-        mObjClasses = new Vector<String>();
-
-        LDAPSchema dirSchema = null;
-
-        try {
-
-            /* Construct a new LDAPSchema object to hold
-             the schema that you want to retrieve. */
-            dirSchema = new LDAPSchema();
-
-            /* Get the schema from the Directory. Anonymous access okay. */
-            dirSchema.fetchSchema(mLdapConn);
-        } catch (LDAPException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.getMessage()));
-        }
-        // complete mRequiredAttrs, mOptionalAttrs, and mObjClasses
-        initLdapAttrs(dirSchema, mObjectClass);
-
-        objectclass_values = mObjClasses;
-        for (int i = objectclass_values.size() - 1; i >= 0; i--)
-            attr.addValue(objectclass_values.elementAt(i));
-        attrs.add(attr);
-
-        Enumeration<Enumeration<String>> objClasses = mRequiredAttrs.elements();
-        Enumeration<String> attrnames = null;
-
-        while (objClasses.hasMoreElements()) {
-            attrnames = objClasses.nextElement();
-            CMS.debug("PortalEnroll: Required attrs:");
-            while (attrnames.hasMoreElements()) {
-                String attrname = attrnames.nextElement();
-                String attrval = null;
-
-                CMS.debug("PortalEnroll: attrname is: " + attrname);
-                if (attrname.equalsIgnoreCase("objectclass") == true)
-                    continue;
-                try {
-                    attrval = argblk.getValueAsString(attrname);
-                } catch (EBaseException e) {
-                    if (e.getMessage().equalsIgnoreCase(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true)
-                        continue;
-                }
-
-                CMS.debug("PortalEnroll: " + attrname + " = " + attrval);
-                attrs.add(new LDAPAttribute(attrname, attrval));
-            }
-
-        }
-
-        objClasses = mOptionalAttrs.elements();
-        attrnames = null;
-
-        while (objClasses.hasMoreElements()) {
-            attrnames = objClasses.nextElement();
-            CMS.debug("PortalEnroll: Optional attrs:");
-            while (attrnames.hasMoreElements()) {
-                String attrname = attrnames.nextElement();
-                String attrval = null;
-
-                CMS.debug("PortalEnroll: attrname is: " + attrname);
-                try {
-                    attrval = argblk.getValueAsString(attrname);
-                } catch (EBaseException e) {
-                    if (e.getMessage().equalsIgnoreCase(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true)
-                        continue;
-                }
-                CMS.debug("PortalEnroll: " + attrname + " = " + attrval);
-                if (attrval != null) {
-                    attrs.add(new LDAPAttribute(attrname, attrval));
-                }
-            }
-        }
-
-        /* Create an entry with this DN and these attributes */
-        LDAPEntry entry = new LDAPEntry(dn, attrs);
-
-        try {
-
-            /* Now add the entry to the directory */
-            mLdapConn.add(entry);
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.getMessage()));
-            } else
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.getMessage()));
-            return null;
-        }
-
-        log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_REGISTRATION_DONE"));
-
-        return dn;
-    }
-
-    /*
-     *  get the superiors of "inetOrgPerson" so the "required
-     *  attributes", "optional qttributes", and "object classes" are complete;
-     *  should build up
-     *  mRequiredAttrs, mOptionalAttrs, and mObjClasses when returned
-     */
-    @SuppressWarnings("unchecked")
-    public void initLdapAttrs(LDAPSchema dirSchema, String oclass) {
-        CMS.debug("PortalEnroll: in initLdapAttrsAttrs");
-        mObjClasses.addElement(oclass);
-        if (oclass.equalsIgnoreCase("top"))
-            return;
-
-        try {
-
-            /* Get and print the def. of the object class. */
-            LDAPObjectClassSchema objClass = dirSchema.getObjectClass(oclass);
-
-            if (objClass != null) {
-                mRequiredAttrs.add(objClass.getRequiredAttributes());
-                mOptionalAttrs.add(objClass.getOptionalAttributes());
-            } else {
-                return;
-            }
-
-            CMS.debug("PortalEnroll: getting superiors for: " + oclass);
-            String superiors[] = objClass.getSuperiors();
-
-            CMS.debug("PortalEnroll: got superiors, superiors.length=" + superiors.length);
-            if (superiors.length == 0)
-                return;
-            for (int i = 0; i < superiors.length; i++) {
-                CMS.debug("Portalenroll: superior" + i + "=" + superiors[i]);
-                objClass = dirSchema.getObjectClass(superiors[i]);
-                initLdapAttrs(dirSchema, superiors[i]);
-            }
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.getMessage()));
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/authentication/RDNPattern.java b/base/common/src/com/netscape/cms/authentication/RDNPattern.java
deleted file mode 100644
index 14d5a2f8f..000000000
--- a/base/common/src/com/netscape/cms/authentication/RDNPattern.java
+++ /dev/null
@@ -1,232 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authentication;
-
-import java.io.IOException;
-import java.io.PushbackReader;
-import java.io.StringReader;
-import java.util.Vector;
-
-import netscape.ldap.LDAPEntry;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.EAuthException;
-import com.netscape.certsrv.base.EBaseException;
-
-/**
- * class for parsing a DN pattern used to construct a certificate
- * subject name from ldap attributes and dn.
- * <p>
- *
- * dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If
- * empty or not set, the ldap entry DN will be used as the certificate subject name.
- * <p>
- *
- * The syntax is
- *
- * <pre>
- * 	dnPattern := rdnPattern *[ "," rdnPattern ]
- * 	rdnPattern := avaPattern *[ "+" avaPattern ]
- * 		avaPattern := name "=" value |
- * 			      name "=" "$attr" "." attrName [ "." attrNumber ] |
- * 			      name "=" "$dn" "." attrName [ "." attrNumber ] |
- * 			 	  "$dn" "." "$rdn" "." number
- * </pre>
- *
- * <pre>
- * Example1: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US </i>
- * Ldap entry: dn:  UID=jjames, OU=IS, OU=people, O=acme.org
- * Ldap attributes: cn: Jesse James
- * Ldap attributes: mail: jjames@acme.org
- * <p>
- * The subject name formulated will be : <br>
- *     E=jjames@acme.org, CN=Jesse James, OU=people, O=acme.org, C=US
- * <p>
- *     E = the first 'mail' ldap attribute value in user's entry. <br>
- *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
- *     OU = the second 'ou' value in the user's entry DN. <br>
- *     O = the (first) 'o' value in the user's entry DN. <br>
- *     C = the string "US"
- * <p>
- * Example2: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US</i>
- * Ldap entry: dn:  UID=jjames, OU=IS+OU=people, O=acme.org
- * Ldap attributes: cn: Jesse James
- * Ldap attributes: mail: jjames@acme.org
- * <p>
- * The subject name formulated will be : <br>
- *     E=jjames@acme.org, CN=Jesse James, OU=people, O=acme.org, C=US
- * <p>
- *     E = the first 'mail' ldap attribute value in user's entry. <br>
- *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
- *     OU = the second 'ou' value in the user's entry DN. note multiple AVAs
- * 	    in a RDN in this example. <br>
- *     O = the (first) 'o' value in the user's entry DN. <br>
- *     C = the string "US"
- * <p>
- * </pre>
- *
- * <pre>
- * Example3: <i>CN=$attr.cn, $rdn.2, O=$dn.o, C=US</i>
- * Ldap entry: dn:  UID=jjames, OU=IS+OU=people, O=acme.org
- * Ldap attributes: cn: Jesse James
- * Ldap attributes: mail: jjames@acme.org
- * <p>
- * The subject name formulated will be : <br>
- *     CN=Jesse James, OU=IS+OU=people, O=acme.org, C=US
- * <p>
- *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
- *     followed by the second RDN in the user's entry DN. <br>
- *     O = the (first) 'o' value in the user's entry DN. <br>
- *     C = the string "US"
- * <p>
- * Example4: <i>CN=$attr.cn, OU=$dn.ou.2+OU=$dn.ou.1, O=$dn.o, C=US</i>
- * Ldap entry: dn:  UID=jjames, OU=IS+OU=people, O=acme.org
- * Ldap attributes: cn: Jesse James
- * Ldap attributes: mail: jjames@acme.org
- * <p>
- * The subject name formulated will be : <br>
- *     CN=Jesse James, OU=people+OU=IS, O=acme.org, C=US
- * <p>
- *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
- *     OU = the second 'ou' value in the user's entry DN followed by the
- * 		first 'ou' value in the user's entry. note multiple AVAs
- * 	    in a RDN in this example. <br>
- *     O = the (first) 'o' value in the user's entry DN. <br>
- *     C = the string "US"
- * <p>
- * </pre>
- *
- * If an attribute or subject DN component does not exist the attribute is skipped.
- *
- * @version $Revision$, $Date$
- */
-class RDNPattern {
-
-    /* ldap attributes needed by this RDN (to retrieve from ldap) */
-    private String[] mLdapAttrs = null;
-
-    /* AVA patterns */
-    protected AVAPattern[] mAVAPatterns = null;
-
-    /* original pattern string */
-    protected String mPatternString = null;
-
-    protected String mTestDN = null;
-
-    /**
-     * Construct a DN pattern by parsing a pattern string.
-     *
-     * @param pattenr the DN pattern
-     * @exception EBaseException If parsing error occurs.
-     */
-    public RDNPattern(String pattern)
-            throws EAuthException {
-        if (pattern == null || pattern.equals("")) {
-            // create an attribute list that is the dn.
-            mLdapAttrs = new String[] { "dn" };
-        } else {
-            mPatternString = pattern;
-            PushbackReader in = new PushbackReader(new StringReader(pattern));
-
-            parse(in);
-        }
-    }
-
-    /**
-     * Construct a DN pattern from a input stream of pattern
-     */
-    public RDNPattern(PushbackReader in)
-            throws EAuthException {
-        parse(in);
-    }
-
-    private void parse(PushbackReader in)
-            throws EAuthException {
-        //System.out.println("_________ begin rdn _________");
-        Vector<AVAPattern> avaPatterns = new Vector<AVAPattern>();
-        AVAPattern avaPattern = null;
-        int lastChar;
-
-        do {
-            avaPattern = new AVAPattern(in);
-            avaPatterns.addElement(avaPattern);
-            //System.out.println("added AVAPattern"+
-            //" mType "+avaPattern.mType+
-            //" mAttr "+avaPattern.mAttr+
-            //" mValue "+avaPattern.mValue+
-            //" mElement "+avaPattern.mElement);
-            try {
-                lastChar = in.read();
-            } catch (IOException e) {
-                throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
-            }
-        } while (lastChar == '+');
-
-        if (lastChar != -1) {
-            try {
-                in.unread(lastChar); // pushback last ,
-            } catch (IOException e) {
-                throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
-            }
-        }
-
-        mAVAPatterns = new AVAPattern[avaPatterns.size()];
-        avaPatterns.copyInto(mAVAPatterns);
-
-        Vector<String> ldapAttrs = new Vector<String>();
-
-        for (int i = 0; i < mAVAPatterns.length; i++) {
-            String avaAttr = mAVAPatterns[i].getLdapAttr();
-
-            if (avaAttr == null || avaAttr.length() == 0)
-                continue;
-            ldapAttrs.addElement(avaAttr);
-        }
-        mLdapAttrs = new String[ldapAttrs.size()];
-        ldapAttrs.copyInto(mLdapAttrs);
-    }
-
-    /**
-     * Form a Ldap v3 DN string from results of a ldap search.
-     *
-     * @param entry LDAPentry from a ldap search
-     * @return Ldap v3 DN string to use for a subject name.
-     */
-    public String formRDN(LDAPEntry entry)
-            throws EAuthException {
-        StringBuffer formedRDN = new StringBuffer();
-
-        for (int i = 0; i < mAVAPatterns.length; i++) {
-            if (mTestDN != null)
-                mAVAPatterns[i].mTestDN = mTestDN;
-            String ava = mAVAPatterns[i].formAVA(entry);
-
-            if (ava != null && ava.length() > 0) {
-                if (formedRDN.length() != 0)
-                    formedRDN.append("+");
-                formedRDN.append(ava);
-            }
-        }
-        //System.out.println("formed RDN "+formedRDN.toString());
-        return formedRDN.toString();
-    }
-
-    public String[] getLdapAttrs() {
-        return mLdapAttrs.clone();
-    }
-}
diff --git a/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java b/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java
deleted file mode 100644
index 2bec1b68d..000000000
--- a/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java
+++ /dev/null
@@ -1,352 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2008 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authentication;
-
-import java.security.Principal;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-
-import netscape.security.x509.BasicConstraintsExtension;
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.EInvalidCredentials;
-import com.netscape.certsrv.authentication.EMissingCredential;
-import com.netscape.certsrv.authentication.IAuthCredentials;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authentication.ISSLClientCertProvider;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileAuthenticator;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.usrgrp.Certificates;
-
-/**
- * Certificate server SSL client authentication.
- *
- * @author Christina Fu
- *         <P>
- *
- */
-public class SSLclientCertAuthentication implements IAuthManager,
-        IProfileAuthenticator {
-
-    /* result auth token attributes */
-    public static final String TOKEN_USERDN = "user";
-    public static final String TOKEN_USER_DN = "userdn";
-    public static final String TOKEN_USERID = "userid";
-    public static final String TOKEN_UID = "uid";
-
-    /* required credentials */
-    public static final String CRED_CERT = IAuthManager.CRED_SSL_CLIENT_CERT;
-    protected String[] mRequiredCreds = { CRED_CERT };
-
-    /* config parameters to pass to console (none) */
-    protected static String[] mConfigParams = null;
-
-    private String mName = null;
-    private String mImplName = null;
-    private IConfigStore mConfig = null;
-
-    public SSLclientCertAuthentication() {
-    }
-
-    /**
-     * initializes the SSLClientCertAuthentication auth manager
-     * <p>
-     * called by AuthSubsystem init() method, when initializing all available authentication managers.
-     *
-     * @param name The name of this authentication manager instance.
-     * @param implName The name of the authentication manager plugin.
-     * @param config The configuration store for this authentication manager.
-     */
-    public void init(String name, String implName, IConfigStore config)
-            throws EBaseException {
-        mName = name;
-        mImplName = implName;
-        mConfig = config;
-    }
-
-    /**
-     * Gets the name of this authentication manager.
-     */
-    public String getName() {
-        return mName;
-    }
-
-    /**
-     * Gets the plugin name of authentication manager.
-     */
-    public String getImplName() {
-        return mImplName;
-    }
-
-    public boolean isSSLClientRequired() {
-        return true;
-    }
-
-    /**
-     * authenticates user by certificate
-     * <p>
-     * called by other subsystems or their servlets to authenticate users
-     *
-     * @param authCred - authentication credential that contains
-     *            an usrgrp.Certificates of the user (agent)
-     * @return the authentication token that contains the following
-     *
-     * @exception EMissingCredential If a required credential for this
-     *                authentication manager is missing.
-     * @exception EInvalidCredentials If credentials cannot be authenticated.
-     * @exception EBaseException If an internal error occurred.
-     * @see com.netscape.certsrv.authentication.AuthToken
-     * @see com.netscape.certsrv.usrgrp.Certificates
-     */
-    public IAuthToken authenticate(IAuthCredentials authCred)
-            throws EMissingCredential, EInvalidCredentials, EBaseException {
-
-        CMS.debug("SSLclientCertAuthentication: start");
-        CMS.debug("authenticator instance name is " + getName());
-
-        // force SSL handshake
-        SessionContext context = SessionContext.getExistingContext();
-        ISSLClientCertProvider provider = (ISSLClientCertProvider)
-                context.get("sslClientCertProvider");
-
-        if (provider == null) {
-            CMS.debug("SSLclientCertAuthentication: No SSL Client Cert Provider Found");
-            throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-        }
-        CMS.debug("SSLclientCertAuthentication: got provider");
-        CMS.debug("SSLclientCertAuthentication: retrieving client certificate");
-        X509Certificate[] allCerts = provider.getClientCertificateChain();
-
-        if (allCerts == null) {
-            CMS.debug("SSLclientCertAuthentication: No SSL Client Certs Found");
-            throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-        }
-        CMS.debug("SSLclientCertAuthentication: got certificates");
-
-        // retreive certificate from socket
-        AuthToken authToken = new AuthToken(this);
-        X509Certificate[] x509Certs = allCerts;
-
-        // default certificate default has bugs in version
-        // version(3) is returned as 3, which should be 2
-        X509CertImpl ci[] = new X509CertImpl[x509Certs.length];
-
-        X509Certificate clientCert = null;
-        try {
-            for (int i = 0; i < x509Certs.length; i++) {
-                ci[i] = new X509CertImpl(x509Certs[i].getEncoded());
-                // find out which one is the leaf cert
-                clientCert = ci[i];
-
-                byte[] extBytes = clientCert.getExtensionValue("2.5.29.19");
-                // try to see if this is a leaf cert
-                // look for BasicConstraint extension
-                if (extBytes == null) {
-                    // found leaf cert
-                    CMS.debug("SSLclientCertAuthentication: authenticate: found leaf cert");
-                    break;
-                } else {
-                    CMS.debug("SSLclientCertAuthentication: authenticate: found cert having BasicConstraints ext");
-                    // it's got BasicConstraints extension
-                    // so it's not likely to be a leaf cert,
-                    // however, check the isCA field regardless
-                    try {
-                        BasicConstraintsExtension bce =
-                                new BasicConstraintsExtension(true, extBytes);
-                        if (bce != null) {
-                            if (!(Boolean) bce.get("is_ca")) {
-                                CMS.debug("SSLclientCertAuthentication: authenticate: found CA cert in chain");
-                                break;
-                            } // else found a ca cert, continue
-                        }
-                    } catch (Exception e) {
-                        CMS.debug("SSLclientCertAuthentication: authenticate: exception:" +
-                                 e.toString());
-                        throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-                    }
-                }
-            }
-            if (clientCert == null) {
-                CMS.debug("SSLclientCertAuthentication: authenticate: client cert not found");
-                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-            }
-        } catch (CertificateException e) {
-            CMS.debug(e.toString());
-            throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-        }
-
-        // check if certificate(s) is revoked
-        boolean checkRevocation = true;
-        try {
-            checkRevocation = mConfig.getBoolean("checkRevocation", true);
-        } catch (EBaseException e) {
-            // do nothing; default to true
-        }
-        if (checkRevocation) {
-            if (CMS.isRevoked(ci)) {
-                CMS.debug("SSLclientCertAuthentication: certificate revoked");
-                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-            }
-        }
-        Certificates certs = new Certificates(ci);
-        Principal p_dn = clientCert.getSubjectDN();
-        authToken.set(TOKEN_USERDN, p_dn.getName());
-        authToken.set("userdn", p_dn.getName());
-        String uid = getUidFromDN(p_dn.getName());
-        if (uid != null) {
-            authToken.set(TOKEN_UID, uid);
-            authToken.set(TOKEN_USERID, uid);
-        }
-        /*
-                authToken.set(TOKEN_USER_DN, user.getUserDN());
-                authToken.set(TOKEN_USERID, user.getUserID());
-                authToken.set(TOKEN_UID, user.getUserID());
-                authToken.set(TOKEN_GROUP, groupname);
-        */
-        authToken.set(CRED_CERT, certs);
-
-        CMS.debug("SSLclientCertAuthentication: authenticated ");
-
-        return authToken;
-    }
-
-    String getUidFromDN(String userdn) {
-        StringTokenizer st = new StringTokenizer(userdn, ",");
-        while (st.hasMoreTokens()) {
-            String t = st.nextToken();
-            int i = t.indexOf("=");
-
-            if (i == -1) {
-                continue;
-            }
-            String n = t.substring(0, i);
-            if (n.equalsIgnoreCase("uid")) {
-                String v = t.substring(i + 1);
-                CMS.debug("SSLclientCertAuthentication: getUidFromDN(): uid found:" + v);
-                return v;
-            } else {
-                continue;
-            }
-        }
-        return null;
-    }
-
-    /**
-     * get the list of authentication credential attribute names
-     * required by this authentication manager. Generally used by
-     * the servlets that handle agent operations to authenticate its
-     * users. It calls this method to know which are the
-     * required credentials from the user (e.g. Javascript form data)
-     *
-     * @return attribute names in Vector
-     */
-    public String[] getRequiredCreds() {
-        return (mRequiredCreds);
-    }
-
-    /**
-     * get the list of configuration parameter names
-     * required by this authentication manager. Generally used by
-     * the Certificate Server Console to display the table for
-     * configuration purposes. CertUserDBAuthentication is currently not
-     * exposed in this case, so this method is not to be used.
-     *
-     * @return configuration parameter names in Hashtable of Vectors
-     *         where each hashtable entry's key is the substore name, value is a
-     *         Vector of parameter names. If no substore, the parameter name
-     *         is the Hashtable key itself, with value same as key.
-     */
-    public String[] getConfigParams() {
-        return (mConfigParams);
-    }
-
-    /**
-     * prepare this authentication manager for shutdown.
-     */
-    public void shutdown() {
-    }
-
-    /**
-     * gets the configuretion substore used by this authentication
-     * manager
-     *
-     * @return configuration store
-     */
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    // Profile-related methods
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_SSL_CLIENT_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_SSL_CLIENT_TEXT");
-    }
-
-    /**
-     * Retrieves a list of names of the value parameter.
-     */
-    public Enumeration<String> getValueNames() {
-        return null;
-    }
-
-    public boolean isValueWriteable(String name) {
-        return false;
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        return null;
-    }
-
-    public void populate(IAuthToken token, IRequest request)
-            throws EProfileException {
-        request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
-                token.getInString(TOKEN_USERDN));
-        request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
-                token.getInString("userDN"));
-    }
-}
diff --git a/base/common/src/com/netscape/cms/authentication/SharedSecret.java b/base/common/src/com/netscape/cms/authentication/SharedSecret.java
deleted file mode 100644
index 7a0784c53..000000000
--- a/base/common/src/com/netscape/cms/authentication/SharedSecret.java
+++ /dev/null
@@ -1,38 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authentication;
-
-import java.math.BigInteger;
-
-import org.mozilla.jss.pkix.cmc.PKIData;
-
-import com.netscape.certsrv.authentication.ISharedToken;
-
-public class SharedSecret implements ISharedToken {
-
-    public SharedSecret() {
-    }
-
-    public String getSharedToken(PKIData cmcdata) {
-        return "testing";
-    }
-
-    public String getSharedToken(BigInteger serial) {
-        return "testing";
-    }
-}
diff --git a/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java b/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java
deleted file mode 100644
index 99abad7eb..000000000
--- a/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java
+++ /dev/null
@@ -1,327 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authentication;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.EInvalidCredentials;
-import com.netscape.certsrv.authentication.EMissingCredential;
-import com.netscape.certsrv.authentication.IAuthCredentials;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileAuthenticator;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cmsutil.http.HttpClient;
-import com.netscape.cmsutil.http.HttpRequest;
-import com.netscape.cmsutil.http.HttpResponse;
-import com.netscape.cmsutil.http.JssSSLSocketFactory;
-import com.netscape.cmsutil.xml.XMLObject;
-
-/**
- * Token authentication.
- * Checked if the given token is valid.
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public class TokenAuthentication implements IAuthManager,
-        IProfileAuthenticator {
-
-    /* result auth token attributes */
-    public static final String TOKEN_UID = "uid";
-    public static final String TOKEN_GID = "gid";
-
-    /* required credentials */
-    public static final String CRED_SESSION_ID = IAuthManager.CRED_SESSION_ID;
-    protected String[] mRequiredCreds = { CRED_SESSION_ID };
-
-    /* config parameters to pass to console (none) */
-    protected static String[] mConfigParams = null;
-
-    private String mName = null;
-    private String mImplName = null;
-    private IConfigStore mConfig = null;
-
-    public TokenAuthentication() {
-    }
-
-    /**
-     * initializes the TokenAuthentication auth manager
-     * <p>
-     * called by AuthSubsystem init() method, when initializing all available authentication managers.
-     *
-     * @param name The name of this authentication manager instance.
-     * @param implName The name of the authentication manager plugin.
-     * @param config The configuration store for this authentication manager.
-     */
-    public void init(String name, String implName, IConfigStore config)
-            throws EBaseException {
-        mName = name;
-        mImplName = implName;
-        mConfig = config;
-    }
-
-    /**
-     * Gets the name of this authentication manager.
-     */
-    public String getName() {
-        return mName;
-    }
-
-    /**
-     * Gets the plugin name of authentication manager.
-     */
-    public String getImplName() {
-        return mImplName;
-    }
-
-    public boolean isSSLClientRequired() {
-        return false;
-    }
-
-    /**
-     * authenticates user(agent) by certificate
-     * <p>
-     * called by other subsystems or their servlets to authenticate users (agents)
-     *
-     * @param authCred - authentication credential that contains
-     *            an usrgrp.Certificates of the user (agent)
-     * @return the authentication token that contains the following
-     * @exception EMissingCredential If a required credential for this
-     *                authentication manager is missing.
-     * @exception EInvalidCredentials If credentials cannot be authenticated.
-     * @exception EBaseException If an internal error occurred.
-     * @see com.netscape.certsrv.authentication.AuthToken
-     * @see com.netscape.certsrv.usrgrp.Certificates
-     */
-    public IAuthToken authenticate(IAuthCredentials authCred)
-            throws EMissingCredential, EInvalidCredentials, EBaseException {
-
-        CMS.debug("TokenAuthentication: start");
-
-        // force SSL handshake
-        SessionContext context = SessionContext.getExistingContext();
-
-        // retreive certificate from socket
-        AuthToken authToken = new AuthToken(this);
-
-        // get group name from configuration file
-        IConfigStore sconfig = CMS.getConfigStore();
-
-        String sessionId = (String) authCred.get(CRED_SESSION_ID);
-        String givenHost = (String) authCred.get("clientHost");
-        String authHost = sconfig.getString("securitydomain.host");
-        int authAdminPort = sconfig.getInteger("securitydomain.httpsadminport");
-        int authEEPort = sconfig.getInteger("securitydomain.httpseeport");
-        String authURL = "/ca/admin/ca/tokenAuthenticate";
-
-        String content = CRED_SESSION_ID + "=" + sessionId + "&hostname=" + givenHost;
-        CMS.debug("TokenAuthentication: content=" + content);
-
-        String c = null;
-        try {
-            c = sendAuthRequest(authHost, authAdminPort, authURL, content);
-            // in case where the new interface does not exist, EE will return a badly
-            // formatted response which will throw an exception during parsing
-            if (c != null) {
-                @SuppressWarnings("unused")
-                XMLObject parser = new XMLObject(new ByteArrayInputStream(c.getBytes()));
-            }
-        } catch (Exception e) {
-
-            CMS.debug("TokenAuthenticate: failed to contact admin host:port "
-                    + authHost + ":" + authAdminPort + " " + e);
-            CMS.debug("TokenAuthenticate: attempting ee port " + authEEPort);
-            authURL = "/ca/ee/ca/tokenAuthenticate";
-            try {
-                c = sendAuthRequest(authHost, authEEPort, authURL, content);
-            } catch (IOException e1) {
-                CMS.debug("TokenAuthenticate: failed to contact EE host:port "
-                        + authHost + ":" + authAdminPort + " " + e1);
-                throw new EBaseException(e1.getMessage());
-            }
-        }
-
-        if (c != null) {
-            try {
-                ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
-                XMLObject parser = null;
-
-                try {
-                    parser = new XMLObject(bis);
-                } catch (Exception e) {
-                    CMS.debug("TokenAuthentication::authenticate() - "
-                             + "Exception=" + e.toString());
-                    throw new EBaseException(e.toString());
-                }
-                String status = parser.getValue("Status");
-
-                CMS.debug("TokenAuthentication: status=" + status);
-                if (!status.equals("0")) {
-                    String error = parser.getValue("Error");
-                    throw new EBaseException(error);
-                }
-
-                String uid = parser.getValue("uid");
-                String gid = parser.getValue("gid");
-
-                authToken.set(TOKEN_UID, uid);
-                authToken.set(TOKEN_GID, gid);
-
-                if (context != null) {
-                    CMS.debug("SessionContext.USER_ID " + uid + " SessionContext.GROUP_ID " + gid);
-                    context.put(SessionContext.USER_ID, uid);
-                    context.put(SessionContext.GROUP_ID, gid);
-                }
-
-                CMS.debug("TokenAuthentication: authenticated uid=" + uid + ", gid=" + gid);
-            } catch (EBaseException e) {
-                throw e;
-            } catch (Exception e) {
-            }
-        }
-
-        return authToken;
-    }
-
-    private String sendAuthRequest(String authHost, int authPort, String authUrl, String content)
-            throws IOException {
-        HttpClient httpclient = new HttpClient();
-        String c = null;
-
-        JssSSLSocketFactory factory = new JssSSLSocketFactory();
-        httpclient = new HttpClient(factory);
-        httpclient.connect(authHost, authPort);
-        HttpRequest httprequest = new HttpRequest();
-        httprequest.setMethod(HttpRequest.POST);
-        httprequest.setURI(authUrl);
-        httprequest.setHeader("user-agent", "HTTPTool/1.0");
-        httprequest.setHeader("content-length", "" + content.length());
-        httprequest.setHeader("content-type",
-                "application/x-www-form-urlencoded");
-        httprequest.setContent(content);
-
-        HttpResponse httpresponse = httpclient.send(httprequest);
-        c = httpresponse.getContent();
-
-        return c;
-    }
-
-    /**
-     * get the list of authentication credential attribute names
-     * required by this authentication manager. Generally used by
-     * the servlets that handle agent operations to authenticate its
-     * users. It calls this method to know which are the
-     * required credentials from the user (e.g. Javascript form data)
-     *
-     * @return attribute names in Vector
-     */
-    public String[] getRequiredCreds() {
-        return (mRequiredCreds);
-    }
-
-    /**
-     * get the list of configuration parameter names
-     * required by this authentication manager. Generally used by
-     * the Certificate Server Console to display the table for
-     * configuration purposes. CertUserDBAuthentication is currently not
-     * exposed in this case, so this method is not to be used.
-     *
-     * @return configuration parameter names in Hashtable of Vectors
-     *         where each hashtable entry's key is the substore name, value is a
-     *         Vector of parameter names. If no substore, the parameter name
-     *         is the Hashtable key itself, with value same as key.
-     */
-    public String[] getConfigParams() {
-        return (mConfigParams);
-    }
-
-    /**
-     * prepare this authentication manager for shutdown.
-     */
-    public void shutdown() {
-    }
-
-    /**
-     * gets the configuretion substore used by this authentication
-     * manager
-     *
-     * @return configuration store
-     */
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    // Profile-related methods
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_AGENT_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_AGENT_TEXT");
-    }
-
-    /**
-     * Retrieves a list of names of the value parameter.
-     */
-    public Enumeration<String> getValueNames() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement(CRED_SESSION_ID);
-        return v.elements();
-    }
-
-    public boolean isValueWriteable(String name) {
-        return false;
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        return null;
-    }
-
-    public void populate(IAuthToken token, IRequest request)
-            throws EProfileException {
-    }
-}
diff --git a/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java b/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java
deleted file mode 100644
index 2f9fc43bd..000000000
--- a/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java
+++ /dev/null
@@ -1,189 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authentication;
-
-// ldap java sdk
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPException;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.EInvalidCredentials;
-import com.netscape.certsrv.authentication.EMissingCredential;
-import com.netscape.certsrv.authentication.IAuthCredentials;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * udn/pwd directory based authentication manager
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public class UdnPwdDirAuthentication extends DirBasedAuthentication {
-
-    /* required credentials to authenticate. udn and pwd are strings. */
-    public static final String CRED_UDN = "udn";
-    public static final String CRED_PWD = "pwd";
-    protected static String[] mRequiredCreds = { CRED_UDN, CRED_PWD };
-
-    /* Holds configuration parameters accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
-     */
-    protected static String[] mConfigParams =
-            new String[] { PROP_DNPATTERN,
-                    PROP_LDAPSTRINGATTRS,
-                    PROP_LDAPBYTEATTRS,
-                    "ldap.ldapconn.host",
-                    "ldap.ldapconn.port",
-                    "ldap.ldapconn.secureConn",
-                    "ldap.ldapconn.version",
-                    "ldap.minConns",
-                    "ldap.maxConns",
-        };
-
-    static {
-        mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT +
-                ";Authenticate the user distinguished name and password provided " +
-                "by the user against an LDAP directory. Works with the " +
-                "Dir Based Enrollment HTML form");
-        mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-authentication");
-    };
-
-    /**
-     * Default constructor, initialization must follow.
-     */
-    public UdnPwdDirAuthentication() {
-        super();
-    }
-
-    /**
-     * Initializes the UdnPwdDirAuthentication auth manager.
-     * <p>
-     *
-     * @param name - The name for this authentication manager instance.
-     * @param implName - The name of the authentication manager plugin.
-     * @param config - The configuration store for this instance.
-     * @exception EBaseException If an error occurs during initialization.
-     */
-    public void init(String name, String implName, IConfigStore config)
-            throws EBaseException {
-        super.init(name, implName, config, false);
-    }
-
-    /**
-     * Authenticates a user based on udn, pwd in the directory.
-     *
-     * @param authCreds The authentication credentials.
-     * @return The user's ldap entry dn.
-     * @exception EInvalidCredentials If the udn and password are not valid
-     * @exception EBaseException If an internal error occurs.
-     */
-    protected String authenticate(LDAPConnection conn,
-            IAuthCredentials authCreds,
-            AuthToken token)
-            throws EBaseException {
-        String userdn = null;
-
-        // authenticate by binding to ldap server with password.
-        try {
-            // get the udn.
-            userdn = (String) authCreds.get(CRED_UDN);
-            if (userdn == null) {
-                throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UDN));
-            }
-
-            // get the password.
-            String pwd = (String) authCreds.get(CRED_PWD);
-
-            if (pwd == null) {
-                throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD));
-            }
-            if (pwd.equals("")) {
-                // anonymous binding not allowed
-                log(ILogger.LL_FAILURE,
-                        "user " + userdn + " attempted login with empty password.");
-                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-            }
-
-            // bind as user dn and pwd - authenticates user with pwd.
-            conn.authenticate(userdn, pwd);
-            // set userdn in the token.
-            token.set(CRED_UDN, userdn);
-
-            return userdn;
-        } catch (ELdapException e) {
-            log(ILogger.LL_FAILURE,
-                    "Couldn't get ldap connection. Error: " + e.toString());
-            throw e;
-        } catch (LDAPException e) {
-            switch (e.getLDAPResultCode()) {
-            case LDAPException.NO_SUCH_OBJECT:
-            case LDAPException.LDAP_PARTIAL_RESULTS:
-                log(ILogger.LL_SECURITY,
-                        "user " + userdn + " does not exist in ldap server host " +
-                                conn.getHost() + ", port " + conn.getPort() + ".");
-                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-
-            case LDAPException.INVALID_CREDENTIALS:
-                log(ILogger.LL_SECURITY,
-                        "authenticate user " + userdn + " with bad password.");
-                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-
-            case LDAPException.SERVER_DOWN:
-                log(ILogger.LL_FAILURE, "Ldap server is down.");
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
-
-            default:
-                log(ILogger.LL_FAILURE,
-                        "Ldap error encountered. " + e.getMessage());
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
-                                e.errorCodeToString()));
-            }
-        }
-    }
-
-    /**
-     * Returns a list of configuration parameter names.
-     * The list is passed to the configuration console so instances of
-     * this implementation can be configured through the console.
-     *
-     * @return String array of configuration parameter names.
-     */
-    public String[] getConfigParams() {
-        return (mConfigParams);
-    }
-
-    /**
-     * Returns array of required credentials for this authentication manager.
-     *
-     * @return Array of required credentials.
-     */
-    public String[] getRequiredCreds() {
-        return mRequiredCreds;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java b/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java
deleted file mode 100644
index ffa8ea42f..000000000
--- a/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java
+++ /dev/null
@@ -1,269 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authentication;
-
-// ldap java sdk
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.EInvalidCredentials;
-import com.netscape.certsrv.authentication.EMissingCredential;
-import com.netscape.certsrv.authentication.IAuthCredentials;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileAuthenticator;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * uid/pwd directory based authentication manager
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public class UidPwdDirAuthentication extends DirBasedAuthentication
-        implements IProfileAuthenticator {
-
-    /* required credentials to authenticate. uid and pwd are strings. */
-    public static final String CRED_UID = "uid";
-    public static final String CRED_PWD = "pwd";
-    protected static String[] mRequiredCreds = { CRED_UID, CRED_PWD };
-
-    /* Holds configuration parameters accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
-     */
-    protected static String[] mConfigParams =
-            new String[] { PROP_DNPATTERN,
-                    PROP_LDAPSTRINGATTRS,
-                    PROP_LDAPBYTEATTRS,
-                    "ldap.ldapconn.host",
-                    "ldap.ldapconn.port",
-                    "ldap.ldapconn.secureConn",
-                    "ldap.ldapconn.version",
-                    "ldap.basedn",
-                    "ldap.minConns",
-                    "ldap.maxConns",
-        };
-
-    static {
-        mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT +
-                ";Authenticate the username and password provided " +
-                "by the user against an LDAP directory. Works with the " +
-                "Dir Based Enrollment HTML form");
-        mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-authrules-uidpwddirauth");
-    };
-
-    /**
-     * Default constructor, initialization must follow.
-     */
-    public UidPwdDirAuthentication() {
-        super();
-    }
-
-    /**
-     * Authenticates a user based on uid, pwd in the directory.
-     *
-     * @param authCreds The authentication credentials.
-     * @return The user's ldap entry dn.
-     * @exception EInvalidCredentials If the uid and password are not valid
-     * @exception EBaseException If an internal error occurs.
-     */
-    protected String authenticate(LDAPConnection conn,
-            IAuthCredentials authCreds,
-            AuthToken token)
-            throws EBaseException {
-        String userdn = null;
-        String uid = null;
-
-        // authenticate by binding to ldap server with password.
-        try {
-            // get the uid.
-            uid = (String) authCreds.get(CRED_UID);
-            CMS.debug("Authenticating UID=" + uid);
-            if (uid == null) {
-                throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
-            }
-
-            // get the password.
-            String pwd = (String) authCreds.get(CRED_PWD);
-
-            if (pwd == null) {
-                throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD));
-            }
-            if (pwd.equals("")) {
-                // anonymous binding not allowed
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_EMPTY_PASSWORD", uid));
-                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-            }
-
-            // get user dn.
-            CMS.debug("Authenticating: Searching for UID=" + uid +
-                      " base DN=" + mBaseDN);
-            LDAPSearchResults res = conn.search(mBaseDN,
-                    LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false);
-
-            if (res.hasMoreElements()) {
-                //LDAPEntry entry = (LDAPEntry)res.nextElement();
-                LDAPEntry entry = res.next();
-
-                userdn = entry.getDN();
-                CMS.debug("Authenticating: Found User DN=" + userdn);
-            } else {
-                log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_USER_NOT_EXIST", uid));
-                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-            }
-
-            // bind as user dn and pwd - authenticates user with pwd.
-            conn.authenticate(userdn, pwd);
-            // set uid in the token.
-            token.set(CRED_UID, uid);
-
-            return userdn;
-        } catch (ELdapException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CANNOT_CONNECT_LDAP", e.toString()));
-            throw e;
-        } catch (LDAPException e) {
-            switch (e.getLDAPResultCode()) {
-            case LDAPException.NO_SUCH_OBJECT:
-            case LDAPException.LDAP_PARTIAL_RESULTS:
-                log(ILogger.LL_SECURITY, CMS.getLogMessage("USER_NOT_EXIST", uid));
-                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-
-            case LDAPException.INVALID_CREDENTIALS:
-                log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid));
-                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-
-            case LDAPException.SERVER_DOWN:
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_SERVER_DOWN"));
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
-
-            default:
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.getMessage()));
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
-                                e.errorCodeToString()));
-            }
-        }
-    }
-
-    /**
-     * Returns a list of configuration parameter names.
-     * The list is passed to the configuration console so instances of
-     * this implementation can be configured through the console.
-     *
-     * @return String array of configuration parameter names.
-     */
-    public String[] getConfigParams() {
-        return (mConfigParams);
-    }
-
-    /**
-     * Returns array of required credentials for this authentication manager.
-     *
-     * @return Array of required credentials.
-     */
-    public String[] getRequiredCreds() {
-        return mRequiredCreds;
-    }
-
-    // Profile-related methods
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_UID_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_UID_TEXT");
-    }
-
-    /**
-     * Retrieves a list of names of the value parameter.
-     */
-    public Enumeration<String> getValueNames() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement(CRED_UID);
-        v.addElement(CRED_PWD);
-        return v.elements();
-    }
-
-    public boolean isValueWriteable(String name) {
-        if (name.equals(CRED_UID)) {
-            return true;
-        } else if (name.equals(CRED_PWD)) {
-            return false;
-        }
-        return false;
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(CRED_UID)) {
-            return new Descriptor(IDescriptor.STRING, null, null,
-                    CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_UID"));
-        } else if (name.equals(CRED_PWD)) {
-            return new Descriptor(IDescriptor.PASSWORD, null, null,
-                    CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_PWD"));
-
-        }
-        return null;
-    }
-
-    public void populate(IAuthToken token, IRequest request)
-            throws EProfileException {
-        request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
-                token.getInString(USER_DN));
-    }
-
-    public boolean isSSLClientRequired() {
-        return false;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java b/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java
deleted file mode 100644
index 9e551966c..000000000
--- a/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java
+++ /dev/null
@@ -1,461 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authentication;
-
-// ldap java sdk
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPModification;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.EAuthException;
-import com.netscape.certsrv.authentication.EInvalidCredentials;
-import com.netscape.certsrv.authentication.EMissingCredential;
-import com.netscape.certsrv.authentication.IAuthCredentials;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.ldap.ILdapConnFactory;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileAuthenticator;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * uid/pwd/pin directory based authentication manager
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public class UidPwdPinDirAuthentication extends DirBasedAuthentication
-        implements IExtendedPluginInfo, IProfileAuthenticator {
-
-    /* required credentials to authenticate. uid and pwd are strings. */
-    public static final String CRED_UID = "uid";
-    public static final String CRED_PWD = "pwd";
-    public static final String CRED_PIN = "pin";
-    protected static String[] mRequiredCreds = { CRED_UID, CRED_PWD, CRED_PIN };
-
-    public static final String PROP_REMOVE_PIN = "removePin";
-    public static final String PROP_PIN_ATTR = "pinAttr";
-
-    public static final boolean DEF_REMOVE_PIN = false;
-    public static final String DEF_PIN_ATTR = "pin";
-
-    protected static final byte SENTINEL_SHA = 0;
-    protected static final byte SENTINEL_MD5 = 1;
-    protected static final byte SENTINEL_NONE = 0x2d;
-
-    /* Holds configuration parameters accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
-     */
-    protected static String[] mConfigParams =
-            new String[] { PROP_REMOVE_PIN,
-                    PROP_PIN_ATTR,
-                    PROP_DNPATTERN,
-                    PROP_LDAPSTRINGATTRS,
-                    PROP_LDAPBYTEATTRS,
-                    "ldap.ldapconn.host",
-                    "ldap.ldapconn.port",
-                    "ldap.ldapconn.secureConn",
-                    "ldap.ldapconn.version",
-                    "ldap.ldapauth.bindDN",
-                    "ldap.ldapauth.bindPWPrompt",
-                    "ldap.ldapauth.clientCertNickname",
-                    "ldap.ldapauth.authtype",
-                    "ldap.basedn",
-                    "ldap.minConns",
-                    "ldap.maxConns",
-        };
-
-    static {
-        mExtendedPluginInfo.add(
-                PROP_REMOVE_PIN + ";boolean;SEE DOCUMENTATION for pin removal");
-        mExtendedPluginInfo.add(
-                PROP_PIN_ATTR + ";string;directory attribute to use for pin (default 'pin')");
-        mExtendedPluginInfo.add(
-                "ldap.ldapauth.bindDN;string;DN to bind as for pin removal. "
-                        + "For example 'CN=PinRemoval User'");
-        mExtendedPluginInfo.add(
-                "ldap.ldapauth.bindPWPrompt;password;Enter password used to bind as " +
-                        "the above user");
-        mExtendedPluginInfo.add(
-                "ldap.ldapauth.clientCertNickname;string;If you want to use "
-                        + "SSL client auth to the directory, set the client "
-                        + "cert nickname here");
-        mExtendedPluginInfo.add(
-                "ldap.ldapauth.authtype;choice(BasicAuth,SslClientAuth),required;"
-                        + "How to bind to the directory (for pin removal only)");
-        mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT
-                + ";Authenticate the username, password and pin provided "
-                + "by the user against an LDAP directory. Works with the "
-                + "Dir/Pin Based Enrollment HTML form");
-        mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-authrules-uidpwdpindirauth");
-
-    }
-
-    protected boolean mRemovePin = DEF_REMOVE_PIN;
-    protected String mPinAttr = DEF_PIN_ATTR;
-    protected MessageDigest mSHADigest = null;
-    protected MessageDigest mMD5Digest = null;
-
-    private ILdapConnFactory removePinLdapFactory = null;
-    private LDAPConnection removePinLdapConnection = null;
-    private IConfigStore removePinLdapConfigStore = null;
-
-    /**
-     * Default constructor, initialization must follow.
-     */
-    public UidPwdPinDirAuthentication() {
-        super();
-    }
-
-    public void init(String name, String implName, IConfigStore config)
-            throws EBaseException {
-        super.init(name, implName, config);
-        mRemovePin =
-                config.getBoolean(PROP_REMOVE_PIN, DEF_REMOVE_PIN);
-        mPinAttr =
-                config.getString(PROP_PIN_ATTR, DEF_PIN_ATTR);
-        if (mPinAttr.equals("")) {
-            mPinAttr = DEF_PIN_ATTR;
-        }
-
-        if (mRemovePin) {
-            removePinLdapConfigStore = config.getSubStore("ldap");
-            removePinLdapFactory = CMS.getLdapBoundConnFactory();
-            removePinLdapFactory.init(removePinLdapConfigStore);
-            removePinLdapConnection = removePinLdapFactory.getConn();
-        }
-
-        try {
-            mSHADigest = MessageDigest.getInstance("SHA1");
-            mMD5Digest = MessageDigest.getInstance("MD5");
-        } catch (NoSuchAlgorithmException e) {
-            throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.getMessage()));
-        }
-
-    }
-
-    protected void verifyPassword(String Password) {
-    }
-
-    /**
-     * Authenticates a user based on its uid, pwd, pin in the directory.
-     *
-     * @param authCreds The authentication credentials with uid, pwd, pin.
-     * @return The user's ldap entry dn.
-     * @exception EInvalidCredentials If the uid and password are not valid
-     * @exception EBaseException If an internal error occurs.
-     */
-    protected String authenticate(LDAPConnection conn,
-            IAuthCredentials authCreds,
-            AuthToken token)
-            throws EBaseException {
-        String userdn = null;
-        String uid = null;
-        String pwd = null;
-        String pin = null;
-
-        try {
-            // get the uid.
-            uid = (String) authCreds.get(CRED_UID);
-            if (uid == null) {
-                throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
-            }
-
-            // get the password.
-            pwd = (String) authCreds.get(CRED_PWD);
-            if (pwd == null) {
-                throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD));
-            }
-            if (pwd.equals("")) {
-                // anonymous binding not allowed
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_EMPTY_PASSWORD", uid));
-                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-            }
-
-            // get the pin.
-            pin = (String) authCreds.get(CRED_PIN);
-            if (pin == null) {
-                throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PIN));
-            }
-            if (pin.equals("")) {
-                // empty pin not allowed
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_EMPTY_PIN", uid));
-                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-            }
-
-            // get user dn.
-            LDAPSearchResults res = conn.search(mBaseDN,
-                    LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false);
-
-            if (res.hasMoreElements()) {
-                LDAPEntry entry = (LDAPEntry) res.nextElement();
-
-                userdn = entry.getDN();
-            } else {
-                log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_USER_NOT_EXIST", uid));
-                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-            }
-
-            // bind as user dn and pwd - authenticates user with pwd.
-            conn.authenticate(userdn, pwd);
-
-            log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", uid));
-            // log(ILogger.LL_SECURITY, "found user : " + userdn);
-
-            // check pin.
-            checkpin(conn, userdn, uid, pin);
-
-            // set uid in the token.
-            token.set(CRED_UID, uid);
-
-            return userdn;
-        } catch (ELdapException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CANNOT_CONNECT_LDAP", e.toString()));
-            throw e;
-        } catch (LDAPException e) {
-            switch (e.getLDAPResultCode()) {
-            case LDAPException.NO_SUCH_OBJECT:
-            case LDAPException.LDAP_PARTIAL_RESULTS:
-                log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_USER_NOT_EXIST", uid));
-                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-
-            case LDAPException.INVALID_CREDENTIALS:
-                log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid));
-                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-
-            case LDAPException.SERVER_DOWN:
-                log(ILogger.LL_SECURITY, CMS.getLogMessage("LDAP_SERVER_DOWN"));
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
-
-            default:
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.getMessage()));
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
-                                e.errorCodeToString()));
-            }
-        }
-    }
-
-    protected void checkpin(LDAPConnection conn, String userdn,
-            String uid, String pin)
-            throws EBaseException, LDAPException {
-        LDAPSearchResults res = null;
-        LDAPEntry entry = null;
-
-        // get pin.
-
-        res = conn.search(userdn, LDAPv2.SCOPE_BASE,
-                    "(objectclass=*)", new String[] { mPinAttr }, false);
-        if (res.hasMoreElements()) {
-            entry = (LDAPEntry) res.nextElement();
-        } else {
-            log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_NO_ENTRY_RETURNED", uid, userdn));
-            throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-        }
-
-        LDAPAttribute pinAttr = entry.getAttribute(mPinAttr);
-
-        if (pinAttr == null) {
-            log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid));
-            throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-        }
-
-        @SuppressWarnings("unchecked")
-        Enumeration<byte[]> pinValues = pinAttr.getByteValues();
-
-        if (!pinValues.hasMoreElements()) {
-            log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid));
-            throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-        }
-        byte[] entrypin = pinValues.nextElement();
-
-        // compare value digest.
-
-        if (entrypin == null || entrypin.length < 2) {
-            log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid));
-            throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-        }
-
-        byte hashtype = entrypin[0];
-
-        byte[] pinDigest = null;
-        String toBeDigested = userdn + pin;
-
-        if (hashtype == SENTINEL_SHA) {
-
-            pinDigest = mSHADigest.digest(toBeDigested.getBytes());
-        } else if (hashtype == SENTINEL_MD5) {
-            pinDigest = mMD5Digest.digest(toBeDigested.getBytes());
-        } else if (hashtype == SENTINEL_NONE) {
-            pinDigest = toBeDigested.getBytes();
-        } else {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_UKNOWN_ENCODING_TYPE", mPinAttr, "*", userdn));
-            throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-        }
-
-        if (pinDigest.length != (entrypin.length - 1)) {
-            log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_LENGTH_NOT_MATCHED", uid));
-            throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-        }
-
-        int i;
-
-        for (i = 0; i < (entrypin.length - 1); i++) {
-            if (pinDigest[i] != entrypin[i + 1])
-                break;
-        }
-        if (i != (entrypin.length - 1)) {
-            log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid));
-            throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-        }
-
-        // pin ok. remove pin if so configured
-        // Note that this means that a policy may reject this request later,
-        // but the user will not be able to enroll again as his pin is gone.
-
-        // We remove the pin using a different connection which is bound as
-        // a more privileged user.
-
-        if (mRemovePin) {
-
-            try {
-                removePinLdapConnection.modify(userdn,
-                        new LDAPModification(
-                                LDAPModification.DELETE,
-                                new LDAPAttribute(mPinAttr, entrypin)));
-
-            } catch (LDAPException e) {
-                log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_CANT_REMOVE_PIN", userdn));
-            }
-
-        }
-    }
-
-    /**
-     * Returns a list of configuration parameter names.
-     * The list is passed to the configuration console so instances of
-     * this implementation can be configured through the console.
-     *
-     * @return String array of configuration parameter names.
-     */
-    public String[] getConfigParams() {
-        return (mConfigParams);
-    }
-
-    /**
-     * Returns array of required credentials for this authentication manager.
-     *
-     * @return Array of required credentials.
-     */
-    public String[] getRequiredCreds() {
-        return mRequiredCreds;
-    }
-
-    // Profile-related methods
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_UID_PIN_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_UID_PIN_TEXT");
-    }
-
-    /**
-     * Retrieves a list of names of the value parameter.
-     */
-    public Enumeration<String> getValueNames() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement(CRED_UID);
-        v.addElement(CRED_PWD);
-        v.addElement(CRED_PIN);
-        return v.elements();
-    }
-
-    public boolean isValueWriteable(String name) {
-        if (name.equals(CRED_UID)) {
-            return true;
-        } else if (name.equals(CRED_PWD)) {
-            return false;
-        }
-        return false;
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(CRED_UID)) {
-            return new Descriptor(IDescriptor.STRING, null, null,
-                    CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_UID"));
-        } else if (name.equals(CRED_PWD)) {
-            return new Descriptor(IDescriptor.PASSWORD, null, null,
-                    CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_PWD"));
-        } else if (name.equals(CRED_PIN)) {
-            return new Descriptor(IDescriptor.PASSWORD, null, null,
-                    CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_PIN"));
-
-        }
-        return null;
-    }
-
-    public void populate(IAuthToken token, IRequest request)
-            throws EProfileException {
-        request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
-                token.getInString(USER_DN));
-    }
-
-    public boolean isSSLClientRequired() {
-        return false;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/authorization/AAclAuthz.java b/base/common/src/com/netscape/cms/authorization/AAclAuthz.java
deleted file mode 100644
index 089cca9be..000000000
--- a/base/common/src/com/netscape/cms/authorization/AAclAuthz.java
+++ /dev/null
@@ -1,858 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authorization;
-
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import com.netscape.certsrv.acls.ACL;
-import com.netscape.certsrv.acls.ACLEntry;
-import com.netscape.certsrv.acls.EACLsException;
-import com.netscape.certsrv.acls.IACL;
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.evaluators.IAccessEvaluator;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * An abstract class represents an authorization manager that governs the
- * access of internal resources such as servlets.
- * It parses in the ACLs associated with each protected
- * resources, and provides protected method <CODE>checkPermission</CODE> for code that needs to verify access before
- * performing
- * actions.
- * <P>
- * Here is a sample resourceACLS for a resource
- *
- * <PRE>
- *   certServer.UsrGrpAdminServlet:
- *       execute:
- *           deny (execute) user="tempAdmin";
- *           allow (execute) group="Administrators";
- * </PRE>
- *
- * To perform permission checking, code call authz mgr authorize() method to verify access. See AuthzMgr for calling
- * example.
- * <P>
- * default "evaluators" are used to evaluate the "group=.." or "user=.." rules. See evaluator for more info
- *
- * @version $Revision$, $Date$
- * @see <A HREF="http://developer.netscape.com/library/documentation/enterprise/admnunix/aclfiles.htm">ACL Files</A>
- */
-public abstract class AAclAuthz {
-
-    protected static final String PROP_CLASS = "class";
-    protected static final String PROP_IMPL = "impl";
-    protected static final String PROP_EVAL = "accessEvaluator";
-
-    protected static final String ACLS_ATTR = "aclResources";
-
-    private IConfigStore mConfig = null;
-
-    private Hashtable<String, ACL> mACLs = new Hashtable<String, ACL>();
-    private Hashtable<String, IAccessEvaluator> mEvaluators = new Hashtable<String, IAccessEvaluator>();
-    private ILogger mLogger = null;
-
-    /* Vector of extendedPluginInfo strings */
-    protected static Vector<String> mExtendedPluginInfo = null;
-
-    protected static String[] mConfigParams = null;
-
-    static {
-        mExtendedPluginInfo = new Vector<String>();
-    }
-
-    /**
-     * Constructor
-     */
-    public AAclAuthz() {
-    }
-
-    /**
-     * Initializes
-     */
-    protected void init(IConfigStore config)
-            throws EBaseException {
-
-        mLogger = CMS.getLogger();
-        CMS.debug("AAclAuthz: init begins");
-
-        mConfig = config;
-
-        // load access evaluators specified in the config file
-        IConfigStore mainConfig = CMS.getConfigStore();
-        IConfigStore evalConfig = mainConfig.getSubStore(PROP_EVAL);
-        IConfigStore i = evalConfig.getSubStore(PROP_IMPL);
-
-        IAccessEvaluator evaluator = null;
-        Enumeration<String> mImpls = i.getSubStoreNames();
-
-        while (mImpls.hasMoreElements()) {
-            String type = mImpls.nextElement();
-            String evalClassPath = null;
-
-            try {
-                evalClassPath = i.getString(type + "." + PROP_CLASS);
-            } catch (Exception e) {
-                log(ILogger.LL_MISCONF, "failed to get config class info");
-
-                throw new EBaseException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
-                            type + "." + PROP_CLASS));
-            }
-
-            // instantiate evaluator
-            try {
-                evaluator =
-                        (IAccessEvaluator) Class.forName(evalClassPath).newInstance();
-            } catch (Exception e) {
-                throw new EACLsException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL",
-                            evalClassPath));
-            }
-
-            if (evaluator != null) {
-                evaluator.init();
-                // store evaluator
-                registerEvaluator(type, evaluator);
-            } else {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_NULL", type));
-            }
-        }
-
-        log(ILogger.LL_INFO, "initialization done");
-    }
-
-    /**
-     * Parse ACL resource attributes, then update the ACLs memory store
-     * This is intended to be used if storing ACLs on ldap is not desired,
-     * and the caller is expected to call this method to add resource
-     * and acl info into acls memory store. The resACLs format should conform
-     * to the following:
-     * <resource ID>:right-1[,right-n]:[allow,deny](right(s))<evaluatorType>=<value>:<comment for this resource acl
-     * <P>
-     * Example: resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties
-     *
-     * @param resACLs same format as the resourceACLs attribute
-     * @throws EBaseException parsing error from <code>parseACL</code>
-     */
-    public void addACLs(String resACLs) throws EBaseException {
-        ACL acl = (ACL) CMS.parseACL(resACLs);
-
-        if (acl != null) {
-            mACLs.put(acl.getName(), acl);
-        } else {
-            log(ILogger.LL_FAILURE, "parseACL failed");
-        }
-    }
-
-    public void accessInit(String accessInfo) throws EBaseException {
-        addACLs(accessInfo);
-    }
-
-    public IACL getACL(String target) {
-        return mACLs.get(target);
-    }
-
-    protected Enumeration<String> getTargetNames() {
-        return mACLs.keys();
-    }
-
-    public Enumeration<ACL> getACLs() {
-        return mACLs.elements();
-    }
-
-    /**
-     * Returns the configuration store used by this Authz mgr
-     */
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] s = Utils.getStringArrayFromVector(mExtendedPluginInfo);
-
-        return s;
-
-    }
-
-    /**
-     * Returns a list of configuration parameter names.
-     * The list is passed to the configuration console so instances of
-     * this implementation can be configured through the console.
-     *
-     * @return String array of configuration parameter names.
-     */
-    public String[] getConfigParams() {
-        return mConfigParams;
-    }
-
-    /**
-     * graceful shutdown
-     */
-    public abstract void shutdown();
-
-    /**
-     * Registers new handler for the given attribute type
-     * in the expressions.
-     */
-    public void registerEvaluator(String type, IAccessEvaluator evaluator) {
-        mEvaluators.put(type, evaluator);
-        log(ILogger.LL_INFO, type + " evaluator registered");
-    }
-
-    /*******************************************************
-     * with session context
-     *******************************************************/
-
-    /**
-     * Checks if the permission is granted or denied in
-     * the current execution context. If the code is
-     * marked as privileged, this methods will simply
-     * return.
-     * <P>
-     * note that if a resource does not exist in the aclResources entry, but a higher level node exist, it will still be
-     * evaluated. The highest level node's acl determines the permission. If the higher level node doesn't contain any
-     * acl information, then it's passed down to the lower node. If a node has no aci in its resourceACLs, then it's
-     * considered passed.
-     * <p>
-     * example: certServer.common.users, if failed permission check for "certServer", then it's considered failed, and
-     * there is no need to continue the check. If passed permission check for "certServer", then it's considered passed,
-     * and no need to continue the check. If certServer contains no aci then "certServer.common" will be checked for
-     * permission instead. If down to the leaf level, the node still contains no aci, then it's considered passed. If at
-     * the leaf level, no such resource exist, or no acis, it's considered passed.
-     * <p>
-     * If there are multiple aci's for a resource, ALL aci's will be checked, and only if all passed permission checks,
-     * will the eventual access be granted.
-     *
-     * @param name resource name
-     * @param perm permission requested
-     * @exception EACLsException access permission denied
-     */
-    protected synchronized void checkPermission(String name, String perm)
-            throws EACLsException {
-        String resource = "";
-        StringTokenizer st = new StringTokenizer(name, ".");
-
-        while (st.hasMoreTokens()) {
-            String node = st.nextToken();
-
-            if (!"".equals(resource)) {
-                resource = resource + "." + node;
-            } else {
-                resource = node;
-            }
-
-            boolean passed = false;
-
-            try {
-                passed = checkACLs(resource, perm);
-            } catch (EACLsException e) {
-                Object[] params = new Object[2];
-
-                params[0] = name;
-                params[1] = perm;
-
-                log(ILogger.LL_SECURITY, CMS.getLogMessage("AUTHZ_EVALUATOR_ACCESS_DENIED", name, perm));
-
-                throw new EACLsException(CMS.getUserMessage("CMS_ACL_NO_PERMISSION",
-                            (String[]) params));
-            }
-
-            if (passed) {
-                String infoMsg = "checkPermission(): permission granted for the resource " +
-                        name + " on operation " + perm;
-
-                log(ILogger.LL_INFO, infoMsg);
-
-                return;
-            } // else, continue
-        }
-    }
-
-    /**
-     * Checks if the permission is granted or denied in
-     * the current execution context.
-     * <P>
-     * An <code>ACL</code> may contain one or more <code>ACLEntry</code>. However, in case of multiple
-     * <code>ACLEntry</code>, a subject must pass ALL of the <code>ACLEntry</code> evaluation for permission to be
-     * granted
-     * <P>
-     * negative ("deny") aclEntries are treated differently than positive ("allow") statements. If a negative aclEntries
-     * fails the acl check, the permission check will return "false" right away; while in the case of a positive
-     * aclEntry, if the the aclEntry fails the acl check, the next aclEntry will be evaluated.
-     *
-     * @param name resource name
-     * @param perm permission requested
-     * @return true if access allowed
-     *         false if should be passed down to the next node
-     * @exception EACLsException if access disallowed
-     */
-    private boolean checkACLs(String name, String perm)
-            throws EACLsException {
-        ACL acl = mACLs.get(name);
-
-        // no such resource, pass it down
-        if (acl == null) {
-            String infoMsg = "checkACLs(): no acl for" +
-                    name + "...pass down to next node";
-
-            log(ILogger.LL_INFO, infoMsg);
-
-            return false;
-        }
-
-        Enumeration<ACLEntry> e = acl.entries();
-
-        if ((e == null) || (e.hasMoreElements() == false)) {
-            // no acis for node, pass down to next node
-            String infoMsg = " AAclAuthz.checkACLs(): no acis for " +
-                    name + " acl entry...pass down to next node";
-
-            log(ILogger.LL_INFO, infoMsg);
-
-            return false;
-        }
-
-        /**
-         * must pass all ACLEntry
-         */
-        for (; e.hasMoreElements();) {
-            ACLEntry entry = e.nextElement();
-
-            // if permission not pertinent, move on to next ACLEntry
-            if (entry.containPermission(perm) == true) {
-                if (evaluateExpressions(entry.getAttributeExpressions())) {
-                    if (entry.checkPermission(perm) == false) {
-                        log(ILogger.LL_SECURITY, " checkACLs(): permission denied");
-                        throw new EACLsException(CMS.getUserMessage("CMS_ACL_PERMISSION_DENIED"));
-                    }
-                } else if (!entry.isNegative()) {
-                    // didn't meet the access expression for "allow", failed
-                    log(ILogger.LL_SECURITY, "checkACLs(): permission denied");
-                    throw new EACLsException(CMS.getUserMessage("CMS_ACL_PERMISSION_DENIED"));
-                }
-            }
-        }
-
-        return true;
-    }
-
-    /**
-     * Resolves the given expressions.
-     * expression || expression || ...
-     * example:
-     * group="Administrators" || group="Operators"
-     */
-    private boolean evaluateExpressions(String s) {
-        // XXX - just handle "||" (or) among multiple expressions for now
-        // XXX - could use some optimization ... later
-
-        CMS.debug("evaluating expressions: " + s);
-
-        Vector<Object> v = new Vector<Object>();
-
-        while (s.length() > 0) {
-            int orIndex = s.indexOf("||");
-            int andIndex = s.indexOf("&&");
-
-            // this is the last expression
-            if (orIndex == -1 && andIndex == -1) {
-                boolean passed = evaluateExpression(s.trim());
-
-                v.addElement(Boolean.valueOf(passed));
-                break;
-
-                // || first
-            } else if (andIndex == -1 || (orIndex != -1 && orIndex < andIndex)) {
-                String s1 = s.substring(0, orIndex);
-                boolean passed = evaluateExpression(s1.trim());
-
-                v.addElement(new Boolean(passed));
-                v.addElement("||");
-                s = s.substring(orIndex + 2);
-                // && first
-            } else {
-                String s1 = s.substring(0, andIndex);
-                boolean passed = evaluateExpression(s1.trim());
-
-                v.addElement(new Boolean(passed));
-                v.addElement("&&");
-                s = s.substring(andIndex + 2);
-            }
-        }
-
-        if (v.size() == 1) {
-            Boolean bool = (Boolean) v.remove(0);
-
-            return bool.booleanValue();
-        }
-        boolean left = false;
-        String op = "";
-        boolean right = false;
-
-        while (v.size() > 0) {
-            if (op.equals(""))
-                left = ((Boolean) v.remove(0)).booleanValue();
-            op = (String) v.remove(0);
-            right = ((Boolean) v.remove(0)).booleanValue();
-            left = evaluateExp(left, op, right);
-        }
-
-        return left;
-    }
-
-    /**
-     * Resolves the given expression.
-     */
-    private boolean evaluateExpression(String expression) {
-        // XXX - just recognize "=" for now!!
-        int i = expression.indexOf("=");
-        String type = expression.substring(0, i);
-        String value = expression.substring(i + 1);
-        IAccessEvaluator evaluator = mEvaluators.get(type);
-
-        if (evaluator == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_NOT_FOUND", type));
-            return false;
-        }
-
-        return evaluator.evaluate(type, "=", value);
-    }
-
-    /*******************************************************
-     * with authToken
-     *******************************************************/
-
-    /**
-     * Checks if the permission is granted or denied with id from authtoken
-     * gotten from authentication that precedes authorization. If the code is
-     * marked as privileged, this methods will simply
-     * return.
-     * <P>
-     * note that if a resource does not exist in the aclResources entry, but a higher level node exist, it will still be
-     * evaluated. The highest level node's acl determines the permission. If the higher level node doesn't contain any
-     * acl information, then it's passed down to the lower node. If a node has no aci in its resourceACLs, then it's
-     * considered passed.
-     * <p>
-     * example: certServer.common.users, if failed permission check for "certServer", then it's considered failed, and
-     * there is no need to continue the check. If passed permission check for "certServer", then it's considered passed,
-     * and no need to continue the check. If certServer contains no aci then "certServer.common" will be checked for
-     * permission instead. If down to the leaf level, the node still contains no aci, then it's considered passed. If at
-     * the leaf level, no such resource exist, or no acis, it's considered passed.
-     * <p>
-     * If there are multiple aci's for a resource, ALL aci's will be checked, and only if all passed permission checks,
-     * will the eventual access be granted.
-     *
-     * @param authToken authentication token gotten from authentication
-     * @param name resource name
-     * @param perm permission requested
-     * @exception EACLsException access permission denied
-     */
-    public synchronized void checkPermission(IAuthToken authToken, String name,
-            String perm)
-            throws EACLsException {
-
-        Vector<String> nodev = getNodes(name);
-        Enumeration<String> nodes = nodev.elements();
-        String order = getOrder();
-        Enumeration<ACLEntry> entries = null;
-
-        if (order.equals("deny"))
-            entries = getDenyEntries(nodes, perm);
-        else
-            entries = getAllowEntries(nodes, perm);
-
-        boolean permitted = false;
-
-        while (entries.hasMoreElements()) {
-            ACLEntry entry = entries.nextElement();
-
-            CMS.debug("checkACLS(): ACLEntry expressions= " +
-                    entry.getAttributeExpressions());
-            if (evaluateExpressions(authToken, entry.getAttributeExpressions())) {
-                log(ILogger.LL_SECURITY,
-                        " checkACLs(): permission denied");
-                throw new EACLsException(CMS.getUserMessage("CMS_ACL_PERMISSION_DENIED"));
-            }
-        }
-
-        nodes = nodev.elements();
-        if (order.equals("deny"))
-            entries = getAllowEntries(nodes, perm);
-        else
-            entries = getDenyEntries(nodes, perm);
-
-        while (entries.hasMoreElements()) {
-            ACLEntry entry = entries.nextElement();
-
-            CMS.debug("checkACLS(): ACLEntry expressions= " +
-                    entry.getAttributeExpressions());
-            if (evaluateExpressions(authToken, entry.getAttributeExpressions())) {
-                permitted = true;
-            }
-        }
-
-        nodev = null;
-        if (permitted) {
-            String infoMsg = "checkPermission(): permission granted for the resource " +
-                    name + " on operation " + perm;
-
-            log(ILogger.LL_INFO, infoMsg);
-            return;
-        } else {
-            String[] params = new String[2];
-
-            params[0] = name;
-            params[1] = perm;
-
-            log(ILogger.LL_SECURITY,
-                    CMS.getLogMessage("AUTHZ_EVALUATOR_ACCESS_DENIED", name, perm));
-
-            throw new EACLsException(CMS.getUserMessage("CMS_ACL_NO_PERMISSION",
-                        params));
-        }
-    }
-
-    protected Enumeration<ACLEntry> getAllowEntries(Enumeration<String> nodes, String operation) {
-        String name = "";
-        ACL acl = null;
-        Enumeration<ACLEntry> e = null;
-        Vector<ACLEntry> v = new Vector<ACLEntry>();
-
-        while (nodes.hasMoreElements()) {
-            name = nodes.nextElement();
-            acl = mACLs.get(name);
-            if (acl == null)
-                continue;
-            e = acl.entries();
-            while (e.hasMoreElements()) {
-                ACLEntry entry = e.nextElement();
-
-                if (!entry.isNegative() &&
-                        entry.containPermission(operation)) {
-                    v.addElement(entry);
-                }
-            }
-        }
-
-        return v.elements();
-    }
-
-    protected Enumeration<ACLEntry> getDenyEntries(Enumeration<String> nodes, String operation) {
-        String name = "";
-        ACL acl = null;
-        Enumeration<ACLEntry> e = null;
-        Vector<ACLEntry> v = new Vector<ACLEntry>();
-
-        while (nodes.hasMoreElements()) {
-            name = nodes.nextElement();
-            acl = mACLs.get(name);
-            if (acl == null)
-                continue;
-            e = acl.entries();
-            while (e.hasMoreElements()) {
-                ACLEntry entry = e.nextElement();
-
-                if (entry.isNegative() &&
-                        entry.containPermission(operation)) {
-                    v.addElement(entry);
-                }
-            }
-        }
-
-        return v.elements();
-    }
-
-    /**
-     * Resolves the given expressions.
-     * expression || expression || ...
-     * example:
-     * group="Administrators" || group="Operators"
-     */
-    private boolean evaluateExpressions(IAuthToken authToken, String s) {
-        // XXX - just handle "||" (or) among multiple expressions for now
-        // XXX - could use some optimization ... later
-        CMS.debug("evaluating expressions: " + s);
-
-        Vector<Object> v = new Vector<Object>();
-
-        while (s.length() > 0) {
-            int orIndex = s.indexOf("||");
-            int andIndex = s.indexOf("&&");
-
-            // this is the last expression
-            if (orIndex == -1 && andIndex == -1) {
-                boolean passed = evaluateExpression(authToken, s.trim());
-
-                CMS.debug("evaluated expression: " + s.trim() + " to be " + passed);
-                v.addElement(Boolean.valueOf(passed));
-                break;
-
-                // || first
-            } else if (andIndex == -1 || (orIndex != -1 && orIndex < andIndex)) {
-                String s1 = s.substring(0, orIndex);
-                boolean passed = evaluateExpression(authToken, s1.trim());
-
-                CMS.debug("evaluated expression: " + s1.trim() + " to be " + passed);
-                v.addElement(new Boolean(passed));
-                v.addElement("||");
-                s = s.substring(orIndex + 2);
-                // && first
-            } else {
-                String s1 = s.substring(0, andIndex);
-                boolean passed = evaluateExpression(authToken, s1.trim());
-
-                CMS.debug("evaluated expression: " + s1.trim() + " to be " + passed);
-                v.addElement(new Boolean(passed));
-                v.addElement("&&");
-                s = s.substring(andIndex + 2);
-            }
-        }
-
-        if (v.size() == 0) {
-            return false;
-        }
-
-        if (v.size() == 1) {
-            Boolean bool = (Boolean) v.remove(0);
-
-            return bool.booleanValue();
-        }
-
-        boolean left = false;
-        String op = "";
-        boolean right = false;
-
-        while (v.size() > 0) {
-            if (op.equals(""))
-                left = ((Boolean) v.remove(0)).booleanValue();
-            op = (String) v.remove(0);
-            right = ((Boolean) v.remove(0)).booleanValue();
-            left = evaluateExp(left, op, right);
-        }
-
-        return left;
-    }
-
-    public Vector<String> getNodes(String resourceID) {
-        Vector<String> v = new Vector<String>();
-
-        if (resourceID != null && !resourceID.equals("")) {
-            v.addElement(resourceID);
-        } else {
-            return v;
-        }
-        int index = resourceID.lastIndexOf(".");
-        String name = resourceID;
-
-        while (index != -1) {
-            name = name.substring(0, index);
-            v.addElement(name);
-            index = name.lastIndexOf(".");
-        }
-
-        return v;
-    }
-
-    /**
-     * Resolves the given expression.
-     */
-    private boolean evaluateExpression(IAuthToken authToken, String expression) {
-        String op = getOp(expression);
-        String type = "";
-        String value = "";
-
-        if (!op.equals("")) {
-            int len = op.length();
-            int i = expression.indexOf(op);
-
-            type = expression.substring(0, i).trim();
-            value = expression.substring(i + len).trim();
-        }
-        IAccessEvaluator evaluator = mEvaluators.get(type);
-
-        if (evaluator == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_NOT_FOUND", type));
-            return false;
-        }
-
-        return evaluator.evaluate(authToken, type, op, value);
-    }
-
-    private String getOp(String exp) {
-        int i = exp.indexOf("!=");
-
-        if (i == -1) {
-            i = exp.indexOf("=");
-            if (i == -1) {
-                i = exp.indexOf(">");
-                if (i == -1) {
-                    i = exp.indexOf("<");
-                    if (i == -1) {
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_OP_NOT_SUPPORTED", exp));
-                    } else {
-                        return "<";
-                    }
-                } else {
-                    return ">";
-                }
-            } else {
-                return "=";
-            }
-        } else {
-            return "!=";
-        }
-        return "";
-    }
-
-    private boolean evaluateExp(boolean left, String op, boolean right) {
-        if (op.equals("||")) {
-            if (left == false && right == false)
-                return false;
-            return true;
-        } else if (op.equals("&&")) {
-            if (left == true && right == true)
-                return true;
-            return false;
-        }
-        return false;
-    }
-
-    /*******************************************************
-     * end identification differentiation
-     *******************************************************/
-
-    /**
-     * This one only updates the memory. Classes extend this class should
-     * also update to a permanent storage
-     */
-    public void updateACLs(String id, String rights, String strACLs,
-            String desc) throws EACLsException {
-        String resourceACLs = id;
-
-        if (rights != null)
-            resourceACLs = id + ":" + rights + ":" + strACLs + ":" + desc;
-
-        // memory update
-        ACL ac = null;
-
-        try {
-            ac = (ACL) CMS.parseACL(resourceACLs);
-        } catch (EBaseException ex) {
-            throw new EACLsException(CMS.getUserMessage("CMS_ACL_PARSING_ERROR_0"));
-        }
-
-        mACLs.put(ac.getName(), ac);
-    }
-
-    /**
-     * gets an enumeration of resources
-     *
-     * @return an enumeration of resources contained in the ACL table
-     */
-    public Enumeration<ACL> aclResElements() {
-        return (mACLs.elements());
-    }
-
-    /**
-     * gets an enumeration of access evaluators
-     *
-     * @return an enumeraton of access evaluators
-     */
-    public Enumeration<IAccessEvaluator> aclEvaluatorElements() {
-        return (mEvaluators.elements());
-    }
-
-    /**
-     * gets the access evaluators
-     *
-     * @return handle to the access evaluators table
-     */
-    public Hashtable<String, IAccessEvaluator> getAccessEvaluators() {
-        return mEvaluators;
-    }
-
-    /**
-     * is this resource name unique
-     *
-     * @return true if unique; false otherwise
-     */
-    public boolean isTypeUnique(String type) {
-        if (mACLs.containsKey(type)) {
-            return false;
-        } else {
-            return true;
-        }
-    }
-
-    private void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION,
-                level, msg);
-    }
-
-    /*********************************
-     * abstract methods
-     **********************************/
-
-    /**
-     * update acls. called after memory upate is done to flush to permanent
-     * storage.
-     * <p>
-     */
-    protected abstract void flushResourceACLs() throws EACLsException;
-
-    /**
-     * an abstract class that enforces implementation of the
-     * authorize() method that will authorize an operation on a
-     * particular resource
-     *
-     * @param authToken the authToken associated with a user
-     * @param resource - the protected resource name
-     * @param operation - the protected resource operation name
-     * @exception EBaseException If an internal error occurred.
-     * @return authzToken
-     */
-    public abstract AuthzToken authorize(IAuthToken authToken, String resource, String operation) throws EBaseException;
-
-    public String getOrder() {
-        IConfigStore mainConfig = CMS.getConfigStore();
-        String order = "";
-
-        try {
-            order = mainConfig.getString("authz.evaluateOrder", "");
-            if (order.startsWith("allow"))
-                return "allow";
-            else
-                return "deny";
-        } catch (Exception e) {
-        }
-        return "deny";
-    }
-
-    public boolean evaluateACLs(IAuthToken authToken, String exp) {
-        return evaluateExpressions(authToken, exp);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/authorization/ACLInterceptor.java b/base/common/src/com/netscape/cms/authorization/ACLInterceptor.java
deleted file mode 100644
index 52d9eb899..000000000
--- a/base/common/src/com/netscape/cms/authorization/ACLInterceptor.java
+++ /dev/null
@@ -1,159 +0,0 @@
-//--- BEGIN COPYRIGHT BLOCK ---
-//This program is free software; you can redistribute it and/or modify
-//it under the terms of the GNU General Public License as published by
-//the Free Software Foundation; version 2 of the License.
-//
-//This program is distributed in the hope that it will be useful,
-//but WITHOUT ANY WARRANTY; without even the implied warranty of
-//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-//GNU General Public License for more details.
-//
-//You should have received a copy of the GNU General Public License along
-//with this program; if not, write to the Free Software Foundation, Inc.,
-//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-//(C) 2012 Red Hat, Inc.
-//All rights reserved.
-//--- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authorization;
-
-import java.io.IOException;
-import java.lang.reflect.Method;
-import java.net.URL;
-import java.security.Principal;
-import java.util.Properties;
-
-import javax.servlet.ServletContext;
-import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.container.ContainerRequestFilter;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.SecurityContext;
-import javax.ws.rs.ext.Provider;
-
-import org.jboss.resteasy.core.ResourceMethodInvoker;
-import org.jboss.resteasy.spi.Failure;
-
-import com.netscape.certsrv.acls.ACLMapping;
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.authorization.IAuthzSubsystem;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.ForbiddenException;
-import com.netscape.cms.realm.PKIPrincipal;
-
-/**
- * @author Endi S. Dewata
- */
-@Provider
-public class ACLInterceptor implements ContainerRequestFilter {
-
-    Properties authProperties;
-
-    @Context
-    ServletContext servletContext;
-
-    @Context
-    SecurityContext securityContext;
-
-    public synchronized void loadAuthProperties() throws IOException {
-
-        if (authProperties != null)
-            return;
-
-        URL url = servletContext.getResource("/WEB-INF/auth.properties");
-        authProperties = new Properties();
-        authProperties.load(url.openStream());
-    }
-
-    @Override
-    public void filter(ContainerRequestContext requestContext) throws IOException {
-        ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker) requestContext
-                .getProperty("org.jboss.resteasy.core.ResourceMethodInvoker");
-        Method method = methodInvoker.getMethod();
-
-        ACLMapping aclMapping = method.getAnnotation(ACLMapping.class);
-
-        // If not available, get ACL mapping for the class.
-        if (aclMapping == null) {
-            Class<?> clazz = method.getDeclaringClass();
-            aclMapping = clazz.getAnnotation(ACLMapping.class);
-        }
-
-        // If still not available, it's unprotected, allow request.
-        if (aclMapping == null) {
-            CMS.debug("ACLInterceptor: No ACL mapping.");
-            return;
-        }
-
-        Principal principal = securityContext.getUserPrincipal();
-
-        // If unauthenticated, reject request.
-        if (principal == null) {
-            CMS.debug("ACLInterceptor: No user principal provided.");
-            throw new ForbiddenException("No user principal provided.");
-        }
-
-        // If unrecognized principal, reject request.
-        if (!(principal instanceof PKIPrincipal)) {
-            CMS.debug("ACLInterceptor: Invalid user principal.");
-            throw new ForbiddenException("Invalid user principal.");
-        }
-
-        PKIPrincipal pkiPrincipal = (PKIPrincipal) principal;
-        IAuthToken authToken = pkiPrincipal.getAuthToken();
-
-        // If missing auth token, reject request.
-        if (authToken == null) {
-            CMS.debug("ACLInterceptor: No authorization token present.");
-            throw new ForbiddenException("No authorization token present.");
-        }
-
-        try {
-            loadAuthProperties();
-
-            String name = aclMapping.value();
-            String value = authProperties.getProperty(name);
-
-            // If no property defined, allow request.
-            if (value == null) {
-                CMS.debug("ACLInterceptor: No ACL configuration.");
-                return;
-            }
-
-            String values[] = value.split(",");
-
-            // If invalid mapping, reject request.
-            if (values.length != 2) {
-                CMS.debug("ACLInterceptor: Invalid ACL mapping.");
-                throw new ForbiddenException("Invalid ACL mapping.");
-            }
-
-            // Check authorization.
-            IAuthzSubsystem mAuthz = (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ);
-            AuthzToken authzToken = mAuthz.authorize(
-                    "DirAclAuthz",
-                    authToken,
-                    values[0], // resource
-                    values[1]); // operation
-
-            // If not authorized, reject request.
-            if (authzToken == null) {
-                CMS.debug("ACLInterceptor: No authorization token present.");
-                throw new ForbiddenException("No authorization token present.");
-            }
-
-        } catch (EAuthzAccessDenied e) {
-            CMS.debug("ACLInterceptor: " + e.getMessage());
-            throw new ForbiddenException(e.toString());
-
-        } catch (IOException | EBaseException e) {
-            e.printStackTrace();
-            throw new Failure(e);
-        }
-
-        // Allow request.
-        return;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/authorization/AuthMethodInterceptor.java b/base/common/src/com/netscape/cms/authorization/AuthMethodInterceptor.java
deleted file mode 100644
index c42ba26d0..000000000
--- a/base/common/src/com/netscape/cms/authorization/AuthMethodInterceptor.java
+++ /dev/null
@@ -1,168 +0,0 @@
-//--- BEGIN COPYRIGHT BLOCK ---
-//This program is free software; you can redistribute it and/or modify
-//it under the terms of the GNU General Public License as published by
-//the Free Software Foundation; version 2 of the License.
-//
-//This program is distributed in the hope that it will be useful,
-//but WITHOUT ANY WARRANTY; without even the implied warranty of
-//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-//GNU General Public License for more details.
-//
-//You should have received a copy of the GNU General Public License along
-//with this program; if not, write to the Free Software Foundation, Inc.,
-//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-//(C) 2013 Red Hat, Inc.
-//All rights reserved.
-//--- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authorization;
-
-import java.io.IOException;
-import java.lang.reflect.Method;
-import java.net.URL;
-import java.security.Principal;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Properties;
-
-import javax.servlet.ServletContext;
-import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.container.ContainerRequestFilter;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.SecurityContext;
-import javax.ws.rs.ext.Provider;
-
-import org.jboss.resteasy.core.ResourceMethodInvoker;
-import org.jboss.resteasy.spi.Failure;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthMethodMapping;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.ForbiddenException;
-import com.netscape.cms.realm.PKIPrincipal;
-
-/**
- * @author Endi S. Dewata
- */
-@Provider
-public class AuthMethodInterceptor implements ContainerRequestFilter {
-
-    Properties authProperties;
-
-    @Context
-    ServletContext servletContext;
-
-    @Context
-    SecurityContext securityContext;
-
-    public synchronized void loadAuthProperties() throws IOException {
-
-        if (authProperties != null)
-            return;
-
-        authProperties = new Properties();
-
-        URL url = servletContext.getResource("/WEB-INF/auth-method.properties");
-
-        if (url == null) {
-            authProperties.put("default", "*");
-            authProperties.put("account", "certUserDBAuthMgr,passwdUserDBAuthMgr");
-            authProperties.put("admin", "certUserDBAuthMgr");
-            authProperties.put("agent", "certUserDBAuthMgr");
-            authProperties.put("profiles", "certUserDBAuthMgr");
-            authProperties.put("securityDomain.installToken", "passwdUserDBAuthMgr");
-        } else {
-            authProperties.load(url.openStream());
-        }
-    }
-
-    @Override
-    public void filter(ContainerRequestContext requestContext) throws IOException {
-        ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker) requestContext
-                .getProperty("org.jboss.resteasy.core.ResourceMethodInvoker");
-        Method method = methodInvoker.getMethod();
-        Class<?> clazz = methodInvoker.getResourceClass();
-
-        CMS.debug("AuthMethodInterceptor: " + clazz.getSimpleName() + "." + method.getName() + "()");
-
-        // Get authentication mapping for the method.
-        AuthMethodMapping authMapping = method.getAnnotation(AuthMethodMapping.class);
-
-        // If not available, get authentication mapping for the class.
-        if (authMapping == null) {
-            authMapping = clazz.getAnnotation(AuthMethodMapping.class);
-        }
-
-        String name;
-        if (authMapping == null) {
-            // If not available, use the default mapping.
-            name = "default";
-        } else {
-            // Get the method label
-            name = authMapping.value();
-        }
-
-        CMS.debug("AuthMethodInterceptor: mapping name: " + name);
-
-        try {
-            loadAuthProperties();
-
-            String value = authProperties.getProperty(name);
-            Collection<String> authMethods = new HashSet<String>();
-            if (value != null) {
-                for (String v : value.split(",")) {
-                    authMethods.add(v.trim());
-                }
-            }
-
-            CMS.debug("AuthMethodInterceptor: required auth methods: " + authMethods);
-
-            Principal principal = securityContext.getUserPrincipal();
-
-            // If unauthenticated, reject request.
-            if (principal == null) {
-                if (authMethods.isEmpty() || authMethods.contains("anonymous") || authMethods.contains("*")) {
-                    CMS.debug("AuthMethodInterceptor: anonymous access allowed");
-                    return;
-                }
-                CMS.debug("AuthMethodInterceptor: anonymous access not allowed");
-                throw new ForbiddenException("Anonymous access not allowed.");
-            }
-
-            // If unrecognized principal, reject request.
-            if (!(principal instanceof PKIPrincipal)) {
-                CMS.debug("AuthMethodInterceptor: unknown principal");
-                throw new ForbiddenException("Unknown user principal");
-            }
-
-            PKIPrincipal pkiPrincipal = (PKIPrincipal) principal;
-            IAuthToken authToken = pkiPrincipal.getAuthToken();
-
-            // If missing auth token, reject request.
-            if (authToken == null) {
-                CMS.debug("AuthMethodInterceptor: missing authentication token");
-                throw new ForbiddenException("Missing authentication token.");
-            }
-
-            String authManager = (String) authToken.get(AuthToken.TOKEN_AUTHMGR_INST_NAME);
-            CMS.debug("AuthMethodInterceptor: authentication manager: " + authManager);
-
-            if (authManager == null) {
-                CMS.debug("AuthMethodInterceptor: missing authentication manager");
-                throw new ForbiddenException("Missing authentication manager.");
-            }
-
-            if (authMethods.isEmpty() || authMethods.contains(authManager) || authMethods.contains("*")) {
-                CMS.debug("AuthMethodInterceptor: " + authManager + " allowed");
-                return;
-            }
-
-            throw new ForbiddenException("Authentication method not allowed.");
-
-        } catch (IOException e) {
-            e.printStackTrace();
-            throw new Failure(e);
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java b/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java
deleted file mode 100644
index 729b017d8..000000000
--- a/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java
+++ /dev/null
@@ -1,213 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authorization;
-
-// cert server imports.
-import com.netscape.certsrv.acls.EACLsException;
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.authorization.EAuthzInternalError;
-import com.netscape.certsrv.authorization.IAuthzManager;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * A class for basic acls authorization manager
- *
- * @version $Revision$, $Date$
- */
-public class BasicAclAuthz extends AAclAuthz
-        implements IAuthzManager, IExtendedPluginInfo {
-
-    // members
-
-    /* name of this authorization manager instance */
-    private String mName = null;
-
-    /* name of the authorization manager plugin */
-    private String mImplName = null;
-
-    /* configuration store */
-    @SuppressWarnings("unused")
-    private IConfigStore mConfig;
-
-    /* the system logger */
-    private ILogger mLogger = null;
-
-    protected static final String PROP_BASEDN = "basedn";
-
-    static {
-        mExtendedPluginInfo.add("nothing for now");
-    }
-
-    /**
-     * Default constructor
-     */
-    public BasicAclAuthz() {
-
-        /* Holds configuration parameters accepted by this implementation.
-         * This list is passed to the configuration console so configuration
-         * for instances of this implementation can be configured through the
-         * console.
-         */
-        mConfigParams =
-                new String[] {
-                    "dummy"
-                };
-    }
-
-    /**
-     *
-     */
-    public void init(String name, String implName, IConfigStore config)
-            throws EBaseException {
-        mName = name;
-        mImplName = implName;
-        mConfig = config;
-        mLogger = CMS.getLogger();
-
-        super.init(config);
-
-        log(ILogger.LL_INFO, "initialization done");
-    }
-
-    /**
-     * gets the name of this authorization manager instance
-     */
-    public String getName() {
-        return mName;
-    }
-
-    /**
-     * gets the plugin name of this authorization manager.
-     */
-    public String getImplName() {
-        return mImplName;
-    }
-
-    /**
-     * check the authorization permission for the user associated with
-     * authToken on operation
-     * <p>
-     * Example:
-     * <p>
-     * For example, if UsrGrpAdminServlet needs to authorize the caller it would do be done in the following fashion:
-     *
-     * <PRE>
-     * try {
-     *     authzTok = mAuthz.authorize(&quot;DirACLBasedAuthz&quot;, authToken, RES_GROUP, &quot;read&quot;);
-     * } catch (EBaseException e) {
-     *     log(ILogger.LL_FAILURE, &quot;authorize call: &quot; + e.toString());
-     * }
-     * </PRE>
-     *
-     * @param authToken the authToken associated with a user
-     * @param resource - the protected resource name
-     * @param operation - the protected resource operation name
-     * @exception EAuthzInternalError if an internal error occurred.
-     * @exception EAuthzAccessDenied if access denied
-     * @return authzToken if success
-     */
-    public AuthzToken authorize(IAuthToken authToken, String resource, String operation)
-            throws EAuthzInternalError, EAuthzAccessDenied {
-        AuthzToken authzToken = new AuthzToken(this);
-
-        try {
-            checkPermission(authToken, resource, operation);
-
-            CMS.debug("BasicAclAuthz: authorization passed");
-
-            // compose AuthzToken
-            authzToken.set(AuthzToken.TOKEN_AUTHZ_RESOURCE, resource);
-            authzToken.set(AuthzToken.TOKEN_AUTHZ_OPERATION, operation);
-            authzToken.set(AuthzToken.TOKEN_AUTHZ_STATUS,
-                    AuthzToken.AUTHZ_STATUS_SUCCESS);
-        } catch (EACLsException e) {
-            // audit here later
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_AUTHORIZATION_FAILED"));
-            String params[] = { resource, operation };
-
-            throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
-        }
-
-        return authzToken;
-    }
-
-    public AuthzToken authorize(IAuthToken authToken, String expression)
-            throws EAuthzAccessDenied {
-        if (evaluateACLs(authToken, expression)) {
-            return (new AuthzToken(this));
-        } else {
-            String params[] = { expression };
-            throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
-        }
-    }
-
-    /**
-     * This currently does not flush to permanent storage
-     *
-     * @param id is the resource id
-     * @param strACLs
-     */
-    public void updateACLs(String id, String rights, String strACLs,
-            String desc) throws EACLsException {
-        try {
-            super.updateACLs(id, rights, strACLs, desc);
-            //            flushResourceACLs();
-        } catch (EACLsException ex) {
-
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_RESOURCES", ex.toString()));
-
-            throw new EACLsException(CMS.getUserMessage("CMS_ACL_UPDATE_FAIL"));
-        }
-    }
-
-    /**
-     * updates resourceACLs to permanent storage.
-     * currently not implemented for this authzMgr
-     */
-    protected void flushResourceACLs() throws EACLsException {
-        log(ILogger.LL_FAILURE, "flushResourceACL() is not implemented");
-        throw new EACLsException(CMS.getUserMessage("CMS_ACL_METHOD_NOT_IMPLEMENTED"));
-    }
-
-    /**
-     * graceful shutdown
-     */
-    public void shutdown() {
-        log(ILogger.LL_INFO, "shutting down");
-    }
-
-    /**
-     * Logs a message for this class in the system log file.
-     *
-     * @param level The log level.
-     * @param msg The message to log.
-     * @see com.netscape.certsrv.logging.ILogger
-     */
-    protected void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION,
-                level, msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java b/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java
deleted file mode 100644
index 133fe759e..000000000
--- a/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java
+++ /dev/null
@@ -1,365 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.authorization;
-
-import java.util.Enumeration;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPModification;
-import netscape.ldap.LDAPModificationSet;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-
-import com.netscape.certsrv.acls.ACL;
-import com.netscape.certsrv.acls.EACLsException;
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.authorization.EAuthzInternalError;
-import com.netscape.certsrv.authorization.IAuthzManager;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.ldap.ILdapConnFactory;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * A class for ldap acls based authorization manager
- * The ldap server used for acls is the cms internal ldap db.
- *
- * @version $Revision$, $Date$
- */
-public class DirAclAuthz extends AAclAuthz
-        implements IAuthzManager, IExtendedPluginInfo {
-
-    // members
-
-    /* name of this authentication manager instance */
-    private String mName = null;
-
-    /* name of the authentication manager plugin */
-    private String mImplName = null;
-
-    /* configuration store */
-    private IConfigStore mConfig;
-
-    /* the system logger */
-    private ILogger mLogger = null;
-
-    protected static final String PROP_BASEDN = "basedn";
-
-    private ILdapConnFactory mLdapConnFactory = null;
-    private String mBaseDN = null;
-    private static boolean needsFlush = false;
-
-    static {
-        mExtendedPluginInfo.add("ldap.ldapconn.host;string,required;" +
-                "LDAP host to connect to");
-        mExtendedPluginInfo.add("ldap.ldapconn.port;number,required;" +
-                "LDAP port number (use 389, or 636 if SSL)");
-        mExtendedPluginInfo.add("ldap.ldapconn.secureConn;boolean;" +
-                "Use SSL to connect to directory?");
-        mExtendedPluginInfo.add("ldap.ldapconn.version;choice(3,2);" +
-                "LDAP protocol version");
-        mExtendedPluginInfo.add("ldap.basedn;string,required;Base DN to start sarching " +
-                "under. If the ACL's DN is 'cn=resourceACL, o=NetscapeCertificateServer' you " +
-                "might want to use 'o=NetscapeCertificateServer' here");
-        mExtendedPluginInfo.add("ldap.minConns;number;number of connections " +
-                "to keep open to directory server. Default 5.");
-        mExtendedPluginInfo.add("ldap.maxConns;number;when needed, connection "
-                +
-                "pool can grow to this many (multiplexed) connections. Default 1000");
-    }
-
-    /**
-     * Default constructor
-     */
-    public DirAclAuthz() {
-
-        /* Holds configuration parameters accepted by this implementation.
-         * This list is passed to the configuration console so configuration
-         * for instances of this implementation can be configured through the
-         * console.
-         */
-        mConfigParams =
-                new String[] {
-                        "ldap.ldapconn.host",
-                        "ldap.ldapconn.port",
-                        "ldap.ldapconn.secureConn",
-                        "ldap.ldapconn.version",
-                        "ldap.basedn",
-                        "ldap.minConns",
-                        "ldap.maxConns",
-                };
-    }
-
-    /**
-     *
-     */
-    public void init(String name, String implName, IConfigStore config)
-            throws EBaseException {
-        mName = name;
-        mImplName = implName;
-        mConfig = config;
-        mLogger = CMS.getLogger();
-
-        super.init(config);
-
-        // initialize LDAP connection factory
-        IConfigStore ldapConfig = mConfig.getSubStore("ldap");
-
-        if (ldapConfig == null) {
-            log(ILogger.LL_MISCONF, "failed to get config ldap info");
-            return;
-        }
-
-        mBaseDN = ldapConfig.getString(PROP_BASEDN, null);
-
-        try {
-            @SuppressWarnings("unused")
-            String hostname = ldapConfig.getString("ldapconn.host"); // check for errors
-        } catch (EBaseException e) {
-            if (CMS.isPreOpMode())
-                return;
-        }
-
-        mLdapConnFactory = CMS.getLdapBoundConnFactory();
-        mLdapConnFactory.init(ldapConfig);
-
-        // retrieve aclResources from the LDAP server and load
-        // into memory
-        LDAPConnection conn = null;
-
-        CMS.debug("DirAclAuthz: about to ldap search aclResources");
-        try {
-            conn = getConn();
-            LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB,
-                    "cn=aclResources", null, false);
-
-            returnConn(conn);
-            if (res.hasMoreElements()) {
-                log(ILogger.LL_INFO, "ldap search found cn=aclResources");
-
-                LDAPEntry entry = (LDAPEntry) res.nextElement();
-                LDAPAttribute aclRes = entry.getAttribute("resourceACLS");
-
-                @SuppressWarnings("unchecked")
-                Enumeration<String> en = aclRes.getStringValues();
-
-                for (; en != null && en.hasMoreElements();) {
-                    addACLs(en.nextElement());
-                }
-            } else {
-                log(ILogger.LL_INFO, "ldap search found no cn=aclResources");
-            }
-        } catch (LDAPException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_INIT_ERROR", e.toString()));
-            throw new EACLsException(CMS.getUserMessage("CMS_ACL_CONNECT_LDAP_FAIL", mBaseDN));
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_INIT_ERROR", e.toString()));
-        }
-
-        log(ILogger.LL_INFO, "initialization done");
-    }
-
-    /**
-     * gets the name of this authorization manager instance
-     */
-    public String getName() {
-        return mName;
-    }
-
-    /**
-     * gets the plugin name of this authorization manager.
-     */
-    public String getImplName() {
-        return mImplName;
-    }
-
-    /**
-     * check the authorization permission for the user associated with
-     * authToken on operation
-     * <p>
-     * Example:
-     * <p>
-     * For example, if UsrGrpAdminServlet needs to authorize the caller it would do be done in the following fashion:
-     *
-     * <PRE>
-     * try {
-     *     authzTok = mAuthz.authorize(&quot;DirAclAuthz&quot;, authToken, RES_GROUP, &quot;read&quot;);
-     * } catch (EBaseException e) {
-     *     log(ILogger.LL_FAILURE, &quot;authorize call: &quot; + e.toString());
-     * }
-     * </PRE>
-     *
-     * @param authToken the authToken associated with a user
-     * @param resource - the protected resource name
-     * @param operation - the protected resource operation name
-     * @exception EBaseException If an internal error occurred.
-     * @return authzToken
-     */
-    public AuthzToken authorize(IAuthToken authToken, String resource, String operation)
-            throws EAuthzInternalError, EAuthzAccessDenied {
-        AuthzToken authzToken = new AuthzToken(this);
-
-        try {
-            checkPermission(authToken, resource, operation);
-            // compose AuthzToken
-            authzToken.set(AuthzToken.TOKEN_AUTHZ_RESOURCE, resource);
-            authzToken.set(AuthzToken.TOKEN_AUTHZ_OPERATION, operation);
-            authzToken.set(AuthzToken.TOKEN_AUTHZ_STATUS, AuthzToken.AUTHZ_STATUS_SUCCESS);
-            CMS.debug("DirAclAuthz: authorization passed");
-        } catch (EACLsException e) {
-            // audit here later
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_AUTHORIZATION_FAILED"));
-            String params[] = { resource, operation };
-
-            throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
-        }
-
-        return authzToken;
-    }
-
-    public AuthzToken authorize(IAuthToken authToken, String expression)
-            throws EAuthzAccessDenied {
-        if (evaluateACLs(authToken, expression)) {
-            return (new AuthzToken(this));
-        } else {
-            String params[] = { expression };
-            throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
-        }
-    }
-
-    /**
-     * update acls. when memory update is done, flush to ldap.
-     * <p>
-     * Currently, it is possible that when the memory is updated successfully, and the ldap isn't, the memory upates
-     * lingers. The result is that the changes will only be done on ldap at the next update, or when the system shuts
-     * down, another flush will be attempted.
-     *
-     * @param id is the resource id
-     * @param rights The allowable rights for this resource
-     * @param strACLs has the same format as a resourceACLs entry acis
-     *            on the ldap server
-     * @param desc The description for this resource
-     */
-    public void updateACLs(String id, String rights, String strACLs,
-            String desc) throws EACLsException {
-        try {
-            super.updateACLs(id, rights, strACLs, desc);
-            flushResourceACLs();
-            needsFlush = false;
-        } catch (EACLsException ex) {
-            // flushing failed, set flag
-            needsFlush = true;
-
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_RESOURCES", ex.toString()));
-
-            throw new EACLsException(CMS.getUserMessage("CMS_ACL_UPDATE_FAIL"));
-        }
-    }
-
-    /**
-     * updates resourceACLs to ldap.
-     */
-    protected void flushResourceACLs() throws EACLsException {
-        // ldap update
-        LDAPConnection conn = null;
-
-        try {
-            LDAPAttribute attrs = new LDAPAttribute("resourceACLS");
-            LDAPModificationSet mod = new LDAPModificationSet();
-
-            Enumeration<ACL> en = aclResElements();
-
-            if (en.hasMoreElements() == true) {
-                while (en.hasMoreElements()) {
-                    ACL a = en.nextElement();
-                    String resAclString = a.getResourceACLs();
-
-                    attrs.addValue(resAclString);
-                }
-
-                mod.add(LDAPModification.REPLACE, attrs);
-
-                conn = getConn();
-                conn.modify("cn=aclResources," + mBaseDN, mod);
-            }
-        } catch (LDAPException ex) {
-            System.out.println(ex.toString());
-            throw new EACLsException(CMS.getUserMessage("CMS_ACL_UPDATE_FAIL"));
-        } catch (Exception ex) {
-            System.out.println(ex.toString());
-            throw new EACLsException(CMS.getUserMessage("CMS_ACL_UPDATE_FAIL"));
-        } finally {
-            try {
-                returnConn(conn);
-            } catch (ELdapException e) {
-                log(ILogger.LL_FAILURE, "couldn't return conn ?");
-            }
-        }
-    }
-
-    protected LDAPConnection getConn() throws ELdapException {
-        return mLdapConnFactory.getConn();
-    }
-
-    protected void returnConn(LDAPConnection conn) throws ELdapException {
-        mLdapConnFactory.returnConn(conn);
-    }
-
-    /**
-     * graceful shutdown
-     */
-    public void shutdown() {
-        if (needsFlush) {
-            // flush the changes
-            try {
-                flushResourceACLs();
-            } catch (EACLsException e) {
-                // flushing failed again...too bad
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_ERROR", e.toString()));
-            }
-        }
-
-        try {
-            if (mLdapConnFactory != null) mLdapConnFactory.reset();
-        } catch (ELdapException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_LDAP_ERROR", e.toString()));
-        }
-    }
-
-    /**
-     * Logs a message for this class in the system log file.
-     *
-     * @param level The log level.
-     * @param msg The message to log.
-     * @see com.netscape.certsrv.logging.ILogger
-     */
-    protected void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION,
-                level, msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java b/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java
deleted file mode 100644
index 8a8de4174..000000000
--- a/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java
+++ /dev/null
@@ -1,259 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.crl;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import netscape.security.extensions.AuthInfoAccessExtension;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.Extension;
-import netscape.security.x509.GeneralName;
-import netscape.security.x509.URIName;
-import netscape.security.x509.X500Name;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ca.ICMSCRLExtension;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * This represents a Authority Information Access CRL extension.
- *
- * @version $Revision$, $Date$
- */
-public class CMSAuthInfoAccessExtension
-        implements ICMSCRLExtension, IExtendedPluginInfo {
-    public static final String PROP_NUM_ADS = "numberOfAccessDescriptions";
-    public static final String PROP_ACCESS_METHOD = "accessMethod";
-    public static final String PROP_ACCESS_LOCATION_TYPE = "accessLocationType";
-    public static final String PROP_ACCESS_LOCATION = "accessLocation";
-
-    private static final String PROP_ACCESS_METHOD_OCSP = "ocsp";
-    private static final String PROP_ACCESS_METHOD_CAISSUERS = "caIssuers";
-    private static final String PROP_DIRNAME = "DirectoryName";
-    private static final String PROP_URINAME = "URI";
-
-    private ILogger mLogger = CMS.getLogger();
-
-    public CMSAuthInfoAccessExtension() {
-    }
-
-    public Extension setCRLExtensionCriticality(Extension ext,
-            boolean critical) {
-        AuthInfoAccessExtension authInfoAccessExt = (AuthInfoAccessExtension) ext;
-
-        authInfoAccessExt.setCritical(critical);
-
-        return authInfoAccessExt;
-    }
-
-    public Extension getCRLExtension(IConfigStore config, Object ip,
-            boolean critical) {
-        AuthInfoAccessExtension authInfoAccessExt = new AuthInfoAccessExtension(critical);
-
-        int numberOfAccessDescriptions = 0;
-
-        try {
-            numberOfAccessDescriptions = config.getInteger(PROP_NUM_ADS, 0);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_INVALID_NUM_ADS", e.toString()));
-        }
-
-        if (numberOfAccessDescriptions > 0) {
-
-            for (int i = 0; i < numberOfAccessDescriptions; i++) {
-                String accessMethod = null;
-                String accessLocationType = null;
-                String accessLocation = null;
-                ObjectIdentifier method = AuthInfoAccessExtension.METHOD_CA_ISSUERS;
-
-                try {
-                    accessMethod = config.getString(PROP_ACCESS_METHOD + i);
-                } catch (EPropertyNotFound e) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AM_UNDEFINED", e.toString()));
-                } catch (EBaseException e) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AM_INVALID", e.toString()));
-                }
-
-                if (accessMethod != null && accessMethod.equals(PROP_ACCESS_METHOD_OCSP)) {
-                    method = AuthInfoAccessExtension.METHOD_OCSP;
-                }
-
-                try {
-                    accessLocationType = config.getString(PROP_ACCESS_LOCATION_TYPE + i);
-                } catch (EPropertyNotFound e) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_ALT_UNDEFINED", e.toString()));
-                } catch (EBaseException e) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_ALT_INVALID", e.toString()));
-                }
-
-                try {
-                    accessLocation = config.getString(PROP_ACCESS_LOCATION + i);
-                } catch (EPropertyNotFound e) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString()));
-                } catch (EBaseException e) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString()));
-                }
-
-                if (accessLocationType != null && accessLocation != null && accessLocation.length() > 0) {
-                    if (accessLocationType.equalsIgnoreCase(PROP_DIRNAME)) {
-                        try {
-                            X500Name dirName = new X500Name(accessLocation);
-                            authInfoAccessExt.addAccessDescription(method, new GeneralName(dirName));
-                        } catch (IOException e) {
-                            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_500NAME", e.toString()));
-                        }
-                    } else if (accessLocationType.equalsIgnoreCase(PROP_URINAME)) {
-                        URIName uriName = new URIName(accessLocation);
-                        authInfoAccessExt.addAccessDescription(method, new GeneralName(uriName));
-                    } else {
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_POTINT_TYPE", accessLocation));
-                    }
-                } else {
-                    accessLocationType = PROP_URINAME;
-                    String hostname = CMS.getEENonSSLHost();
-                    String port = CMS.getEENonSSLPort();
-                    if (hostname != null && port != null) {
-                        accessLocation = "http://" + hostname + ":" + port + "/ca/ee/ca/getCAChain?op=downloadBIN";
-                    }
-                    URIName uriName = new URIName(accessLocation);
-                    authInfoAccessExt.addAccessDescription(AuthInfoAccessExtension.METHOD_CA_ISSUERS, new GeneralName(
-                            uriName));
-                }
-            }
-        }
-
-        return authInfoAccessExt;
-    }
-
-    public String getCRLExtOID() {
-        return AuthInfoAccessExtension.ID.toString();
-    }
-
-    public void getConfigParams(IConfigStore config, NameValuePairs nvp) {
-
-        int numberOfAccessDescriptions = 0;
-
-        try {
-            numberOfAccessDescriptions = config.getInteger(PROP_NUM_ADS, 0);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_INVALID_NUM_ADS", e.toString()));
-        }
-        nvp.put(PROP_NUM_ADS, String.valueOf(numberOfAccessDescriptions));
-
-        for (int i = 0; i < numberOfAccessDescriptions; i++) {
-            String accessMethod = null;
-            String accessLocationType = null;
-            String accessLocation = null;
-
-            try {
-                accessMethod = config.getString(PROP_ACCESS_METHOD + i);
-            } catch (EPropertyNotFound e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AM_UNDEFINED", e.toString()));
-            } catch (EBaseException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AM_INVALID", e.toString()));
-            }
-
-            if (accessMethod != null && accessMethod.length() > 0) {
-                nvp.put(PROP_ACCESS_METHOD + i, accessMethod);
-            } else {
-                nvp.put(PROP_ACCESS_METHOD + i, PROP_ACCESS_METHOD_CAISSUERS);
-            }
-
-            try {
-                accessLocationType = config.getString(PROP_ACCESS_LOCATION_TYPE + i);
-            } catch (EPropertyNotFound e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_ALT_UNDEFINED", e.toString()));
-            } catch (EBaseException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_ALT_INVALID", e.toString()));
-            }
-
-            if (accessLocationType != null && accessLocationType.length() > 0) {
-                nvp.put(PROP_ACCESS_LOCATION_TYPE + i, accessLocationType);
-            } else {
-                nvp.put(PROP_ACCESS_LOCATION_TYPE + i, PROP_URINAME);
-            }
-
-            try {
-                accessLocation = config.getString(PROP_ACCESS_LOCATION + i);
-            } catch (EPropertyNotFound e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AL_UNDEFINED", e.toString()));
-            } catch (EBaseException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AL_INVALID", e.toString()));
-            }
-
-            if (accessLocation != null && accessLocation.length() > 0) {
-                nvp.put(PROP_ACCESS_LOCATION + i, accessLocation);
-            } else {
-                String hostname = CMS.getEENonSSLHost();
-                String port = CMS.getEENonSSLPort();
-                if (hostname != null && port != null) {
-                    accessLocation = "http://" + hostname + ":" + port + "/ca/ee/ca/getCAChain?op=downloadBIN";
-                }
-                nvp.put(PROP_ACCESS_LOCATION + i, accessLocation);
-            }
-        }
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                "enable;boolean;Check to enable Authority Information Access extension.",
-                "critical;boolean;Set criticality for Authority Information Access extension.",
-                PROP_NUM_ADS + ";number;Set number of Access Descriptions.",
-                PROP_ACCESS_METHOD + "0;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," +
-                        PROP_ACCESS_METHOD_OCSP + ");Select access description method.",
-                PROP_ACCESS_LOCATION_TYPE + "0;choice(" + PROP_URINAME + "," +
-                        PROP_DIRNAME + ");Select access location type.",
-                PROP_ACCESS_LOCATION + "0;string;Enter access location " +
-                        "corresponding to the selected access location type.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ca-edit-crlextension-authorityinformationaccess",
-                PROP_ACCESS_METHOD + "1;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," +
-                        PROP_ACCESS_METHOD_OCSP + ");Select access description method.",
-                PROP_ACCESS_LOCATION_TYPE + "1;choice(" + PROP_URINAME + "," +
-                        PROP_DIRNAME + ");Select access location type.",
-                PROP_ACCESS_LOCATION + "1;string;Enter access location " +
-                        "corresponding to the selected access location type.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ca-edit-crlextension-authorityinformationaccess",
-                PROP_ACCESS_METHOD + "2;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," +
-                        PROP_ACCESS_METHOD_OCSP + ");Select access description method.",
-                PROP_ACCESS_LOCATION_TYPE + "2;choice(" + PROP_URINAME + "," +
-                        PROP_DIRNAME + ");Select access location type.",
-                PROP_ACCESS_LOCATION + "2;string;Enter access location " +
-                        "corresponding to the selected access location type.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ca-edit-crlextension-authorityinformationaccess",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";The Freshest CRL is a non critical CRL extension " +
-                        "that identifies the delta CRL distribution points for a particular CRL."
-            };
-
-        return params;
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-                "CMSAuthInfoAccessExtension - " + msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java b/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java
deleted file mode 100644
index a34a99373..000000000
--- a/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java
+++ /dev/null
@@ -1,165 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.crl;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateParsingException;
-import java.util.Locale;
-
-import netscape.security.x509.AuthorityKeyIdentifierExtension;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.Extension;
-import netscape.security.x509.GeneralNames;
-import netscape.security.x509.KeyIdentifier;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.SerialNumber;
-import netscape.security.x509.SubjectKeyIdentifierExtension;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ca.ICMSCRLExtension;
-import com.netscape.certsrv.ca.ICRLIssuingPoint;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * This represents an authority key identifier extension.
- *
- * @version $Revision$, $Date$
- */
-public class CMSAuthorityKeyIdentifierExtension
-        implements ICMSCRLExtension, IExtendedPluginInfo {
-    private ILogger mLogger = CMS.getLogger();
-
-    public CMSAuthorityKeyIdentifierExtension() {
-    }
-
-    public Extension setCRLExtensionCriticality(Extension ext,
-            boolean critical) {
-        AuthorityKeyIdentifierExtension authKeyIdExt = null;
-        KeyIdentifier keyId = null;
-        GeneralNames names = null;
-        SerialNumber sn = null;
-
-        try {
-            keyId = (KeyIdentifier) ((AuthorityKeyIdentifierExtension) ext).get(
-                        AuthorityKeyIdentifierExtension.KEY_ID);
-            names = (GeneralNames) ((AuthorityKeyIdentifierExtension) ext).get(
-                        AuthorityKeyIdentifierExtension.AUTH_NAME);
-            sn = (SerialNumber) ((AuthorityKeyIdentifierExtension) ext).get(
-                        AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
-            authKeyIdExt = new AuthorityKeyIdentifierExtension(critical, keyId, names, sn);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AKI_EXT", e.toString()));
-        }
-        return authKeyIdExt;
-    }
-
-    public Extension getCRLExtension(IConfigStore config,
-            Object ip,
-            boolean critical) {
-        AuthorityKeyIdentifierExtension authKeyIdExt = null;
-        ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
-
-        try {
-            KeyIdentifier keyId = null;
-
-            try {
-                X509CertInfo info = (X509CertInfo)
-                        ((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getCACert().get(
-                                X509CertImpl.NAME + "." + X509CertImpl.INFO);
-
-                if (info != null) {
-                    CertificateExtensions caCertExtensions = (CertificateExtensions)
-                            info.get(X509CertInfo.EXTENSIONS);
-
-                    if (caCertExtensions != null) {
-                        for (int i = 0; i < caCertExtensions.size(); i++) {
-                            Extension caCertExt = caCertExtensions.elementAt(i);
-
-                            if (caCertExt instanceof SubjectKeyIdentifierExtension) {
-                                SubjectKeyIdentifierExtension id =
-                                        (SubjectKeyIdentifierExtension) caCertExt;
-
-                                keyId = (KeyIdentifier)
-                                        id.get(SubjectKeyIdentifierExtension.KEY_ID);
-                            }
-                        }
-                    }
-                }
-
-            } catch (CertificateParsingException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CERT_PARSING_ERROR", e.toString()));
-            } catch (CertificateException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CERT_CERT_EXCEPTION", e.toString()));
-            }
-
-            if (keyId != null) {
-                authKeyIdExt = new AuthorityKeyIdentifierExtension(critical, keyId, null, null);
-            } else {
-                GeneralNames gNames = new GeneralNames();
-
-                gNames.addElement(((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getX500Name());
-
-                authKeyIdExt =
-                        new AuthorityKeyIdentifierExtension(critical, null, gNames,
-                                new SerialNumber(((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority())
-                                        .getCACert().getSerialNumber()));
-            }
-
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AKI_EXT", e.toString()));
-        }
-
-        return authKeyIdExt;
-    }
-
-    public String getCRLExtOID() {
-        return PKIXExtensions.AuthorityKey_Id.toString();
-    }
-
-    public void getConfigParams(IConfigStore config, NameValuePairs nvp) {
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                //"type;choice(CRLExtension,CRLEntryExtension);CRL Extension Type. "+
-                //"This field is not editable.",
-                "enable;boolean;Check to enable Authority Key Identifier CRL extension.",
-                "critical;boolean;Set criticality for Authority Key Identifier CRL extension.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ca-edit-crlextension-authoritykeyidentifier",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";The authority key identifier extension provides a means " +
-                        "of identifying the public key corresponding to the private " +
-                        "key used to sign a CRL."
-            };
-
-        return params;
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-                "CMSAuthorityKeyIdentifierExtension - " + msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java b/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java
deleted file mode 100644
index 4e51b5c9b..000000000
--- a/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java
+++ /dev/null
@@ -1,107 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.crl;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Locale;
-
-import netscape.security.x509.CRLNumberExtension;
-import netscape.security.x509.Extension;
-import netscape.security.x509.PKIXExtensions;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ca.ICMSCRLExtension;
-import com.netscape.certsrv.ca.ICRLIssuingPoint;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * This represents a CRL number extension.
- *
- * @version $Revision$, $Date$
- */
-public class CMSCRLNumberExtension
-        implements ICMSCRLExtension, IExtendedPluginInfo {
-    private ILogger mLogger = CMS.getLogger();
-
-    public CMSCRLNumberExtension() {
-    }
-
-    public Extension setCRLExtensionCriticality(Extension ext,
-            boolean critical) {
-        BigInteger crlNumber = null;
-        CRLNumberExtension crlNumberExt = null;
-
-        try {
-            crlNumber = (BigInteger)
-                    ((CRLNumberExtension) ext).get(CRLNumberExtension.NUMBER);
-            crlNumberExt = new CRLNumberExtension(Boolean.valueOf(critical),
-                        crlNumber);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_CRL_NUMBER_EXT", e.toString()));
-        }
-        return crlNumberExt;
-    }
-
-    public Extension getCRLExtension(IConfigStore config,
-            Object ip,
-            boolean critical) {
-        CRLNumberExtension crlNumberExt = null;
-        ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
-
-        try {
-            crlNumberExt = new CRLNumberExtension(Boolean.valueOf(critical),
-                        crlIssuingPoint.getNextCRLNumber());
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_CRL_NUMBER_EXT", e.toString()));
-        }
-        return crlNumberExt;
-    }
-
-    public String getCRLExtOID() {
-        return PKIXExtensions.CRLNumber_Id.toString();
-    }
-
-    public void getConfigParams(IConfigStore config, NameValuePairs nvp) {
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                //"type;choice(CRLExtension,CRLEntryExtension);"+
-                //"CRL Extension type. This field is not editable.",
-                "enable;boolean;Check to enable CRL Number extension.",
-                "critical;boolean;Set criticality for CRL Number extension.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ca-edit-crlextension-crlnumber",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";The CRL number is a non-critical CRL extension " +
-                        "which conveys a monotonically increasing sequence number " +
-                        "for each CRL issued by a CA"
-            };
-
-        return params;
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-                "CMSCRLNumberExtension - " + msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java b/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java
deleted file mode 100644
index 02bd40927..000000000
--- a/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java
+++ /dev/null
@@ -1,96 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.crl;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import netscape.security.x509.CRLReasonExtension;
-import netscape.security.x509.Extension;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.RevocationReason;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ca.ICMSCRLExtension;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * This represents a CRL reason extension.
- *
- * @version $Revision$, $Date$
- */
-public class CMSCRLReasonExtension
-        implements ICMSCRLExtension, IExtendedPluginInfo {
-    private ILogger mLogger = CMS.getLogger();
-
-    public CMSCRLReasonExtension() {
-    }
-
-    public Extension setCRLExtensionCriticality(Extension ext,
-            boolean critical) {
-        RevocationReason reason = null;
-        CRLReasonExtension crlReasonExt = null;
-
-        try {
-            reason = (RevocationReason) ((CRLReasonExtension) ext).get(CRLReasonExtension.REASON);
-            crlReasonExt = new CRLReasonExtension(Boolean.valueOf(critical), reason);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_CRL_REASON_EXT", e.toString()));
-        }
-        return crlReasonExt;
-    }
-
-    public Extension getCRLExtension(IConfigStore config,
-            Object crlIssuingPoint,
-            boolean critical) {
-        CRLReasonExtension crlReasonExt = null;
-
-        return crlReasonExt;
-    }
-
-    public String getCRLExtOID() {
-        return PKIXExtensions.ReasonCode_Id.toString();
-    }
-
-    public void getConfigParams(IConfigStore config, NameValuePairs nvp) {
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                //"type;choice(CRLExtension,CRLEntryExtension);"+
-                //"CRL Entry Extension type. This field is not editable.",
-                "enable;boolean;Check to enable reason code CRL entry extension.",
-                "critical;boolean;Set criticality for reason code CRL entry extension.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ca-edit-crlextension-crlreason",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";The CRL reason code is a non-critical CRL entry extension " +
-                        "that identifies the reason for the certificate revocation."
-            };
-
-        return params;
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-                "CMSCRLReasonExtension - " + msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java b/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java
deleted file mode 100644
index 84181a8dd..000000000
--- a/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java
+++ /dev/null
@@ -1,224 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.crl;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import netscape.security.x509.CertificateIssuerExtension;
-import netscape.security.x509.Extension;
-import netscape.security.x509.GeneralNames;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.URIName;
-import netscape.security.x509.X500Name;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ca.ICMSCRLExtension;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * This represents a certificate issuer extension.
- *
- * @version $Revision$, $Date$
- */
-public class CMSCertificateIssuerExtension
-        implements ICMSCRLExtension, IExtendedPluginInfo {
-    private ILogger mLogger = CMS.getLogger();
-
-    public CMSCertificateIssuerExtension() {
-    }
-
-    public Extension setCRLExtensionCriticality(Extension ext,
-            boolean critical) {
-        CertificateIssuerExtension certIssuerExt = null;
-        GeneralNames names = null;
-
-        try {
-            names = (GeneralNames) ((CertificateIssuerExtension) ext).get(
-                        CertificateIssuerExtension.CERTIFICATE_ISSUER);
-            certIssuerExt = new CertificateIssuerExtension(Boolean.valueOf(critical),
-                        names);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_CERT_ISSUER_EXT", e.toString()));
-        }
-        return certIssuerExt;
-    }
-
-    public Extension getCRLExtension(IConfigStore config,
-            Object ip,
-            boolean critical) {
-        CertificateIssuerExtension certIssuerExt = null;
-        int numNames = 0;
-
-        try {
-            numNames = config.getInteger("numNames", 0);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_NUM_NAMES", e.toString()));
-        }
-        if (numNames > 0) {
-            GeneralNames names = new GeneralNames();
-
-            for (int i = 0; i < numNames; i++) {
-                String nameType = null;
-
-                try {
-                    nameType = config.getString("nameType" + i);
-                } catch (EPropertyNotFound e) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString()));
-                } catch (EBaseException e) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString()));
-                }
-
-                if (nameType != null) {
-                    String name = null;
-
-                    try {
-                        name = config.getString("name" + i);
-                    } catch (EPropertyNotFound e) {
-                        log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString()));
-                    } catch (EBaseException e) {
-                        log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString()));
-                    }
-
-                    if (name != null && name.length() > 0) {
-                        if (nameType.equalsIgnoreCase("DirectoryName")) {
-                            try {
-                                X500Name dirName = new X500Name(name);
-
-                                names.addElement(dirName);
-                            } catch (IOException e) {
-                                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_500NAME", e.toString()));
-                            }
-                        } else if (nameType.equalsIgnoreCase("URI")) {
-                            URIName uriName = new URIName(name);
-
-                            names.addElement(uriName);
-                        } else {
-                            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_NAME_TYPE", nameType));
-                        }
-                    }
-                }
-            }
-
-            if (names.size() > 0) {
-                try {
-                    certIssuerExt = new CertificateIssuerExtension(
-                                Boolean.valueOf(critical), names);
-                } catch (IOException e) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_CERT_ISSUER_EXT", e.toString()));
-                }
-            }
-        }
-
-        return certIssuerExt;
-    }
-
-    public String getCRLExtOID() {
-        return PKIXExtensions.CertificateIssuer_Id.toString();
-    }
-
-    public void getConfigParams(IConfigStore config, NameValuePairs nvp) {
-        int numNames = 0;
-
-        try {
-            numNames = config.getInteger("numNames", 0);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_NUM_NAMES", e.toString()));
-        }
-        nvp.put("numNames", String.valueOf(numNames));
-
-        for (int i = 0; i < numNames; i++) {
-            String nameType = null;
-
-            try {
-                nameType = config.getString("nameType" + i);
-            } catch (EPropertyNotFound e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString()));
-            } catch (EBaseException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString()));
-            }
-
-            if (nameType != null && nameType.length() > 0) {
-                nvp.put("nameType" + i, nameType);
-            } else {
-                nvp.put("nameType" + i, "");
-            }
-
-            String name = null;
-
-            try {
-                name = config.getString("name" + i);
-            } catch (EPropertyNotFound e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString()));
-            } catch (EBaseException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString()));
-            }
-
-            if (name != null && name.length() > 0) {
-                nvp.put("name" + i, name);
-            } else {
-                nvp.put("name" + i, "");
-            }
-        }
-
-        if (numNames < 3) {
-            for (int i = numNames; i < 3; i++) {
-                nvp.put("nameType" + i, "");
-                nvp.put("name" + i, "");
-            }
-        }
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                //"type;choice(CRLExtension,CRLEntryExtension);CRL Entry Extension type."+
-                //" This field is not editable.",
-                "enable;boolean;Check to enable Certificate Issuer CRL entry extension.",
-                "critical;boolean;Set criticality for Certificate Issuer CRL entry extension.",
-                "numNames;number;Set number of certificate issuer names for the CRL entry.",
-                "nameType0;choice(DirectoryName,URI);Select Certificate Issuer name type.",
-                "name0;string;Enter Certificate Issuer name corresponding to the selected name type.",
-                "nameType1;choice(DirectoryName,URI);Select Certificate Issuer name type.",
-                "name1;string;Enter Certificate Issuer name corresponding to the selected name type.",
-                "nameType2;choice(DirectoryName,URI);Select Certificate Issuer name type.",
-                "name2;string;Enter Certificate Issuer name corresponding to the selected name type.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ca-edit-crlextension-certificateissuer",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";This CRL entry extension identifies the certificate issuer" +
-                        " associated with an entry in an indirect CRL."
-            };
-
-        return params;
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java b/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java
deleted file mode 100644
index e3e8d2311..000000000
--- a/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java
+++ /dev/null
@@ -1,108 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.crl;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Locale;
-
-import netscape.security.x509.DeltaCRLIndicatorExtension;
-import netscape.security.x509.Extension;
-import netscape.security.x509.PKIXExtensions;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ca.ICMSCRLExtension;
-import com.netscape.certsrv.ca.ICRLIssuingPoint;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * This represents a delta CRL indicator extension.
- *
- * @version $Revision$, $Date$
- */
-public class CMSDeltaCRLIndicatorExtension
-        implements ICMSCRLExtension, IExtendedPluginInfo {
-    private ILogger mLogger = CMS.getLogger();
-
-    public CMSDeltaCRLIndicatorExtension() {
-    }
-
-    public Extension setCRLExtensionCriticality(Extension ext,
-            boolean critical) {
-        BigInteger baseCRLNumber = null;
-        DeltaCRLIndicatorExtension deltaCRLIndicatorExt = null;
-
-        try {
-            baseCRLNumber = (BigInteger)
-                    ((DeltaCRLIndicatorExtension) ext).get(DeltaCRLIndicatorExtension.NUMBER);
-            deltaCRLIndicatorExt = new DeltaCRLIndicatorExtension(
-                        Boolean.valueOf(critical),
-                        baseCRLNumber);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DELTA_CRL_EXT", e.toString()));
-        }
-        return deltaCRLIndicatorExt;
-    }
-
-    public Extension getCRLExtension(IConfigStore config,
-            Object ip,
-            boolean critical) {
-        DeltaCRLIndicatorExtension deltaCRLIndicatorExt = null;
-        ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
-
-        try {
-            deltaCRLIndicatorExt = new DeltaCRLIndicatorExtension(
-                        Boolean.valueOf(critical),
-                        crlIssuingPoint.getCRLNumber());
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DELTA_CRL_EXT", e.toString()));
-        }
-        return deltaCRLIndicatorExt;
-    }
-
-    public String getCRLExtOID() {
-        return PKIXExtensions.DeltaCRLIndicator_Id.toString();
-    }
-
-    public void getConfigParams(IConfigStore config, NameValuePairs nvp) {
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                //"type;choice(CRLExtension,CRLEntryExtension);"+
-                //"CRL Extension type. This field is not editable.",
-                "enable;boolean;Check to enable Delta CRL Indicator extension.",
-                "critical;boolean;Set criticality for Delta CRL Indicator extension.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ca-edit-crlextension-crlnumber",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";The Delta CRL Indicator is a critical CRL extension " +
-                        "which identifies a delta-CRL."
-            };
-
-        return params;
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-                "CMSDeltaCRLIndicatorExtension - " + msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java b/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java
deleted file mode 100644
index 50031c61a..000000000
--- a/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java
+++ /dev/null
@@ -1,232 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.crl;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import netscape.security.x509.CRLDistributionPoint;
-import netscape.security.x509.Extension;
-import netscape.security.x509.FreshestCRLExtension;
-import netscape.security.x509.GeneralNames;
-import netscape.security.x509.GeneralNamesException;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.URIName;
-import netscape.security.x509.X500Name;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ca.ICMSCRLExtension;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * This represents a freshest CRL extension.
- *
- * @version $Revision$, $Date$
- */
-public class CMSFreshestCRLExtension
-        implements ICMSCRLExtension, IExtendedPluginInfo {
-    public static final String PROP_NUM_POINTS = "numPoints";
-    public static final String PROP_POINTTYPE = "pointType";
-    public static final String PROP_POINTNAME = "pointName";
-    public static final String PROP_DIRNAME = "DirectoryName";
-    public static final String PROP_URINAME = "URI";
-
-    private ILogger mLogger = CMS.getLogger();
-
-    public CMSFreshestCRLExtension() {
-    }
-
-    public Extension setCRLExtensionCriticality(Extension ext,
-            boolean critical) {
-        FreshestCRLExtension freshestCRLExt = (FreshestCRLExtension) ext;
-
-        freshestCRLExt.setCritical(critical);
-
-        return freshestCRLExt;
-    }
-
-    public Extension getCRLExtension(IConfigStore config, Object ip,
-            boolean critical) {
-        FreshestCRLExtension freshestCRLExt = null;
-
-        int numPoints = 0;
-
-        try {
-            numPoints = config.getInteger("numPoints", 0);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_NUM_NAMES", e.toString()));
-        }
-
-        if (numPoints > 0) {
-
-            for (int i = 0; i < numPoints; i++) {
-                CRLDistributionPoint crlDP = new CRLDistributionPoint();
-                GeneralNames names = new GeneralNames();
-                String pointType = null;
-
-                try {
-                    pointType = config.getString(PROP_POINTTYPE + i);
-                } catch (EPropertyNotFound e) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString()));
-                } catch (EBaseException e) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString()));
-                }
-
-                if (pointType != null) {
-                    String pointName = null;
-
-                    try {
-                        pointName = config.getString(PROP_POINTNAME + i);
-                    } catch (EPropertyNotFound e) {
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString()));
-                    } catch (EBaseException e) {
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString()));
-                    }
-
-                    if (pointName != null && pointName.length() > 0) {
-                        if (pointType.equalsIgnoreCase(PROP_DIRNAME)) {
-                            try {
-                                X500Name dirName = new X500Name(pointName);
-
-                                names.addElement(dirName);
-                            } catch (IOException e) {
-                                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_500NAME", e.toString()));
-                            }
-                        } else if (pointType.equalsIgnoreCase(PROP_URINAME)) {
-                            URIName uriName = new URIName(pointName);
-
-                            names.addElement(uriName);
-                        } else {
-                            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_POTINT_TYPE", pointType));
-                        }
-                    }
-                }
-
-                if (names.size() > 0) {
-                    try {
-                        crlDP.setFullName(names);
-                    } catch (IOException e) {
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CANNOT_SET_NAME", e.toString()));
-                    } catch (GeneralNamesException e) {
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CANNOT_SET_NAME", e.toString()));
-                    }
-                }
-
-                if (i > 0) {
-                    freshestCRLExt.addPoint(crlDP);
-                } else {
-                    freshestCRLExt = new FreshestCRLExtension(crlDP);
-                }
-            }
-        }
-
-        return freshestCRLExt;
-    }
-
-    public String getCRLExtOID() {
-        return PKIXExtensions.FreshestCRL_Id.toString();
-    }
-
-    public void getConfigParams(IConfigStore config, NameValuePairs nvp) {
-
-        int numPoints = 0;
-
-        try {
-            numPoints = config.getInteger(PROP_NUM_POINTS, 0);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, "Invalid numPoints property for CRL " +
-                    "Freshest CRL extension - " + e);
-        }
-        nvp.put(PROP_NUM_POINTS, String.valueOf(numPoints));
-
-        for (int i = 0; i < numPoints; i++) {
-            String pointType = null;
-
-            try {
-                pointType = config.getString(PROP_POINTTYPE + i);
-            } catch (EPropertyNotFound e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString()));
-            } catch (EBaseException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString()));
-            }
-
-            if (pointType != null && pointType.length() > 0) {
-                nvp.put(PROP_POINTTYPE + i, pointType);
-            } else {
-                nvp.put(PROP_POINTTYPE + i, "");
-            }
-
-            String pointName = null;
-
-            try {
-                pointName = config.getString(PROP_POINTNAME + i);
-            } catch (EPropertyNotFound e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString()));
-            } catch (EBaseException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString()));
-            }
-
-            if (pointName != null && pointName.length() > 0) {
-                nvp.put(PROP_POINTNAME + i, pointName);
-            } else {
-                nvp.put(PROP_POINTNAME + i, "");
-            }
-        }
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                "enable;boolean;Check to enable Freshest CRL extension.",
-                "critical;boolean;Set criticality for Freshest CRL extension.",
-                PROP_NUM_POINTS + ";number;Set number of CRL distribution points.",
-                PROP_POINTTYPE + "0;choice(" + PROP_DIRNAME + "," + PROP_URINAME +
-                        ");Select CRL distribution point name type.",
-                PROP_POINTNAME + "0;string;Enter CRL distribution point name " +
-                        "corresponding to the selected point type.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ca-edit-crlextension-issuingdistributionpoint",
-                PROP_POINTTYPE + "1;choice(" + PROP_DIRNAME + "," + PROP_URINAME +
-                        ");Select CRL distribution point name type.",
-                PROP_POINTNAME + "1;string;Enter CRL distribution point name " +
-                        "corresponding to the selected point type.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ca-edit-crlextension-issuingdistributionpoint",
-                PROP_POINTTYPE + "2;choice(" + PROP_DIRNAME + "," + PROP_URINAME +
-                        ");Select CRL distribution point name type.",
-                PROP_POINTNAME + "2;string;Enter CRL distribution point name " +
-                        "corresponding to the selected point type.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ca-edit-crlextension-issuingdistributionpoint",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";The Freshest CRL is a non critical CRL extension " +
-                        "that identifies the delta CRL distribution points for a particular CRL."
-            };
-
-        return params;
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-                "CMSFreshestCRLExtension - " + msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java b/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java
deleted file mode 100644
index b7945c0b6..000000000
--- a/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java
+++ /dev/null
@@ -1,153 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.crl;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.Extension;
-import netscape.security.x509.HoldInstructionExtension;
-import netscape.security.x509.PKIXExtensions;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ca.ICMSCRLExtension;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * This represents a hold instruction extension.
- *
- * @version $Revision$, $Date$
- */
-public class CMSHoldInstructionExtension
-        implements ICMSCRLExtension, IExtendedPluginInfo {
-    public static final String PROP_INSTR = "instruction";
-    public static final String PROP_INSTR_NONE = "none";
-    public static final String PROP_INSTR_CALLISSUER = "callissuer";
-    public static final String PROP_INSTR_REJECT = "reject";
-
-    private ILogger mLogger = CMS.getLogger();
-
-    public CMSHoldInstructionExtension() {
-    }
-
-    public Extension setCRLExtensionCriticality(Extension ext,
-            boolean critical) {
-        HoldInstructionExtension holdInstrExt = null;
-
-        try {
-            ObjectIdentifier holdInstr =
-                    ((HoldInstructionExtension) ext).getHoldInstructionCode();
-
-            holdInstrExt = new HoldInstructionExtension(Boolean.valueOf(critical),
-                        holdInstr);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_HOLD_INSTR_EXT", e.toString()));
-        }
-        return holdInstrExt;
-    }
-
-    public Extension getCRLExtension(IConfigStore config,
-            Object ip,
-            boolean critical) {
-        HoldInstructionExtension holdInstrExt = null;
-        String instruction = null;
-
-        try {
-            instruction = config.getString(PROP_INSTR);
-        } catch (EPropertyNotFound e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_HOLD_UNDEFINED", e.toString()));
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_HOLD_INVALID", e.toString()));
-        }
-
-        ObjectIdentifier holdInstr = HoldInstructionExtension.NONE_HOLD_INSTR_OID;
-
-        if (instruction != null) {
-            if (instruction.equalsIgnoreCase(PROP_INSTR_CALLISSUER)) {
-                holdInstr = HoldInstructionExtension.CALL_ISSUER_HOLD_INSTR_OID;
-            } else if (instruction.equalsIgnoreCase(PROP_INSTR_REJECT)) {
-                holdInstr = HoldInstructionExtension.REJECT_HOLD_INSTR_OID;
-            }
-        }
-        try {
-            holdInstrExt = new HoldInstructionExtension(Boolean.valueOf(critical),
-                        holdInstr);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_HOLD_INSTR_EXT", e.toString()));
-        }
-
-        return holdInstrExt;
-    }
-
-    public String getCRLExtOID() {
-        return PKIXExtensions.HoldInstructionCode_Id.toString();
-    }
-
-    public void getConfigParams(IConfigStore config, NameValuePairs nvp) {
-        String instruction = null;
-
-        try {
-            instruction = config.getString(PROP_INSTR);
-        } catch (EPropertyNotFound e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_HOLD_UNDEFINED", e.toString()));
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_HOLD_INVALID", e.toString()));
-        }
-        if (instruction != null) {
-            if (!(instruction.equalsIgnoreCase(PROP_INSTR_NONE) ||
-                    instruction.equalsIgnoreCase(PROP_INSTR_CALLISSUER) ||
-                    instruction.equalsIgnoreCase(PROP_INSTR_REJECT))) {
-                instruction = PROP_INSTR_NONE;
-            }
-        } else {
-            instruction = PROP_INSTR_NONE;
-        }
-        nvp.put(PROP_INSTR, instruction);
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                //"type;choice(CRLExtension,CRLEntryExtension);"+
-                //"CRL Entry Extension type. This field is not editable.",
-                "enable;boolean;Check to enable Hold Instruction CRL entry extension.",
-                "critical;boolean;Set criticality for Hold Instruction CRL entry extension.",
-                PROP_INSTR + ";choice(" + PROP_INSTR_NONE + "," + PROP_INSTR_CALLISSUER + "," +
-                        PROP_INSTR_REJECT + ");Select hold instruction code.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ca-edit-crlextension-holdinstruction",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";The hold instruction code is a non-critical CRL entry " +
-                        "extension that provides a registered instruction identifier " +
-                        "which indicates the action to be taken after encountering " +
-                        "a certificate that has been placed on hold."
-            };
-
-        return params;
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-                "CMSHoldInstructionExtension - " + msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java b/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java
deleted file mode 100644
index 6ff61fb44..000000000
--- a/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java
+++ /dev/null
@@ -1,99 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.crl;
-
-import java.io.IOException;
-import java.util.Date;
-import java.util.Locale;
-
-import netscape.security.x509.Extension;
-import netscape.security.x509.InvalidityDateExtension;
-import netscape.security.x509.PKIXExtensions;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ca.ICMSCRLExtension;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * This represents a invalidity date extension.
- *
- * @version $Revision$, $Date$
- */
-public class CMSInvalidityDateExtension
-        implements ICMSCRLExtension, IExtendedPluginInfo {
-    private ILogger mLogger = CMS.getLogger();
-
-    public CMSInvalidityDateExtension() {
-    }
-
-    public Extension setCRLExtensionCriticality(Extension ext,
-            boolean critical) {
-        InvalidityDateExtension invalidityDateExt = null;
-
-        try {
-            Date invalidityDate = ((InvalidityDateExtension) ext).getInvalidityDate();
-
-            invalidityDateExt = new InvalidityDateExtension(Boolean.valueOf(critical),
-                        invalidityDate);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALIDITY_DATE_EXT", e.toString()));
-        }
-        return invalidityDateExt;
-    }
-
-    public Extension getCRLExtension(IConfigStore config,
-            Object crlIssuingPoint,
-            boolean critical) {
-        InvalidityDateExtension invalidityDateExt = null;
-
-        return invalidityDateExt;
-    }
-
-    public String getCRLExtOID() {
-        return PKIXExtensions.InvalidityDate_Id.toString();
-    }
-
-    public void getConfigParams(IConfigStore config, NameValuePairs nvp) {
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                //"type;choice(CRLExtension,CRLEntryExtension);"+
-                //"CRL Entry Extension type. This field is not editable.",
-                "enable;boolean;Check to enable Invalidity Date CRL entry extension.",
-                "critical;boolean;Set criticality for Invalidity Date CRL entry extension.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ca-edit-crlextension-invaliditydate",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";The invalidity date is a non-critical CRL entry extension " +
-                        "that provides the date on which it is known or suspected " +
-                        "that the private key was compromised or that the certificate" +
-                        " otherwise became invalid."
-            };
-
-        return params;
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-                "CMSInvalidityDateExtension - " + msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java b/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java
deleted file mode 100644
index fb2a6e0d5..000000000
--- a/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java
+++ /dev/null
@@ -1,284 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.crl;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.util.Locale;
-
-import netscape.security.util.DerValue;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.DNSName;
-import netscape.security.x509.EDIPartyName;
-import netscape.security.x509.Extension;
-import netscape.security.x509.GeneralName;
-import netscape.security.x509.GeneralNames;
-import netscape.security.x509.IPAddressName;
-import netscape.security.x509.IssuerAlternativeNameExtension;
-import netscape.security.x509.OIDName;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.RFC822Name;
-import netscape.security.x509.URIName;
-import netscape.security.x509.X500Name;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ca.ICMSCRLExtension;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * This represents a issuer alternative name extension.
- *
- * @version $Revision$, $Date$
- */
-public class CMSIssuerAlternativeNameExtension
-        implements ICMSCRLExtension, IExtendedPluginInfo {
-    private static final String PROP_RFC822_NAME = "rfc822Name";
-    private static final String PROP_DNS_NAME = "dNSName";
-    private static final String PROP_DIR_NAME = "directoryName";
-    private static final String PROP_EDI_NAME = "ediPartyName";
-    private static final String PROP_URI_NAME = "URI";
-    private static final String PROP_IP_NAME = "iPAddress";
-    private static final String PROP_OID_NAME = "OID";
-    private static final String PROP_OTHER_NAME = "otherName";
-
-    private ILogger mLogger = CMS.getLogger();
-
-    public CMSIssuerAlternativeNameExtension() {
-    }
-
-    public Extension setCRLExtensionCriticality(Extension ext,
-            boolean critical) {
-        IssuerAlternativeNameExtension issuerAltNameExt = null;
-        GeneralNames names = null;
-
-        try {
-            names = (GeneralNames) ((IssuerAlternativeNameExtension) ext)
-                    .get(IssuerAlternativeNameExtension.ISSUER_NAME);
-            issuerAltNameExt = new IssuerAlternativeNameExtension(Boolean.valueOf(critical), names);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_ALT_NAME_EXT", e.toString()));
-        }
-        return issuerAltNameExt;
-    }
-
-    public Extension getCRLExtension(IConfigStore config,
-            Object ip,
-            boolean critical) {
-        IssuerAlternativeNameExtension issuerAltNameExt = null;
-        int numNames = 0;
-
-        try {
-            numNames = config.getInteger("numNames", 0);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_NUM_NAMES", e.toString()));
-        }
-        if (numNames > 0) {
-            GeneralNames names = new GeneralNames();
-
-            for (int i = 0; i < numNames; i++) {
-                String nameType = null;
-
-                try {
-                    nameType = config.getString("nameType" + i);
-                } catch (EPropertyNotFound e) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CRL_CREATE_ISSUER_UNDEFINED_TYPE", Integer.toString(i), e.toString()));
-                } catch (EBaseException e) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_TYPE", Integer.toString(i), e.toString()));
-                }
-
-                if (nameType != null && nameType.length() > 0) {
-                    String name = null;
-
-                    try {
-                        name = config.getString("name" + i);
-                    } catch (EPropertyNotFound e) {
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_UNDEFINED_TYPE",
-                                Integer.toString(i), e.toString()));
-                    } catch (EBaseException e) {
-                        log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_TYPE", Integer.toString(i), e.toString()));
-                    }
-
-                    if (name != null && name.length() > 0) {
-                        if (nameType.equalsIgnoreCase(PROP_DIR_NAME)) {
-                            try {
-                                X500Name dirName = new X500Name(name);
-
-                                names.addElement(dirName);
-                            } catch (IOException e) {
-                                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_500NAME", e.toString()));
-                            }
-                        } else if (nameType.equalsIgnoreCase(PROP_RFC822_NAME)) {
-                            RFC822Name rfc822Name = new RFC822Name(name);
-
-                            names.addElement(rfc822Name);
-                        } else if (nameType.equalsIgnoreCase(PROP_DNS_NAME)) {
-                            DNSName dnsName = new DNSName(name);
-
-                            names.addElement(dnsName);
-                        } else if (nameType.equalsIgnoreCase(PROP_EDI_NAME)) {
-                            EDIPartyName ediName = new EDIPartyName(name);
-
-                            names.addElement(ediName);
-                        } else if (nameType.equalsIgnoreCase(PROP_URI_NAME)) {
-                            URIName uriName = new URIName(name);
-
-                            names.addElement(uriName);
-                        } else if (nameType.equalsIgnoreCase(PROP_IP_NAME)) {
-                            IPAddressName ipName = new IPAddressName(name);
-
-                            names.addElement(ipName);
-                        } else if (nameType.equalsIgnoreCase(PROP_OID_NAME)) {
-                            ObjectIdentifier oid = new ObjectIdentifier(name);
-                            OIDName oidNmae = new OIDName(oid);
-
-                            names.addElement(oidNmae);
-                        } else if (nameType.equalsIgnoreCase(PROP_OTHER_NAME)) {
-
-                            try {
-                                byte[] val = Utils.base64decode(name);
-                                DerValue derVal = new DerValue(new ByteArrayInputStream(val));
-                                GeneralName generalName = new GeneralName(derVal);
-
-                                names.addElement(generalName);
-                            } catch (IOException e) {
-                                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_OTHER_NAME", e.toString()));
-                            }
-                        } else {
-                            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_TYPE", nameType, ""));
-                        }
-                    }
-                }
-            }
-
-            if (names.size() > 0) {
-                try {
-                    issuerAltNameExt = new IssuerAlternativeNameExtension(
-                                Boolean.valueOf(critical), names);
-                } catch (IOException e) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_ALT_NAME_EXT", e.toString()));
-                }
-            }
-        }
-
-        return issuerAltNameExt;
-    }
-
-    public String getCRLExtOID() {
-        return PKIXExtensions.IssuerAlternativeName_Id.toString();
-    }
-
-    public void getConfigParams(IConfigStore config, NameValuePairs nvp) {
-        int numNames = 0;
-
-        try {
-            numNames = config.getInteger("numNames", 0);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, "Invalid numNames property for CRL " +
-                    "IssuerAlternativeName extension - " + e);
-        }
-        nvp.put("numNames", String.valueOf(numNames));
-
-        for (int i = 0; i < numNames; i++) {
-            String nameType = null;
-
-            try {
-                nameType = config.getString("nameType" + i);
-            } catch (EPropertyNotFound e) {
-                log(ILogger.LL_FAILURE, "Undefined nameType" + i + " property for " +
-                        "CRL IssuerAlternativeName extension - " + e);
-            } catch (EBaseException e) {
-                log(ILogger.LL_FAILURE, "Invalid nameType" + i + " property for " +
-                        "CRL IssuerAlternativeName extension - " + e);
-            }
-
-            if (nameType != null && nameType.length() > 0) {
-                nvp.put("nameType" + i, nameType);
-            } else {
-                nvp.put("nameType" + i, "");
-            }
-
-            String name = null;
-
-            try {
-                name = config.getString("name" + i);
-            } catch (EPropertyNotFound e) {
-                log(ILogger.LL_FAILURE, "Undefined name" + i + " property for " +
-                        "CRL IssuerAlternativeName extension - " + e);
-            } catch (EBaseException e) {
-                log(ILogger.LL_FAILURE, "Invalid name" + i + " property for " +
-                        "CRL IssuerAlternativeName extension - " + e);
-            }
-
-            if (name != null && name.length() > 0) {
-                nvp.put("name" + i, name);
-            } else {
-                nvp.put("name" + i, "");
-            }
-        }
-
-        if (numNames < 3) {
-            for (int i = numNames; i < 3; i++) {
-                nvp.put("nameType" + i, "");
-                nvp.put("name" + i, "");
-            }
-        }
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                //"type;choice(CRLExtension,CRLEntryExtension);"+
-                //"CRL Extension type. This field is not editable.",
-                "enable;boolean;Check to enable Issuer Alternative Name CRL extension.",
-                "critical;boolean;Set criticality for Issuer Alternative Name CRL extension.",
-                "numNames;number;Set number of alternative names for the CRL issuer.",
-                "nameType0;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," +
-                        PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," +
-                        PROP_OTHER_NAME + ");Select Issuer Alternative Name type.",
-                "name0;string;Enter Issuer Alternative Name corresponding to the selected name type.",
-                "nameType1;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," +
-                        PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," +
-                        PROP_OTHER_NAME + ");Select Issuer Alternative Name type.",
-                "name1;string;Enter Issuer Alternative Name corresponding to the selected name type.",
-                "nameType2;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," +
-                        PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," +
-                        PROP_OTHER_NAME + ");Select Issuer Alternative Name type.",
-                "name2;string;Enter Issuer Alternative Name corresponding to the selected name type.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ca-edit-crlextension-issueralternativename",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";The issuer alternative names extension allows additional" +
-                        " identities to be associated with the issuer of the CRL."
-            };
-
-        return params;
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-                "CMSIssuerAlternativeNameExtension - " + msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java b/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java
deleted file mode 100644
index 02cc129c4..000000000
--- a/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java
+++ /dev/null
@@ -1,332 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.crl;
-
-import java.io.IOException;
-import java.util.Locale;
-import java.util.StringTokenizer;
-
-import netscape.security.util.BitArray;
-import netscape.security.x509.Extension;
-import netscape.security.x509.GeneralNames;
-import netscape.security.x509.GeneralNamesException;
-import netscape.security.x509.IssuingDistributionPoint;
-import netscape.security.x509.IssuingDistributionPointExtension;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.RDN;
-import netscape.security.x509.URIName;
-import netscape.security.x509.X500Name;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ca.ICMSCRLExtension;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * This represents a issuing distribution point extension.
- *
- * @version $Revision$, $Date$
- */
-public class CMSIssuingDistributionPointExtension
-        implements ICMSCRLExtension, IExtendedPluginInfo {
-    public static final String PROP_POINTTYPE = "pointType";
-    public static final String PROP_POINTNAME = "pointName";
-    public static final String PROP_DIRNAME = "DirectoryName";
-    public static final String PROP_URINAME = "URI";
-    public static final String PROP_RDNNAME = "RelativeToIssuer";
-    public static final String PROP_CACERTS = "onlyContainsCACerts";
-    public static final String PROP_USERCERTS = "onlyContainsUserCerts";
-    public static final String PROP_INDIRECT = "indirectCRL";
-    public static final String PROP_REASONS = "onlySomeReasons";
-
-    private static final String[] reasonFlags = { "unused",
-            "keyCompromise",
-            "cACompromise",
-            "affiliationChanged",
-            "superseded",
-            "cessationOfOperation",
-            "certificateHold",
-            "privilegeWithdrawn" };
-
-    private ILogger mLogger = CMS.getLogger();
-
-    public CMSIssuingDistributionPointExtension() {
-    }
-
-    public Extension setCRLExtensionCriticality(Extension ext,
-            boolean critical) {
-        IssuingDistributionPointExtension issuingDPointExt =
-                (IssuingDistributionPointExtension) ext;
-
-        issuingDPointExt.setCritical(critical);
-
-        return issuingDPointExt;
-    }
-
-    public Extension getCRLExtension(IConfigStore config,
-            Object ip,
-            boolean critical) {
-
-        CMS.debug("in CMSIssuingDistributionPointExtension::getCRLExtension.");
-        IssuingDistributionPointExtension issuingDPointExt = null;
-        IssuingDistributionPoint issuingDPoint = new IssuingDistributionPoint();
-
-        GeneralNames names = new GeneralNames();
-        RDN rdnName = null;
-
-        String pointType = null;
-
-        try {
-            pointType = config.getString(PROP_POINTTYPE);
-        } catch (EPropertyNotFound e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString()));
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString()));
-        }
-
-        if (pointType != null) {
-            String pointName = null;
-
-            try {
-                pointName = config.getString(PROP_POINTNAME);
-            } catch (EPropertyNotFound e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString()));
-            } catch (EBaseException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString()));
-            }
-
-            if (pointName != null && pointName.length() > 0) {
-                if (pointType.equalsIgnoreCase(PROP_RDNNAME)) {
-                    try {
-                        rdnName = new RDN(pointName);
-                    } catch (IOException e) {
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_RDN", e.toString()));
-                    }
-                } else if (pointType.equalsIgnoreCase(PROP_DIRNAME)) {
-                    try {
-                        X500Name dirName = new X500Name(pointName);
-
-                        names.addElement(dirName);
-                    } catch (IOException e) {
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_500NAME", e.toString()));
-                    }
-                } else if (pointType.equalsIgnoreCase(PROP_URINAME)) {
-                    URIName uriName = new URIName(pointName);
-
-                    names.addElement(uriName);
-                } else {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_POTINT_TYPE", pointType));
-                }
-            }
-        }
-
-        if (rdnName != null) {
-            issuingDPoint.setRelativeName(rdnName);
-        } else if (names.size() > 0) {
-            try {
-                issuingDPoint.setFullName(names);
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CANNOT_SET_NAME", e.toString()));
-            } catch (GeneralNamesException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CANNOT_SET_NAME", e.toString()));
-            }
-        }
-
-        String reasons = null;
-
-        try {
-            reasons = config.getString(PROP_REASONS, null);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", PROP_REASONS, e.toString()));
-        }
-        if (reasons != null && reasons.length() > 0) {
-
-            boolean[] bits = { false, false, false, false, false, false, false };
-            int k = 0;
-            StringTokenizer st = new StringTokenizer(reasons, ",");
-
-            while (st.hasMoreTokens()) {
-                String bitName = st.nextToken();
-
-                for (int i = 1; i < reasonFlags.length; i++) {
-                    if (bitName.equalsIgnoreCase(reasonFlags[i])) {
-                        bits[i] = true;
-                        k++;
-                        break;
-                    }
-                }
-            }
-            if (k > 0) {
-                BitArray ba = new BitArray(bits);
-
-                issuingDPoint.setOnlySomeReasons(ba);
-            }
-
-        }
-
-        try {
-            boolean caCertsOnly = config.getBoolean(PROP_CACERTS, false);
-
-            if (caCertsOnly)
-                issuingDPoint.setOnlyContainsCACerts(caCertsOnly);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "caCertsOnly", e.toString()));
-        }
-        try {
-            boolean userCertsOnly = config.getBoolean(PROP_USERCERTS, false);
-
-            if (userCertsOnly)
-                issuingDPoint.setOnlyContainsUserCerts(userCertsOnly);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "userCertsOnly", e.toString()));
-        }
-        try {
-            boolean indirectCRL = config.getBoolean(PROP_INDIRECT, false);
-
-            if (indirectCRL)
-                issuingDPoint.setIndirectCRL(indirectCRL);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "indirectCRL", e.toString()));
-        }
-
-        issuingDPointExt = new IssuingDistributionPointExtension(issuingDPoint);
-        issuingDPointExt.setCritical(critical);
-
-        return issuingDPointExt;
-    }
-
-    public String getCRLExtOID() {
-        return PKIXExtensions.IssuingDistributionPoint_Id.toString();
-    }
-
-    public void getConfigParams(IConfigStore config, NameValuePairs nvp) {
-        String pointType = null;
-
-        try {
-            pointType = config.getString(PROP_POINTTYPE);
-        } catch (EPropertyNotFound e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString()));
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString()));
-        }
-        if (pointType != null && pointType.length() > 0) {
-            nvp.put("pointType", pointType);
-        } else {
-            nvp.put("pointType", "");
-        }
-
-        String pointName = null;
-
-        try {
-            pointName = config.getString(PROP_POINTNAME);
-        } catch (EPropertyNotFound e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString()));
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString()));
-        }
-        if (pointName != null && pointName.length() > 0) {
-            nvp.put("pointName", pointName);
-        } else {
-            nvp.put("pointName", "");
-        }
-
-        String reasons = null;
-
-        try {
-            reasons = config.getString(PROP_REASONS, null);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", PROP_REASONS, e.toString()));
-        }
-        if (reasons != null && reasons.length() > 0) {
-            nvp.put(PROP_REASONS, reasons);
-        } else {
-            nvp.put(PROP_REASONS, "");
-        }
-
-        try {
-            boolean caCertsOnly = config.getBoolean(PROP_CACERTS, false);
-
-            nvp.put(PROP_CACERTS, String.valueOf(caCertsOnly));
-        } catch (EBaseException e) {
-            nvp.put(PROP_CACERTS, "false");
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "caCertsOnly", e.toString()));
-        }
-        // Disable these for now unitl we support them fully
-        /*
-                try {
-                    boolean userCertsOnly = config.getBoolean(PROP_USERCERTS, false);
-
-                    nvp.add(PROP_USERCERTS, String.valueOf(userCertsOnly));
-                } catch (EBaseException e) {
-                    nvp.add(PROP_USERCERTS, "false");
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "userCertsOnly", e.toString()));
-                }
-
-                try {
-                    boolean indirectCRL = config.getBoolean(PROP_INDIRECT, false);
-
-                    nvp.add(PROP_INDIRECT, String.valueOf(indirectCRL));
-                } catch (EBaseException e) {
-                    nvp.add(PROP_INDIRECT, "false");
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "indirectCRL", e.toString()));
-                }
-        */
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        StringBuffer sb_reasons = new StringBuffer();
-        sb_reasons.append(reasonFlags[1]);
-
-        for (int i = 2; i < reasonFlags.length; i++) {
-            sb_reasons.append(", ");
-            sb_reasons.append(reasonFlags[i]);
-        }
-        String[] params = {
-                //"type;choice(CRLExtension,CRLEntryExtension);"+
-                //"CRL Extension type. This field is not editable.",
-                "enable;boolean;Check to enable Issuing Distribution Point CRL extension.",
-                "critical;boolean;Set criticality for Issuing Distribution Point CRL extension.",
-                PROP_POINTTYPE + ";choice(" + PROP_DIRNAME + "," + PROP_URINAME + "," +
-                        PROP_RDNNAME + ");Select Issuing Distribution Point name type.",
-                PROP_POINTNAME + ";string;Enter Issuing Distribution Point name " +
-                        "corresponding to the selected point type.",
-                PROP_REASONS + ";string;Select any combination of the following reasons: " +
-                        sb_reasons.toString(),
-                PROP_CACERTS + ";boolean;Check if CRL contains CA certificates only",
-                //   Remove these from the UI until they can be supported fully.
-                //   PROP_USERCERTS + ";boolean;Check if CRL contains user certificates only",
-                //   PROP_INDIRECT + ";boolean;Check if CRL is built indirectly.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ca-edit-crlextension-issuingdistributionpoint",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";The issuing distribution point is a critical CRL extension " +
-                        "that identifies the CRL distribution point for a particular CRL."
-            };
-
-        return params;
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-                "CMSIssuingDistributionPointExtension - " + msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java b/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java
deleted file mode 100644
index e8a32d752..000000000
--- a/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java
+++ /dev/null
@@ -1,183 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.evaluators;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.evaluators.IAccessEvaluator;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * A class represents a group acls evaluator.
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public class GroupAccessEvaluator implements IAccessEvaluator {
-    private String mType = "group";
-    private IUGSubsystem mUG = null;
-    private String mDescription = "group membership evaluator";
-    private ILogger mLogger = CMS.getLogger();
-
-    /**
-     * Class constructor.
-     */
-    public GroupAccessEvaluator() {
-
-        mUG = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
-
-        if (mUG == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UG_NULL"));
-        }
-    }
-
-    /**
-     * initialization. nothing for now.
-     */
-    public void init() {
-        CMS.debug("GroupAccessEvaluator: init");
-    }
-
-    /**
-     * gets the type name for this acl evaluator
-     *
-     * @return type for this acl evaluator: "group" or "at_group"
-     */
-    public String getType() {
-        return mType;
-    }
-
-    /**
-     * gets the description for this acl evaluator
-     *
-     * @return description for this acl evaluator
-     */
-    public String getDescription() {
-        return mDescription;
-    }
-
-    public String[] getSupportedOperators() {
-        String[] s = new String[2];
-
-        s[0] = "=";
-        s[1] = "!=";
-        return s;
-    }
-
-    /**
-     * evaluates uid in AuthToken to see if it has membership in
-     * group value
-     *
-     * @param authToken authentication token
-     * @param type must be "at_group"
-     * @param op must be "="
-     * @param value the group name
-     * @return true if AuthToken uid belongs to the group value,
-     *         false otherwise
-     */
-    public boolean evaluate(IAuthToken authToken, String type, String op, String value) {
-
-        if (type.equals(mType)) {
-            // should define "uid" at a common place
-            String uid = null;
-
-            uid = authToken.getInString("userid");
-            if (uid == null) {
-                uid = authToken.getInString("uid");
-                if (uid == null) {
-                    CMS.debug("GroupAccessEvaluator: evaluate: uid null");
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL"));
-                    return false;
-                }
-            }
-            CMS.debug("GroupAccessEvaluator: evaluate: uid=" + uid + " value=" + value);
-
-            String groupname = authToken.getInString("gid");
-
-            if (groupname != null) {
-                CMS.debug("GroupAccessEvaluator: evaluate: authToken gid=" + groupname);
-                if (op.equals("=")) {
-                    return groupname.equals(Utils.stripQuotes(value));
-                } else if (op.equals("!=")) {
-                    return !groupname.equals(Utils.stripQuotes(value));
-                }
-            } else {
-                CMS.debug("GroupAccessEvaluator: evaluate: no gid in authToken");
-                IUser id = null;
-                try {
-                    id = mUG.getUser(uid);
-                } catch (EBaseException e) {
-                    CMS.debug("GroupAccessEvaluator: " + e.toString());
-                    return false;
-                }
-
-                if (op.equals("=")) {
-                    return mUG.isMemberOf(id, Utils.stripQuotes(value));
-                } else if (op.equals("!=")) {
-                    return !(mUG.isMemberOf(id, Utils.stripQuotes(value)));
-                }
-            }
-        }
-
-        return false;
-    }
-
-    /**
-     * evaluates uid in SessionContext to see if it has membership in
-     * group value
-     *
-     * @param type must be "group"
-     * @param op must be "="
-     * @param value the group name
-     * @return true if SessionContext uid belongs to the group value,
-     *         false otherwise
-     */
-    public boolean evaluate(String type, String op, String value) {
-
-        SessionContext mSC = SessionContext.getContext();
-
-        if (type.equals(mType)) {
-            IUser id = (IUser) mSC.get(SessionContext.USER);
-
-            if (id == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL"));
-                return false;
-            }
-            if (op.equals("="))
-                return mUG.isMemberOf(id, Utils.stripQuotes(value));
-            else
-                return !(mUG.isMemberOf(id, Utils.stripQuotes(value)));
-
-        }
-
-        return false;
-    }
-
-    private void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
-                level, "GroupAccessEvaluator: " + msg);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java b/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java
deleted file mode 100644
index fe784f3a9..000000000
--- a/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java
+++ /dev/null
@@ -1,128 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.evaluators;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.evaluators.IAccessEvaluator;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * A class represents a IP address acls evaluator.
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public class IPAddressAccessEvaluator implements IAccessEvaluator {
-    private String mType = "ipaddress";
-    private String mDescription = "IP Address evaluator";
-    private ILogger mLogger = CMS.getLogger();
-
-    /**
-     * Class constructor.
-     */
-    public IPAddressAccessEvaluator() {
-    }
-
-    /**
-     * initialization. nothing for now.
-     */
-    public void init() {
-    }
-
-    /**
-     * gets the type name for this acl evaluator
-     *
-     * @return type for this acl evaluator: ipaddress
-     */
-    public String getType() {
-        return mType;
-    }
-
-    /**
-     * gets the description for this acl evaluator
-     *
-     * @return description for this acl evaluator
-     */
-    public String getDescription() {
-        return mDescription;
-    }
-
-    public String[] getSupportedOperators() {
-        String[] s = new String[2];
-
-        s[0] = "=";
-        s[1] = "!=";
-        return s;
-    }
-
-    /**
-     * Gets the IP address from session context
-     *
-     * @param authToken authentication token
-     * @param type must be "ipaddress"
-     * @param op must be "=" or "!="
-     * @param value the ipaddress
-     */
-    public boolean evaluate(IAuthToken authToken, String type, String op, String value) {
-
-        return evaluate(type, op, value);
-    }
-
-    /**
-     * evaluates uid in SessionContext to see if it has membership in
-     * group value
-     *
-     * @param type must be "group"
-     * @param op must be "="
-     * @param value the group name
-     * @return true if SessionContext uid belongs to the group value,
-     *         false otherwise
-     */
-    public boolean evaluate(String type, String op, String value) {
-
-        SessionContext mSC = SessionContext.getContext();
-
-        value = Utils.stripQuotes(value);
-        String ipaddress = (String) mSC.get(SessionContext.IPADDRESS);
-
-        if (type.equals(mType)) {
-            if (ipaddress == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUATOR_IPADDRESS_NULL"));
-                return false;
-            }
-            if (op.equals("=")) {
-                return ipaddress.matches(value);
-            } else {
-                return !(ipaddress.matches(value));
-            }
-
-        }
-
-        return false;
-    }
-
-    private void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
-                level, "GroupAccessEvaluator: " + msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java b/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java
deleted file mode 100644
index c343b110a..000000000
--- a/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java
+++ /dev/null
@@ -1,153 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.evaluators;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.evaluators.IAccessEvaluator;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * A class represents a user acls evaluator.
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public class UserAccessEvaluator implements IAccessEvaluator {
-    private String mType = "user";
-    private String mDescription = "user equivalence evaluator";
-    private ILogger mLogger = CMS.getLogger();
-
-    private final static String ANYBODY = "anybody";
-    private final static String EVERYBODY = "everybody";
-
-    /**
-     * Class constructor.
-     */
-    public UserAccessEvaluator() {
-    }
-
-    /**
-     * initialization. nothing for now.
-     */
-    public void init() {
-        CMS.debug("UserAccessEvaluator: init");
-    }
-
-    /**
-     * gets the type name for this acl evaluator
-     *
-     * @return type for this acl evaluator: "user" or "at_user"
-     */
-    public String getType() {
-        return mType;
-    }
-
-    /**
-     * gets the description for this acl evaluator
-     *
-     * @return description for this acl evaluator
-     */
-    public String getDescription() {
-        return mDescription;
-    }
-
-    public String[] getSupportedOperators() {
-        String[] s = new String[2];
-
-        s[0] = "=";
-        s[1] = "!=";
-        return s;
-    }
-
-    /**
-     * Evaluates the user in AuthToken to see if it's equal to value
-     *
-     * @param authToken AuthToken from authentication
-     * @param type must be "at_user"
-     * @param op must be "="
-     * @param value the user id
-     * @return true if AuthToken uid is same as value, false otherwise
-     */
-    public boolean evaluate(IAuthToken authToken, String type, String op, String value) {
-
-        if (type.equals(mType)) {
-            String s = Utils.stripQuotes(value);
-
-            if ((s.equals(ANYBODY) || s.equals(EVERYBODY)) && op.equals("="))
-                return true;
-
-            // should define "uid" at a common place
-            String uid = null;
-
-            uid = authToken.getInString("uid");
-
-            if (uid == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_IS_NULL"));
-                return false;
-            }
-
-            if (op.equals("="))
-                return s.equalsIgnoreCase(uid);
-            else if (op.equals("!="))
-                return !(s.equalsIgnoreCase(uid));
-        }
-
-        return false;
-    }
-
-    /**
-     * Evaluates the user in session context to see if it's equal to value
-     *
-     * @param type must be "user"
-     * @param op must be "="
-     * @param value the user id
-     * @return true if SessionContext uid is same as value, false otherwise
-     */
-    public boolean evaluate(String type, String op, String value) {
-
-        SessionContext mSC = SessionContext.getContext();
-
-        if (type.equals(mType)) {
-            String s = Utils.stripQuotes(value);
-
-            if (s.equals(ANYBODY) && op.equals("="))
-                return true;
-
-            IUser id = (IUser) mSC.get(SessionContext.USER);
-
-            if (op.equals("="))
-                return s.equalsIgnoreCase(id.getName());
-            else if (op.equals("!="))
-                return !(s.equalsIgnoreCase(id.getName()));
-        }
-
-        return false;
-    }
-
-    private void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
-                level, "UserAccessEvaluator: " + msg);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java b/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java
deleted file mode 100644
index 65032608c..000000000
--- a/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java
+++ /dev/null
@@ -1,163 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2008 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.evaluators;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.evaluators.IAccessEvaluator;
-import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * A class represents a user-origreq uid mapping acls evaluator.
- * This is primarily used for renewal. During renewal, the orig_req
- * uid is placed in the SessionContext of the renewal session context
- * to be evaluated by this evaluator
- * <P>
- *
- * @author Christina Fu
- * @version $Revision$, $Date$
- */
-public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
-    private String mType = "user_origreq";
-    private String mDescription = "user origreq matching evaluator";
-
-    private final static String ANYBODY = "anybody";
-    private final static String EVERYBODY = "everybody";
-
-    /**
-     * Class constructor.
-     */
-    public UserOrigReqAccessEvaluator() {
-    }
-
-    /**
-     * initialization. nothing for now.
-     */
-    public void init() {
-        CMS.debug("UserOrigReqAccessEvaluator: init");
-    }
-
-    /**
-     * gets the type name for this acl evaluator
-     *
-     * @return type for this acl evaluator: "user_origreq" or "at_user_origreq"
-     */
-    public String getType() {
-        return mType;
-    }
-
-    /**
-     * gets the description for this acl evaluator
-     *
-     * @return description for this acl evaluator
-     */
-    public String getDescription() {
-        return mDescription;
-    }
-
-    public String[] getSupportedOperators() {
-        String[] s = new String[2];
-
-        s[0] = "=";
-        s[1] = "!=";
-        return s;
-    }
-
-    /**
-     * Evaluates the user in AuthToken to see if it's equal to value
-     *
-     * @param authToken AuthToken from authentication
-     * @param type must be "at_userreq"
-     * @param op must be "="
-     * @param value the request param name
-     * @return true if AuthToken uid is same as value, false otherwise
-     */
-    public boolean evaluate(IAuthToken authToken, String type, String op, String value) {
-        CMS.debug("UserOrigReqAccessEvaluator: evaluate() begins");
-        if (type.equals(mType)) {
-            String s = Utils.stripQuotes(value);
-
-            if ((s.equals(ANYBODY) || s.equals(EVERYBODY)) && op.equals("="))
-                return true;
-
-            // should define "uid" at a common place
-            String uid = null;
-
-            uid = authToken.getInString("uid");
-
-            if (uid == null) {
-                CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken null");
-                return false;
-            } else
-                CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken =" + uid);
-
-            // find value of param in request
-            SessionContext mSC = SessionContext.getContext();
-            CMS.debug("UserOrigReqAccessEvaluator: evaluate() getting " + "orig_req." + s + " in SessionContext");
-            // "orig_req.auth_token.uid"
-            String orig_id = (String) mSC.get("orig_req." + s);
-
-            if (orig_id == null) {
-                CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id null");
-                return false;
-            }
-            CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id =" + orig_id);
-            if (op.equals("="))
-                return uid.equalsIgnoreCase(orig_id);
-            else if (op.equals("!="))
-                return !(uid.equalsIgnoreCase(orig_id));
-        }
-
-        return false;
-    }
-
-    /**
-     * Evaluates the user in session context to see if it's equal to value
-     *
-     * @param type must be "user_origreq"
-     * @param op must be "="
-     * @param value the user id
-     * @return true if SessionContext uid is same as value, false otherwise
-     */
-    public boolean evaluate(String type, String op, String value) {
-
-        SessionContext mSC = SessionContext.getContext();
-
-        if (type.equals(mType)) {
-            // what do I do with s here?
-            String s = Utils.stripQuotes(value);
-
-            if (s.equals(ANYBODY) && op.equals("="))
-                return true;
-
-            IUser id = (IUser) mSC.get(SessionContext.USER);
-            // "orig_req.auth_token.uid"
-            String orig_id = (String) mSC.get("orig_req" + s);
-
-            if (op.equals("="))
-                return id.getName().equalsIgnoreCase(orig_id);
-            else if (op.equals("!="))
-                return !(id.getName().equalsIgnoreCase(orig_id));
-        }
-
-        return false;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/jobs/AJobBase.java b/base/common/src/com/netscape/cms/jobs/AJobBase.java
deleted file mode 100644
index bd319b94e..000000000
--- a/base/common/src/com/netscape/cms/jobs/AJobBase.java
+++ /dev/null
@@ -1,301 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.jobs;
-
-import java.io.IOException;
-import java.util.Hashtable;
-
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.jobs.IJob;
-import com.netscape.certsrv.jobs.IJobCron;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.notification.ENotificationException;
-import com.netscape.certsrv.notification.IEmailFormProcessor;
-import com.netscape.certsrv.notification.IEmailTemplate;
-import com.netscape.certsrv.notification.IMailNotification;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This abstract class is a base job for real job extentions for the
- * Jobs Scheduler.
- *
- * @version $Revision$, $Date$
- * @see com.netscape.certsrv.jobs.IJob
- */
-public abstract class AJobBase implements IJob, Runnable {
-    // config parameters...
-    protected static final String PROP_SUMMARY = "summary";
-    protected static final String PROP_ENABLED = "enabled";
-    protected static final String PROP_EMAIL_SUBJECT = "emailSubject";
-    protected static final String PROP_EMAIL_TEMPLATE = "emailTemplate";
-    protected static final String PROP_ITEM_TEMPLATE = "itemTemplate";
-    protected static final String PROP_SENDER_EMAIL = "senderEmail";
-    protected static final String PROP_RECEIVER_EMAIL = "recipientEmail";
-
-    protected static final String STATUS_FAILURE = "failed";
-    protected static final String STATUS_SUCCESS = "succeeded";
-
-    // variables used by the Job Scheduler Daemon
-    protected String mImplName = null;
-    protected IConfigStore mConfig;
-    protected String mId = null;
-    protected String mCron = null;
-    protected IJobCron mJobCron = null;
-
-    protected ILogger mLogger = CMS.getLogger();
-    protected static String[] mConfigParams = null;
-
-    protected String mSummaryMailSubject = null;
-    protected boolean mMailHTML = false;
-    protected String mMailForm = null;
-    protected String mItemForm = null;
-    protected String mSummarySenderEmail = null;
-    protected String mSummaryReceiverEmail = null;
-    protected Hashtable<String, Object> mContentParams = new Hashtable<String, Object>();
-    protected Hashtable<String, Object> mItemParams = new Hashtable<String, Object>();
-
-    boolean stopped;
-
-    public AJobBase() {
-    }
-
-    /**
-     * tells if the job is enabled
-     *
-     * @return a boolean value indicating whether the job is enabled
-     *         or not
-     */
-    public boolean isEnabled() {
-        boolean enabled = false;
-
-        try {
-            enabled = mConfig.getBoolean(PROP_ENABLED, false);
-        } catch (EBaseException e) {
-        }
-        return enabled;
-    }
-
-    /***********************
-     * abstract methods
-     ***********************/
-    public abstract void init(ISubsystem owner, String id, String implName, IConfigStore
-            config) throws EBaseException;
-
-    public abstract void run();
-
-    /***********************
-     * public methods
-     ***********************/
-
-    /**
-     * get instance id.
-     *
-     * @return a String identifier
-     */
-    public String getId() {
-        return mId;
-    }
-
-    /**
-     * set instance id.
-     *
-     * @param id String id of the instance
-     */
-    public void setId(String id) {
-        mId = id;
-    }
-
-    /**
-     * get cron string associated with this job
-     *
-     * @return a JobCron object that represents the schedule of this job
-     */
-    public IJobCron getJobCron() {
-        return mJobCron;
-    }
-
-    /**
-     * gets the plugin name of this job.
-     *
-     * @return a String that is the name of this implementation
-     */
-    public String getImplName() {
-        return mImplName;
-    }
-
-    /**
-     * Gets the configuration substore used by this job
-     *
-     * @return configuration store
-     */
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    /*
-     * get form file content from disk
-     */
-    protected String getTemplateContent(String templatePath) {
-        String templateString = null;
-
-        /*
-         * get template file from disk
-         */
-        IEmailTemplate template = CMS.getEmailTemplate(templatePath);
-
-        if (template != null) {
-            if (!template.init()) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_TEMPLATE_INIT_ERROR"));
-                return null;
-            }
-
-            // this should take care of inner tempaltes not being html
-            // we go with the outter template
-            if (template.isHTML()) {
-                mMailHTML = true;
-            }
-            templateString = template.toString();
-        } else {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_TEMPLATE_INIT_ERROR"));
-        }
-
-        return templateString;
-    }
-
-    protected void mailSummary(String content) {
-        // no need for email resolver here...
-        IMailNotification mn = CMS.getMailNotification();
-
-        mn.setFrom(mSummarySenderEmail);
-        mn.setTo(mSummaryReceiverEmail);
-        mn.setSubject(mSummaryMailSubject);
-        if (mMailHTML == true) {
-            mn.setContentType("text/html");
-        }
-
-        mn.setContent(content);
-        try {
-            mn.sendNotification();
-        } catch (ENotificationException e) {
-            // already logged, lets audit
-            mLogger.log(ILogger.EV_AUDIT, null,
-                    ILogger.S_OTHER,
-                    ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString()));
-        } catch (IOException e) {
-            // already logged, lets audit
-            mLogger.log(ILogger.EV_AUDIT, null,
-                    ILogger.S_OTHER,
-                    ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString()));
-        }
-    }
-
-    protected void buildItemParams(X509CertImpl cert) {
-        mItemParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM,
-                cert.getSerialNumber().toString());
-        mItemParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM,
-                cert.getSerialNumber().toString(16));
-        mItemParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN,
-                cert.getIssuerDN().toString());
-        mItemParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN,
-                cert.getSubjectDN().toString());
-        mItemParams.put(IEmailFormProcessor.TOKEN_NOT_AFTER,
-                cert.getNotAfter().toString());
-        mItemParams.put(IEmailFormProcessor.TOKEN_NOT_BEFORE,
-                cert.getNotBefore().toString());
-        // ... and more
-    }
-
-    protected void buildItemParams(IRequest r) {
-        String re = r.getExtDataInString(IRequest.HTTP_PARAMS, "csrRequestorEmail");
-
-        if (re != null) {
-            mItemParams.put(IEmailFormProcessor.TOKEN_REQUESTOR_EMAIL, re);
-        }
-
-        String ct = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
-
-        if (ct != null) {
-            mItemParams.put(IEmailFormProcessor.TOKEN_CERT_TYPE, ct);
-        }
-
-        String rt = r.getExtDataInString(IRequest.REQ_TYPE);
-
-        if (rt != null) {
-            mItemParams.put(IEmailFormProcessor.TOKEN_REQUEST_TYPE, rt);
-        }
-    }
-
-    protected void buildItemParams(String name, String val) {
-        if (val != null)
-            mItemParams.put(name, val);
-        else {
-            CMS.debug("AJobBase: buildItemParams: null value for name= " + name);
-            mItemParams.put(name, "");
-        }
-    }
-
-    protected void buildContentParams(String name, String val) {
-        if (val != null)
-            mContentParams.put(name, val);
-        else {
-            CMS.debug("AJobBase: buildContentParams: null value for name= " + name);
-            mContentParams.put(name, "");
-        }
-    }
-
-    /**
-     * logs an entry in the log file. Used by classes extending this class.
-     *
-     * @param level log level
-     * @param msg log message in String
-     */
-    public void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-                level, mId + ": " + msg);
-    }
-
-    /**
-     * capable of logging multiline entry in the log file. Used by classes extending this class.
-     *
-     * @param level log level
-     * @param msg log message in String
-     * @param multiline boolean indicating whether the message is a
-     *            multi-lined message.
-     */
-    public void log(int level, String msg, boolean multiline) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-                level, mId + ": " + msg, multiline);
-    }
-
-    public void stop() {
-        stopped = true;
-    }
-
-    public boolean isStopped() {
-        return stopped;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java b/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java
deleted file mode 100644
index 25c80817b..000000000
--- a/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java
+++ /dev/null
@@ -1,392 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.jobs;
-
-import java.text.DateFormat;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Locale;
-
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.base.MetaInfo;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.jobs.IJob;
-import com.netscape.certsrv.jobs.IJobCron;
-import com.netscape.certsrv.jobs.IJobsScheduler;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.notification.IEmailFormProcessor;
-import com.netscape.certsrv.publish.IPublisherProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestId;
-
-/**
- * a job for the Jobs Scheduler. This job checks in the internal ldap
- * db for valid certs that have not been published to the
- * publishing directory.
- * <p>
- * the $TOKENS that are available for the this jobs's summary outer form are:<br>
- * <UL>
- * $Status $InstanceID $SummaryItemList $SummaryTotalNum $SummaryTotalSuccess $SummaryTotalfailure $ExecutionTime
- * </UL>
- * and for the inner list items:
- * <UL>
- * $SerialNumber $IssuerDN $SubjectDN $NotAfter $NotBefore $RequestorEmail $CertType
- * </UL>
- *
- * @version $Revision$, $Date$
- */
-public class PublishCertsJob extends AJobBase
-        implements IJob, Runnable, IExtendedPluginInfo {
-
-    ICertificateAuthority mCa = null;
-    IRequestQueue mReqQ = null;
-    ICertificateRepository mRepository = null;
-    IPublisherProcessor mPublisherProcessor = null;
-    private boolean mSummary = false;
-
-    /* Holds configuration parameters accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
-     */
-    protected static String[] mConfigParams =
-            new String[] {
-                    "enabled",
-                    "cron",
-                    "summary.enabled",
-                    "summary.emailSubject",
-                    "summary.emailTemplate",
-                    "summary.itemTemplate",
-                    "summary.senderEmail",
-                    "summary.recipientEmail"
-        };
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String s[] = {
-                IExtendedPluginInfo.HELP_TEXT +
-                        "; A job that checks for valid certificates in the " +
-                        "database, that have not been published and publish them to " +
-                        "the publishing directory",
-                "cron;string;Format: minute hour dayOfMonth month " +
-                        "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
-                "summary.senderEmail;string;Specify the address to be used " +
-                        "as the email's 'sender'. Bounces go to this address.",
-                "summary.recipientEmail;string;Who should receive summaries",
-                "enabled;boolean;Enable this plugin",
-                "summary.enabled;boolean;Enable the summary. You must enabled " +
-                        "this for the job to work.",
-                "summary.emailSubject;string;Subject of summary email",
-                "summary.emailTemplate;string;Fully qualified pathname of " +
-                        "template file of email to be sent",
-                "summary.itemTemplate;string;Fully qualified pathname of " +
-                        "file containing template for each item",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-jobrules-unpublishexpiredjobs",
-            };
-
-        return s;
-    }
-
-    /**
-     * initialize from the configuration file
-     */
-    public void init(ISubsystem owner, String id, String implName, IConfigStore config) throws
-            EBaseException {
-        mConfig = config;
-        mId = id;
-        mImplName = implName;
-
-        mCa = (ICertificateAuthority)
-                CMS.getSubsystem("ca");
-        if (mCa == null) {
-            return;
-        }
-
-        mReqQ = mCa.getRequestQueue();
-        mRepository = mCa.getCertificateRepository();
-        mPublisherProcessor = mCa.getPublisherProcessor();
-
-        // read from the configuration file
-        mCron = mConfig.getString(IJobCron.PROP_CRON);
-        if (mCron == null) {
-            return;
-        }
-
-        // parse cron string into a JobCron class
-        IJobsScheduler scheduler = (IJobsScheduler) owner;
-
-        mJobCron = scheduler.createJobCron(mCron);
-
-        // initialize the summary related config info
-        IConfigStore sc = mConfig.getSubStore(PROP_SUMMARY);
-
-        if (sc.getBoolean(PROP_ENABLED, false)) {
-            mSummary = true;
-            mSummaryMailSubject = sc.getString(PROP_EMAIL_SUBJECT);
-            mMailForm = sc.getString(PROP_EMAIL_TEMPLATE);
-            mItemForm = sc.getString(PROP_ITEM_TEMPLATE);
-            mSummarySenderEmail = sc.getString(PROP_SENDER_EMAIL);
-            mSummaryReceiverEmail = sc.getString(PROP_RECEIVER_EMAIL);
-        } else {
-            mSummary = false;
-        }
-    }
-
-    /**
-     * look in the internal db for certificateRecords that are
-     * valid but not published
-     * The publish() method should set <b>InLdapPublishDir</b> flag accordingly.
-     * if publish unsuccessfully, log it -- unsuccessful certs should be
-     * picked up and attempted again at the next scheduled run
-     */
-    public void run() {
-        CMS.debug("in PublishCertsJob " +
-                       getId() + " : run()");
-        // get time now..."now" is before the loop
-        Date date = CMS.getCurrentDate();
-        DateFormat dateFormat = DateFormat.getDateTimeInstance();
-        String nowString = dateFormat.format(date);
-
-        // form filter
-        String filter = // might need to use "metaInfo"
-                "(!(certMetainfo=" + ICertRecord.META_LDAPPUBLISH +
-                        ":true))";
-
-        Enumeration<Object> unpublishedCerts = null;
-
-        try {
-            unpublishedCerts = mRepository.findCertRecs(filter);
-            // bug 399150
-            /*
-             CertRecordList list = null;
-             list = mRepository.findCertRecordsInList(filter,  null, "serialno", 5);
-             int size = list.getSize();
-             expired = list.getCertRecords(0, size - 1);
-             */
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-        }
-
-        int count = 0; // how many have been published successfully
-        int negCount = 0; // how many have NOT been published successfully
-        String contentForm = null;
-        String itemForm = null;
-        String itemListContent = null;
-
-        if (mSummary == true) {
-            contentForm = getTemplateContent(mMailForm);
-            itemForm = getTemplateContent(mItemForm);
-        }
-
-        // filter out the invalid ones and publish them
-        // publish() will set inLdapPublishDir flag
-        while (unpublishedCerts != null && unpublishedCerts.hasMoreElements()) {
-            ICertRecord rec = (ICertRecord) unpublishedCerts.nextElement();
-
-            if (rec == null)
-                break;
-            X509CertImpl cert = rec.getCertificate();
-            Date notAfter = cert.getNotAfter();
-
-            // skip CA certs
-            if (cert.getBasicConstraintsIsCA() == true)
-                continue;
-
-            // skip the expired certs
-            if (notAfter.before(date))
-                continue;
-
-            if (mSummary == true)
-                buildItemParams(cert);
-
-            // get request id from cert record MetaInfo
-            MetaInfo minfo = null;
-
-            try {
-                minfo = (MetaInfo) rec.get(ICertRecord.ATTR_META_INFO);
-            } catch (EBaseException e) {
-                negCount += 1;
-                if (mSummary == true)
-                    buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                            STATUS_FAILURE);
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("JOBS_META_INFO_ERROR",
-                                cert.getSerialNumber().toString(16) +
-                                        e.toString()));
-            }
-
-            String ridString = null;
-
-            try {
-                if (minfo != null)
-                    ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID);
-            } catch (EBaseException e) {
-                negCount += 1;
-                if (mSummary == true)
-                    buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                            STATUS_FAILURE);
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
-                                cert.getSerialNumber().toString(16) +
-                                        e.toString()));
-            } catch (NullPointerException e) {
-                // no requestId in MetaInfo...skip to next record
-                negCount += 1;
-                if (mSummary == true)
-                    buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                            STATUS_FAILURE);
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
-                                cert.getSerialNumber().toString(16) +
-                                        e.toString()));
-            }
-
-            if (ridString != null) {
-                RequestId rid = new RequestId(ridString);
-
-                // get request from request id
-                IRequest req = null;
-
-                try {
-                    req = mReqQ.findRequest(rid);
-                    if (req != null) {
-                        if (mSummary == true)
-                            buildItemParams(req);
-                    }
-                } catch (EBaseException e) {
-                    negCount += 1;
-                    if (mSummary == true)
-                        buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                                STATUS_FAILURE);
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("JOBS_FIND_REQUEST_ERROR",
-                                    cert.getSerialNumber().toString(16) +
-                                            e.toString()));
-                }
-                try {
-                    if ((mPublisherProcessor != null) &&
-                            mPublisherProcessor.enabled()) {
-                        mPublisherProcessor.publishCert(cert, req);
-                        if (mSummary == true)
-                            buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                                    STATUS_SUCCESS);
-                        count += 1;
-                    } else {
-                        negCount += 1;
-                    }
-                } catch (Exception e) {
-                    negCount += 1;
-                    if (mSummary == true)
-                        buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                                STATUS_FAILURE);
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("JOBS_PUBLISH_ERROR",
-                                    cert.getSerialNumber().toString(16) +
-                                            e.toString()));
-                }
-            } // ridString != null
-            else {
-                try {
-                    if ((mPublisherProcessor != null) &&
-                            mPublisherProcessor.enabled()) {
-                        mPublisherProcessor.publishCert(cert, null);
-
-                        if (mSummary == true)
-                            buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                                    STATUS_SUCCESS);
-                        count += 1;
-                    } else {
-                        negCount += 1;
-                    }
-                } catch (Exception e) {
-                    negCount += 1;
-
-                    if (mSummary == true)
-                        buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                                STATUS_FAILURE);
-
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("JOBS_PUBLISH_ERROR",
-                                    cert.getSerialNumber().toString(16) +
-                                            e.toString()));
-                }
-            } // ridString == null
-
-            // inLdapPublishDir flag should have been set by the
-            // publish() method
-
-            // if summary is enabled, form the item content
-            if (mSummary) {
-                IEmailFormProcessor emailItemFormProcessor =
-                        CMS.getEmailFormProcessor();
-                String c = emailItemFormProcessor.getEmailContent(itemForm,
-                        mItemParams);
-
-                // add item content to the item list
-                if (itemListContent == null) {
-                    itemListContent = c;
-                } else {
-                    itemListContent += c;
-                }
-            }
-        }
-
-        // time for summary
-        if (mSummary == true) {
-            buildContentParams(IEmailFormProcessor.TOKEN_ID,
-                    mId);
-            buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_ITEM_LIST,
-                    itemListContent);
-            buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM,
-                    String.valueOf(count + negCount));
-            buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM,
-                    String.valueOf(count));
-            buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_FAILURE_NUM,
-                    String.valueOf(negCount));
-            buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME,
-                    nowString);
-
-            IEmailFormProcessor emailFormProcessor = CMS.getEmailFormProcessor();
-            String mailContent =
-                    emailFormProcessor.getEmailContent(contentForm,
-                            mContentParams);
-
-            mailSummary(mailContent);
-        }
-    }
-
-    /**
-     * Returns a list of configuration parameter names.
-     * The list is passed to the configuration console so instances of
-     * this implementation can be configured through the console.
-     *
-     * @return String array of configuration parameter names.
-     */
-    public String[] getConfigParams() {
-        return mConfigParams;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java b/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java
deleted file mode 100644
index 37c0e918b..000000000
--- a/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java
+++ /dev/null
@@ -1,705 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.jobs;
-
-import java.io.IOException;
-import java.text.DateFormat;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.base.MetaInfo;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.dbs.IElementProcessor;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.jobs.IJob;
-import com.netscape.certsrv.jobs.IJobCron;
-import com.netscape.certsrv.jobs.IJobsScheduler;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.notification.ENotificationException;
-import com.netscape.certsrv.notification.IEmailFormProcessor;
-import com.netscape.certsrv.notification.IEmailResolver;
-import com.netscape.certsrv.notification.IEmailResolverKeys;
-import com.netscape.certsrv.notification.IMailNotification;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestId;
-
-/**
- * A job for the Jobs Scheduler. This job checks in the internal ldap
- * db for certs about to expire within the next configurable days and
- * sends email notifications to the appropriate recipients.
- *
- * the $TOKENS that are available for the this jobs's summary outer form are:<br
- >
- * <UL>
- * <LI>$Status
- * <LI>$InstanceID
- * <LI>$SummaryItemList
- * <LI>$SummaryTotalNum
- * <LI>$SummaryTotalSuccess
- * <LI>$SummaryTotalfailure
- * <LI>$ExecutionTime
- * </UL>
- * and for the inner list items:
- * <UL>
- * <LI>$SerialNumber
- * <LI>$IssuerDN
- * <LI>$SubjectDN
- * <LI>$NotAfter
- * <LI>$NotBefore
- * <LI>$RequestorEmail
- * <LI>$CertType
- * <LI>$RequestType
- * <LI>$HttpHost
- * <LI>$HttpPort
- * </UL>
- *
- * @version $Revision$, $Date$
- * @see com.netscape.certsrv.jobs.IJob
- * @see com.netscape.cms.jobs.AJobBase
- */
-public class RenewalNotificationJob
-        extends AJobBase
-        implements IJob, Runnable, IExtendedPluginInfo {
-
-    // config parameters...
-    public static final String PROP_CRON = "cron";
-
-    /**
-     * Profile ID specifies which profile approves the certificate.
-     */
-    public static final String PROP_PROFILE_ID = "profileId";
-
-    /**
-     * This job will send notification at this much time before the
-     * enpiration date
-     */
-    public static final String PROP_NOTIFYTRIGGEROFFSET =
-            "notifyTriggerOffset";
-
-    /**
-     * This job will stop sending notification this much time after
-     * the expiration date
-     */
-    public static final String PROP_NOTIFYENDOFFSET = "notifyEndOffset";
-
-    /**
-     * sender email address as appeared on the notification email
-     */
-    public static final String PROP_SENDEREMAIL =
-            "senderEmail";
-
-    /**
-     * email subject line as appeared on the notification email
-     */
-    public static final String PROP_EMAILSUBJECT =
-            "emailSubject";
-
-    /**
-     * location of the template file used for email notification
-     */
-    public static final String PROP_EMAILTEMPLATE = "emailTemplate";
-    public static final String PROP_MAXNOTIFYCOUNT = "maxNotifyCount";
-
-    /**
-     * sender email as appeared on the notification summary email
-     */
-    public static final String PROP_SUMMARY_SENDEREMAIL = "summary.senderEmail";
-
-    /**
-     * recipient of the notification summary email
-     */
-    public static final String PROP_SUMMARY_RECIPIENTEMAIL = "summary.recipientEmail";
-
-    /**
-     * email subject as appeared on the notification summary email
-     */
-    public static final String PROP_SUMMARY_SUBJECT = "summary.emailSubject";
-
-    /**
-     * location of the email template used for notification summary
-     */
-    public static final String PROP_SUMMARY_TEMPLATE = "summary.emailTemplate";
-
-    /**
-     * location of the template file for each item appeared on the
-     * notification summary
-     */
-    public static final String PROP_SUMMARY_ITEMTEMPLATE = "summary.itemTemplate";
-
-    /*
-     * Holds configuration parameters accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
-     */
-    protected static String[] mConfigParams =
-            new String[] {
-                    "enabled",
-                    PROP_CRON,
-                    PROP_PROFILE_ID,
-                    PROP_NOTIFYTRIGGEROFFSET,
-                    PROP_NOTIFYENDOFFSET,
-                    PROP_SENDEREMAIL,
-                    PROP_EMAILSUBJECT,
-                    PROP_EMAILTEMPLATE,
-                    "summary.enabled",
-                    PROP_SUMMARY_RECIPIENTEMAIL,
-                    PROP_SUMMARY_SENDEREMAIL,
-                    PROP_SUMMARY_SUBJECT,
-                    PROP_SUMMARY_ITEMTEMPLATE,
-                    PROP_SUMMARY_TEMPLATE,
-        };
-
-    protected ICertificateRepository mCertDB = null;
-    protected ICertificateAuthority mCA = null;
-    protected boolean mSummary = false;
-    protected String mEmailSender = null;
-    protected String mEmailSubject = null;
-    protected String mEmailTemplateName = null;
-    protected String mSummaryItemTemplateName = null;
-    protected String mSummaryTemplateName = null;
-    protected boolean mSummaryHTML = false;
-    protected boolean mHTML = false;
-
-    protected String mHttpHost = null;
-    protected String mHttpPort = null;
-
-    private int mPreDays = 0;
-    private long mPreMS = 0;
-    private int mPostDays = 0;
-    private long mPostMS = 0;
-    private String[] mProfileId = null;
-
-    /**
-     * class constructor
-     */
-    public RenewalNotificationJob() {
-    }
-
-    /**
-     * holds help text for this plugin
-     */
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String s[] = {
-                IExtendedPluginInfo.HELP_TEXT +
-                        "; A job that checks for expiring or expired certs" +
-                        "notifyTriggerOffset before and notifyEndOffset after " +
-                        "the expiration date",
-
-                PROP_PROFILE_ID + ";string;Specify the ID of the profile which " +
-                        "approved the certificates that are about to expire. For multiple " +
-                        "profiles, each entry is separated by white space. For example, " +
-                        "if the administrator just wants to give automated notification " +
-                        "when the SSL server certificates are about to expire, then " +
-                        "he should enter \"caServerCert caAgentServerCert\" in the profileId textfield. " +
-                        "Blank field means all profiles.",
-                PROP_NOTIFYTRIGGEROFFSET + ";number,required;How long (in days) before " +
-                        "certificate expiration will the first notification " +
-                        "be sent",
-                PROP_NOTIFYENDOFFSET + ";number,required;How long (in days) after " +
-                        "certificate expiration will notifications " +
-                        "continue to be resent if certificate is not renewed",
-                PROP_CRON + ";string,required;Format: minute hour dayOfMonth Mmonth " +
-                        "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
-                PROP_SENDEREMAIL + ";string,required;Specify the address to be used " +
-                        "as the email's 'sender'. Bounces go to this address.",
-                PROP_EMAILSUBJECT + ";string,required;Email subject",
-                PROP_EMAILTEMPLATE + ";string,required;Fully qualified pathname of " +
-                        "template file of email to be sent",
-                "enabled;boolean;Enable this plugin",
-                "summary.enabled;boolean;Enabled sending of summaries",
-                PROP_SUMMARY_SENDEREMAIL + ";string,required;Sender email address of summary",
-                PROP_SUMMARY_RECIPIENTEMAIL + ";string,required;Who should receive summaries",
-                PROP_SUMMARY_SUBJECT + ";string,required;Subject of summary email",
-                PROP_SUMMARY_TEMPLATE + ";string,required;Fully qualified pathname of " +
-                        "template file of email to be sent",
-                PROP_SUMMARY_ITEMTEMPLATE + ";string,required;Fully qualified pathname of " +
-                        "file with template to be used for each summary item",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-jobrules-renewalnotification",
-            };
-
-        return s;
-    }
-
-    /**
-     * Initialize from the configuration file.
-     *
-     * @param id String name of this instance
-     * @param implName string name of this implementation
-     * @param config configuration store for this instance
-     * @exception EBaseException
-     */
-    public void init(ISubsystem owner, String id, String implName, IConfigStore config) throws
-            EBaseException {
-        mConfig = config;
-        mId = id;
-        mImplName = implName;
-
-        mCA = (ICertificateAuthority)
-                CMS.getSubsystem("ca");
-        if (mCA == null) {
-            mSummary = false;
-            return;
-        }
-
-        mCertDB = mCA.getCertificateRepository();
-
-        mCron = mConfig.getString(IJobCron.PROP_CRON);
-        if (mCron == null) {
-            return;
-        }
-
-        // parse cron string into a JobCron class
-        IJobsScheduler scheduler = (IJobsScheduler) owner;
-
-        mJobCron = scheduler.createJobCron(mCron);
-    }
-
-    /**
-     * finds out which cert needs notification and notifies the
-     * responsible parties
-     */
-    public void run() {
-        // for forming renewal URL at template
-        mHttpHost = CMS.getEEHost();
-        mHttpPort = CMS.getEESSLPort();
-
-        // read from the configuration file
-        try {
-            mPreDays = mConfig.getInteger(PROP_NOTIFYTRIGGEROFFSET, 30); // in days
-            mPostDays = mConfig.getInteger(PROP_NOTIFYENDOFFSET, 15); // in days
-
-            mEmailSender = mConfig.getString(PROP_SENDEREMAIL);
-            mEmailSubject = mConfig.getString(PROP_EMAILSUBJECT);
-            mEmailTemplateName = mConfig.getString(PROP_EMAILTEMPLATE);
-
-            // initialize the summary related config info
-            IConfigStore sc = mConfig.getSubStore(PROP_SUMMARY);
-
-            if (sc.getBoolean(PROP_ENABLED, false)) {
-                mSummary = true;
-                mSummaryItemTemplateName =
-                        mConfig.getString(PROP_SUMMARY_ITEMTEMPLATE);
-                mSummarySenderEmail =
-                        mConfig.getString(PROP_SUMMARY_SENDEREMAIL);
-                mSummaryReceiverEmail =
-                        mConfig.getString(PROP_SUMMARY_RECIPIENTEMAIL);
-                mSummaryMailSubject =
-                        mConfig.getString(PROP_SUMMARY_SUBJECT);
-                mSummaryTemplateName =
-                        mConfig.getString(PROP_SUMMARY_TEMPLATE);
-            } else {
-                mSummary = false;
-            }
-
-            long msperday = 86400 * 1000;
-            long mspredays = mPreDays;
-            long mspostdays = mPostDays;
-
-            mPreMS = mspredays * msperday;
-            mPostMS = mspostdays * msperday;
-
-            Date now = CMS.getCurrentDate();
-            DateFormat dateFormat = DateFormat.getDateTimeInstance();
-            String nowString = dateFormat.format(now);
-
-            /*
-             * look in the internal db for certificateRecords that are
-             * 1. within the expiration notification period
-             * 2. has not yet been renewed
-             * 3. notify - use EmailTemplateProcessor to formulate
-             *		 content, then send
-             * if notified successfully, mark "STATUS_SUCCESS",
-             *    else, if notified unsuccessfully, mark "STATUS_FAILURE".
-             */
-
-            /* 1) make target notAfter string */
-
-            Date expiryDate = null;
-            Date stopDate = null;
-
-            /* 2) Assemble ldap Search filter string */
-            // date format: 19991215125306Z
-            long expiryMS = now.getTime() + mPreMS;
-            long stopMS = now.getTime() - mPostMS;
-
-            expiryDate = new Date(expiryMS);
-            stopDate = new Date(stopMS);
-
-            // All cert records which:
-            //   1) expire before the deadline
-            //   2) have not already been renewed
-            // filter format:
-            // (& (notafter<='time')(!(certAutoRenew=DONE))(!certAutoRenew=DISABLED))
-
-            StringBuffer f = new StringBuffer();
-            String profileId = "";
-            try {
-                profileId = mConfig.getString(PROP_PROFILE_ID, "");
-            } catch (EBaseException ee) {
-            }
-
-            if (profileId != null && profileId.length() > 0) {
-                StringTokenizer tokenizer = new StringTokenizer(profileId);
-                int num = tokenizer.countTokens();
-                mProfileId = new String[num];
-                for (int i = 0; i < num; i++)
-                    mProfileId[i] = tokenizer.nextToken();
-            }
-
-            f.append("(&");
-            if (mProfileId != null) {
-                if (mProfileId.length == 1)
-                    f.append("(" + ICertRecord.ATTR_META_INFO + "=" +
-                            ICertRecord.META_PROFILE_ID + ":" + mProfileId[0] + ")");
-                else {
-                    f.append("(|");
-                    for (int i = 0; i < mProfileId.length; i++) {
-                        f.append("(" + ICertRecord.ATTR_META_INFO + "=" +
-                                ICertRecord.META_PROFILE_ID + ":" + mProfileId[i] + ")");
-                    }
-                    f.append(")");
-                }
-            }
-
-            f.append("(" + ICertRecord.ATTR_X509CERT + ".notAfter" + "<=" + expiryDate.getTime() + ")");
-            f.append("(" + ICertRecord.ATTR_X509CERT + ".notAfter" + ">=" + stopDate.getTime() + ")");
-            f.append("(!(" + ICertRecord.ATTR_AUTO_RENEW + "=" + ICertRecord.AUTO_RENEWAL_DONE + "))");
-            f.append("(!(" + ICertRecord.ATTR_AUTO_RENEW + "=" + ICertRecord.AUTO_RENEWAL_DISABLED + "))");
-            f.append("(!(" + ICertRecord.ATTR_CERT_STATUS + "=" + ICertRecord.STATUS_REVOKED + "))");
-            f.append("(!(" + ICertRecord.ATTR_CERT_STATUS + "=" + ICertRecord.STATUS_REVOKED_EXPIRED + "))");
-            f.append(")");
-            String filter = f.toString();
-
-            String emailTemplate =
-                    getTemplateContent(mEmailTemplateName);
-
-            mHTML = mMailHTML;
-
-            try {
-                String summaryItemTemplate = null;
-
-                if (mSummary == true) {
-                    summaryItemTemplate =
-                            getTemplateContent(mSummaryItemTemplateName);
-                }
-
-                ItemCounter ic = new ItemCounter();
-                CertRecProcessor cp = new CertRecProcessor(this, emailTemplate, summaryItemTemplate, ic);
-                //CertRecordList list = mCertDB.findCertRecordsInList(filter, null, "serialno", 5);
-                //list.processCertRecords(0, list.getSize() - 1, cp);
-
-                Enumeration<Object> en = mCertDB.findCertRecs(filter);
-
-                while (en.hasMoreElements()) {
-                    Object element = en.nextElement();
-
-                    try {
-                        cp.process(element);
-                    } catch (Exception e) {
-                        //Don't abort the entire operation. The error should already be logged
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_FAILED_PROCESS", e.toString()));
-                    }
-                }
-
-                // Now send the summary
-
-                if (mSummary == true) {
-                    try {
-                        String summaryTemplate =
-                                getTemplateContent(mSummaryTemplateName);
-
-                        mSummaryHTML = mMailHTML;
-
-                        buildContentParams(IEmailFormProcessor.TOKEN_ID,
-                                mId);
-
-                        buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_ITEM_LIST,
-                                ic.mItemListContent);
-                        buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM,
-                                String.valueOf(ic.mNumFail + ic.mNumSuccessful));
-                        buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM,
-                                String.valueOf(ic.mNumSuccessful));
-                        buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_FAILURE_NUM,
-                                String.valueOf(ic.mNumFail));
-
-                        buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME,
-                                nowString);
-
-                        IEmailFormProcessor summaryEmfp = CMS.getEmailFormProcessor();
-
-                        String summaryContent =
-                                summaryEmfp.getEmailContent(summaryTemplate,
-                                        mContentParams);
-
-                        if (summaryContent == null) {
-                            log(ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SUMMARY_CONTENT_NULL"));
-                            mailSummary(" no summaryContent");
-                        } else {
-                            mMailHTML = mSummaryHTML;
-                            mailSummary(summaryContent);
-                        }
-                    } catch (Exception e) {
-                        // log error
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_EXCEPTION_IN_RUN", e.toString()));
-                    }
-                }
-            } catch (EBaseException e) {
-                // log error
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-            }
-        } catch (EBaseException ex) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("Configuration error:", ex.toString()));
-        }
-    }
-
-    /**
-     * get instance id.
-     *
-     * @return a String identifier
-     */
-    public String getId() {
-        return mId;
-    }
-
-    /**
-     * set instance id.
-     *
-     * @param id String id of the instance
-     */
-    public void setId(String id) {
-        mId = id;
-    }
-
-    /**
-     * get cron string associated with this job
-     *
-     * @return a JobCron object that represents the schedule of this job
-     */
-    public IJobCron getJobCron() {
-        return mJobCron;
-    }
-
-    /**
-     * gets the plugin name of this job.
-     *
-     * @return a String that is the name of this implementation
-     */
-    public String getImplName() {
-        return mImplName;
-    }
-
-    /**
-     * Gets the configuration substore used by this job
-     *
-     * @return configuration store
-     */
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    protected void mailUser(String subject,
-            String msg,
-            String sender,
-            IRequest req,
-            ICertRecord cr)
-            throws IOException, ENotificationException, EBaseException {
-
-        IMailNotification mn = CMS.getMailNotification();
-
-        String rcp = null;
-        //		boolean sendFailed = false;
-        Exception sendFailedException = null;
-
-        IEmailResolverKeys keys = CMS.getEmailResolverKeys();
-
-        try {
-            if (req != null) {
-                keys.set(IEmailResolverKeys.KEY_REQUEST, req);
-            }
-            if (cr != null) {
-                Object c = cr.getCertificate();
-
-                if (c != null) {
-                    keys.set(IEmailResolverKeys.KEY_CERT, cr.getCertificate());
-                }
-            }
-
-            IEmailResolver er = CMS.getReqCertSANameEmailResolver();
-
-            rcp = er.getEmail(keys);
-
-        } catch (Exception e) {
-            // already logged by the resolver
-            //			sendFailed = true;
-            sendFailedException = e;
-            throw (ENotificationException) sendFailedException;
-        }
-
-        mn.setTo(rcp);
-
-        if (sender != null)
-            mn.setFrom(sender);
-        else
-            mn.setFrom("nobody");
-
-        if (subject != null)
-            mn.setSubject(subject);
-        else
-            mn.setFrom("Important message from Certificate Authority");
-
-        if (mHTML == true)
-            mn.setContentType("text/html");
-
-        mn.setContent(msg);
-
-        mn.sendNotification();
-    }
-
-    /**
-     * Returns a list of configuration parameter names.
-     * The list is passed to the configuration console so instances of
-     * this implementation can be configured through the console.
-     *
-     * @return String array of configuration parameter names.
-     */
-    public String[] getConfigParams() {
-        return (mConfigParams);
-    }
-}
-
-class CertRecProcessor implements IElementProcessor {
-    protected RenewalNotificationJob mJob;
-    protected String mEmailTemplate;
-    protected String mSummaryItemTemplate;
-    protected ItemCounter mIC;
-
-    public CertRecProcessor(RenewalNotificationJob job, String emailTemplate,
-            String summaryItemTemplate, ItemCounter ic) {
-        mJob = job;
-        mEmailTemplate = emailTemplate;
-        mSummaryItemTemplate = summaryItemTemplate;
-        mIC = ic;
-    }
-
-    public void process(Object o) throws EBaseException {
-
-        // Get each certRecord
-        ICertRecord cr = (ICertRecord) o;
-
-        String ridString = null;
-        boolean numFailCounted = false;
-
-        if (cr != null) {
-            mJob.buildItemParams(cr.getCertificate());
-            mJob.buildItemParams(IEmailFormProcessor.TOKEN_HTTP_HOST,
-                    mJob.mHttpHost);
-            mJob.buildItemParams(IEmailFormProcessor.TOKEN_HTTP_PORT, mJob.mHttpPort);
-
-            MetaInfo metaInfo = null;
-
-            metaInfo = (MetaInfo) cr.get(ICertRecord.ATTR_META_INFO);
-            if (metaInfo == null) {
-                mIC.mNumFail++;
-                numFailCounted = true;
-                if (mJob.mSummary == true)
-                    mJob.buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                            AJobBase.STATUS_FAILURE);
-                mJob.log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("JOBS_GET_CERT_ERROR",
-                                cr.getCertificate().getSerialNumber().toString(16)));
-            } else {
-                ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
-            }
-        }
-
-        IRequest req = null;
-
-        if (ridString != null) {
-            RequestId rid = new RequestId(ridString);
-
-            try {
-                req = mJob.mCA.getRequestQueue().findRequest(rid);
-            } catch (Exception e) {
-                // it is ok not to be able to get the request. The main reason
-                // to get the request is to retrieve the requestor's email.
-                // We can retrieve the email from the CertRecord.
-                CMS.debug("huh RenewalNotificationJob Exception: " + e.toString());
-            }
-
-            if (req != null)
-                mJob.buildItemParams(req);
-        } // ridString != null
-
-        try {
-            // send mail to user
-
-            IEmailFormProcessor emfp = CMS.getEmailFormProcessor();
-            String message = emfp.getEmailContent(mEmailTemplate,
-                    mJob.mItemParams);
-
-            mJob.mailUser(mJob.mEmailSubject,
-                    message,
-                    mJob.mEmailSender,
-                    req,
-                    cr);
-
-            mJob.buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                    AJobBase.STATUS_SUCCESS);
-
-            mIC.mNumSuccessful++;
-
-        } catch (Exception e) {
-            CMS.debug("RenewalNotificationJob Exception: " + e.toString());
-            mJob.buildItemParams(IEmailFormProcessor.TOKEN_STATUS, AJobBase.STATUS_FAILURE);
-            mJob.log(ILogger.LL_FAILURE, e.toString(), ILogger.L_MULTILINE);
-            if (numFailCounted == false) {
-                mIC.mNumFail++;
-            }
-        }
-
-        if (mJob.mSummary == true) {
-            IEmailFormProcessor summaryItemEmfp =
-                    CMS.getEmailFormProcessor();
-            String c =
-                    summaryItemEmfp.getEmailContent(mSummaryItemTemplate,
-                            mJob.mItemParams);
-
-            if (mIC.mItemListContent == null) {
-                mIC.mItemListContent = c;
-            } else {
-                mIC.mItemListContent += c;
-            }
-        }
-    }
-}
-
-class ItemCounter {
-    public int mNumSuccessful = 0;
-    public int mNumFail = 0;
-    public String mItemListContent = null;
-}
diff --git a/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java b/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java
deleted file mode 100644
index 5d1ea2f2b..000000000
--- a/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java
+++ /dev/null
@@ -1,217 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.jobs;
-
-import java.text.DateFormat;
-import java.util.Date;
-import java.util.Locale;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.jobs.IJob;
-import com.netscape.certsrv.jobs.IJobCron;
-import com.netscape.certsrv.jobs.IJobsScheduler;
-import com.netscape.certsrv.notification.IEmailFormProcessor;
-import com.netscape.certsrv.request.IRequestList;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestStatus;
-
-/**
- * A job for the Jobs Scheduler. This job checks in the internal ldap
- * db for requests currently in the request queue and send a summary
- * report to the administrator
- * <p>
- * the $TOKENS that are available for the this jobs's summary outer form are:<br>
- * <UL>
- * $InstanceID $SummaryTotalNum $ExecutionTime
- * </UL>
- *
- * @version $Revision$, $Date$
- * @see com.netscape.certsrv.jobs.IJob
- * @see com.netscape.cms.jobs.AJobBase
- */
-public class RequestInQueueJob extends AJobBase
-        implements IJob, Runnable, IExtendedPluginInfo {
-    protected static final String PROP_SUBSYSTEM_ID = "subsystemId";
-
-    IAuthority mSub = null;
-    IRequestQueue mReqQ = null;
-    private boolean mSummary = false;
-
-    /* Holds configuration parameters accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
-     */
-    protected static String[] mConfigParams =
-            new String[] {
-                    "enabled",
-                    "cron",
-                    "subsystemId",
-                    "summary.enabled",
-                    "summary.emailSubject",
-                    "summary.emailTemplate",
-                    "summary.senderEmail",
-                    "summary.recipientEmail"
-        };
-
-    /**
-     * holds help text for this plugin
-     */
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String s[] = {
-                IExtendedPluginInfo.HELP_TEXT +
-                        "; A job that checks for enrollment requests in the " +
-                        "queue, and reports to recipientEmail",
-                "cron;string;Format: minute hour dayOfMonth month " +
-                        "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
-                "summary.senderEmail;string;Specify the address to be used " +
-                        "as the email's 'sender'. Bounces go to this address.",
-                "summary.recipientEmail;string;Who should receive summaries",
-                "enabled;boolean;Enable this plugin",
-                "summary.enabled;boolean;Enable the summary. You must enabled " +
-                        "this for the job to work.",
-                "summary.emailSubject;string;Subject of summary email",
-                "summary.emailTemplate;string;Fully qualified pathname of " +
-                        "template file of email to be sent",
-                "subsystemId;choice(ca,ra);The type of subsystem this job is " +
-                        "for",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-jobrules-requestinqueuejob",
-            };
-
-        return s;
-    }
-
-    /**
-     * initialize from the configuration file
-     *
-     * @param id String name of this instance
-     * @param implName string name of this implementation
-     * @param config configuration store for this instance
-     * @exception EBaseException
-     */
-    public void init(ISubsystem owner, String id, String implName, IConfigStore config) throws
-            EBaseException {
-        mConfig = config;
-        mId = id;
-        mImplName = implName;
-
-        // read from the configuration file
-        String sub = mConfig.getString(PROP_SUBSYSTEM_ID);
-
-        mSub = (IAuthority)
-                CMS.getSubsystem(sub);
-        if (mSub == null) {
-            // take this as disable
-            mSummary = false;
-            return;
-        }
-
-        mReqQ = mSub.getRequestQueue();
-
-        mCron = mConfig.getString(IJobCron.PROP_CRON);
-        if (mCron == null) {
-            return;
-        }
-
-        // parse cron string into a JobCron class
-        IJobsScheduler scheduler = (IJobsScheduler) owner;
-
-        mJobCron = scheduler.createJobCron(mCron);
-
-        // initialize the summary related config info
-        IConfigStore sc = mConfig.getSubStore(PROP_SUMMARY);
-
-        if (sc.getBoolean(PROP_ENABLED, false)) {
-            mSummary = true;
-            mSummaryMailSubject = sc.getString(PROP_EMAIL_SUBJECT);
-            mMailForm = sc.getString(PROP_EMAIL_TEMPLATE);
-            //		mItemForm = sc.getString(PROP_ITEM_TEMPLATE);
-            mSummarySenderEmail = sc.getString(PROP_SENDER_EMAIL);
-            mSummaryReceiverEmail = sc.getString(PROP_RECEIVER_EMAIL);
-        } else {
-            mSummary = false;
-        }
-    }
-
-    /**
-     * summarize the queue status and mail it
-     */
-    public void run() {
-        if (mSummary == false)
-            return;
-
-        Date date = CMS.getCurrentDate();
-        DateFormat dateFormat = DateFormat.getDateTimeInstance();
-        String nowString = dateFormat.format(date);
-
-        int count = 0;
-        IRequestList list =
-                mReqQ.listRequestsByStatus(RequestStatus.PENDING);
-
-        while (list != null && list.hasMoreElements()) {
-            list.nextRequestId();
-
-            /*  This is way too slow
-             // get request from request id
-             IRequest req = null;
-             try {
-             req = mReqQ.findRequest(rid);
-             } catch (EBaseException e) {
-             System.out.println(e.toString());
-             }
-             */
-            count++;
-        }
-
-        //		if (count == 0) return;
-
-        String contentForm = null;
-
-        contentForm = getTemplateContent(mMailForm);
-
-        buildContentParams(IEmailFormProcessor.TOKEN_ID, mId);
-        buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM,
-                String.valueOf(count));
-        buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME,
-                nowString);
-
-        IEmailFormProcessor emailFormProcessor = CMS.getEmailFormProcessor();
-        String mailContent =
-                emailFormProcessor.getEmailContent(contentForm,
-                        mContentParams);
-
-        mailSummary(mailContent);
-    }
-
-    /**
-     * Returns a list of configuration parameter names.
-     * The list is passed to the configuration console so instances of
-     * this implementation can be configured through the console.
-     *
-     * @return String array of configuration parameter names.
-     */
-    public String[] getConfigParams() {
-        return mConfigParams;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java b/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java
deleted file mode 100644
index b28e93751..000000000
--- a/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java
+++ /dev/null
@@ -1,384 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.jobs;
-
-import java.text.DateFormat;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Locale;
-
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.base.MetaInfo;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.jobs.IJob;
-import com.netscape.certsrv.jobs.IJobCron;
-import com.netscape.certsrv.jobs.IJobsScheduler;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.notification.IEmailFormProcessor;
-import com.netscape.certsrv.publish.IPublisherProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestId;
-
-/**
- * a job for the Jobs Scheduler. This job checks in the internal ldap
- * db for certs that have expired and remove them from the ldap
- * publishing directory.
- * <p>
- * the $TOKENS that are available for the this jobs's summary outer form are:<br>
- * <UL>
- * $Status $InstanceID $SummaryItemList $SummaryTotalNum $SummaryTotalSuccess $SummaryTotalfailure $ExecutionTime
- * </UL>
- * and for the inner list items:
- * <UL>
- * $SerialNumber $IssuerDN $SubjectDN $NotAfter $NotBefore $RequestorEmail $CertType
- * </UL>
- *
- * @version $Revision$, $Date$
- */
-public class UnpublishExpiredJob extends AJobBase
-        implements IJob, Runnable, IExtendedPluginInfo {
-
-    ICertificateAuthority mCa = null;
-    IRequestQueue mReqQ = null;
-    ICertificateRepository mRepository = null;
-    IPublisherProcessor mPublisherProcessor = null;
-    private boolean mSummary = false;
-
-    /* Holds configuration parameters accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
-     */
-    protected static String[] mConfigParams =
-            new String[] {
-                    "enabled",
-                    "cron",
-                    "summary.enabled",
-                    "summary.emailSubject",
-                    "summary.emailTemplate",
-                    "summary.itemTemplate",
-                    "summary.senderEmail",
-                    "summary.recipientEmail"
-        };
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String s[] = {
-                IExtendedPluginInfo.HELP_TEXT +
-                        "; A job that checks for expired certificates in the " +
-                        "database, and removes them from the publishing " +
-                        "directory",
-                "cron;string;Format: minute hour dayOfMonth month " +
-                        "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
-                "summary.senderEmail;string;Specify the address to be used " +
-                        "as the email's 'sender'. Bounces go to this address.",
-                "summary.recipientEmail;string;Who should receive summaries",
-                "enabled;boolean;Enable this plugin",
-                "summary.enabled;boolean;Enable the summary. You must enabled " +
-                        "this for the job to work.",
-                "summary.emailSubject;string;Subject of summary email",
-                "summary.emailTemplate;string;Fully qualified pathname of " +
-                        "template file of email to be sent",
-                "summary.itemTemplate;string;Fully qualified pathname of " +
-                        "file containing template for each item",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-jobrules-unpublishexpiredjobs",
-            };
-
-        return s;
-    }
-
-    /**
-     * initialize from the configuration file
-     */
-    public void init(ISubsystem owner, String id, String implName, IConfigStore config) throws
-            EBaseException {
-        mConfig = config;
-        mId = id;
-        mImplName = implName;
-
-        mCa = (ICertificateAuthority)
-                CMS.getSubsystem("ca");
-        if (mCa == null) {
-            return;
-        }
-
-        mReqQ = mCa.getRequestQueue();
-        mRepository = mCa.getCertificateRepository();
-        mPublisherProcessor = mCa.getPublisherProcessor();
-
-        // read from the configuration file
-        mCron = mConfig.getString(IJobCron.PROP_CRON);
-        if (mCron == null) {
-            return;
-        }
-
-        // parse cron string into a JobCron class
-        IJobsScheduler scheduler = (IJobsScheduler) owner;
-
-        mJobCron = scheduler.createJobCron(mCron);
-
-        // initialize the summary related config info
-        IConfigStore sc = mConfig.getSubStore(PROP_SUMMARY);
-
-        if (sc.getBoolean(PROP_ENABLED, false)) {
-            mSummary = true;
-            mSummaryMailSubject = sc.getString(PROP_EMAIL_SUBJECT);
-            mMailForm = sc.getString(PROP_EMAIL_TEMPLATE);
-            mItemForm = sc.getString(PROP_ITEM_TEMPLATE);
-            mSummarySenderEmail = sc.getString(PROP_SENDER_EMAIL);
-            mSummaryReceiverEmail = sc.getString(PROP_RECEIVER_EMAIL);
-        } else {
-            mSummary = false;
-        }
-    }
-
-    /**
-     * look in the internal db for certificateRecords that are
-     * expired.
-     * remove them from ldap publishing directory
-     * if remove successfully, mark <i>false</i> on the
-     * <b>InLdapPublishDir</b> flag,
-     * else, if remove unsuccessfully, log it
-     */
-    public void run() {
-        //		System.out.println("in ExpiredUnpublishJob "+
-        //						   getId()+ " : run()");
-        // get time now..."now" is before the loop
-        Date date = CMS.getCurrentDate();
-        long now = date.getTime();
-        DateFormat dateFormat = DateFormat.getDateTimeInstance();
-        String nowString = dateFormat.format(date);
-
-        // form filter
-        String filter = "(&(x509Cert.notAfter<=" + now +
-                ")(!(x509Cert.notAfter=" + now + "))" +
-                "(" + "certMetainfo=" + ICertRecord.META_LDAPPUBLISH +
-                ":true))";
-        // a test for without CertRecord.META_LDAPPUBLISH
-        //String filter = "(x509Cert.notAfter<="+ now +")";
-
-        Enumeration<Object> expired = null;
-
-        try {
-            expired = mRepository.findCertRecs(filter);
-            // bug 399150
-            /*
-             CertRecordList list = null;
-             list = mRepository.findCertRecordsInList(filter,  null, "serialno", 5);
-             int size = list.getSize();
-             expired = list.getCertRecords(0, size - 1);
-             */
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-        }
-
-        int count = 0; // how many have been unpublished successfully
-        int negCount = 0; // how many have NOT been unpublished successfully
-        String contentForm = null;
-        String itemForm = null;
-        String itemListContent = null;
-
-        if (mSummary == true) {
-            contentForm = getTemplateContent(mMailForm);
-            itemForm = getTemplateContent(mItemForm);
-        }
-
-        // unpublish them and unpublish() will set inLdapPublishDir flag
-        while (expired != null && expired.hasMoreElements()) {
-            ICertRecord rec = (ICertRecord) expired.nextElement();
-
-            if (rec == null)
-                break;
-            X509CertImpl cert = rec.getCertificate();
-
-            if (mSummary == true)
-                buildItemParams(cert);
-
-            // get request id from cert record MetaInfo
-            MetaInfo minfo = null;
-
-            try {
-                minfo = (MetaInfo) rec.get(ICertRecord.ATTR_META_INFO);
-            } catch (EBaseException e) {
-                negCount += 1;
-                if (mSummary == true)
-                    buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                            STATUS_FAILURE);
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("JOBS_META_INFO_ERROR",
-                                cert.getSerialNumber().toString(16) +
-                                        e.toString()));
-            }
-
-            String ridString = null;
-
-            try {
-                if (minfo != null)
-                    ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID);
-            } catch (EBaseException e) {
-                negCount += 1;
-                if (mSummary == true)
-                    buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                            STATUS_FAILURE);
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
-                                cert.getSerialNumber().toString(16) +
-                                        e.toString()));
-            } catch (NullPointerException e) {
-                // no requestId in MetaInfo...skip to next record
-                negCount += 1;
-                if (mSummary == true)
-                    buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                            STATUS_FAILURE);
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
-                                cert.getSerialNumber().toString(16) +
-                                        e.toString()));
-            }
-
-            if (ridString != null) {
-                RequestId rid = new RequestId(ridString);
-
-                // get request from request id
-                IRequest req = null;
-
-                try {
-                    req = mReqQ.findRequest(rid);
-                    if (req != null) {
-                        if (mSummary == true)
-                            buildItemParams(req);
-                    }
-                } catch (EBaseException e) {
-                    negCount += 1;
-                    if (mSummary == true)
-                        buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                                STATUS_FAILURE);
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("JOBS_FIND_REQUEST_ERROR",
-                                    cert.getSerialNumber().toString(16) +
-                                            e.toString()));
-                }
-                try {
-                    if ((mPublisherProcessor != null) &&
-                            mPublisherProcessor.enabled()) {
-                        mPublisherProcessor.unpublishCert(cert, req);
-                        if (mSummary == true)
-                            buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                                    STATUS_SUCCESS);
-                        count += 1;
-                    } else {
-                        negCount += 1;
-                    }
-                } catch (Exception e) {
-                    negCount += 1;
-                    if (mSummary == true)
-                        buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                                STATUS_FAILURE);
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("JOBS_UNPUBLISH_ERROR",
-                                    cert.getSerialNumber().toString(16) +
-                                            e.toString()));
-                }
-            } // ridString != null
-            else {
-                try {
-                    if ((mPublisherProcessor != null) &&
-                            mPublisherProcessor.enabled()) {
-                        mPublisherProcessor.unpublishCert(cert, null);
-                        if (mSummary == true)
-                            buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                                    STATUS_SUCCESS);
-                        count += 1;
-                    } else {
-                        negCount += 1;
-                    }
-                } catch (Exception e) {
-                    negCount += 1;
-                    if (mSummary == true)
-                        buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                                STATUS_FAILURE);
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("JOBS_UNPUBLISH_ERROR",
-                                    cert.getSerialNumber().toString(16) +
-                                            e.toString()));
-                }
-            } // ridString == null
-
-            // inLdapPublishDir flag should have been set by the
-            // unpublish() method
-
-            // if summary is enabled, form the item content
-            if (mSummary) {
-                IEmailFormProcessor emailItemFormProcessor =
-                        CMS.getEmailFormProcessor();
-                String c = emailItemFormProcessor.getEmailContent(itemForm,
-                        mItemParams);
-
-                // add item content to the item list
-                if (itemListContent == null) {
-                    itemListContent = c;
-                } else {
-                    itemListContent += c;
-                }
-            }
-        }
-
-        // time for summary
-        if (mSummary == true) {
-            buildContentParams(IEmailFormProcessor.TOKEN_ID,
-                    mId);
-            buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_ITEM_LIST,
-                    itemListContent);
-            buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM,
-                    String.valueOf(count + negCount));
-            buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM,
-                    String.valueOf(count));
-            buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_FAILURE_NUM,
-                    String.valueOf(negCount));
-            buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME,
-                    nowString);
-
-            IEmailFormProcessor emailFormProcessor = CMS.getEmailFormProcessor();
-            String mailContent =
-                    emailFormProcessor.getEmailContent(contentForm,
-                            mContentParams);
-
-            mailSummary(mailContent);
-        }
-    }
-
-    /**
-     * Returns a list of configuration parameter names.
-     * The list is passed to the configuration console so instances of
-     * this implementation can be configured through the console.
-     *
-     * @return String array of configuration parameter names.
-     */
-    public String[] getConfigParams() {
-        return (mConfigParams);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java b/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java
deleted file mode 100644
index 44ff46a9b..000000000
--- a/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java
+++ /dev/null
@@ -1,449 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.listeners;
-
-import java.io.File;
-import java.io.IOException;
-import java.text.DateFormat;
-import java.util.Date;
-import java.util.Hashtable;
-
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.listeners.EListenersException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.notification.ENotificationException;
-import com.netscape.certsrv.notification.IEmailFormProcessor;
-import com.netscape.certsrv.notification.IEmailResolver;
-import com.netscape.certsrv.notification.IEmailResolverKeys;
-import com.netscape.certsrv.notification.IEmailTemplate;
-import com.netscape.certsrv.notification.IMailNotification;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestListener;
-import com.netscape.certsrv.request.RequestId;
-
-/**
- * a listener for every completed enrollment request
- * <p>
- * Here is a list of available $TOKENs for email notification templates if certificate is successfully issued:
- * <UL>
- * <LI>$InstanceID
- * <LI>$SerialNumber
- * <LI>$HexSerialNumber
- * <LI>$HttpHost
- * <LI>$HttpPort
- * <LI>$RequestId
- * <LI>$IssuerDN
- * <LI>$SubjectDN
- * <LI>$NotBefore
- * <LI>$NotAfter
- * <LI>$SenderEmail
- * <LI>$RecipientEmail
- * </UL>
- * <p>
- * Here is a list of available $TOKENs for email notification templates if certificate request is rejected:
- * <UL>
- * <LI>$RequestId
- * <LI>$InstanceID
- * </UL>
- *
- * @version $Revision$, $Date$
- */
-public class CertificateIssuedListener implements IRequestListener {
-    protected final static String PROP_CERT_ISSUED_SUBSTORE = "certIssued";
-    protected static final String PROP_ENABLED = "enabled";
-    protected final static String PROP_NOTIFY_SUBSTORE = "notification";
-
-    protected final static String PROP_SENDER_EMAIL = "senderEmail";
-    protected final static String PROP_EMAIL_SUBJECT = "emailSubject";
-    public final static String PROP_EMAIL_TEMPLATE = "emailTemplate";
-
-    protected final static String REJECT_FILE_NAME = "certRequestRejected";
-
-    private boolean mEnabled = false;
-    private ILogger mLogger = CMS.getLogger();
-    private String mSenderEmail = null;
-    private String mSubject = null;
-    private String mSubject_Success = null;
-    private String mFormPath = null;
-    private String mRejectPath = null;
-    private Hashtable<String, Object> mContentParams = new Hashtable<String, Object>();
-
-    private IConfigStore mConfig = null;
-    private DateFormat mDateFormat = null;
-    private ICertAuthority mSubsystem = null;
-    private String mHttpHost = null;
-    private String mHttpPort = null;
-    private RequestId mReqId = null;
-
-    public CertificateIssuedListener() {
-    }
-
-    public void init(ISubsystem sub, IConfigStore config)
-            throws EListenersException, EPropertyNotFound, EBaseException {
-        mSubsystem = (ICertAuthority) sub;
-        mConfig = mSubsystem.getConfigStore();
-
-        IConfigStore nc = mConfig.getSubStore(PROP_NOTIFY_SUBSTORE);
-        IConfigStore rc = nc.getSubStore(PROP_CERT_ISSUED_SUBSTORE);
-
-        mEnabled = rc.getBoolean(PROP_ENABLED, false);
-
-        mSenderEmail = rc.getString(PROP_SENDER_EMAIL);
-        if (mSenderEmail == null) {
-            throw new EListenersException(CMS.getLogMessage("NO_NOTIFY_SENDER_EMAIL_CONFIG_FOUND"));
-        }
-
-        mFormPath = rc.getString(PROP_EMAIL_TEMPLATE);
-        String mDir = null;
-
-        // figure out the reject email path: same dir as form path,
-        //		same ending as form path
-        int ridx = mFormPath.lastIndexOf(File.separator);
-
-        if (ridx == -1) {
-            CMS.debug("CertificateIssuedListener: file separator: " + File.separator
-                    +
-                    " not found. Use default /");
-            ridx = mFormPath.lastIndexOf("/");
-            mDir = mFormPath.substring(0, ridx + 1);
-        } else {
-            mDir = mFormPath.substring(0, ridx +
-                            File.separator.length());
-        }
-        CMS.debug("CertificateIssuedListener: template file directory: " + mDir);
-        mRejectPath = mDir + REJECT_FILE_NAME;
-        if (mFormPath.endsWith(".html"))
-            mRejectPath += ".html";
-        else if (mFormPath.endsWith(".HTML"))
-            mRejectPath += ".HTML";
-        else if (mFormPath.endsWith(".htm"))
-            mRejectPath += ".htm";
-        else if (mFormPath.endsWith(".HTM"))
-            mRejectPath += ".HTM";
-
-        CMS.debug("CertificateIssuedListener: Reject file path: " + mRejectPath);
-
-        mDateFormat = DateFormat.getDateTimeInstance();
-
-        mSubject_Success = rc.getString(PROP_EMAIL_SUBJECT,
-                    "Your Certificate Request");
-        mSubject = new String(mSubject_Success);
-
-        // form the cert retrieval URL for the notification
-        mHttpHost = CMS.getEEHost();
-        mHttpPort = CMS.getEESSLPort();
-
-        // register for this event listener
-        mSubsystem.registerRequestListener(this);
-    }
-
-    public void accept(IRequest r) {
-        CMS.debug("CertificateIssuedListener: accept " +
-                r.getRequestId().toString());
-        if (mEnabled != true)
-            return;
-
-        mSubject = mSubject_Success;
-        mReqId = r.getRequestId();
-        // is it rejected?
-        String rs = r.getRequestStatus().toString();
-
-        if (rs.equals("rejected")) {
-            CMS.debug("CertificateIssuedListener: Request status: " + rs);
-            rejected(r);
-            return;
-        }
-
-        CMS.debug("CertificateIssuedListener: accept check status ");
-
-        // check if it is profile request
-        String profileId = r.getExtDataInString("profileId");
-
-        // check if request failed.
-        if (profileId == null) {
-            if (r.getExtDataInInteger(IRequest.RESULT) == null)
-                return;
-            if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) {
-                CMS.debug("CertificateIssuedListener: Request errored. " +
-                        "No need to email notify for enrollment request id " +
-                        mReqId);
-                return;
-            }
-        }
-        String requestType = r.getRequestType();
-
-        if (requestType.equals(IRequest.ENROLLMENT_REQUEST) ||
-                requestType.equals(IRequest.RENEWAL_REQUEST)) {
-            CMS.debug("accept() enrollment/renewal request...");
-            // Get the certificate from the request
-            X509CertImpl issuedCert[] = null;
-
-            // handle profile-based enrollment's notification
-            if (profileId == null) {
-                issuedCert = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
-            } else {
-                issuedCert = new X509CertImpl[1];
-                issuedCert[0] =
-                        r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
-            }
-
-            if (issuedCert != null) {
-                CMS.debug("CertificateIssuedListener: Sending email notification..");
-
-                // do we have an email to send?
-                String mEmail = null;
-                IEmailResolverKeys keys = CMS.getEmailResolverKeys();
-
-                try {
-                    keys.set(IEmailResolverKeys.KEY_REQUEST, r);
-                    keys.set(IEmailResolverKeys.KEY_CERT,
-                            issuedCert[0]);
-                } catch (EBaseException e) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
-                }
-
-                IEmailResolver er = CMS.getReqCertSANameEmailResolver();
-
-                try {
-                    mEmail = er.getEmail(keys);
-                } catch (ENotificationException e) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
-                                    e.toString()));
-                } catch (EBaseException e) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
-                                    e.toString()));
-                } catch (Exception e) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
-                                    e.toString()));
-                }
-
-                // now we can mail
-                if ((mEmail != null) && (!mEmail.equals(""))) {
-                    mailIt(mEmail, issuedCert);
-                } else {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR",
-                                    issuedCert[0].getSerialNumber().toString(), mReqId.toString()));
-                    // send failure notification to "sender"
-                    mSubject = "Certificate Issued notification undeliverable";
-                    mailIt(mSenderEmail, issuedCert);
-                }
-            }
-        }
-    }
-
-    private void mailIt(String mEmail, X509CertImpl issuedCert[]) {
-        IMailNotification mn = CMS.getMailNotification();
-
-        mn.setFrom(mSenderEmail);
-        mn.setTo(mEmail);
-        mn.setSubject(mSubject);
-
-        /*
-         * get template file from disk
-         */
-        IEmailTemplate template = CMS.getEmailTemplate(mFormPath);
-
-        /*
-         * parse and process the template
-         */
-        if (template != null) {
-            if (!template.init()) {
-                return;
-            }
-
-            buildContentParams(issuedCert, mEmail);
-            IEmailFormProcessor et = CMS.getEmailFormProcessor();
-            String c = et.getEmailContent(template.toString(), mContentParams);
-
-            if (template.isHTML()) {
-                mn.setContentType("text/html");
-            }
-            mn.setContent(c);
-        } else {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR",
-                            issuedCert[0].getSerialNumber().toString(), mReqId.toString()));
-
-            mn.setContent("Serial Number = " +
-                    issuedCert[0].getSerialNumber() +
-                    "; Request ID = " + mReqId);
-        }
-
-        try {
-            mn.sendNotification();
-        } catch (ENotificationException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-        }
-    }
-
-    private void rejected(IRequest r) {
-        // do we have an email to send?
-        String mEmail = null;
-        IEmailResolverKeys keys = CMS.getEmailResolverKeys();
-
-        try {
-            keys.set(IEmailResolverKeys.KEY_REQUEST, r);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
-        }
-
-        IEmailResolver er = CMS.getReqCertSANameEmailResolver();
-
-        try {
-            mEmail = er.getEmail(keys);
-        } catch (ENotificationException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-        }
-
-        // now we can mail
-        if ((mEmail != null) && !mEmail.equals("")) {
-            IMailNotification mn = CMS.getMailNotification();
-
-            mn.setFrom(mSenderEmail);
-            mn.setTo(mEmail);
-            mn.setSubject(mSubject);
-
-            /*
-             * get rejection file from disk
-             */
-            IEmailTemplate template = CMS.getEmailTemplate(mRejectPath);
-
-            if (template != null) {
-                if (!template.init()) {
-                    return;
-                }
-
-                if (template.isHTML()) {
-                    mn.setContentType("text/html");
-                }
-
-                // build some token data
-                mContentParams.put(IEmailFormProcessor.TOKEN_ID, mConfig.getName());
-                mReqId = r.getRequestId();
-                mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID,
-                        mReqId.toString());
-                IEmailFormProcessor et = CMS.getEmailFormProcessor();
-                String c = et.getEmailContent(template.toString(), mContentParams);
-
-                mn.setContent(c);
-            } else {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION"));
-                mn.setContent("Your Certificate Request has been rejected.  Please contact your administrator for assistance");
-            }
-
-            try {
-                mn.sendNotification();
-            } catch (ENotificationException e) {
-                // already logged, lets audit
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-            }
-        } else {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION_NOTIFICATION", mReqId.toString()));
-
-        }
-    }
-
-    private void buildContentParams(X509CertImpl issuedCert[], String mEmail) {
-        mContentParams.put(IEmailFormProcessor.TOKEN_ID,
-                mConfig.getName());
-        mContentParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM,
-                issuedCert[0].getSerialNumber().toString());
-        mContentParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM,
-                Long.toHexString(issuedCert[0].getSerialNumber().longValue()));
-        mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID,
-                mReqId.toString());
-        mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST,
-                mHttpHost);
-        mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT,
-                mHttpPort);
-        mContentParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN,
-                issuedCert[0].getIssuerDN().toString());
-        mContentParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN,
-                issuedCert[0].getSubjectDN().toString());
-
-        Date date = issuedCert[0].getNotAfter();
-
-        mContentParams.put(IEmailFormProcessor.TOKEN_NOT_AFTER,
-                mDateFormat.format(date));
-
-        date = issuedCert[0].getNotBefore();
-        mContentParams.put(IEmailFormProcessor.TOKEN_NOT_BEFORE,
-                mDateFormat.format(date));
-
-        mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL,
-                mSenderEmail);
-        mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL,
-                mEmail);
-        // ... and more
-    }
-
-    /**
-     * sets the configurable parameters
-     */
-    public void set(String name, String val) {
-        if (name.equalsIgnoreCase(PROP_ENABLED)) {
-            if (val.equalsIgnoreCase("true")) {
-                mEnabled = true;
-            } else {
-                mEnabled = false;
-            }
-        } else if (name.equalsIgnoreCase(PROP_SENDER_EMAIL)) {
-            mSenderEmail = val;
-        } else if (name.equalsIgnoreCase(PROP_EMAIL_SUBJECT)) {
-            mSubject_Success = val;
-            mSubject = mSubject_Success;
-        } else if (name.equalsIgnoreCase(PROP_EMAIL_TEMPLATE)) {
-            mFormPath = val;
-        } else {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET"));
-        }
-    }
-
-    private void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-                level, msg);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java b/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java
deleted file mode 100644
index b361057b4..000000000
--- a/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java
+++ /dev/null
@@ -1,368 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.listeners;
-
-import java.io.File;
-import java.io.IOException;
-import java.security.cert.X509Certificate;
-import java.text.DateFormat;
-import java.util.Date;
-import java.util.Hashtable;
-
-import netscape.security.x509.RevokedCertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.listeners.EListenersException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.notification.ENotificationException;
-import com.netscape.certsrv.notification.IEmailFormProcessor;
-import com.netscape.certsrv.notification.IEmailResolver;
-import com.netscape.certsrv.notification.IEmailResolverKeys;
-import com.netscape.certsrv.notification.IEmailTemplate;
-import com.netscape.certsrv.notification.IMailNotification;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestListener;
-import com.netscape.certsrv.request.RequestId;
-
-/**
- * a listener for every completed enrollment request
- * <p>
- * Here is a list of available $TOKENs for email notification templates if certificate is successfully issued:
- * <UL>
- * <LI>$InstanceID
- * <LI>$SerialNumber
- * <LI>$HexSerialNumber
- * <LI>$HttpHost
- * <LI>$HttpPort
- * <LI>$RequestId
- * <LI>$IssuerDN
- * <LI>$SubjectDN
- * <LI>$NotBefore
- * <LI>$NotAfter
- * <LI>$SenderEmail
- * <LI>$RecipientEmail
- * </UL>
- * <p>
- * Here is a list of available $TOKENs for email notification templates if certificate request is revoked:
- * <UL>
- * <LI>$RequestId
- * <LI>$InstanceID
- * </UL>
- *
- * @version $Revision$, $Date$
- */
-public class CertificateRevokedListener implements IRequestListener {
-    protected final static String PROP_CERT_ISSUED_SUBSTORE = "certRevoked";
-    protected static final String PROP_ENABLED = "enabled";
-    protected final static String PROP_NOTIFY_SUBSTORE = "notification";
-
-    protected final static String PROP_SENDER_EMAIL = "senderEmail";
-    protected final static String PROP_EMAIL_SUBJECT = "emailSubject";
-    public final static String PROP_EMAIL_TEMPLATE = "emailTemplate";
-
-    protected final static String REJECT_FILE_NAME = "certRequestRejected";
-
-    private boolean mEnabled = false;
-    private ILogger mLogger = CMS.getLogger();
-    private String mSenderEmail = null;
-    private String mSubject = null;
-    private String mSubject_Success = null;
-    private String mFormPath = null;
-    private String mRejectPath = null;
-    private Hashtable<String, Object> mContentParams = new Hashtable<String, Object>();
-
-    private IConfigStore mConfig = null;
-    private DateFormat mDateFormat = null;
-    private ICertAuthority mSubsystem = null;
-    private String mHttpHost = null;
-    private String mHttpPort = null;
-    private RequestId mReqId = null;
-
-    public CertificateRevokedListener() {
-    }
-
-    public void init(ISubsystem sub, IConfigStore config)
-            throws EListenersException, EPropertyNotFound, EBaseException {
-        mSubsystem = (ICertAuthority) sub;
-        mConfig = mSubsystem.getConfigStore();
-
-        IConfigStore nc = mConfig.getSubStore(PROP_NOTIFY_SUBSTORE);
-        IConfigStore rc = nc.getSubStore(PROP_CERT_ISSUED_SUBSTORE);
-
-        mEnabled = rc.getBoolean(PROP_ENABLED, false);
-
-        mSenderEmail = rc.getString(PROP_SENDER_EMAIL);
-        if (mSenderEmail == null) {
-            throw new EListenersException(CMS.getLogMessage("NO_NOTIFY_SENDER_EMAIL_CONFIG_FOUND"));
-        }
-
-        mFormPath = rc.getString(PROP_EMAIL_TEMPLATE);
-        String mDir = null;
-
-        // figure out the reject email path: same dir as form path,
-        //		same ending as form path
-        int ridx = mFormPath.lastIndexOf(File.separator);
-
-        if (ridx == -1) {
-            CMS.debug("CertificateRevokedListener: file separator: " + File.separator
-                    +
-                    " not found. Use default /");
-            ridx = mFormPath.lastIndexOf("/");
-            mDir = mFormPath.substring(0, ridx + 1);
-        } else {
-            mDir = mFormPath.substring(0, ridx +
-                            File.separator.length());
-        }
-        CMS.debug("CertificateRevokedListener: template file directory: " + mDir);
-        mRejectPath = mDir + REJECT_FILE_NAME;
-        if (mFormPath.endsWith(".html"))
-            mRejectPath += ".html";
-        else if (mFormPath.endsWith(".HTML"))
-            mRejectPath += ".HTML";
-        else if (mFormPath.endsWith(".htm"))
-            mRejectPath += ".htm";
-        else if (mFormPath.endsWith(".HTM"))
-            mRejectPath += ".HTM";
-
-        CMS.debug("CertificateRevokedListener: Reject file path: " + mRejectPath);
-
-        mDateFormat = DateFormat.getDateTimeInstance();
-
-        mSubject_Success = rc.getString(PROP_EMAIL_SUBJECT,
-                    "Your Certificate Request");
-        mSubject = new String(mSubject_Success);
-
-        // form the cert retrieval URL for the notification
-        mHttpHost = CMS.getEEHost();
-        mHttpPort = CMS.getEESSLPort();
-
-        // register for this event listener
-        mSubsystem.registerRequestListener(this);
-    }
-
-    public void accept(IRequest r) {
-        if (mEnabled != true)
-            return;
-
-        mSubject = mSubject_Success;
-        mReqId = r.getRequestId();
-        // is it revoked?
-        String rs = r.getRequestStatus().toString();
-        String requestType = r.getRequestType();
-
-        if (requestType.equals(IRequest.REVOCATION_REQUEST) == false)
-            return;
-        if (rs.equals("complete") == false) {
-            CMS.debug("CertificateRevokedListener: Request status: " + rs);
-            //revoked(r);
-            return;
-        }
-
-        // check if request failed.
-        if (r.getExtDataInInteger(IRequest.RESULT) == null)
-            return;
-
-        if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) {
-            CMS.debug("CertificateRevokedListener: Request errored. " +
-                    "No need to email notify for enrollment request id " +
-                    mReqId);
-            return;
-        }
-
-        if (requestType.equals(IRequest.REVOCATION_REQUEST)) {
-            CMS.debug("CertificateRevokedListener: accept() revocation request...");
-            // Get the certificate from the request
-            //X509CertImpl issuedCert[] =
-            //    (X509CertImpl[])
-            RevokedCertImpl crlentries[] =
-                    r.getExtDataInRevokedCertArray(IRequest.CERT_INFO);
-
-            if (crlentries != null) {
-                CMS.debug("CertificateRevokedListener: Sending email notification..");
-
-                // do we have an email to send?
-                String mEmail = null;
-                IEmailResolverKeys keys = CMS.getEmailResolverKeys();
-
-                try {
-                    keys.set(IEmailResolverKeys.KEY_REQUEST, r);
-                    keys.set(IEmailResolverKeys.KEY_CERT,
-                            crlentries[0]);
-                } catch (EBaseException e) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
-                }
-
-                IEmailResolver er = CMS.getReqCertSANameEmailResolver();
-
-                try {
-                    mEmail = er.getEmail(keys);
-                } catch (ENotificationException e) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
-                                    e.toString()));
-                } catch (EBaseException e) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
-                                    e.toString()));
-                } catch (Exception e) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
-                                    e.toString()));
-                }
-
-                // now we can mail
-                if ((mEmail != null) && (!mEmail.equals(""))) {
-                    mailIt(mEmail, crlentries);
-                } else {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR",
-                                    crlentries[0].getSerialNumber().toString(), mReqId.toString()));
-                    // send failure notification to "sender"
-                    mSubject = "Certificate Issued notification undeliverable";
-                    mailIt(mSenderEmail, crlentries);
-                }
-            }
-        }
-    }
-
-    private void mailIt(String mEmail, RevokedCertImpl crlentries[]) {
-        IMailNotification mn = CMS.getMailNotification();
-
-        mn.setFrom(mSenderEmail);
-        mn.setTo(mEmail);
-        mn.setSubject(mSubject);
-
-        /*
-         * get template file from disk
-         */
-        IEmailTemplate template = CMS.getEmailTemplate(mFormPath);
-
-        /*
-         * parse and process the template
-         */
-        if (template != null) {
-            if (!template.init()) {
-                return;
-            }
-
-            buildContentParams(crlentries, mEmail);
-            IEmailFormProcessor et = CMS.getEmailFormProcessor();
-            String c = et.getEmailContent(template.toString(), mContentParams);
-
-            if (template.isHTML()) {
-                mn.setContentType("text/html");
-            }
-            mn.setContent(c);
-        } else {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR",
-                            crlentries[0].getSerialNumber().toString(), mReqId.toString()));
-
-            mn.setContent("Serial Number = " +
-                    crlentries[0].getSerialNumber() +
-                    "; Request ID = " + mReqId);
-        }
-
-        try {
-            mn.sendNotification();
-        } catch (ENotificationException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-        }
-    }
-
-    private void buildContentParams(RevokedCertImpl crlentries[], String mEmail) {
-        mContentParams.put(IEmailFormProcessor.TOKEN_ID,
-                mConfig.getName());
-        mContentParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM,
-                crlentries[0].getSerialNumber().toString());
-        mContentParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM,
-                Long.toHexString(crlentries[0].getSerialNumber().longValue()));
-        mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID,
-                mReqId.toString());
-        mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST,
-                mHttpHost);
-        mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT,
-                mHttpPort);
-
-        try {
-            RevokedCertImpl revCert = crlentries[0];
-            ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-            ICertificateRepository certDB = ca.getCertificateRepository();
-            X509Certificate cert = certDB.getX509Certificate(revCert.getSerialNumber());
-
-            mContentParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN,
-                    cert.getIssuerDN().toString());
-            mContentParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN,
-                    cert.getSubjectDN().toString());
-            Date date = crlentries[0].getRevocationDate();
-
-            mContentParams.put(IEmailFormProcessor.TOKEN_REVOCATION_DATE,
-                    mDateFormat.format(date));
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
-        }
-
-        mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL,
-                mSenderEmail);
-        mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL,
-                mEmail);
-        // ... and more
-    }
-
-    /**
-     * sets the configurable parameters
-     */
-    public void set(String name, String val) {
-        if (name.equalsIgnoreCase(PROP_ENABLED)) {
-            if (val.equalsIgnoreCase("true")) {
-                mEnabled = true;
-            } else {
-                mEnabled = false;
-            }
-        } else if (name.equalsIgnoreCase(PROP_SENDER_EMAIL)) {
-            mSenderEmail = val;
-        } else if (name.equalsIgnoreCase(PROP_EMAIL_SUBJECT)) {
-            mSubject_Success = val;
-            mSubject = mSubject_Success;
-        } else if (name.equalsIgnoreCase(PROP_EMAIL_TEMPLATE)) {
-            mFormPath = val;
-        } else {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET"));
-        }
-    }
-
-    private void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-                level, msg);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java b/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java
deleted file mode 100644
index 21d69e29d..000000000
--- a/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java
+++ /dev/null
@@ -1,171 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.listeners;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPModification;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.ldap.ILdapConnFactory;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestListener;
-
-/**
- * This represnets a listener that removes pin from LDAP directory.
- *
- * @version $Revision$, $Date$
- */
-public class PinRemovalListener implements IRequestListener {
-    protected static final String PROP_ENABLED = "enabled";
-    protected static final String PROP_LDAP = "ldap";
-    protected static final String PROP_BASEDN = "ldap.basedn";
-    protected static final String PROP_PINATTR = "pinAttr";
-
-    protected String mName = null;
-    protected String mImplName = null;
-    protected String mBaseDN = null;
-    protected String mPinAttr = null;
-
-    private boolean mEnabled = false;
-    private ILogger mLogger = CMS.getLogger();
-
-    private IConfigStore mConfig = null;
-    private IConfigStore mLdapConfig = null;
-    private ILdapConnFactory mConnFactory = null;
-    private LDAPConnection mRemovePinLdapConnection = null;
-
-    public PinRemovalListener() {
-    }
-
-    public String getName() {
-        return mName;
-    }
-
-    public String getImplName() {
-        return mImplName;
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    public void shutdown() {
-    }
-
-    protected String[] configParams = { "a" };
-
-    public String[] getConfigParams()
-            throws EBaseException {
-
-        return configParams;
-    }
-
-    public void init(ISubsystem sub, IConfigStore config) throws EBaseException {
-        init(null, null, config);
-    }
-
-    public void init(String name, String ImplName, IConfigStore config)
-            throws EBaseException {
-        mName = name;
-        mImplName = ImplName;
-        mConfig = config;
-
-        mLdapConfig = mConfig.getSubStore(PROP_LDAP);
-        mConnFactory = CMS.getLdapBoundConnFactory();
-        mConnFactory.init(mLdapConfig);
-        mRemovePinLdapConnection = mConnFactory.getConn();
-
-        mEnabled = mConfig.getBoolean(PROP_ENABLED, false);
-        mBaseDN = mConfig.getString(PROP_BASEDN, "");
-        mPinAttr = mConfig.getString(PROP_PINATTR, "pin");
-
-    }
-
-    public void accept(IRequest r) {
-        if (mEnabled != true)
-            return;
-
-        String rs = r.getRequestStatus().toString();
-
-        CMS.debug("PinRemovalListener: Request status: " + rs);
-        if (!rs.equals("complete")) {
-            CMS.debug("PinRemovalListener: - request not complete - not removing pin");
-            return;
-        }
-        String requestType = r.getRequestType();
-
-        if (requestType.equals(IRequest.ENROLLMENT_REQUEST) ||
-                requestType.equals(IRequest.RENEWAL_REQUEST)) {
-
-            String uid = r.getExtDataInString(
-                    IRequest.HTTP_PARAMS, "uid");
-
-            if (uid == null) {
-                log(ILogger.LL_INFO, "did not find UID parameter in this request");
-                return;
-            }
-
-            String userdn = null;
-
-            try {
-                LDAPSearchResults res = mRemovePinLdapConnection.search(mBaseDN,
-                        LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false);
-
-                if (!res.hasMoreElements()) {
-                    log(ILogger.LL_SECURITY, "uid " + uid + " does not exist in the ldap " +
-                            " server. Could not remove pin");
-                    return;
-                }
-
-                LDAPEntry entry = (LDAPEntry) res.nextElement();
-
-                userdn = entry.getDN();
-
-                mRemovePinLdapConnection.modify(userdn,
-                        new LDAPModification(
-                                LDAPModification.DELETE,
-                                new LDAPAttribute(mPinAttr)));
-
-                log(ILogger.LL_INFO, "Removed pin for user \"" + userdn + "\"");
-
-            } catch (LDAPException e) {
-                log(ILogger.LL_SECURITY, "could not remove pin for " + userdn);
-            }
-
-        }
-    }
-
-    private void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-                level, "PinRemovalListener: " + msg);
-    }
-
-    public void set(String name, String val) {
-    }
-}
diff --git a/base/common/src/com/netscape/cms/listeners/RequestInQListener.java b/base/common/src/com/netscape/cms/listeners/RequestInQListener.java
deleted file mode 100644
index f1f396ca3..000000000
--- a/base/common/src/com/netscape/cms/listeners/RequestInQListener.java
+++ /dev/null
@@ -1,277 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.listeners;
-
-import java.io.IOException;
-import java.util.Hashtable;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.listeners.EListenersException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.notification.ENotificationException;
-import com.netscape.certsrv.notification.IEmailFormProcessor;
-import com.netscape.certsrv.notification.IEmailTemplate;
-import com.netscape.certsrv.notification.IMailNotification;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestListener;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.cms.profile.input.SubjectNameInput;
-import com.netscape.cms.profile.input.SubmitterInfoInput;
-
-/**
- * a listener for every request gets into the request queue.
- * <p>
- * Here is a list of available $TOKENs for email notification templates:
- * <UL>
- * <LI>$RequestorEmail
- * <LI>$CertType
- * <LI>$RequestType
- * <LI>$RequestId
- * <LI>$HttpHost
- * <LI>$HttpPort
- * <LI>$SenderEmail
- * <LI>$RecipientEmail
- * </UL>
- *
- */
-public class RequestInQListener implements IRequestListener {
-    protected static final String PROP_ENABLED = "enabled";
-    protected final static String PROP_SENDER_EMAIL = "senderEmail";
-    protected final static String PROP_RECVR_EMAIL = "recipientEmail";
-    public final static String PROP_EMAIL_TEMPLATE = "emailTemplate";
-    protected static final String PROP_EMAIL_SUBJECT = "emailSubject";
-
-    protected final static String PROP_NOTIFY_SUBSTORE = "notification";
-    protected final static String PROP_REQ_IN_Q_SUBSTORE = "requestInQ";
-
-    private boolean mEnabled = false;
-    private ILogger mLogger = CMS.getLogger();
-    private String mSenderEmail = null;
-    private String mRecipientEmail = null;
-    private String mEmailSubject = null;
-    private String mFormPath = null;
-    private IConfigStore mConfig = null;
-    private Hashtable<String, Object> mContentParams = new Hashtable<String, Object>();
-    private String mId = "RequestInQListener";
-    private ICertAuthority mSubsystem = null;
-    private String mHttpHost = null;
-    private String mAgentPort = null;
-
-    /**
-     * Constructor
-     */
-    public RequestInQListener() {
-    }
-
-    /**
-     * initializes the listener from the configuration
-     */
-    public void init(ISubsystem sub, IConfigStore config)
-            throws EListenersException, EPropertyNotFound, EBaseException {
-
-        mSubsystem = (ICertAuthority) sub;
-        mConfig = mSubsystem.getConfigStore();
-
-        IConfigStore nc = mConfig.getSubStore(PROP_NOTIFY_SUBSTORE);
-        IConfigStore rq = nc.getSubStore(PROP_REQ_IN_Q_SUBSTORE);
-
-        mEnabled = rq.getBoolean(PROP_ENABLED, false);
-
-        mSenderEmail = rq.getString(PROP_SENDER_EMAIL);
-        if (mSenderEmail == null) {
-            throw new EListenersException(CMS.getLogMessage("NO_NOTIFY_SENDER_EMAIL_CONFIG_FOUND"));
-        }
-        mRecipientEmail = rq.getString(PROP_RECVR_EMAIL);
-        if (mRecipientEmail == null) {
-            throw new EListenersException(CMS.getLogMessage("NO_NOTIFY_RECVR_EMAIL_CONFIG_FOUND"));
-        }
-
-        mEmailSubject = rq.getString(PROP_EMAIL_SUBJECT);
-        if (mEmailSubject == null) {
-            mEmailSubject = "Request in Queue";
-        }
-
-        mFormPath = rq.getString(PROP_EMAIL_TEMPLATE);
-
-        // make available http host and port for forming url in templates
-        mHttpHost = CMS.getAgentHost();
-        mAgentPort = CMS.getAgentPort();
-        if (mAgentPort == null)
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_REQUEST_PORT_NOT_FOUND"));
-        else
-            CMS.debug("RequestInQuListener: agentport = " + mAgentPort);
-
-        // register for this event listener
-        mSubsystem.registerPendingListener(this);
-    }
-
-    /**
-     * carries out the operation when the listener is triggered.
-     *
-     * @param r IRequest structure holding the request information
-     * @see com.netscape.certsrv.request.IRequest
-     */
-    public void accept(IRequest r) {
-
-        if (mEnabled != true)
-            return;
-
-        // regardless of type of request...notify for everything
-        // no need for email resolver here...
-        IMailNotification mn = CMS.getMailNotification();
-
-        mn.setFrom(mSenderEmail);
-        mn.setTo(mRecipientEmail);
-        mn.setSubject(mEmailSubject + " (request id: " +
-                r.getRequestId() + ")");
-
-        /*
-         * get form file from disk
-         */
-        IEmailTemplate template = CMS.getEmailTemplate(mFormPath);
-
-        /*
-         * parse and process the template
-         */
-        if (template != null) {
-            if (!template.init()) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_TEMPLATE_NOT_INIT"));
-                return;
-            }
-
-            buildContentParams(r);
-            IEmailFormProcessor et = CMS.getEmailFormProcessor();
-            String c = et.getEmailContent(template.toString(), mContentParams);
-
-            if (template.isHTML()) {
-                mn.setContentType("text/html");
-            }
-            mn.setContent(c);
-        } else {
-            // log and mail
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("LISTENERS_TEMPLATE_NOT_GET"));
-            mn.setContent("Template not retrievable for Request in Queue notification");
-        }
-
-        try {
-            mn.sendNotification();
-        } catch (ENotificationException e) {
-            // already logged, lets audit
-            mLogger.log(ILogger.EV_AUDIT, null,
-                    ILogger.S_OTHER,
-                    ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_FAILURE,
-                    CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString()));
-
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString()));
-        }
-    }
-
-    private void buildContentParams(IRequest r) {
-        mContentParams.clear();
-        mContentParams.put(IEmailFormProcessor.TOKEN_ID,
-                mConfig.getName());
-        Object val = null;
-
-        String profileId = r.getExtDataInString("profileId");
-
-        if (profileId == null) {
-            val = r.getExtDataInString(IRequest.HTTP_PARAMS, "csrRequestorEmail");
-        } else {
-            // use the submitter info if available, otherwise, use the
-            // subject name input email
-            val = r.getExtDataInString(SubmitterInfoInput.EMAIL);
-
-            if ((val == null) || (((String) val).compareTo("") == 0)) {
-                val = r.getExtDataInString(SubjectNameInput.VAL_EMAIL);
-            }
-        }
-        if (val != null)
-            mContentParams.put(IEmailFormProcessor.TOKEN_REQUESTOR_EMAIL,
-                    val);
-
-        if (profileId == null) {
-            val = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
-        } else {
-            val = profileId;
-        }
-        if (val != null) {
-            mContentParams.put(IEmailFormProcessor.TOKEN_CERT_TYPE,
-                    val);
-        }
-
-        RequestId reqId = r.getRequestId();
-
-        mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID, reqId.toString());
-
-        mContentParams.put(IEmailFormProcessor.TOKEN_ID, mId);
-
-        val = r.getRequestType();
-        if (val != null)
-            mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_TYPE, val);
-
-        mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST, mHttpHost);
-        mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT, mAgentPort);
-
-        mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL, mSenderEmail);
-        mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL, mRecipientEmail);
-    }
-
-    /**
-     * sets the configurable parameters
-     *
-     * @param name a String represents the name of the configuration parameter to be set
-     * @param val a String containing the value to be set for name
-     */
-    public void set(String name, String val) {
-        if (name.equalsIgnoreCase(PROP_ENABLED)) {
-            if (val.equalsIgnoreCase("true")) {
-                mEnabled = true;
-            } else {
-                mEnabled = false;
-            }
-        } else if (name.equalsIgnoreCase(PROP_SENDER_EMAIL)) {
-            mSenderEmail = val;
-        } else if (name.equalsIgnoreCase(PROP_RECVR_EMAIL)) {
-            mRecipientEmail = val;
-        } else if (name.equalsIgnoreCase(PROP_EMAIL_SUBJECT)) {
-            mEmailSubject = val;
-        } else if (name.equalsIgnoreCase(PROP_EMAIL_TEMPLATE)) {
-            mFormPath = val;
-        } else {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET"));
-        }
-    }
-
-    private void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-                level, msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/logging/LogEntry.java b/base/common/src/com/netscape/cms/logging/LogEntry.java
deleted file mode 100644
index ac8d16f54..000000000
--- a/base/common/src/com/netscape/cms/logging/LogEntry.java
+++ /dev/null
@@ -1,134 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.logging;
-
-import java.text.DateFormat;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.Vector;
-
-/**
- * A log entry of LogFile
- *
- * @version $Revision$, $Date$
- */
-public class LogEntry {
-    private String mEntry;
-    private String mLevel;
-    private String mSource;
-    private String mDetail;
-    private String mDate;
-    private String mTime;
-    private Vector<String> mRow;
-
-    private final String DATE_PATTERN = "dd/MMM/yyyy:HH:mm:ss z";
-
-    /**
-     * Constructor for a LogEntry.
-     *
-     */
-    public LogEntry(String entry) throws ParseException {
-        mEntry = entry;
-        mRow = parse();
-    }
-
-    /**
-     * parse a log entry
-     *
-     * return a vector of the segments of the entry
-     */
-
-    public Vector<String> parse() throws ParseException {
-        int x = mEntry.indexOf("[");
-
-        if (x == -1)
-            throw new ParseException(mEntry, 0);
-        String temp = mEntry.substring(x + 1);
-
-        x = temp.indexOf("]");
-        if (x == -1)
-            throw new ParseException(mEntry, 0);
-
-        String dateStr = temp.substring(0, x);
-        SimpleDateFormat format = new SimpleDateFormat(DATE_PATTERN);
-        Date date = format.parse(dateStr);
-
-        mDate = DateFormat.getDateInstance().format(date);
-        mTime = DateFormat.getTimeInstance().format(date);
-
-        temp = temp.substring(x + 2);
-        x = temp.indexOf("]");
-        if (x == -1)
-            throw new ParseException(mEntry, 0);
-        mSource = temp.substring(1, x);
-
-        temp = temp.substring(x + 2);
-        x = temp.indexOf("]");
-        if (x == -1)
-            throw new ParseException(mEntry, 0);
-        mLevel = temp.substring(1, x);
-
-        mDetail = temp.substring(x + 2);
-
-        Vector<String> row = new Vector<String>();
-
-        row.addElement(mSource);
-        row.addElement(mLevel);
-        row.addElement(mDate);
-        row.addElement(mTime);
-        row.addElement(mDetail);
-
-        //System.out.println(mSource +"," + mLevel +","+ mDate+","+mTime+","+mDetail);
-        return row;
-
-    }
-
-    public String getSource() {
-        return mSource;
-    }
-
-    public String getLevel() {
-        return mLevel;
-    }
-
-    public String getDetail() {
-        return mDetail;
-    }
-
-    public String getDate() {
-        return mDate;
-    }
-
-    public String getTime() {
-        return mTime;
-    }
-
-    public Vector<String> getRow() {
-        return mRow;
-    }
-
-    public String getEntry() {
-        return mEntry;
-    }
-
-    public void appendDetail(String msg) {
-        mDetail = mDetail + "\n" + msg;
-        mEntry = mEntry + "\n" + msg;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/logging/LogFile.java b/base/common/src/com/netscape/cms/logging/LogFile.java
deleted file mode 100644
index c465a4e53..000000000
--- a/base/common/src/com/netscape/cms/logging/LogFile.java
+++ /dev/null
@@ -1,1546 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.logging;
-
-import java.io.BufferedReader;
-import java.io.BufferedWriter;
-import java.io.ByteArrayOutputStream;
-import java.io.CharArrayReader;
-import java.io.CharArrayWriter;
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.FileReader;
-import java.io.FileWriter;
-import java.io.FilterOutputStream;
-import java.io.IOException;
-import java.io.LineNumberReader;
-import java.io.PrintStream;
-import java.io.PrintWriter;
-import java.io.RandomAccessFile;
-import java.io.UnsupportedEncodingException;
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.interfaces.DSAPrivateKey;
-import java.security.interfaces.RSAPrivateKey;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.Hashtable;
-import java.util.LinkedHashSet;
-import java.util.Locale;
-import java.util.Properties;
-import java.util.Set;
-import java.util.Vector;
-
-import javax.servlet.ServletException;
-
-import org.apache.commons.lang.StringUtils;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.crypto.ObjectNotFoundException;
-import org.mozilla.jss.crypto.TokenException;
-import org.mozilla.jss.crypto.X509Certificate;
-import org.mozilla.jss.util.Base64OutputStream;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.common.Constants;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.logging.AuditEvent;
-import com.netscape.certsrv.logging.ConsoleError;
-import com.netscape.certsrv.logging.ELogException;
-import com.netscape.certsrv.logging.ILogEvent;
-import com.netscape.certsrv.logging.ILogEventListener;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.logging.SignedAuditEvent;
-import com.netscape.certsrv.logging.SystemEvent;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * A log event listener which write logs to log files
- *
- * @version $Revision$, $Date$
- **/
-public class LogFile implements ILogEventListener, IExtendedPluginInfo {
-    public static final String PROP_TYPE = "type";
-    public static final String PROP_REGISTER = "register";
-    public static final String PROP_ON = "enable";
-    public static final String PROP_TRACE = "trace";
-    public static final String PROP_SIGNED_AUDIT_LOG_SIGNING = "logSigning";
-    public static final String PROP_SIGNED_AUDIT_CERT_NICKNAME =
-                              "signedAuditCertNickname";
-    public static final String PROP_SIGNED_AUDIT_SELECTED_EVENTS = "events";
-    public static final String PROP_SIGNED_AUDIT_UNSELECTED_EVENTS = "unselected.events";
-    public static final String PROP_SIGNED_AUDIT_MANDATORY_EVENTS = "mandatory.events";
-    public static final String PROP_LEVEL = "level";
-    static final String PROP_FILE_NAME = "fileName";
-    static final String PROP_LAST_HASH_FILE_NAME = "lastHashFileName";
-    static final String PROP_BUFFER_SIZE = "bufferSize";
-    static final String PROP_FLUSH_INTERVAL = "flushInterval";
-
-    private final static String LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP =
-                               "LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP_2";
-    private final static String LOGGING_SIGNED_AUDIT_SIGNING =
-                               "LOGGING_SIGNED_AUDIT_SIGNING_3";
-    private final static String LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN =
-                               "LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN_2";
-    private final static String LOG_SIGNED_AUDIT_EXCEPTION =
-                               "LOG_SIGNED_AUDIT_EXCEPTION_1";
-
-    protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
-    protected IConfigStore mConfig = null;
-
-    /**
-     * The date string used in the log file name
-     */
-    static final String DATE_PATTERN = "yyyyMMddHHmmss";
-
-    //It may be interesting to make this flexable someday....
-    protected SimpleDateFormat mLogFileDateFormat = new SimpleDateFormat(DATE_PATTERN);
-
-    /**
-     * The default output stream buffer size in bytes
-     */
-    static final int BUFFER_SIZE = 512;
-
-    /**
-     * The default output flush interval in seconds
-     */
-    static final int FLUSH_INTERVAL = 5;
-
-    /**
-     * The log file
-     */
-    protected File mFile = null;
-
-    /**
-     * The log file name
-     */
-    protected String mFileName = null;
-
-    /**
-     * The log file output stream
-     */
-    protected BufferedWriter mLogWriter = null;
-
-    /**
-     * The log date entry format pattern
-     */
-    protected String mDatePattern = "dd/MMM/yyyy:HH:mm:ss z";
-
-    /**
-     * The log date entry format
-     */
-    protected SimpleDateFormat mLogDateFormat = new SimpleDateFormat(mDatePattern);
-
-    /**
-     * The date object used for log entries
-     */
-    protected Date mDate = new Date();
-
-    /**
-     * The number of bytes written to the current log file
-     */
-    protected int mBytesWritten = 0;
-
-    /**
-     * The output buffer size in bytes
-     */
-    protected int mBufferSize = BUFFER_SIZE;
-
-    /**
-     * The output buffer flush interval
-     */
-    protected int mFlushInterval = FLUSH_INTERVAL;
-
-    /**
-     * The number of unflushed bytes
-     */
-    protected int mBytesUnflushed = 0;
-
-    /**
-     * The output buffer flush interval thread
-     */
-    private Thread mFlushThread = null;
-
-    /**
-     * The mandatory log event types
-     */
-    protected Set<String> mandatoryEvents = new LinkedHashSet<String>();
-
-    /**
-     * The selected log event types
-     */
-    protected Set<String> selectedEvents = new LinkedHashSet<String>();
-
-    /**
-     * The unselected log event types
-     */
-    protected Set<String> unselectedEvents = new LinkedHashSet<String>();
-
-    /**
-     * The eventType that this log is triggered
-     */
-    protected String mType = null;
-
-    /**
-     * The log is turned on/off
-     */
-    protected boolean mOn = false;
-
-    /**
-     * Should this log listener self-register or not
-     */
-    protected boolean mRegister = false;
-
-    protected boolean mTrace = false;
-
-    /**
-     * Log signing is on/off
-     */
-    protected boolean mLogSigning = false;
-
-    /**
-     * Nickname of certificate to use to sign log.
-     */
-    private String mSAuditCertNickName = "";
-
-    /**
-     * The provider used by the KeyGenerator and Mac
-     */
-    static final String CRYPTO_PROVIDER = "Mozilla-JSS";
-
-    /**
-     * The log level threshold
-     * Only logs with level greater or equal than this value will be written
-     */
-    protected long mLevel = 1;
-
-    /**
-     * Constructor for a LogFile.
-     *
-     */
-    public LogFile() {
-    }
-
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-
-        try {
-            mOn = config.getBoolean(PROP_ON, true);
-        } catch (EBaseException e) {
-            throw new ELogException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
-                    config.getName() + "." + PROP_ON));
-        }
-
-        try {
-            mLogSigning = config.getBoolean(PROP_SIGNED_AUDIT_LOG_SIGNING,
-                                            false);
-        } catch (EBaseException e) {
-            throw new ELogException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
-                    config.getName() + "." + PROP_SIGNED_AUDIT_LOG_SIGNING));
-        }
-
-        if (mOn && mLogSigning) {
-            try {
-                mSAuditCertNickName = config.getString(
-                                          PROP_SIGNED_AUDIT_CERT_NICKNAME);
-                CMS.debug("LogFile: init(): audit log signing enabled. signedAuditCertNickname=" + mSAuditCertNickName);
-            } catch (EBaseException e) {
-                throw new ELogException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
-                        config.getName() + "."
-                                         + PROP_SIGNED_AUDIT_CERT_NICKNAME));
-            }
-            if (mSAuditCertNickName == null ||
-                    mSAuditCertNickName.trim().equals("")) {
-                throw new ELogException(CMS.getUserMessage(
-                        "CMS_BASE_GET_PROPERTY_FAILED",
-                        config.getName() + "."
-                                + PROP_SIGNED_AUDIT_CERT_NICKNAME));
-            }
-        }
-
-        // mandatory events
-        String mandatoryEventsList = config.getString(PROP_SIGNED_AUDIT_MANDATORY_EVENTS, "");
-        for (String event : StringUtils.split(mandatoryEventsList, ", ")) {
-            mandatoryEvents.add(event);
-        }
-
-        // selected events
-        String selectedEventsList = config.getString(PROP_SIGNED_AUDIT_SELECTED_EVENTS, "");
-        for (String event : StringUtils.split(selectedEventsList, ", ")) {
-            selectedEvents.add(event);
-        }
-
-        // unselected events
-        String unselectedEventsList = config.getString(PROP_SIGNED_AUDIT_UNSELECTED_EVENTS, "");
-        for (String event : StringUtils.split(unselectedEventsList, ", ")) {
-            unselectedEvents.add(event);
-        }
-
-        try {
-            init(config);
-        } catch (IOException e) {
-            throw new ELogException(CMS.getUserMessage("CMS_LOG_UNEXPECTED_EXCEPTION", e.toString()));
-        }
-    }
-
-    /**
-     * add the event to the selected events list
-     *
-     * @param event to be selected
-     */
-    public void selectEvent(String event) {
-        selectedEvents.add(event);
-        unselectedEvents.remove(event);
-    }
-
-    /**
-     * remove the event from the selected events list
-     *
-     * @param event to be de-selected
-     */
-    public void deselectEvent(String event) {
-        selectedEvents.remove(event);
-        unselectedEvents.add(event);
-    }
-
-    /**
-     * replace the selected events list
-     *
-     * @param events comma-separated event list
-     */
-    public void replaceEvents(String events) {
-        // unselect all events
-        unselectedEvents.addAll(selectedEvents);
-        selectedEvents.clear();
-
-        // select specified events
-        for (String event : StringUtils.split(events, ", ")) {
-            selectEvent(event);
-        }
-    }
-
-    public static String base64Encode(byte[] bytes) throws IOException {
-        // All this streaming is lame, but Base64OutputStream needs a
-        // PrintStream
-        ByteArrayOutputStream output = new ByteArrayOutputStream();
-        try (Base64OutputStream b64 = new Base64OutputStream(
-                new PrintStream(new FilterOutputStream(output)))) {
-            b64.write(bytes);
-            b64.flush();
-
-            // This is internationally safe because Base64 chars are
-            // contained within 8859_1
-            return output.toString("8859_1");
-        }
-    }
-
-    private static boolean mInSignedAuditLogFailureMode = false;
-
-    private static synchronized void shutdownCMS() {
-        if (mInSignedAuditLogFailureMode == false) {
-
-            // Set signed audit log failure mode true
-            // No, this isn't a race condition, because the method is
-            // synchronized. We just want to avoid an infinite loop.
-            mInSignedAuditLogFailureMode = true;
-
-            // Block all new incoming requests
-            if (CMS.areRequestsDisabled() == false) {
-                // XXX is this a race condition?
-                CMS.disableRequests();
-            }
-
-            // Terminate all requests in process
-            CMS.terminateRequests();
-
-            // Call graceful shutdown of the CMS server
-            // Call force shutdown to get added functionality of
-            // making sure to kill the web server.
-
-            CMS.forceShutdown();
-        }
-    }
-
-    /**
-     * Initialize and open the log using the parameters from a config store
-     *
-     * @param config The property config store to find values in
-     */
-    public void init(IConfigStore config) throws IOException,
-            EBaseException {
-        String fileName = null;
-        String defaultFileName = null;
-        String signedAuditDefaultFileName = "";
-
-        mConfig = config;
-
-        try {
-            mTrace = config.getBoolean(PROP_TRACE, false);
-        } catch (EBaseException e) {
-            throw new ELogException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
-                    config.getName() + "." + PROP_TRACE));
-        }
-
-        try {
-            mType = config.getString(PROP_TYPE, "system");
-        } catch (EBaseException e) {
-            throw new ELogException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
-                    config.getName() + "." + PROP_TYPE));
-        }
-
-        try {
-            mRegister = config.getBoolean(PROP_REGISTER, true);
-        } catch (EBaseException e) {
-            throw new ELogException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
-                    config.getName() + "." + PROP_REGISTER));
-        }
-
-        if (mOn) {
-            if (mRegister) {
-                CMS.getLogger().getLogQueue().addLogEventListener(this);
-            }
-        } else {
-            // shutdown the listener, remove the listener
-            if (mRegister) {
-                CMS.getLogger().getLogQueue().removeLogEventListener(this);
-                shutdown();
-            }
-        }
-
-        try {
-            mLevel = config.getInteger(PROP_LEVEL, 3);
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            throw new ELogException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
-                    config.getName() + "." + PROP_LEVEL));
-        }
-
-        try {
-            // retrieve the subsystem
-            String subsystem = "";
-
-            ISubsystem caSubsystem = CMS.getSubsystem("ca");
-            if (caSubsystem != null) {
-                subsystem = "ca";
-            }
-
-            ISubsystem raSubsystem = CMS.getSubsystem("ra");
-            if (raSubsystem != null) {
-                subsystem = "ra";
-            }
-
-            ISubsystem kraSubsystem = CMS.getSubsystem("kra");
-            if (kraSubsystem != null) {
-                subsystem = "kra";
-            }
-
-            ISubsystem ocspSubsystem = CMS.getSubsystem("ocsp");
-            if (ocspSubsystem != null) {
-                subsystem = "ocsp";
-            }
-
-            // retrieve the instance name
-            String instIDPath = CMS.getInstanceDir();
-            int index = instIDPath.lastIndexOf("/");
-            String instID = instIDPath.substring(index + 1);
-
-            // build the default signedAudit file name
-            signedAuditDefaultFileName = subsystem + "_"
-                                       + instID + "_" + "audit";
-
-        } catch (Exception e2) {
-            throw new ELogException(
-                          CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
-                                              config.getName() + "." +
-                                                      PROP_FILE_NAME));
-        }
-
-        // the default value is determined by the eventType.
-        if (mType.equals(ILogger.PROP_SIGNED_AUDIT)) {
-            defaultFileName = "logs/signedAudit/" + signedAuditDefaultFileName;
-        } else if (mType.equals(ILogger.PROP_SYSTEM)) {
-            defaultFileName = "logs/system";
-        } else if (mType.equals(ILogger.PROP_AUDIT)) {
-            defaultFileName = "logs/transactions";
-        } else {
-            //wont get here
-            throw new ELogException(CMS.getUserMessage("CMS_LOG_INVALID_LOG_TYPE",
-                    config.getName()));
-        }
-
-        try {
-            fileName = config.getString(PROP_FILE_NAME, defaultFileName);
-        } catch (EBaseException e) {
-            throw new ELogException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
-                    config.getName() + "." + PROP_FILE_NAME));
-        }
-
-        if (mOn) {
-            init(fileName, config.getInteger(PROP_BUFFER_SIZE, BUFFER_SIZE),
-                    config.getInteger(PROP_FLUSH_INTERVAL, FLUSH_INTERVAL));
-        }
-    }
-
-    /**
-     * Initialize and open the log
-     *
-     * @param bufferSize The buffer size for the output stream in bytes
-     * @param flushInterval The interval in seconds to flush the log
-     */
-    public void init(String fileName, int bufferSize, int flushInterval) throws IOException, ELogException {
-
-        if (fileName == null)
-            throw new ELogException(CMS.getUserMessage("CMS_LOG_INVALID_FILE_NAME", "null"));
-
-        //If we want to reuse the old log files
-        //mFileName = fileName + "." + mLogFileDateFormat.format(mDate);
-        mFileName = fileName;
-        if (!Utils.isNT()) {
-            // Always insure that a physical file exists!
-            Utils.exec("touch " + mFileName);
-            Utils.exec("chmod 00640 " + mFileName);
-        }
-        mFile = new File(mFileName);
-        mBufferSize = bufferSize;
-        setFlushInterval(flushInterval);
-        open();
-    }
-
-    private PrivateKey mSigningKey = null;
-    private Signature mSignature = null;
-
-    private void setupSigning() throws EBaseException {
-        try {
-
-            Provider[] providers = java.security.Security.getProviders();
-            int ps = providers.length;
-            for (int i = 0; i < ps; i++) {
-                CMS.debug("LogFile: provider " + i + "= " + providers[i].getName());
-            }
-
-            CryptoManager cm = CryptoManager.getInstance();
-
-            // find CertServer's private key
-            X509Certificate cert = cm.findCertByNickname(mSAuditCertNickName);
-            if (cert != null) {
-                CMS.debug("LogFile: setupSignig(): found cert:" + mSAuditCertNickName);
-            } else {
-                CMS.debug("LogFile: setupSignig(): cert not found:" + mSAuditCertNickName);
-            }
-            mSigningKey = cm.findPrivKeyByCert(cert);
-
-            String sigAlgorithm;
-            if (mSigningKey instanceof RSAPrivateKey) {
-                sigAlgorithm = "SHA-256/RSA";
-            } else if (mSigningKey instanceof DSAPrivateKey) {
-                sigAlgorithm = "SHA-256/DSA";
-            } else {
-                throw new NoSuchAlgorithmException("Unknown private key type");
-            }
-
-            CryptoToken savedToken = cm.getThreadToken();
-            try {
-                CryptoToken keyToken =
-                        ((org.mozilla.jss.pkcs11.PK11PrivKey) mSigningKey)
-                                .getOwningToken();
-                cm.setThreadToken(keyToken);
-                mSignature = java.security.Signature.getInstance(sigAlgorithm,
-                        CRYPTO_PROVIDER);
-            } finally {
-                cm.setThreadToken(savedToken);
-            }
-
-            mSignature.initSign(mSigningKey);
-
-            // get the last signature from the currently-opened file
-            String entry = getLastSignature(mFile);
-            if (entry != null) {
-                mSignature.update(entry.getBytes("UTF-8"));
-                mSignature.update(LINE_SEP_BYTE);
-            }
-
-            // Always start off with a signature. That way, even if there
-            // were problems with the log file we inherited, we will
-            // get a fresh start with this instance.
-            pushSignature();
-
-        } catch (CryptoManager.NotInitializedException nie) {
-            setupSigningFailure("BASE_CRYPTOMANAGER_UNINITIALIZED", nie);
-        } catch (ObjectNotFoundException onfe) {
-            setupSigningFailure("LOG_SIGNING_CERT_NOT_FOUND", onfe);
-        } catch (TokenException te) {
-            setupSigningFailure("BASE_TOKEN_ERROR_0", te);
-        } catch (NoSuchAlgorithmException nsae) {
-            setupSigningFailure("LOG_NO_SUCH_ALGORITHM_0", nsae);
-        } catch (NoSuchProviderException nspe) {
-            setupSigningFailure("BASE_PROVIDER_NOT_SUPPORTED", nspe);
-        } catch (InvalidKeyException ike) {
-            setupSigningFailure("BASE_INVALID_KEY", ike);
-        } catch (SignatureException se) {
-            setupSigningFailure("LOG_SIGNING_OP_FAILED", se);
-        } catch (UnsupportedEncodingException uee) {
-            setupSigningFailure("LOG_UNEXPECTED_EXCEPTION", uee);
-        } catch (IOException ioe) {
-            setupSigningFailure("LOG_UNEXPECTED_EXCEPTION", ioe);
-        } catch (Exception e) {
-            setupSigningFailure("LOG_UNEXPECTED_EXCEPTION", e);
-        }
-    }
-
-    private static void setupSigningFailure(String logMessageCode, Exception e)
-            throws EBaseException {
-        try {
-            ConsoleError.send(new SystemEvent(
-                    CMS.getLogMessage(logMessageCode)));
-        } catch (Exception e2) {
-            // don't allow an exception while printing to the console
-            // prevent us from running the rest of this function.
-            e2.printStackTrace();
-        }
-        e.printStackTrace();
-        shutdownCMS();
-        throw new EBaseException(e.toString());
-    }
-
-    /**
-     * Startup the instance
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP used at audit function startup
-     * </ul>
-     *
-     * @exception EBaseException if an internal error occurred
-     */
-    public void startup() throws EBaseException {
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        CMS.debug("LogFile: entering LogFile.startup()");
-        if (mOn && mLogSigning) {
-            try {
-                setupSigning();
-                audit(CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP,
-                        ILogger.SYSTEM_UID,
-                        ILogger.SUCCESS));
-            } catch (EBaseException e) {
-                audit(CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP,
-                        ILogger.SYSTEM_UID,
-                        ILogger.FAILURE));
-                throw e;
-            }
-        }
-
-    }
-
-    /**
-     * Retrieves the eventType this log is triggered.
-     */
-    public String getType() {
-        return mType;
-    }
-
-    /**
-     * Retrieves the log on/off.
-     */
-    public String getOn() {
-        return String.valueOf(mOn);
-    }
-
-    /**
-     * Retrieves the log level threshold.
-     */
-    public long getLevel() {
-        return mLevel;
-    }
-
-    /**
-     * Retrieves the base log file name.
-     */
-    public String getName() {
-        return mFileName;
-    }
-
-    /**
-     * Record that the signed audit log has been signed
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_SIGNING used when a signature on the audit log is generated (same as
-     * "flush" time)
-     * </ul>
-     *
-     * @exception IOException for input/output problems
-     * @exception ELogException when plugin implementation fails
-     * @exception SignatureException when signing fails
-     * @exception InvalidKeyException when an invalid key is utilized
-     */
-    private void pushSignature() throws IOException, ELogException,
-            SignatureException, InvalidKeyException {
-        byte[] sigBytes = null;
-
-        if (mSignature == null) {
-            return;
-        }
-
-        sigBytes = mSignature.sign();
-        mSignature.initSign(mSigningKey);
-
-        Object o[] = new Object[1];
-        o[0] = null;
-
-        // cook up a signed audit log message to record mac
-        // so as to avoid infinite recursiveness of calling
-        // the log() method
-        String auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_SIGNING,
-                ILogger.SYSTEM_UID,
-                ILogger.SUCCESS,
-                base64Encode(sigBytes));
-
-        if (mSignedAuditLogger == null) {
-            return;
-        }
-
-        ILogEvent ev = mSignedAuditLogger.create(
-                ILogger.EV_SIGNED_AUDIT,
-                (Properties) null,
-                ILogger.S_SIGNED_AUDIT,
-                ILogger.LL_SECURITY,
-                auditMessage,
-                o,
-                ILogger.L_SINGLELINE);
-
-        String logMesg = logEvt2String(ev);
-        doLog(logMesg, true);
-    }
-
-    private static String getLastSignature(File f) throws IOException {
-        BufferedReader r = new BufferedReader(new FileReader(f));
-        String lastSig = null;
-        String curLine = null;
-        while ((curLine = r.readLine()) != null) {
-            if (curLine.indexOf("AUDIT_LOG_SIGNING") != -1) {
-                lastSig = curLine;
-            }
-        }
-        r.close();
-        return lastSig;
-    }
-
-    /**
-     * Open the log file. This creates the buffered FileWriter
-     *
-     */
-    protected synchronized void open() throws IOException {
-        RandomAccessFile out;
-
-        try {
-            out = new RandomAccessFile(mFile, "rw");
-            out.seek(out.length());
-            //XXX int or long?
-            mBytesWritten = (int) out.length();
-            if (!Utils.isNT()) {
-                try {
-                    Utils.exec("chmod 00640 " + mFile.getCanonicalPath());
-                } catch (IOException e) {
-                    CMS.debug("Unable to change file permissions on "
-                             + mFile.toString());
-                }
-            }
-            mLogWriter = new BufferedWriter(
-                        new FileWriter(out.getFD()), mBufferSize);
-
-            // The first time we open, mSignature will not have been
-            // initialized yet. That's ok, we will push our first signature
-            // in setupSigning().
-            if (mLogSigning && (mSignature != null)) {
-                try {
-                    pushSignature();
-                } catch (ELogException le) {
-                    ConsoleError.send(
-                            new SystemEvent(CMS.getUserMessage("CMS_LOG_ILLEGALARGUMENT",
-                                    mFileName)));
-                }
-            }
-        } catch (IllegalArgumentException iae) {
-            ConsoleError.send(
-                    new SystemEvent(CMS.getUserMessage("CMS_LOG_ILLEGALARGUMENT",
-                            mFileName)));
-        } catch (GeneralSecurityException gse) {
-            // error with signed audit log, shutdown CMS
-            gse.printStackTrace();
-            shutdownCMS();
-        }
-
-        mBytesUnflushed = 0;
-    }
-
-    /**
-     * Flush the log file. Also update the MAC for hash protected logs
-     *
-     */
-    public synchronized void flush() {
-        try {
-            if (mLogSigning) {
-                try {
-                    pushSignature();
-                } catch (ELogException le) {
-                    ConsoleError.send(new SystemEvent(CMS.getUserMessage("CMS_LOG_FLUSH_LOG_FAILED", mFileName,
-                            le.toString())));
-                }
-            }
-
-            if (mLogWriter != null) {
-                mLogWriter.flush();
-            }
-        } catch (IOException e) {
-            ConsoleError.send(new SystemEvent(CMS.getUserMessage("CMS_LOG_FLUSH_LOG_FAILED", mFileName, e.toString())));
-            if (mLogSigning) {
-                //error in writing to signed audit log, shut down CMS
-                e.printStackTrace();
-                shutdownCMS();
-            }
-        } catch (GeneralSecurityException gse) {
-            // error with signed audit log, shutdown CMS
-            gse.printStackTrace();
-            shutdownCMS();
-        }
-
-        mBytesUnflushed = 0;
-    }
-
-    /**
-     * Close the log file
-     *
-     */
-    protected synchronized void close() {
-        try {
-            flush();
-            if (mLogWriter != null) {
-                mLogWriter.close();
-            }
-        } catch (IOException e) {
-            ConsoleError.send(new SystemEvent(CMS.getUserMessage("CMS_LOG_CLOSE_FAILED", mFileName, e.toString())));
-        }
-        mLogWriter = null;
-    }
-
-    /**
-     * Shutdown this log file.
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN used at audit function shutdown
-     * </ul>
-     */
-    public synchronized void shutdown() {
-        String auditMessage = null;
-
-        CMS.debug("LogFile:In log shutdown");
-
-        setFlushInterval(0);
-
-        // log signed audit shutdown success
-        auditMessage = CMS.getLogMessage(
-                           LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN,
-                           ILogger.SYSTEM_UID,
-                           ILogger.SUCCESS);
-
-        audit(auditMessage);
-
-        close();
-    }
-
-    /**
-     * Set the flush interval
-     * <P>
-     *
-     * @param flushInterval The amount of time in seconds until the log
-     *            is flush. A value of 0 will disable autoflush. This will also set
-     *            the update period for hash protected logs.
-     **/
-    public synchronized void setFlushInterval(int flushInterval) {
-        mFlushInterval = flushInterval * 1000;
-
-        if ((mFlushThread == null) && (mFlushInterval > 0)) {
-            mFlushThread = new FlushThread();
-            mFlushThread.setDaemon(true);
-            mFlushThread.start();
-        }
-
-        this.notify();
-    }
-
-    /**
-     * Log flush thread. Sleep for the flush interval and flush the
-     * log. Changing flush interval to 0 will cause this thread to exit.
-     */
-    final class FlushThread extends Thread {
-
-        /**
-         * Flush thread constructor including thread name
-         */
-        public FlushThread() {
-            super();
-            super.setName(mFileName + ".flush-" + (Thread.activeCount() + 1));
-        }
-
-        public void run() {
-            while (mFlushInterval > 0) {
-                // Sleep for the interval and then flush the log
-                synchronized (LogFile.this) {
-                    try {
-                        LogFile.this.wait(mFlushInterval);
-                    } catch (InterruptedException e) {
-                        // This shouldn't happen very often
-                        ConsoleError.send(new
-                                SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "flush")));
-                    }
-                }
-
-                if (mFlushInterval == 0) {
-                    break;
-                }
-
-                if (mBytesUnflushed > 0) {
-                    flush();
-                }
-            }
-            mFlushThread = null;
-        }
-    }
-
-    /**
-     * Synchronized method to write a string to the log file. All I18N
-     * should take place before this call.
-     *
-     * @param entry The log entry string
-     */
-    protected synchronized void log(String entry) throws ELogException {
-        doLog(entry, false);
-    }
-
-    // Standard line separator byte. We always sign this line separator,
-    // regardless of what we actually write to the file, so that signature
-    // verification is platform-independent.
-    private static final byte LINE_SEP_BYTE = 0x0a;
-
-    /**
-     * This method actually does the logging, and is not overridden
-     * by subclasses, so you can call it and know that it will do exactly
-     * what you see below.
-     */
-    private synchronized void doLog(String entry, boolean noFlush)
-            throws ELogException {
-        if (mLogWriter == null) {
-            String[] params = { mFileName, entry };
-
-            throw new ELogException(CMS.getUserMessage("CMS_LOG_LOGFILE_CLOSED", params));
-        } else {
-            try {
-                mLogWriter.write(entry, 0/*offset*/, entry.length());
-
-                if (mLogSigning == true) {
-                    if (mSignature != null) {
-                        // include newline for calculating MAC
-                        mSignature.update(entry.getBytes("UTF-8"));
-                    } else {
-                        CMS.debug("LogFile: mSignature is not yet ready... null in log()");
-                    }
-                }
-                if (mTrace) {
-                    CharArrayWriter cw = new CharArrayWriter(200);
-                    PrintWriter pw = new PrintWriter(cw);
-                    Exception e = new Exception();
-                    e.printStackTrace(pw);
-                    char[] c = cw.toCharArray();
-                    cw.close();
-                    pw.close();
-
-                    CharArrayReader cr = new CharArrayReader(c);
-                    LineNumberReader lr = new LineNumberReader(cr);
-
-                    String text = null;
-                    String method = null;
-                    String fileAndLine = null;
-                    if (lr.ready()) {
-                        text = lr.readLine();
-                        do {
-                            text = lr.readLine();
-                        } while (text.indexOf("logging") != -1);
-                        int p = text.indexOf("(");
-                        fileAndLine = text.substring(p);
-
-                        String classandmethod = text.substring(0, p);
-                        int q = classandmethod.lastIndexOf(".");
-                        method = classandmethod.substring(q + 1);
-                        mLogWriter.write(fileAndLine, 0/*offset*/, fileAndLine.length());
-                        mLogWriter.write(" ", 0/*offset*/, " ".length());
-                        mLogWriter.write(method, 0/*offset*/, method.length());
-                    }
-                }
-                mLogWriter.newLine();
-
-                if (mLogSigning == true) {
-                    if (mSignature != null) {
-                        mSignature.update(LINE_SEP_BYTE);
-                    } else {
-                        CMS.debug("LogFile: mSignature is null in log() 2");
-                    }
-                }
-            } catch (IOException e) {
-                ConsoleError.send(new SystemEvent(CMS.getUserMessage("CMS_LOG_WRITE_FAILED", mFileName, entry,
-                        e.toString())));
-                if (mLogSigning) {
-                    // Failed to write to audit log, shut down CMS
-                    e.printStackTrace();
-                    shutdownCMS();
-                }
-            } catch (IllegalStateException e) {
-                CMS.debug("LogFile: exception thrown in log(): " + e.toString());
-                ConsoleError.send(new SignedAuditEvent(CMS.getLogMessage(LOG_SIGNED_AUDIT_EXCEPTION, e.toString())));
-            } catch (GeneralSecurityException gse) {
-                // DJN: handle error
-                CMS.debug("LogFile: exception thrown in log(): "
-                        + gse.toString());
-                gse.printStackTrace();
-                ConsoleError.send(new SignedAuditEvent(CMS.getLogMessage(
-                        LOG_SIGNED_AUDIT_EXCEPTION, gse.toString())));
-            }
-
-            // XXX
-            // Although length will be in Unicode dual-bytes, the PrintWriter
-            // will only print out 1 byte per character.  I suppose this could
-            // be dependent on the encoding of your log file, but it ain't that
-            // smart yet.  Also, add one for the newline. (hmm, on NT, CR+LF)
-            int nBytes = entry.length() + 1;
-
-            mBytesWritten += nBytes;
-            mBytesUnflushed += nBytes;
-
-            if (mBufferSize > 0 && mBytesUnflushed > mBufferSize && !noFlush) {
-                flush();
-            }
-        }
-    }
-
-    /**
-     * Write an event to the log file
-     *
-     * @param ev The event to be logged.
-     */
-    public void log(ILogEvent ev) throws ELogException {
-        if (ev instanceof AuditEvent) {
-            if (!mType.equals("transaction") || (!mOn) || mLevel > ev.getLevel()) {
-                return;
-            }
-        } else if (ev instanceof SystemEvent) {
-            if (!mType.equals("system") || (!mOn) || mLevel > ev.getLevel()) {
-                return;
-            }
-        } else if (ev instanceof SignedAuditEvent) {
-            if (!mType.equals("signedAudit") || (!mOn) || mLevel > ev.getLevel()) {
-                return;
-            }
-        }
-
-        // If no selection specified in configuration, then all are selected
-        if (selectedEvents.isEmpty()) {
-            String entry = logEvt2String(ev);
-            log(entry);
-            return;
-        }
-
-        // If no type specified in propertity file, then treated as selected
-        String type = ev.getEventType();
-        if (type == null) {
-            String entry = logEvt2String(ev);
-            log(entry);
-            return;
-        }
-
-        // Is the event type mandatory or selected?
-        if (mandatoryEvents.contains(type) || selectedEvents.contains(type)) {
-            String entry = logEvt2String(ev);
-            log(entry);
-            return;
-        }
-
-        CMS.debug("LogFile: event type not selected: " + type);
-    }
-
-    public String logEvt2String(ILogEvent ev) {
-        String entry = null;
-
-        // Hmm.. multiple threads could hit this and reset the time.
-        // Do we care?
-        mDate.setTime(ev.getTimeStamp());
-
-        // XXX
-        // This should follow the Common Log Format which still needs
-        // some work.
-        if (ev.getMultiline() == ILogger.L_MULTILINE) {
-            entry = CMS.getPID() + "." + Thread.currentThread().getName() + " - ["
-                    + mLogDateFormat.format(mDate) + "] [" +
-                    Integer.toString(ev.getSource()) + "] [" + Integer.toString(ev.getLevel())
-                    + "] " + prepareMultiline(ev.toString());
-        } else {
-            entry = CMS.getPID() + "." + Thread.currentThread().getName() + " - ["
-                    + mLogDateFormat.format(mDate) + "] [" +
-                    Integer.toString(ev.getSource()) + "] [" + Integer.toString(ev.getLevel())
-                    + "] " + ev.toString();
-        }
-
-        return entry;
-    }
-
-    /**
-     * change multi-line log entry by replace "\n" with "\n "
-     *
-     * @param original The original multi-line log entry.
-     */
-    private String prepareMultiline(String original) {
-        int i, last = 0;
-
-        //NT: \r\n, unix: \n
-        while ((i = original.indexOf("\n", last)) != -1) {
-            last = i + 1;
-            original = original.substring(0, i + 1) + " " + original.substring(i + 1);
-        }
-        return original;
-    }
-
-    /**
-     * Read all entries whose logLevel>=lowLevel && log source = source
-     * to at most maxLine entries(from end)
-     * If the parameter is -1, it's ignored and return all entries
-     *
-     * @param maxLine The maximum lines to be returned
-     * @param lowLevel The lowest log level to be returned
-     * @param source The particular log source to be returned
-     * @param fName The log file name to be read. If it's null, read the current
-     *            log file
-     */
-    public Vector<LogEntry> readEntry(int maxLine, int lowLevel, int source, String fName) {
-        Vector<LogEntry> mEntries = new Vector<LogEntry>();
-        String fileName = mFileName;
-        BufferedReader fBuffer;
-        int lineNo = 0; // lineNo of the current entry in the log file
-        int line = 0; // line of readed valid entries
-        String firstLine = null; // line buffer
-        String nextLine = null;
-        String entry = null;
-        LogEntry logEntry = null;
-
-        /*
-         this variable is added to accormodate misplaced multiline entries
-         write out buffered log entry when next entry is parsed successfully
-         this implementation is assuming parsing is more time consuming than
-         condition check
-         */
-        LogEntry preLogEntry = null;
-
-        if (fName != null) {
-            fileName = fName;
-        }
-        try {
-            //XXX think about this
-            fBuffer = new BufferedReader(new FileReader(fileName));
-            do {
-                try {
-                    nextLine = fBuffer.readLine();
-                    if (nextLine != null) {
-                        if ((nextLine.length() == 0) || (nextLine.charAt(0) == ' ')) {
-                            // It's a continuous line
-                            entry = null;
-                            if (nextLine.length() > 1)
-                                firstLine = firstLine + "\n" + nextLine.substring(1);
-                            else
-                                firstLine = firstLine + "\n";
-
-                        } else {
-                            // It's a new entry
-                            entry = firstLine;
-                            firstLine = nextLine;
-                        }
-                        // parse the previous entry, the current one is buffered
-                        if (entry != null) {
-                            try {
-                                logEntry = new LogEntry(entry);
-                                // if parse succeed, write out previous entry
-                                if (preLogEntry != null) {
-                                    if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel) &&
-                                            ((Integer.parseInt(preLogEntry.getSource()) == source) ||
-                                            (source == ILogger.S_ALL)
-                                            )) {
-                                        mEntries.addElement(preLogEntry);
-                                        if (maxLine == -1) {
-                                            line++;
-                                        } else if (line < maxLine) {
-                                            line++;
-                                        } else {
-                                            mEntries.removeElementAt(0);
-                                        }
-                                    }
-                                }
-                                preLogEntry = logEntry;
-                            } catch (ParseException e) {
-                                if (preLogEntry != null) {
-                                    preLogEntry.appendDetail(entry);
-                                } else {
-                                    firstLine = firstLine + "\n" + nextLine;
-                                }
-                                entry = null;
-                                logEntry = null;
-                            }
-                        }
-                    }
-                    lineNo++;
-
-                } catch (IOException e) {
-                    CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                            ILogger.LL_FAILURE,
-                            CMS.getLogMessage("LOGGING_READ_ERROR", fileName,
-                                    Integer.toString(lineNo)));
-                }
-
-            } while (nextLine != null);
-
-            // need to process the last 2 entries of the file
-            if (firstLine != null) {
-                if (logEntry != null) {
-                    preLogEntry = logEntry;
-                }
-                entry = firstLine;
-                try {
-                    logEntry = new LogEntry(entry);
-
-                    /*  System.out.println(
-                     Integer.toString(Integer.parseInt(logEntry.getLevel()))
-                     +","+Integer.toString(lowLevel)+","+
-                     Integer.toString(Integer.parseInt(logEntry.getSource()))
-                     +","+Integer.toString(source) );
-                     */
-                    if (preLogEntry != null) {
-                        if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel) &&
-                                ((Integer.parseInt(preLogEntry.getSource()) == source) ||
-                                (source == ILogger.S_ALL)
-                                )) {
-                            mEntries.addElement(preLogEntry);
-                            if (maxLine == -1) {
-                                line++;
-                            } else if (line < maxLine) {
-                                line++;
-                            } else {
-                                mEntries.removeElementAt(0);
-                            }
-                        }
-                    }
-                    preLogEntry = logEntry;
-                } catch (ParseException e) {
-                    preLogEntry.appendDetail(entry);
-                }
-
-                if (preLogEntry != null) {
-                    if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel)
-                            &&
-                            ((Integer.parseInt(preLogEntry.getSource()) == source)
-                            ||
-                            (source == ILogger.S_ALL)
-                            )) {
-                        // parse the entry, pass to UI
-                        mEntries.addElement(preLogEntry);
-                        if (maxLine == -1) {
-                            line++;
-                        } else if (line < maxLine) {
-                            line++;
-                        } else {
-                            mEntries.removeElementAt(0);
-                        }
-                    }
-                }
-
-            }// end: last entry
-
-            try {
-                fBuffer.close();
-            } catch (IOException e) {
-                CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                        ILogger.LL_FAILURE, "logging:" + fileName +
-                                " failed to close for reading");
-            }
-
-        } catch (FileNotFoundException e) {
-            CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_FAILURE,
-                    CMS.getLogMessage("LOGGING_FILE_NOT_FOUND",
-                            fileName));
-        }
-        return mEntries;
-    }
-
-    /**
-     * Retrieves the configuration store of this subsystem.
-     * <P>
-     *
-     * @return configuration store
-     */
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    /**
-     * Retrieve last "maxLine" number of system log with log lever >"level"
-     * and from source "source". If the parameter is omitted. All entries
-     * are sent back.
-     */
-    public synchronized NameValuePairs retrieveLogContent(Hashtable<String, String> req) throws ServletException,
-            IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        String tmp, fName = null;
-        int maxLine = -1, level = -1, source = -1;
-        Vector<LogEntry> entries = null;
-
-        if ((tmp = req.get(Constants.PR_LOG_ENTRY)) != null) {
-            maxLine = Integer.parseInt(tmp);
-        }
-        if ((tmp = req.get(Constants.PR_LOG_LEVEL)) != null) {
-            level = Integer.parseInt(tmp);
-        }
-        if ((tmp = req.get(Constants.PR_LOG_SOURCE)) != null) {
-            source = Integer.parseInt(tmp);
-        }
-        tmp = req.get(Constants.PR_LOG_NAME);
-        if (!(tmp.equals(Constants.PR_CURRENT_LOG))) {
-            fName = tmp;
-        } else {
-            flush();
-        }
-
-        try {
-            entries = readEntry(maxLine, level, source, fName);
-            for (int i = 0; i < entries.size(); i++) {
-                params.put(Integer.toString(i) +
-                        entries.elementAt(i).getEntry(), "");
-            }
-        } catch (Exception e) {
-            CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_WARN,
-                    "System log parse error");
-        }
-        return params;
-    }
-
-    /**
-     * Retrieve log file list.
-     */
-    public synchronized NameValuePairs retrieveLogList(Hashtable<String, String> req) throws ServletException,
-            IOException, EBaseException {
-        return null;
-    }
-
-    public String getImplName() {
-        return "LogFile";
-    }
-
-    public String getDescription() {
-        return "LogFile";
-    }
-
-    public Vector<String> getDefaultParams() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement(PROP_TYPE + "=");
-        v.addElement(PROP_ON + "=");
-        v.addElement(PROP_LEVEL + "=");
-        v.addElement(PROP_FILE_NAME + "=");
-        v.addElement(PROP_BUFFER_SIZE + "=");
-        v.addElement(PROP_FLUSH_INTERVAL + "=");
-
-        // needs to find a way to determine what type you want. if this
-        // is not for the signed audit type, then we should not show the
-        // following parameters.
-        //if( mType.equals( ILogger.PROP_SIGNED_AUDIT ) ) {
-        v.addElement(PROP_SIGNED_AUDIT_LOG_SIGNING + "=");
-        v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "=");
-        v.addElement(PROP_SIGNED_AUDIT_MANDATORY_EVENTS + "=");
-        v.addElement(PROP_SIGNED_AUDIT_SELECTED_EVENTS + "=");
-        v.addElement(PROP_SIGNED_AUDIT_UNSELECTED_EVENTS + "=");
-        //}
-
-        return v;
-    }
-
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = new Vector<String>();
-
-        try {
-
-            if (mType == null) {
-                v.addElement(PROP_TYPE + "=");
-            } else {
-                v.addElement(PROP_TYPE + "=" +
-                        mConfig.getString(PROP_TYPE));
-            }
-            v.addElement(PROP_ON + "=" + String.valueOf(mOn));
-            if (mLevel == 0)
-                v.addElement(PROP_LEVEL + "=" + ILogger.LL_DEBUG_STRING);
-            else if (mLevel == 1)
-                v.addElement(PROP_LEVEL + "=" + ILogger.LL_INFO_STRING);
-            else if (mLevel == 2)
-                v.addElement(PROP_LEVEL + "=" + ILogger.LL_WARN_STRING);
-            else if (mLevel == 3)
-                v.addElement(PROP_LEVEL + "=" + ILogger.LL_FAILURE_STRING);
-            else if (mLevel == 4)
-                v.addElement(PROP_LEVEL + "=" + ILogger.LL_MISCONF_STRING);
-            else if (mLevel == 5)
-                v.addElement(PROP_LEVEL + "=" + ILogger.LL_CATASTRPHE_STRING);
-            else if (mLevel == 6)
-                v.addElement(PROP_LEVEL + "=" + ILogger.LL_SECURITY_STRING);
-
-            if (mFileName == null) {
-                v.addElement(PROP_FILE_NAME + "=");
-            } else {
-                v.addElement(PROP_FILE_NAME + "=" +
-                        mFileName);
-            }
-            v.addElement(PROP_BUFFER_SIZE + "=" + mBufferSize);
-            v.addElement(PROP_FLUSH_INTERVAL + "=" + mFlushInterval / 1000);
-
-            if ((mType != null) && mType.equals(ILogger.PROP_SIGNED_AUDIT)) {
-                v.addElement(PROP_SIGNED_AUDIT_LOG_SIGNING + "="
-                            + String.valueOf(mLogSigning));
-
-                if (mSAuditCertNickName == null) {
-                    v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "=");
-                } else {
-                    v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "="
-                                + mSAuditCertNickName);
-                }
-
-                v.addElement(PROP_SIGNED_AUDIT_MANDATORY_EVENTS + "=" + StringUtils.join(mandatoryEvents, ","));
-                v.addElement(PROP_SIGNED_AUDIT_SELECTED_EVENTS + "=" + StringUtils.join(selectedEvents, ","));
-                v.addElement(PROP_SIGNED_AUDIT_UNSELECTED_EVENTS + "=" + StringUtils.join(unselectedEvents, ","));
-            }
-        } catch (Exception e) {
-        }
-        return v;
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        if (mType.equals(ILogger.PROP_SIGNED_AUDIT)) {
-            String[] params = {
-                    PROP_TYPE
-                            + ";choice(transaction,signedAudit,system);The log event type this instance is listening to",
-                    PROP_ON + ";boolean;Turn on the listener",
-                    PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," +
-                            ILogger.LL_INFO_STRING + "," +
-                            ILogger.LL_WARN_STRING + "," +
-                            ILogger.LL_FAILURE_STRING + "," +
-                            ILogger.LL_MISCONF_STRING + "," +
-                            ILogger.LL_CATASTRPHE_STRING + "," +
-                            ILogger.LL_SECURITY_STRING
-                            + ");Only log message with level higher than this filter will be written by this listener",
-                    PROP_FILE_NAME + ";string;The name of the file the log is written to",
-                    PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)",
-                    PROP_FLUSH_INTERVAL
-                            + ";integer;The maximum time in seconds before the buffer is flushed to the file",
-                    IExtendedPluginInfo.HELP_TOKEN +
-                            ";configuration-logrules-logfile",
-                    IExtendedPluginInfo.HELP_TEXT +
-                            ";Write the log messages to a file",
-                    PROP_SIGNED_AUDIT_LOG_SIGNING +
-                            ";boolean;Enable audit logs to be signed",
-                    PROP_SIGNED_AUDIT_CERT_NICKNAME +
-                            ";string;The nickname of the certificate to be used to sign audit logs",
-                    PROP_SIGNED_AUDIT_MANDATORY_EVENTS +
-                            ";string;A comma-separated list of strings used to specify mandatory signed audit log events",
-                    PROP_SIGNED_AUDIT_SELECTED_EVENTS +
-                            ";string;A comma-separated list of strings used to specify selected signed audit log events",
-                    PROP_SIGNED_AUDIT_UNSELECTED_EVENTS +
-                            ";string;A comma-separated list of strings used to specify unselected signed audit log events",
-            };
-
-            return params;
-        } else {
-            // mType.equals( ILogger.PROP_AUDIT )  ||
-            // mType.equals( ILogger.PROP_SYSTEM )
-            String[] params = {
-                    PROP_TYPE
-                            + ";choice(transaction,signedAudit,system);The log event type this instance is listening to",
-                    PROP_ON + ";boolean;Turn on the listener",
-                    PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," +
-                            ILogger.LL_INFO_STRING + "," +
-                            ILogger.LL_WARN_STRING + "," +
-                            ILogger.LL_FAILURE_STRING + "," +
-                            ILogger.LL_MISCONF_STRING + "," +
-                            ILogger.LL_CATASTRPHE_STRING + "," +
-                            ILogger.LL_SECURITY_STRING
-                            + ");Only log message with level higher than this filter will be written by this listener",
-                    PROP_FILE_NAME + ";string;The name of the file the log is written to",
-                    PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)",
-                    PROP_FLUSH_INTERVAL
-                            + ";integer;The maximum time in seconds before the buffer is flushed to the file",
-                    IExtendedPluginInfo.HELP_TOKEN +
-                            ";configuration-logrules-logfile",
-                    IExtendedPluginInfo.HELP_TEXT +
-                            ";Write the log messages to a file"
-            };
-
-            return params;
-        }
-    }
-
-    /**
-     * Signed Audit Log
-     *
-     * This method is inherited by all classes that extend this "LogFile"
-     * class, and is called to store messages to the signed audit log.
-     * <P>
-     *
-     * @param msg signed audit log message
-     */
-    protected void audit(String msg) {
-        // in this case, do NOT strip preceding/trailing whitespace
-        // from passed-in String parameters
-
-        if (mSignedAuditLogger == null) {
-            return;
-        }
-
-        mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-                                null,
-                                ILogger.S_SIGNED_AUDIT,
-                                ILogger.LL_SECURITY,
-                                msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/logging/RollingLogFile.java b/base/common/src/com/netscape/cms/logging/RollingLogFile.java
deleted file mode 100644
index 0a7a9f098..000000000
--- a/base/common/src/com/netscape/cms/logging/RollingLogFile.java
+++ /dev/null
@@ -1,650 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.logging;
-
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.FilenameFilter;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.Vector;
-
-import javax.servlet.ServletException;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.logging.ConsoleError;
-import com.netscape.certsrv.logging.ELogException;
-import com.netscape.certsrv.logging.ILogEvent;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.logging.SystemEvent;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * A rotating log file for Certificate log events. This class loosely follows
- * the Netscape Common Log API implementing rollover interval, size and file
- * naming conventions. It does not yet implement Disk Usage.
- *
- * @version $Revision$, $Date$
- */
-public class RollingLogFile extends LogFile {
-    public static final String PROP_MAX_FILE_SIZE = "maxFileSize";
-    public static final String PROP_ROLLOVER_INTERVAL = "rolloverInterval";
-    public static final String PROP_EXPIRATION_TIME = "expirationTime";
-
-    /**
-     * The default max file size in bytes
-     */
-    static final int MAX_FILE_SIZE = 100;
-
-    /**
-     * The default rollover interval in seconds
-     */
-    static final String ROLLOVER_INTERVAL = "2592000";
-
-    /**
-     * The default expiration time in seconds
-     */
-    static final String EXPIRATION_TIME = "2592000";
-
-    /**
-     * The maximum file size in bytes
-     */
-    protected int mMaxFileSize = 0;
-
-    /**
-     * The amount of time in miniseconds between log rotations
-     */
-    protected long mRolloverInterval = 0;
-
-    /**
-     * The thread responsible for rotating the log
-     */
-    private Thread mRolloverThread = null;
-
-    /**
-     * The amount of time before a backed up log is removed in milliseconds
-     */
-    protected long mExpirationTime = 0;
-
-    /**
-     * The thread responsible for removing expired log files
-     */
-    private Thread mExpirationThread = null;
-
-    /**
-     * The object used as a lock for expiration thread synchronization
-     */
-    private Object mExpLock = new Object();
-
-    private final static String LOGGING_SIGNED_AUDIT_LOG_DELETE =
-            "LOGGING_SIGNED_AUDIT_LOG_DELETE_3";
-
-    /**
-     * Construct a RollingLogFile
-     */
-    public RollingLogFile() {
-    }
-
-    /**
-     * Initialize and open a RollingLogFile using the prop config store
-     *
-     * @param config The property config store to find values in
-     */
-    public void init(IConfigStore config) throws IOException,
-            EBaseException {
-        super.init(config);
-
-        rl_init(config.getInteger(PROP_MAX_FILE_SIZE, MAX_FILE_SIZE),
-                config.getString(PROP_ROLLOVER_INTERVAL, ROLLOVER_INTERVAL),
-                config.getString(PROP_EXPIRATION_TIME, EXPIRATION_TIME));
-    }
-
-    /**
-     * Convenience routine to initialized the RollingLogFile specific
-     * attributes.
-     */
-    protected void rl_init(int maxFileSize, String rolloverInterval,
-            String expirationTime) {
-        mMaxFileSize = maxFileSize * 1024;
-        setRolloverTime(rolloverInterval);
-        setExpirationTime(expirationTime);
-    }
-
-    public void startup() throws EBaseException {
-        super.startup();
-    }
-
-    /**
-     * Shutdown this log file.
-     */
-    public synchronized void shutdown() {
-        setRolloverTime("0");
-        setExpirationTime("0");
-        super.shutdown();
-    }
-
-    /**
-     * Set the rollover interval
-     *
-     * @param rolloverSeconds The amount of time in seconds until the log
-     *            is rotated. A value of 0 will disable log rollover.
-     **/
-    public synchronized void setRolloverTime(String rolloverSeconds) {
-        mRolloverInterval = Long.valueOf(rolloverSeconds).longValue() * 1000;
-
-        if ((mRolloverThread == null) && (mRolloverInterval > 0)) {
-            mRolloverThread = new RolloverThread();
-            mRolloverThread.setDaemon(true);
-            mRolloverThread.start();
-        }
-
-        this.notify();
-    }
-
-    /**
-     * Get the rollover interval
-     *
-     * @return The interval in seconds in which the log is rotated
-     **/
-    public synchronized int getRolloverTime() {
-        return (int) (mRolloverInterval / 1000);
-    }
-
-    /**
-     * Set the file expiration time
-     *
-     * @param expirationSeconds The amount of time in seconds until log files
-     *            are deleted
-     **/
-    public void setExpirationTime(String expirationSeconds) {
-
-        // Need to completely protect changes to mExpiration time
-        // and make sure they only happen while the thread is sleeping
-        synchronized (mExpLock) {
-            mExpirationTime = Long.valueOf(expirationSeconds).longValue() * 1000;
-
-            if (mExpirationThread == null) {
-                if (mExpirationTime > 0) {
-                    mExpirationThread = new ExpirationThread();
-                    mExpirationThread.setDaemon(true);
-                    mExpirationThread.start();
-                }
-            } else {
-                mExpLock.notify();
-            }
-        }
-    }
-
-    /**
-     * Get the expiration time
-     *
-     * @return The age in seconds in which log files are delete
-     **/
-    public int getExpirationTime() {
-        return (int) (mExpirationTime / 1000);
-    }
-
-    /**
-     * Rotate the log file to a backup file with timestamp
-     **/
-    public synchronized void rotate()
-            throws IOException {
-
-        File backupFile = new File(mFileName + "." + mLogFileDateFormat.format(mDate));
-
-        // close, backup, and reopen the log file zeroizing its contents
-        super.close();
-        try {
-            if (Utils.isNT()) {
-                // NT is very picky on the path
-                Utils.exec("copy " +
-                            mFile.getCanonicalPath().replace('/', '\\') +
-                            " " +
-                            backupFile.getCanonicalPath().replace('/',
-                                                                   '\\'));
-            } else {
-                // Create a copy of the original file which
-                // preserves the original file permissions.
-                Utils.exec("cp -p " + mFile.getCanonicalPath() + " " +
-                             backupFile.getCanonicalPath());
-            }
-
-            // Zeroize the original file if and only if
-            // the backup copy was successful.
-            if (backupFile.exists()) {
-
-                // Make certain that the backup file has
-                // the correct permissions.
-                if (!Utils.isNT()) {
-                    Utils.exec("chmod 00640 " + backupFile.getCanonicalPath());
-                }
-
-                try {
-                    // Open and close the original file
-                    // to zeroize its contents.
-                    PrintWriter pw = new PrintWriter(mFile);
-                    pw.close();
-
-                    // Make certain that the original file retains
-                    // the correct permissions.
-                    if (!Utils.isNT()) {
-                        Utils.exec("chmod 00640 " + mFile.getCanonicalPath());
-                    }
-                } catch (FileNotFoundException e) {
-                    CMS.debug("Unable to zeroize "
-                             + mFile.toString());
-                }
-            } else {
-                CMS.debug("Unable to backup "
-                         + mFile.toString() + " to "
-                         + backupFile.toString());
-            }
-        } catch (Exception e) {
-            CMS.debug("Unable to backup "
-                     + mFile.toString() + " to "
-                     + backupFile.toString());
-        }
-        super.open(); // will reset mBytesWritten
-    }
-
-    /**
-     * Remove any log files which have not been modified in the specified
-     * time
-     * <P>
-     *
-     * NOTE: automatic removal of log files is currently NOT supported!
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_DELETE used AFTER audit log expires (authorization should not allow,
-     * but in case authorization gets compromised make sure it is written AFTER the log expiration happens)
-     * </ul>
-     *
-     * @param expirationSeconds The number of seconds since the expired files
-     *            have been modified.
-     * @return the time in milliseconds when the next file expires
-     **/
-    public long expire(long expirationSeconds) throws ELogException {
-        String auditMessage = null;
-
-        if (expirationSeconds <= 0)
-            throw new ELogException(CMS.getUserMessage("CMS_LOG_EXPIRATION_TIME_ZERO"));
-
-        long expirationTime = expirationSeconds * 1000;
-        long currentTime = System.currentTimeMillis();
-        long oldestFile = currentTime;
-
-        String dirName = mFile.getParent();
-
-        if (dirName == null)
-            dirName = ".";
-        File dir = new File(dirName);
-
-        // Get just the base name, minus the .date extension
-        //int len = mFile.getName().length() - LogFile.DATE_PATTERN.length() - 1;
-        //String baseName = mFile.getName().substring(0, len);
-        String fileName = mFile.getName();
-        String baseName = null, pathName = null;
-        int index = fileName.lastIndexOf("/");
-
-        if (index != -1) { // "/"  exist in fileName
-            pathName = fileName.substring(0, index);
-            baseName = fileName.substring(index + 1);
-            dirName = dirName.concat("/" + pathName);
-        } else { // "/" NOT exist in fileName
-            baseName = fileName;
-        }
-
-        fileFilter ff = new fileFilter(baseName + ".");
-        String[] filelist = dir.list(ff);
-
-        if (filelist == null) { // Crap!  Something is wrong.
-            throw new ELogException(CMS.getUserMessage("CMS_LOG_DIRECTORY_LIST_FAILED",
-                    dirName, ff.toString()));
-        }
-
-        // Walk through the list of files which match this log file name
-        // and delete the old ones.
-        for (int i = 0; i < filelist.length; i++) {
-            if (pathName != null) {
-                filelist[i] = pathName + "/" + filelist[i];
-            } else {
-                filelist[i] = dirName + "/" + filelist[i];
-            }
-
-            String fullname = dirName + File.separatorChar + filelist[i];
-            File file = new File(fullname);
-            long fileTime = file.lastModified();
-
-            // Java documentation on File says lastModified() should not
-            // be interpeted.  The doc is wrong.  See JavaSoft bug #4094538
-            if ((currentTime - fileTime) > expirationTime) {
-                file.delete();
-
-                if (file.exists()) {
-                    // log failure in deleting an expired signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_LOG_DELETE,
-                                ILogger.SYSTEM_UID,
-                                ILogger.FAILURE,
-                                fullname);
-                } else {
-                    // log success in deleting an expired signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_LOG_DELETE,
-                                ILogger.SYSTEM_UID,
-                                ILogger.SUCCESS,
-                                fullname);
-                }
-
-                audit(auditMessage);
-            } else if (fileTime < oldestFile) {
-                oldestFile = fileTime;
-            }
-        }
-        return oldestFile + expirationTime;
-    }
-
-    //
-    // Rollover and Expiration threads
-    //
-    // At first glance you may think it's a waste of thread resources to have
-    // two threads for every log file, but the truth is that these threads are
-    // sleeping 99% of the time.  NxN thread implementations (Solaris, NT,
-    // IRIX 6.4, Unixware, etc...) will handle these in user space.
-    //
-    // You may be able to join these into one thread, and deal with
-    // multiple wakeup times, but the code would sure look ugly, and the race
-    // conditions are numerous as is. Furthermore, this is what user space
-    // threads will do for you anyways.
-    //
-
-    /**
-     * Log rotation thread. Sleep for the rollover interval and rotate the
-     * log. Changing rollover interval to 0 will cause this thread to exit.
-     */
-    final class RolloverThread extends Thread {
-
-        /**
-         * Rollover thread constructor including thread name
-         */
-        public RolloverThread() {
-            super();
-            super.setName(mFileName + ".rollover-" + (Thread.activeCount() + 1));
-        }
-
-        public void run() {
-            while (mRolloverInterval > 0) {
-                // Sleep for the interval and then rotate the log
-                synchronized (RollingLogFile.this) {
-                    try {
-                        RollingLogFile.this.wait(mRolloverInterval);
-                    } catch (InterruptedException e) {
-                        // This shouldn't happen very often
-                        CMS.getLogger().getLogQueue().log(new
-                                SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "rollover")));
-                    }
-                }
-
-                if (mRolloverInterval == 0) {
-                    break;
-                }
-
-                if (mBytesWritten > 0) {
-                    try {
-                        rotate();
-                    } catch (IOException e) {
-                        ConsoleError.send(new
-                                SystemEvent(CMS.getUserMessage("CMS_LOG_ROTATE_LOG_FAILED", mFile.getName(),
-                                        e.toString())));
-                        break;
-                    }
-                }
-                // else
-                //   Don't rotate empty logs
-                //   flag in log summary file?
-            }
-            mRolloverThread = null;
-        }
-    }
-
-    /**
-     * Log expiration thread. Sleep for the expiration interval and
-     * delete any files which are too old.
-     * Changing expiration interval to 0 will cause this thread to exit.
-     */
-    final class ExpirationThread extends Thread {
-
-        /**
-         * ExpirationThread thread constructor including thread name
-         */
-        public ExpirationThread() {
-            super();
-            super.setName(mFileName + ".expiration-" + (Thread.activeCount() + 1));
-        }
-
-        public void run() {
-            synchronized (mExpLock) {
-                while (mExpirationTime > 0) {
-                    long wakeupTime = 0;
-                    long sleepTime = 0;
-
-                    // First, remove any old log files and figure out when the
-                    // next one expires
-                    try {
-                        wakeupTime = expire(mExpirationTime / 1000);
-                    } catch (SecurityException e) {
-                        ConsoleError.send(new
-                                SystemEvent(CMS.getUserMessage("CMS_LOG_EXPIRE_LOG_FAILED", e.toString())));
-                        break;
-                    } catch (ELogException e) {
-                        ConsoleError.send(new
-                                SystemEvent(CMS.getUserMessage("CMS_LOG_EXPIRE_LOG_FAILED", e.toString())));
-                        break;
-                    }
-
-                    sleepTime = wakeupTime - System.currentTimeMillis();
-                    //System.out.println("wakeup " + wakeupTime);
-                    //System.out.println("current "+System.currentTimeMillis());
-                    //System.out.println("sleep " + sleepTime);
-                    // Sleep for the interval and then check the directory
-                    // Note: mExpirationTime can only change while we're
-                    // sleeping
-                    if (sleepTime > 0) {
-                        try {
-                            mExpLock.wait(sleepTime);
-                        } catch (InterruptedException e) {
-                            // This shouldn't happen very often
-                            ConsoleError.send(new
-                                    SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "expiration")));
-                        }
-                    }
-                }
-            }
-            mExpirationThread = null;
-        }
-    }
-
-    /**
-     * Write an event to the log file
-     *
-     * @param ev The event to be logged.
-     **/
-    public synchronized void log(ILogEvent ev) throws ELogException {
-        //xxx, Shall we log first without checking if it exceed the maximum?
-        super.log(ev); // Will increment mBytesWritten
-
-        if ((0 != mMaxFileSize) && (mBytesWritten > mMaxFileSize)) {
-            flush();
-            try {
-                rotate();
-            } catch (IOException e) {
-                throw new ELogException(CMS.getUserMessage("CMS_LOG_ROTATE_LOG_FAILED", mFile.getName(), e.toString()));
-            }
-        }
-    }
-
-    /**
-     * Retrieve log file list.
-     */
-    public synchronized NameValuePairs retrieveLogList(Hashtable<String, String> req
-            ) throws ServletException,
-                    IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        String[] files = null;
-
-        files = fileList();
-        for (int i = 0; i < files.length; i++) {
-            params.put(files[i], "");
-        }
-        return params;
-    }
-
-    /**
-     * Get the log file list in the log directory
-     *
-     * @return an array of filenames with related path to cert server root
-     */
-    protected String[] fileList() {
-        String pathName = null, baseName = null;
-
-        String dirName = mFile.getParent();
-        String fileName = mFile.getName();
-        int index = fileName.lastIndexOf("/");
-
-        if (index != -1) { // "/"  exist in fileName
-            pathName = fileName.substring(0, index);
-            baseName = fileName.substring(index + 1);
-            if (dirName == null) {
-                dirName = pathName;
-            } else {
-                dirName = dirName.concat("/" + pathName);
-            }
-        } else { // "/" NOT exist in fileName
-            baseName = fileName;
-        }
-
-        File dir = new File(dirName);
-
-        fileFilter ff = new fileFilter(baseName + ".");
-        //There are some difference here. both should work
-        //error,logs,logs/error jdk115
-        //logs/system,., logs/system jdk116
-        //System.out.println(mFile.getName()+","+dirName+","+mFile.getPath()); //log/system,.
-
-        String[] filelist = dir.list(ff);
-
-        for (int i = 0; i < filelist.length; i++) {
-            if (pathName != null) {
-                filelist[i] = pathName + "/" + filelist[i];
-            } else {
-                filelist[i] = dirName + "/" + filelist[i];
-            }
-        }
-        return filelist;
-    }
-
-    public String getImplName() {
-        return "RollingLogFile";
-    }
-
-    public String getDescription() {
-        return "RollingLogFile";
-    }
-
-    public Vector<String> getDefaultParams() {
-        Vector<String> v = super.getDefaultParams();
-
-        v.addElement(PROP_MAX_FILE_SIZE + "=");
-        v.addElement(PROP_ROLLOVER_INTERVAL + "=");
-        //v.addElement(PROP_EXPIRATION_TIME + "=");
-        return v;
-    }
-
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = super.getInstanceParams();
-
-        try {
-            v.addElement(PROP_MAX_FILE_SIZE + "=" + mMaxFileSize / 1024);
-            if (mRolloverInterval / 1000 <= 60 * 60)
-                v.addElement(PROP_ROLLOVER_INTERVAL + "=" + "Hourly");
-            else if (mRolloverInterval / 1000 <= 60 * 60 * 24)
-                v.addElement(PROP_ROLLOVER_INTERVAL + "=" + "Daily");
-            else if (mRolloverInterval / 1000 <= 60 * 60 * 24 * 7)
-                v.addElement(PROP_ROLLOVER_INTERVAL + "=" + "Weekly");
-            else if (mRolloverInterval / 1000 <= 60 * 60 * 24 * 30)
-                v.addElement(PROP_ROLLOVER_INTERVAL + "=" + "Monthly");
-            else if (mRolloverInterval / 1000 <= 60 * 60 * 24 * 366)
-                v.addElement(PROP_ROLLOVER_INTERVAL + "=" + "Yearly");
-
-            //v.addElement(PROP_EXPIRATION_TIME + "=" + mExpirationTime / 1000);
-        } catch (Exception e) {
-        }
-        return v;
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] p = super.getExtendedPluginInfo(locale);
-        Vector<String> info = new Vector<String>();
-
-        for (int i = 0; i < p.length; i++) {
-            if (!p[i].startsWith(IExtendedPluginInfo.HELP_TOKEN) && !p[i].startsWith(IExtendedPluginInfo.HELP_TEXT))
-                info.addElement(p[i]);
-        }
-        info.addElement(PROP_MAX_FILE_SIZE
-                + ";integer;If the current log file size if bigger than this parameter in kilobytes(KB), the file will be rotated.");
-        info.addElement(PROP_ROLLOVER_INTERVAL
-                + ";choice(Hourly,Daily,Weekly,Monthly,Yearly);The frequency of the log being rotated.");
-        info.addElement(PROP_EXPIRATION_TIME
-                + ";integer;The amount of time before a backed up log is removed in seconds");
-        info.addElement(IExtendedPluginInfo.HELP_TOKEN +
-                //";configuration-logrules-rollinglogfile");
-                ";configuration-adminbasics");
-        info.addElement(IExtendedPluginInfo.HELP_TEXT +
-                ";Write the log messages to a file which will be rotated automatically.");
-        String[] params = new String[info.size()];
-
-        info.copyInto(params);
-        return params;
-
-    }
-}
-
-/**
- * A file filter to select the file with a given prefix
- */
-class fileFilter implements FilenameFilter {
-    String patternToMatch = null;
-
-    public fileFilter(String pattern) {
-        patternToMatch = pattern;
-    }
-
-    public boolean accept(File dir, String name) {
-        if (name.startsWith(patternToMatch))
-            return true;
-        else
-            return false;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/notification/MailNotification.java b/base/common/src/com/netscape/cms/notification/MailNotification.java
deleted file mode 100644
index cd4ee431c..000000000
--- a/base/common/src/com/netscape/cms/notification/MailNotification.java
+++ /dev/null
@@ -1,197 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.notification;
-
-import java.io.IOException;
-import java.io.PrintStream;
-import java.util.Vector;
-
-import netscape.net.smtp.SmtpClient;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.notification.ENotificationException;
-import com.netscape.certsrv.notification.IMailNotification;
-
-/**
- * This class handles mail notification via SMTP.
- * This class uses <b>smtp.host</b> in the configuration for smtp
- * host. The port default (25) is used. If no smtp specified, local
- * host is used
- *
- * @version $Revision$, $Date$
- */
-public class MailNotification implements IMailNotification {
-    private ILogger mLogger = CMS.getLogger();
-    protected final static String PROP_SMTP_SUBSTORE = "smtp";
-    protected final static String PROP_HOST = "host";
-
-    private String mHost = null;
-
-    private String mFrom = null;
-    private String mTo = null;
-    private String mSubject = null;
-    private String mContent = null;
-    private String mContentType = null;
-
-    public MailNotification() {
-        if (mHost == null) {
-            try {
-                IConfigStore mConfig =
-                        CMS.getConfigStore();
-
-                IConfigStore c =
-                        mConfig.getSubStore(PROP_SMTP_SUBSTORE);
-
-                if (c == null) {
-                    return;
-                }
-                mHost = c.getString(PROP_HOST);
-
-                // log it
-                //				if (mHost !=null) {
-                //					String msg =" using external SMTP host: "+mHost;
-                //					CMS.debug("MailNotification: "  + msg);
-                //}
-            } catch (Exception e) {
-                // don't care
-            }
-        }
-    }
-
-    /**
-     * send one message to one or more addressees
-     */
-    public void sendNotification() throws IOException, ENotificationException {
-        // create smtp client
-        SmtpClient sc = null;
-
-        if (!mHost.equals("")) {
-            sc = new SmtpClient(mHost);
-        } else {
-            sc = new SmtpClient();
-        }
-
-        // set "from", message subject
-        if ((mFrom != null) && (!mFrom.equals("")))
-            sc.from(mFrom);
-        else {
-            throw new ENotificationException(
-                    CMS.getUserMessage("CMS_NOTIFICATION_NO_SMTP_SENDER"));
-        }
-
-        // set "to"
-        if ((mTo != null) && (!mTo.equals(""))) {
-            log(ILogger.LL_INFO, "mail to be sent to " + mTo);
-            sc.to(mTo);
-        } else {
-            throw new ENotificationException(
-                    CMS.getUserMessage("CMS_NOTIFICATION_NO_SMTP_RECEIVER"));
-        }
-
-        // set message content
-        PrintStream msgStream = sc.startMessage();
-
-        if (mContentType != null) {
-            msgStream.print("From: " + mFrom + "\n");
-            msgStream.print("MIME-Version: 1.0\n");
-            msgStream.print("To: " + mTo + "\n");
-            msgStream.print(mSubject + "\n");
-            msgStream.print(mContentType + "\n");
-        } else {
-            msgStream.print("From: " + mFrom + "\n");
-            msgStream.print("To: " + mTo + "\n");
-            msgStream.print(mSubject + "\n");
-        }
-        msgStream.print("\r\n");
-        msgStream.print(mContent + "\r\n");
-
-        // send
-        try {
-            sc.closeServer();
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-            throw new ENotificationException(
-                    CMS.getUserMessage("CMS_NOTIFICATION_SMTP_SEND_FAILED", mTo));
-        }
-    }
-
-    /**
-     * sets the "From" field
-     *
-     * @param from email address of the sender
-     */
-    public void setFrom(String from) {
-        mFrom = from;
-    }
-
-    /**
-     * sets the "Subject" field
-     *
-     * @param subject subject of the email
-     */
-    public void setSubject(String subject) {
-        mSubject = "Subject: " + subject;
-    }
-
-    /**
-     * sets the "Content-Type" field
-     *
-     * @param contentType content type of the email
-     */
-    public void setContentType(String contentType) {
-        mContentType = "Content-Type: " + contentType;
-    }
-
-    /**
-     * sets the content of the email
-     *
-     * @param content the message content
-     */
-    public void setContent(String content) {
-        mContent = content;
-    }
-
-    /**
-     * sets the recipients' email addresses
-     *
-     * @param addresses a list of email addresses of the recipients
-     */
-    public void setTo(Vector<String> addresses) {
-        // concatenate addresses into comma separated mTo String
-
-    }
-
-    /**
-     * sets the recipient's email address
-     *
-     * @param to address of the recipient email address
-     */
-    public void setTo(String to) {
-        mTo = to;
-    }
-
-    private void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-                level, "MailNotification: " + msg);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/ocsp/DefStore.java b/base/common/src/com/netscape/cms/ocsp/DefStore.java
deleted file mode 100644
index 86e0c68b1..000000000
--- a/base/common/src/com/netscape/cms/ocsp/DefStore.java
+++ /dev/null
@@ -1,958 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.ocsp;
-
-import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.cert.X509CRL;
-import java.security.cert.X509CRLEntry;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.RevokedCertificate;
-import netscape.security.x509.X509CRLImpl;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509Key;
-
-import org.mozilla.jss.asn1.ASN1Util;
-import org.mozilla.jss.asn1.GeneralizedTime;
-import org.mozilla.jss.asn1.INTEGER;
-import org.mozilla.jss.asn1.OCTET_STRING;
-import org.mozilla.jss.pkix.cert.Extension;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.common.Constants;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.dbs.IDBSSession;
-import com.netscape.certsrv.dbs.IDBSearchResults;
-import com.netscape.certsrv.dbs.IDBSubsystem;
-import com.netscape.certsrv.dbs.Modification;
-import com.netscape.certsrv.dbs.ModificationSet;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
-import com.netscape.certsrv.dbs.repository.IRepositoryRecord;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.ocsp.IDefStore;
-import com.netscape.certsrv.ocsp.IOCSPAuthority;
-import com.netscape.certsrv.util.IStatsSubsystem;
-import com.netscape.cmsutil.ocsp.BasicOCSPResponse;
-import com.netscape.cmsutil.ocsp.CertID;
-import com.netscape.cmsutil.ocsp.CertStatus;
-import com.netscape.cmsutil.ocsp.GoodInfo;
-import com.netscape.cmsutil.ocsp.OCSPRequest;
-import com.netscape.cmsutil.ocsp.OCSPResponse;
-import com.netscape.cmsutil.ocsp.OCSPResponseStatus;
-import com.netscape.cmsutil.ocsp.ResponderID;
-import com.netscape.cmsutil.ocsp.ResponseBytes;
-import com.netscape.cmsutil.ocsp.ResponseData;
-import com.netscape.cmsutil.ocsp.RevokedInfo;
-import com.netscape.cmsutil.ocsp.SingleResponse;
-import com.netscape.cmsutil.ocsp.TBSRequest;
-import com.netscape.cmsutil.ocsp.UnknownInfo;
-
-/**
- * This is the default OCSP store that stores revocation information
- * as certificate record (CMS internal data structure).
- *
- * @version $Revision$, $Date$
- */
-public class DefStore implements IDefStore, IExtendedPluginInfo {
-
-    // refreshInSec is useful in the master-clone situation.
-    // clone does not know that the CRL has been updated in
-    // the master (by default no refresh)
-    private static final String PROP_USE_CACHE = "useCache";
-
-    private static final String PROP_REFRESH_IN_SEC = "refreshInSec";
-    private static final int DEF_REFRESH_IN_SEC = 0;
-
-    public static final BigInteger BIG_ZERO = new BigInteger("0");
-    public static final Long MINUS_ONE = Long.valueOf(-1);
-
-    private final static String PROP_BY_NAME =
-            "byName";
-    private final static String PROP_WAIT_ON_CRL_UPDATE =
-            "waitOnCRLUpdate";
-    private final static String PROP_NOT_FOUND_GOOD = "notFoundAsGood";
-    private final static String PROP_INCLUDE_NEXT_UPDATE =
-            "includeNextUpdate";
-
-    protected Hashtable<String, Long> mReqCounts = new Hashtable<String, Long>();
-    protected boolean mNotFoundGood = true;
-    protected boolean mUseCache = true;
-    protected boolean mByName = true;
-    protected boolean mIncludeNextUpdate = false;
-    protected Hashtable<String, CRLIPContainer> mCacheCRLIssuingPoints = new Hashtable<String, CRLIPContainer>();
-    private IOCSPAuthority mOCSPAuthority = null;
-    private IConfigStore mConfig = null;
-    private String mId = null;
-    private IDBSubsystem mDBService = null;
-    private int mStateCount = 0;
-
-    /**
-     * Constructs the default store.
-     */
-    public DefStore() {
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement(PROP_NOT_FOUND_GOOD
-                + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_NOT_FOUND_GOOD"));
-        v.addElement(PROP_BY_NAME + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_BY_NAME"));
-        v.addElement(PROP_INCLUDE_NEXT_UPDATE
-                + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_INCLUDE_NEXT_UPDATE"));
-        v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_DESC"));
-        v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-defstore");
-        return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
-    }
-
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mOCSPAuthority = (IOCSPAuthority) owner;
-        mConfig = config;
-
-        mDBService = (IDBSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_DBS);
-
-        // Standalone OCSP server only stores information about revoked
-        // certificates. So there is no way for the OCSP server to
-        // tell if a certificate is good (issued) or not.
-        // When an OCSP client asks the status of a certificate,
-        // the OCSP server by default returns GOOD. If the server
-        // returns UNKNOWN, the OCSP client (browser) will display
-        // a error dialog that confuses the end-user.
-        //
-        // OCSP response can return unknown or good when a certificate
-        // is not revoked.
-        mNotFoundGood = mConfig.getBoolean(PROP_NOT_FOUND_GOOD, true);
-
-        mUseCache = mConfig.getBoolean(PROP_USE_CACHE, true);
-
-        mByName = mConfig.getBoolean(PROP_BY_NAME, true);
-
-        // To include next update in the OCSP response. If included,
-        // PSM (client) will check to see if the revoked information
-        // is too old or not
-        mIncludeNextUpdate = mConfig.getBoolean(PROP_INCLUDE_NEXT_UPDATE,
-                    false);
-
-        // init web gateway.
-        initWebGateway();
-
-        /**
-         * DeleteOldCRLsThread t = new DeleteOldCRLsThread(this);
-         * t.start();
-         **/
-        // deleteOldCRLs();
-    }
-
-    /**
-     * init web gateway - just gets the ee gateway for this CA.
-     */
-    private void initWebGateway()
-            throws EBaseException {
-    }
-
-    public IRepositoryRecord createRepositoryRecord() {
-        return CMS.createRepositoryRecord();
-    }
-
-    /**
-     * Returns to the client once the CRL is received.
-     */
-    public boolean waitOnCRLUpdate() {
-        boolean defaultVal = true;
-
-        try {
-            return mConfig.getBoolean(PROP_WAIT_ON_CRL_UPDATE, defaultVal);
-        } catch (EBaseException e) {
-            return defaultVal;
-        }
-    }
-
-    public boolean includeNextUpdate() {
-        return mIncludeNextUpdate;
-    }
-
-    public boolean isNotFoundGood() {
-        return mNotFoundGood;
-    }
-
-    public long getReqCount(String id) {
-        Long c = mReqCounts.get(id);
-
-        if (c == null)
-            return 0;
-        else
-            return c.longValue();
-    }
-
-    public void incReqCount(String id) {
-        mReqCounts.put(id, Long.valueOf(getReqCount(id) + 1));
-    }
-
-    /**
-     * This store will not delete the old CRL until the
-     * new one is totally committed.
-     */
-    public void deleteOldCRLs() throws EBaseException {
-        Enumeration<ICRLIssuingPointRecord> recs = searchCRLIssuingPointRecord(
-                "objectclass=" +
-                        CMS.getCRLIssuingPointRecordName(),
-                100);
-        while (recs.hasMoreElements()) {
-            ICRLIssuingPointRecord rec = recs.nextElement();
-            deleteOldCRLsInCA(rec.getId());
-        }
-    }
-
-    public void deleteOldCRLsInCA(String caName) throws EBaseException {
-        deleteCRLsInCA (caName, true);
-    }
-
-    public void deleteAllCRLsInCA(String caName) throws EBaseException {
-        deleteCRLsInCA (caName, false);
-    }
-
-    public void deleteCRLsInCA(String caName, boolean oldCRLs) throws EBaseException {
-        IDBSSession s = mDBService.createSession();
-
-        try {
-            ICRLIssuingPointRecord cp = readCRLIssuingPoint(caName);
-
-            if (cp == null)
-                return; // nothing to do
-            if (cp.getThisUpdate() == null)
-                return; // nothing to do
-            String thisUpdate = Long.toString(
-                    cp.getThisUpdate().getTime());
-            String filter = (oldCRLs)? "(!" + IRepositoryRecord.ATTR_SERIALNO + "=" + thisUpdate + ")": "ou=*";
-            Enumeration<IRepositoryRecord> e = searchRepository( caName, filter);
-
-            while (e != null && e.hasMoreElements()) {
-                IRepositoryRecord r = e.nextElement();
-                Enumeration<ICertRecord> recs =
-                        searchCertRecord(caName,
-                                r.getSerialNumber().toString(),
-                                ICertRecord.ATTR_ID + "=*");
-
-                log(ILogger.LL_INFO, "remove CRL 0x" +
-                        r.getSerialNumber().toString(16) +
-                        " of " + caName);
-                String rep_dn = "ou=" +
-                        r.getSerialNumber().toString() +
-                        ",cn=" + transformDN(caName) + "," +
-                        getBaseDN();
-
-                while (recs != null && recs.hasMoreElements()) {
-                    ICertRecord rec = recs.nextElement();
-                    String cert_dn = "cn=" +
-                            rec.getSerialNumber().toString() + "," + rep_dn;
-
-                    s.delete(cert_dn);
-                }
-                s.delete(rep_dn);
-            }
-        } finally {
-            if (s != null)
-                s.close();
-        }
-    }
-
-    public void log(int event, int level, String msg) {
-        mOCSPAuthority.log(event, level, msg);
-    }
-
-    public void log(int level, String msg) {
-        mOCSPAuthority.log(level, msg);
-    }
-
-    public void startup() throws EBaseException {
-        int refresh = mConfig.getInteger(PROP_REFRESH_IN_SEC,
-                DEF_REFRESH_IN_SEC);
-        if (refresh > 0) {
-            DefStoreCRLUpdater updater =
-                    new DefStoreCRLUpdater(mCacheCRLIssuingPoints, refresh);
-            updater.start();
-        }
-    }
-
-    public void shutdown() {
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    public void setId(String id) throws EBaseException {
-        mId = id;
-    }
-
-    public String getId() {
-        return mId;
-    }
-
-    /**
-     * Validate an OCSP request.
-     */
-    public OCSPResponse validate(OCSPRequest request)
-            throws EBaseException {
-
-        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
-
-        mOCSPAuthority.incNumOCSPRequest(1);
-        long startTime = CMS.getCurrentDate().getTime();
-        try {
-            mOCSPAuthority.log(ILogger.LL_INFO, "start OCSP request");
-            TBSRequest tbsReq = request.getTBSRequest();
-
-            // (3) look into database to check the
-            //     certificate's status
-            Vector<SingleResponse> singleResponses = new Vector<SingleResponse>();
-            if (statsSub != null) {
-                statsSub.startTiming("lookup");
-            }
-
-            long lookupStartTime = CMS.getCurrentDate().getTime();
-            for (int i = 0; i < tbsReq.getRequestCount(); i++) {
-                com.netscape.cmsutil.ocsp.Request req =
-                        tbsReq.getRequestAt(i);
-                CertID cid = req.getCertID();
-                SingleResponse sr = processRequest(cid);
-
-                singleResponses.addElement(sr);
-            }
-            long lookupEndTime = CMS.getCurrentDate().getTime();
-            if (statsSub != null) {
-                statsSub.endTiming("lookup");
-            }
-            mOCSPAuthority.incLookupTime(lookupEndTime - lookupStartTime);
-
-            if (singleResponses.size() <= 0) {
-                CMS.debug("DefStore: No Request Found");
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_REQUEST_FAILURE", "No Request Found"));
-                return null;
-            }
-            if (statsSub != null) {
-                statsSub.startTiming("build_response");
-            }
-            SingleResponse res[] = new SingleResponse[singleResponses.size()];
-
-            singleResponses.copyInto(res);
-
-            ResponderID rid = null;
-
-            if (mByName) {
-                rid = mOCSPAuthority.getResponderIDByName();
-            } else {
-                rid = mOCSPAuthority.getResponderIDByHash();
-            }
-
-            Extension nonce[] = null;
-
-            for (int j = 0; j < tbsReq.getExtensionsCount(); j++) {
-                Extension thisExt = tbsReq.getRequestExtensionAt(j);
-
-                if (thisExt.getExtnId().equals(IOCSPAuthority.OCSP_NONCE)) {
-                    nonce = new Extension[1];
-                    nonce[0] = thisExt;
-                }
-            }
-
-            ResponseData rd = new ResponseData(rid,
-                    new GeneralizedTime(CMS.getCurrentDate()), res, nonce);
-            if (statsSub != null) {
-                statsSub.endTiming("build_response");
-            }
-
-            if (statsSub != null) {
-                statsSub.startTiming("signing");
-            }
-            long signStartTime = CMS.getCurrentDate().getTime();
-            BasicOCSPResponse basicRes = mOCSPAuthority.sign(rd);
-            long signEndTime = CMS.getCurrentDate().getTime();
-            if (statsSub != null) {
-                statsSub.endTiming("signing");
-            }
-            mOCSPAuthority.incSignTime(signEndTime - signStartTime);
-
-            OCSPResponse response = new OCSPResponse(
-                    OCSPResponseStatus.SUCCESSFUL,
-                    new ResponseBytes(ResponseBytes.OCSP_BASIC,
-                            new OCTET_STRING(ASN1Util.encode(basicRes))));
-
-            log(ILogger.LL_INFO, "done OCSP request");
-            long endTime = CMS.getCurrentDate().getTime();
-            mOCSPAuthority.incTotalTime(endTime - startTime);
-            return response;
-        } catch (Exception e) {
-            CMS.debug("DefStore: validation failed " + e.toString());
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_REQUEST_FAILURE", e.toString()));
-            return null;
-        }
-    }
-
-    /**
-     * Check against the database for status.
-     */
-    private SingleResponse processRequest(CertID cid) {
-        // need to find the right CA
-
-        CMS.debug("DefStore: process request");
-        try {
-            // cache result to speed up the performance
-            X509CertImpl theCert = null;
-            X509CRLImpl theCRL = null;
-            ICRLIssuingPointRecord theRec = null;
-            byte keyhsh[] = cid.getIssuerKeyHash().toByteArray();
-            CRLIPContainer matched = mCacheCRLIssuingPoints.get(new String(keyhsh));
-
-            if (matched == null) {
-                Enumeration<ICRLIssuingPointRecord> recs = searchCRLIssuingPointRecord(
-                        "objectclass=" +
-                                CMS.getCRLIssuingPointRecordName(),
-                        100);
-
-                while (recs.hasMoreElements()) {
-                    ICRLIssuingPointRecord rec = recs.nextElement();
-                    byte certdata[] = rec.getCACert();
-                    X509CertImpl cert = null;
-
-                    try {
-                        cert = new X509CertImpl(certdata);
-                    } catch (Exception e) {
-                        // error
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CERT", e.toString()));
-                        return null;
-                    }
-                    MessageDigest md = MessageDigest.getInstance(
-                            mOCSPAuthority.getDigestName(cid.getHashAlgorithm()));
-                    X509Key key = (X509Key) cert.getPublicKey();
-                    byte digest[] = md.digest(key.getKey());
-
-                    if (mOCSPAuthority.arraysEqual(digest, keyhsh)) {
-                        theCert = cert;
-                        theRec = rec;
-                        incReqCount(theRec.getId());
-                        byte crldata[] = rec.getCRL();
-
-                        if (rec.getCRLCache() == null) {
-                            CMS.debug("DefStore: start building x509 crl impl");
-                            try {
-                                theCRL = new X509CRLImpl(crldata);
-                            } catch (Exception e) {
-                                log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CRL", e.toString()));
-                            }
-                            CMS.debug("DefStore: done building x509 crl impl");
-                        } else {
-                            CMS.debug("DefStore: using crl cache");
-                        }
-                        mCacheCRLIssuingPoints.put(new String(digest), new CRLIPContainer(theRec, theCert, theCRL));
-                        break;
-                    }
-                }
-            } else {
-                theCert = matched.getX509CertImpl();
-                theRec = matched.getCRLIssuingPointRecord();
-                theCRL = matched.getX509CRLImpl();
-                incReqCount(theRec.getId());
-            }
-
-            // check the serial number
-            if (theCert != null) {
-                INTEGER serialNo = cid.getSerialNumber();
-
-                log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Checked Status of certificate 0x" + serialNo.toString(16));
-                CMS.debug("DefStore: process request 0x" + serialNo.toString(16));
-                CertStatus certStatus = null;
-                GeneralizedTime thisUpdate = null;
-
-                if (theRec == null) {
-                    thisUpdate = new GeneralizedTime(CMS.getCurrentDate());
-                } else {
-                    thisUpdate = new GeneralizedTime(
-                                theRec.getThisUpdate());
-                }
-                GeneralizedTime nextUpdate = null;
-
-                if (includeNextUpdate()) {
-                    // this is an optional field
-                    if (theRec == null) {
-                        nextUpdate = new GeneralizedTime(CMS.getCurrentDate());
-                    } else {
-                        nextUpdate = new GeneralizedTime(
-                                    theRec.getNextUpdate());
-                    }
-                }
-
-                if (theCRL == null) {
-                    certStatus = new UnknownInfo();
-
-                    // if crl is not available, we can try crl cache
-                    if (theRec != null) {
-                        CMS.debug("DefStore: evaluating crl cache");
-                        Hashtable<BigInteger, RevokedCertificate> cache = theRec.getCRLCacheNoClone();
-                        if (cache != null) {
-                            RevokedCertificate rc = cache.get(new BigInteger(serialNo.toString()));
-                            if (rc == null) {
-                                if (isNotFoundGood()) {
-                                    certStatus = new GoodInfo();
-                                } else {
-                                    certStatus = new UnknownInfo();
-                                }
-                            } else {
-
-                                certStatus = new RevokedInfo(
-                                        new GeneralizedTime(
-                                                rc.getRevocationDate()));
-                            }
-                        }
-                    }
-
-                } else {
-                    CMS.debug("DefStore: evaluating x509 crl impl");
-                    X509CRLEntry crlentry = theCRL.getRevokedCertificate(new BigInteger(serialNo.toString()));
-
-                    if (crlentry == null) {
-                        // good or unknown
-                        if (isNotFoundGood()) {
-                            certStatus = new GoodInfo();
-                        } else {
-                            certStatus = new UnknownInfo();
-                        }
-                    } else {
-                        certStatus = new RevokedInfo(new GeneralizedTime(
-                                        crlentry.getRevocationDate()));
-
-                    }
-                }
-                return new SingleResponse(cid, certStatus, thisUpdate,
-                        nextUpdate);
-            }
-        } catch (Exception e) {
-            // error log
-            CMS.debug("DefStore: failed processing request e=" + e);
-        }
-        return null;
-    }
-
-    private String transformDN(String dn) {
-        String newdn = dn;
-
-        newdn = newdn.replace(',', '_');
-        newdn = newdn.replace('=', '-');
-        return newdn;
-    }
-
-    public String getBaseDN() {
-        return mDBService.getBaseDN();
-    }
-
-    public Enumeration<ICRLIssuingPointRecord> searchAllCRLIssuingPointRecord(int maxSize)
-            throws EBaseException {
-        return searchCRLIssuingPointRecord(
-                "objectclass=" +
-                        CMS.getCRLIssuingPointRecordName(),
-                maxSize);
-    }
-
-    public Enumeration<ICRLIssuingPointRecord> searchCRLIssuingPointRecord(String filter,
-            int maxSize)
-            throws EBaseException {
-        IDBSSession s = mDBService.createSession();
-        Vector<ICRLIssuingPointRecord> v = new Vector<ICRLIssuingPointRecord>();
-
-        try {
-            IDBSearchResults sr = s.search(getBaseDN(), filter, maxSize);
-            while (sr.hasMoreElements()) {
-                v.add((ICRLIssuingPointRecord) sr.nextElement());
-            }
-        } finally {
-            if (s != null)
-                s.close();
-        }
-        return v.elements();
-    }
-
-    public synchronized void modifyCRLIssuingPointRecord(String name,
-            ModificationSet mods) throws EBaseException {
-        IDBSSession s = mDBService.createSession();
-
-        try {
-            String dn = "cn=" +
-                    transformDN(name) + "," + getBaseDN();
-
-            s.modify(dn, mods);
-        } catch (EBaseException e) {
-            CMS.debug("modifyCRLIssuingPointRecord: error=" + e);
-            CMS.debug(e);
-            throw e;
-        } finally {
-            if (s != null)
-                s.close();
-        }
-    }
-
-    /**
-     * Returns an issuing point.
-     */
-    public ICRLIssuingPointRecord readCRLIssuingPoint(String name)
-            throws EBaseException {
-        IDBSSession s = mDBService.createSession();
-        ICRLIssuingPointRecord rec = null;
-
-        try {
-            String dn = "cn=" +
-                    transformDN(name) + "," + getBaseDN();
-
-            if (s != null) {
-                rec = (ICRLIssuingPointRecord) s.read(dn);
-            }
-        } finally {
-            if (s != null)
-                s.close();
-        }
-        return rec;
-    }
-
-    public ICRLIssuingPointRecord createCRLIssuingPointRecord(
-            String name, BigInteger crlNumber,
-            Long crlSize, Date thisUpdate, Date nextUpdate) {
-        return CMS.createCRLIssuingPointRecord(
-                name, crlNumber, crlSize, thisUpdate, nextUpdate);
-    }
-
-    public void deleteCRLIssuingPointRecord(String id)
-            throws EBaseException {
-
-        IDBSSession s = null;
-
-        try {
-            s = mDBService.createSession();
-            String name = "cn=" + transformDN(id) + "," + getBaseDN();
-            CMS.debug("DefStore::deleteCRLIssuingPointRecord: Attempting to delete: " + name);
-            if (s != null) {
-                deleteAllCRLsInCA(id);
-                s.delete(name);
-            }
-        } finally {
-            if (s != null)
-                s.close();
-        }
-    }
-
-    /**
-     * Creates a new issuing point in OCSP.
-     */
-    public void addCRLIssuingPoint(String name, ICRLIssuingPointRecord rec)
-            throws EBaseException {
-        IDBSSession s = mDBService.createSession();
-
-        try {
-            String dn = "cn=" +
-                    transformDN(name) + "," + getBaseDN();
-
-            s.add(dn, rec);
-        } finally {
-            if (s != null)
-                s.close();
-        }
-    }
-
-    public Enumeration<IRepositoryRecord> searchRepository(String name, String filter)
-            throws EBaseException {
-        IDBSSession s = mDBService.createSession();
-        Vector<IRepositoryRecord> v = new Vector<IRepositoryRecord>();
-
-        try {
-            IDBSearchResults sr = s.search("cn=" + transformDN(name) + "," + getBaseDN(),
-                        filter);
-            while (sr.hasMoreElements()) {
-                v.add((IRepositoryRecord) sr.nextElement());
-            }
-        } finally {
-            if (s != null)
-                s.close();
-        }
-        return v.elements();
-    }
-
-    /**
-     * Creates a new issuing point in OCSP.
-     */
-    public void addRepository(String name, String thisUpdate,
-            IRepositoryRecord rec)
-            throws EBaseException {
-        IDBSSession s = mDBService.createSession();
-
-        try {
-            String dn = "ou=" + thisUpdate + ",cn=" +
-                    transformDN(name) + "," + getBaseDN();
-
-            s.add(dn, rec);
-        } finally {
-            if (s != null)
-                s.close();
-        }
-    }
-
-    public void modifyCertRecord(String name, String thisUpdate,
-            String sno,
-            ModificationSet mods) throws EBaseException {
-        IDBSSession s = mDBService.createSession();
-
-        try {
-            String dn = "cn=" + sno + ",ou=" + thisUpdate +
-                    ",cn=" + transformDN(name) + "," + getBaseDN();
-
-            if (s != null)
-                s.modify(dn, mods);
-        } finally {
-            if (s != null)
-                s.close();
-        }
-    }
-
-    public Enumeration<ICertRecord> searchCertRecord(String name, String thisUpdate,
-            String filter) throws EBaseException {
-        IDBSSession s = mDBService.createSession();
-        Vector<ICertRecord> v = new Vector<ICertRecord>();
-
-        try {
-            IDBSearchResults sr = s.search("ou=" + thisUpdate + ",cn=" +
-                        transformDN(name) + "," + getBaseDN(),
-                        filter);
-            while (sr.hasMoreElements()) {
-                v.add((ICertRecord) sr.nextElement());
-            }
-        } finally {
-            if (s != null)
-                s.close();
-        }
-        return v.elements();
-    }
-
-    public ICertRecord readCertRecord(String name, String thisUpdate,
-            String sno)
-            throws EBaseException {
-        IDBSSession s = mDBService.createSession();
-        ICertRecord rec = null;
-
-        try {
-            String dn = "cn=" + sno + ",ou=" + thisUpdate +
-                    ",cn=" + transformDN(name) + "," + getBaseDN();
-
-            if (s != null) {
-                rec = (ICertRecord) s.read(dn);
-            }
-        } finally {
-            if (s != null)
-                s.close();
-        }
-        return rec;
-    }
-
-    /**
-     * Creates a new issuing point in OCSP.
-     */
-    public void addCertRecord(String name, String thisUpdate,
-            String sno, ICertRecord rec)
-            throws EBaseException {
-        IDBSSession s = mDBService.createSession();
-
-        try {
-            String dn = "cn=" + sno + ",ou=" + thisUpdate +
-                    ",cn=" + transformDN(name) + "," + getBaseDN();
-
-            s.add(dn, rec);
-        } finally {
-            if (s != null)
-                s.close();
-        }
-    }
-
-    public NameValuePairs getConfigParameters() {
-        try {
-            NameValuePairs params = new NameValuePairs();
-
-            params.put(Constants.PR_OCSPSTORE_IMPL_NAME,
-                    mConfig.getString("class"));
-            params.put(PROP_NOT_FOUND_GOOD,
-                    mConfig.getString(PROP_NOT_FOUND_GOOD, "true"));
-            params.put(PROP_BY_NAME,
-                    mConfig.getString(PROP_BY_NAME, "true"));
-            params.put(PROP_INCLUDE_NEXT_UPDATE,
-                    mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false"));
-            return params;
-        } catch (Exception e) {
-            return null;
-        }
-    }
-
-    public void setConfigParameters(NameValuePairs pairs)
-            throws EBaseException {
-
-        for (String key : pairs.keySet()) {
-            mConfig.put(key, pairs.get(key));
-        }
-    }
-
-    public void updateCRL(X509CRL crl) throws EBaseException {
-        try {
-            mStateCount++;
-
-            CMS.debug("DefStore: Ready to update Issuer");
-
-            try {
-                if (!((X509CRLImpl) crl).areEntriesIncluded())
-                    crl = new X509CRLImpl(((X509CRLImpl) crl).getEncoded());
-            } catch (Exception e) {
-                CMS.debug(e);
-            }
-
-            // commit update
-            ModificationSet mods = new ModificationSet();
-
-            if (crl.getThisUpdate() != null)
-                mods.add(ICRLIssuingPointRecord.ATTR_THIS_UPDATE,
-                        Modification.MOD_REPLACE, crl.getThisUpdate());
-            if (crl.getNextUpdate() != null)
-                mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE,
-                        Modification.MOD_REPLACE, crl.getNextUpdate());
-            if (mUseCache) {
-                if (((X509CRLImpl) crl).getListOfRevokedCertificates() != null) {
-                    mods.add(ICRLIssuingPointRecord.ATTR_CRL_CACHE,
-                            Modification.MOD_REPLACE,
-                            ((X509CRLImpl) crl).getListOfRevokedCertificates());
-                }
-            }
-            if (((X509CRLImpl) crl).getNumberOfRevokedCertificates() < 0) {
-                mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE,
-                        Modification.MOD_REPLACE, Long.valueOf(0));
-            } else {
-                mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE,
-                        Modification.MOD_REPLACE, Long.valueOf(((X509CRLImpl) crl).getNumberOfRevokedCertificates()));
-            }
-            BigInteger crlNumber = ((X509CRLImpl) crl).getCRLNumber();
-            if (crlNumber == null) {
-                mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER,
-                        Modification.MOD_REPLACE, new BigInteger("-1"));
-            } else {
-                mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER,
-                        Modification.MOD_REPLACE, crlNumber);
-            }
-            try {
-                mods.add(ICRLIssuingPointRecord.ATTR_CRL,
-                        Modification.MOD_REPLACE, crl.getEncoded());
-            } catch (Exception e) {
-                // ignore
-            }
-            CMS.debug("DefStore: ready to CRL update " +
-                    crl.getIssuerDN().getName());
-            modifyCRLIssuingPointRecord(
-                    crl.getIssuerDN().getName(), mods);
-            CMS.debug("DefStore: done CRL update " +
-                    crl.getIssuerDN().getName());
-
-            // update cache
-            mCacheCRLIssuingPoints.clear();
-
-            log(ILogger.LL_INFO, "AddCRLServlet: Finish Committing CRL." +
-                    " thisUpdate=" + crl.getThisUpdate() +
-                    " nextUpdate=" + crl.getNextUpdate());
-
-        } finally {
-            mStateCount--;
-        }
-    }
-
-    public int getStateCount() {
-        return mStateCount;
-    }
-
-}
-
-class DeleteOldCRLsThread extends Thread {
-    private DefStore mDefStore = null;
-
-    public DeleteOldCRLsThread(DefStore defStore) {
-        mDefStore = defStore;
-    }
-
-    public void run() {
-        try {
-            mDefStore.deleteOldCRLs();
-        } catch (EBaseException e) {
-        }
-    }
-}
-
-class CRLIPContainer {
-    private ICRLIssuingPointRecord mRec = null;
-    private X509CertImpl mCert = null;
-    private X509CRLImpl mCRL = null;
-
-    public CRLIPContainer(ICRLIssuingPointRecord rec, X509CertImpl cert, X509CRLImpl crl) {
-        mRec = rec;
-        mCert = cert;
-        mCRL = crl;
-    }
-
-    public ICRLIssuingPointRecord getCRLIssuingPointRecord() {
-        return mRec;
-    }
-
-    public X509CertImpl getX509CertImpl() {
-        return mCert;
-    }
-
-    public X509CRLImpl getX509CRLImpl() {
-        return mCRL;
-    }
-}
-
-class DefStoreCRLUpdater extends Thread {
-    private Hashtable<String, CRLIPContainer> mCache = null;
-    private int mSec = 0;
-
-    public DefStoreCRLUpdater(Hashtable<String, CRLIPContainer> cache, int sec) {
-        mCache = cache;
-        mSec = sec;
-    }
-
-    public void run() {
-        while (true) {
-            try {
-                CMS.debug("DefStore: CRLUpdater invoked");
-                mCache.clear();
-                sleep(mSec * 1000); // turn sec into millis-sec
-            } catch (Exception e) {
-                // ignore
-            }
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/ocsp/LDAPStore.java b/base/common/src/com/netscape/cms/ocsp/LDAPStore.java
deleted file mode 100644
index e2e5fc493..000000000
--- a/base/common/src/com/netscape/cms/ocsp/LDAPStore.java
+++ /dev/null
@@ -1,749 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.ocsp;
-
-import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.cert.X509CRL;
-import java.security.cert.X509CRLEntry;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-import netscape.security.x509.RevokedCertificate;
-import netscape.security.x509.X509CRLImpl;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509Key;
-
-import org.mozilla.jss.asn1.ASN1Util;
-import org.mozilla.jss.asn1.GeneralizedTime;
-import org.mozilla.jss.asn1.OCTET_STRING;
-import org.mozilla.jss.pkix.cert.Extension;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.common.Constants;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
-import com.netscape.certsrv.dbs.repository.IRepositoryRecord;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.ocsp.IDefStore;
-import com.netscape.certsrv.ocsp.IOCSPAuthority;
-import com.netscape.certsrv.util.IStatsSubsystem;
-import com.netscape.cmsutil.ocsp.BasicOCSPResponse;
-import com.netscape.cmsutil.ocsp.CertID;
-import com.netscape.cmsutil.ocsp.CertStatus;
-import com.netscape.cmsutil.ocsp.GoodInfo;
-import com.netscape.cmsutil.ocsp.OCSPRequest;
-import com.netscape.cmsutil.ocsp.OCSPResponse;
-import com.netscape.cmsutil.ocsp.OCSPResponseStatus;
-import com.netscape.cmsutil.ocsp.ResponderID;
-import com.netscape.cmsutil.ocsp.ResponseBytes;
-import com.netscape.cmsutil.ocsp.ResponseData;
-import com.netscape.cmsutil.ocsp.RevokedInfo;
-import com.netscape.cmsutil.ocsp.SingleResponse;
-import com.netscape.cmsutil.ocsp.TBSRequest;
-import com.netscape.cmsutil.ocsp.UnknownInfo;
-
-/**
- * This is the LDAP OCSP store. It reads CA certificate and
- * revocation list attributes from the CA entry.
- *
- * @version $Revision$, $Date$
- */
-public class LDAPStore implements IDefStore, IExtendedPluginInfo {
-    private static final String PROP_NUM_CONNS = "numConns";
-    private static final String PROP_REFRESH_IN_SEC = "refreshInSec";
-    private static final int DEF_REFRESH_IN_SEC = 60 * 60 * 24;
-    private static final String PROP_BASE_DN = "baseDN";
-    private static final String PROP_BY_NAME = "byName";
-    private static final String PROP_CRL_ATTR = "crlAttr";
-    private static final String DEF_CRL_ATTR = "certificateRevocationList;binary";
-    private static final String PROP_CA_CERT_ATTR = "caCertAttr";
-    private static final String DEF_CA_CERT_ATTR = "cACertificate;binary";
-    private static final String PROP_HOST = "host";
-    private static final String PROP_PORT = "port";
-
-    private final static String PROP_NOT_FOUND_GOOD = "notFoundAsGood";
-    private final static String PROP_INCLUDE_NEXT_UPDATE =
-            "includeNextUpdate";
-
-    private IOCSPAuthority mOCSPAuthority = null;
-    private IConfigStore mConfig = null;
-    private String mId = null;
-    private String mCRLAttr = null;
-    private boolean mByName = true;
-    private String mCACertAttr = null;
-    protected Hashtable<String, Long> mReqCounts = new Hashtable<String, Long>();
-    private Hashtable<X509CertImpl, X509CRLImpl> mCRLs = new Hashtable<X509CertImpl, X509CRLImpl>();
-
-    /**
-     * Constructs the default store.
-     */
-    public LDAPStore() {
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement(PROP_NOT_FOUND_GOOD
-                + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_NOT_FOUND_GOOD"));
-        v.addElement(PROP_INCLUDE_NEXT_UPDATE
-                + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_INCLUDE_NEXT_UPDATE"));
-        v.addElement(PROP_NUM_CONNS + ";number; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_NUM_CONNS"));
-        v.addElement(PROP_BY_NAME + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_BY_NAME"));
-        v.addElement(PROP_CRL_ATTR + ";string; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CRL_ATTR"));
-        v.addElement(PROP_CA_CERT_ATTR
-                + ";string; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CA_CERT_ATTR"));
-        v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_DESC"));
-        v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-ldapstore");
-        return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
-    }
-
-    /**
-     * Fetch CA certificate and CRL from LDAP server.
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mOCSPAuthority = (IOCSPAuthority) owner;
-        mConfig = config;
-
-        mCRLAttr = mConfig.getString(PROP_CRL_ATTR, DEF_CRL_ATTR);
-        mCACertAttr = mConfig.getString(PROP_CA_CERT_ATTR,
-                    DEF_CA_CERT_ATTR);
-        mByName = mConfig.getBoolean(PROP_BY_NAME, true);
-
-    }
-
-    /**
-     * Locates the CA certificate.
-     */
-    public X509CertImpl locateCACert(LDAPConnection conn, String baseDN)
-            throws EBaseException {
-        try {
-            LDAPSearchResults results = conn.search(baseDN,
-                    LDAPv2.SCOPE_SUB, mCACertAttr + "=*",
-                    null, false);
-
-            if (!results.hasMoreElements()) {
-                throw new EBaseException("error - no entry");
-            }
-            LDAPEntry entry = results.next();
-            LDAPAttribute crls = entry.getAttribute(mCACertAttr);
-            @SuppressWarnings("unchecked")
-            Enumeration<byte[]> vals = crls.getByteValues();
-
-            if (!vals.hasMoreElements()) {
-                throw new EBaseException("error - no values");
-            }
-            byte caCertData[] = vals.nextElement();
-            X509CertImpl caCert = new X509CertImpl(caCertData);
-
-            return caCert;
-        } catch (Exception e) {
-            CMS.debug("LDAPStore: locateCACert " + e.toString());
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("OCSP_LOCATE_CA", e.toString()));
-        }
-        return null;
-    }
-
-    /**
-     * Locates the CRL.
-     */
-    public X509CRLImpl locateCRL(LDAPConnection conn, String baseDN)
-            throws EBaseException {
-        try {
-            LDAPSearchResults results = conn.search(baseDN,
-                    LDAPv2.SCOPE_SUB, mCRLAttr + "=*",
-                    null, false);
-
-            if (!results.hasMoreElements()) {
-                throw new EBaseException("error - no entry");
-            }
-            LDAPEntry entry = results.next();
-            LDAPAttribute crls = entry.getAttribute(mCRLAttr);
-            @SuppressWarnings("unchecked")
-            Enumeration<byte[]> vals = crls.getByteValues();
-
-            if (!vals.hasMoreElements()) {
-                throw new EBaseException("error - no values");
-            }
-            byte crlData[] = vals.nextElement();
-            X509CRLImpl crl = new X509CRLImpl(crlData);
-
-            return crl;
-        } catch (Exception e) {
-            CMS.debug("LDAPStore: locateCRL " + e.toString());
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("OCSP_LOCATE_CRL", e.toString()));
-        }
-        return null;
-    }
-
-    public void updateCRLHash(X509CertImpl caCert, X509CRLImpl crl)
-            throws EBaseException {
-        X509CRLImpl oldCRL = mCRLs.get(caCert);
-
-        if (oldCRL != null) {
-            if (oldCRL.getThisUpdate().getTime() >= crl.getThisUpdate().getTime()) {
-                log(ILogger.LL_INFO,
-                        "LDAPStore: no update, received CRL is older than current CRL");
-                return; // no update
-            }
-        }
-        CMS.debug("Added '" + caCert.getSubjectDN().toString() + "' into CRL hash");
-        mCRLs.put(caCert, crl);
-    }
-
-    public void log(int level, String msg) {
-        mOCSPAuthority.log(level, msg);
-    }
-
-    public void startup() throws EBaseException {
-        int num = mConfig.getInteger(PROP_NUM_CONNS, 0);
-
-        for (int i = 0; i < num; i++) {
-            String host = mConfig.getString(PROP_HOST + Integer.toString(i), null);
-            int port = mConfig.getInteger(PROP_PORT + Integer.toString(i), 0);
-            LDAPConnection c = new LDAPConnection();
-
-            try {
-                c.connect(host, port);
-            } catch (LDAPException e) {
-                throw new EBaseException("LDAP " + e);
-            }
-            String baseDN = mConfig.getString(PROP_BASE_DN + Integer.toString(i), null);
-            CRLUpdater updater = new CRLUpdater(
-                    this, c, baseDN,
-                    mConfig.getInteger(PROP_REFRESH_IN_SEC + Integer.toString(i),
-                            DEF_REFRESH_IN_SEC));
-
-            updater.start();
-        }
-    }
-
-    public void shutdown() {
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    public void setId(String id) throws EBaseException {
-        mId = id;
-    }
-
-    public String getId() {
-        return mId;
-    }
-
-    /**
-     * Validate an OCSP request.
-     */
-    public OCSPResponse validate(OCSPRequest request)
-            throws EBaseException {
-
-        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
-
-        mOCSPAuthority.incNumOCSPRequest(1);
-        long startTime = CMS.getCurrentDate().getTime();
-        try {
-            mOCSPAuthority.log(ILogger.LL_INFO, "start OCSP request");
-            TBSRequest tbsReq = request.getTBSRequest();
-
-            Vector<SingleResponse> singleResponses = new Vector<SingleResponse>();
-
-            if (statsSub != null) {
-                statsSub.startTiming("lookup");
-            }
-
-            long lookupStartTime = CMS.getCurrentDate().getTime();
-            for (int i = 0; i < tbsReq.getRequestCount(); i++) {
-                com.netscape.cmsutil.ocsp.Request req =
-                        tbsReq.getRequestAt(i);
-                CertID cid = req.getCertID();
-                SingleResponse sr = processRequest(cid);
-
-                singleResponses.addElement(sr);
-            }
-            long lookupEndTime = CMS.getCurrentDate().getTime();
-            if (statsSub != null) {
-                statsSub.endTiming("lookup");
-            }
-            mOCSPAuthority.incLookupTime(lookupEndTime - lookupStartTime);
-
-            if (statsSub != null) {
-                statsSub.startTiming("build_response");
-            }
-            SingleResponse res[] = new SingleResponse[singleResponses.size()];
-
-            singleResponses.copyInto(res);
-
-            ResponderID rid = null;
-
-            if (mByName) {
-                rid = mOCSPAuthority.getResponderIDByName();
-            } else {
-                rid = mOCSPAuthority.getResponderIDByHash();
-            }
-
-            Extension nonce[] = null;
-
-            for (int j = 0; j < tbsReq.getExtensionsCount(); j++) {
-                Extension thisExt = tbsReq.getRequestExtensionAt(j);
-
-                if (thisExt.getExtnId().equals(IOCSPAuthority.OCSP_NONCE)) {
-                    nonce = new Extension[1];
-                    nonce[0] = thisExt;
-                }
-            }
-
-            ResponseData rd = new ResponseData(rid,
-                    new GeneralizedTime(CMS.getCurrentDate()), res, nonce);
-            if (statsSub != null) {
-                statsSub.endTiming("build_response");
-            }
-
-            if (statsSub != null) {
-                statsSub.startTiming("signing");
-            }
-
-            long signStartTime = CMS.getCurrentDate().getTime();
-            BasicOCSPResponse basicRes = mOCSPAuthority.sign(rd);
-            long signEndTime = CMS.getCurrentDate().getTime();
-            mOCSPAuthority.incSignTime(signEndTime - signStartTime);
-            if (statsSub != null) {
-                statsSub.endTiming("signing");
-            }
-
-            OCSPResponse response = new OCSPResponse(
-                    OCSPResponseStatus.SUCCESSFUL,
-                    new ResponseBytes(ResponseBytes.OCSP_BASIC,
-                            new OCTET_STRING(ASN1Util.encode(basicRes))));
-
-            log(ILogger.LL_INFO, "done OCSP request");
-            long endTime = CMS.getCurrentDate().getTime();
-            mOCSPAuthority.incTotalTime(endTime - startTime);
-            return response;
-        } catch (Exception e) {
-            CMS.debug("LDAPStore: validation " + e.toString());
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_REQUEST_FAILURE", e.toString()));
-            return null;
-        }
-    }
-
-    public int getStateCount() {
-        return 0;
-    }
-
-    public long getReqCount(String id) {
-        Long c = mReqCounts.get(id);
-
-        if (c == null)
-            return 0;
-        else
-            return c.longValue();
-    }
-
-    public IRepositoryRecord createRepositoryRecord() {
-        return null;
-    }
-
-    public void addRepository(String name, String thisUpdate,
-            IRepositoryRecord rec)
-            throws EBaseException {
-        throw new EBaseException("NOT SUPPORTED");
-    }
-
-    public boolean waitOnCRLUpdate() {
-        return false;
-    }
-
-    public void updateCRL(X509CRL crl) throws EBaseException {
-        throw new EBaseException("NOT SUPPORTED");
-    }
-
-    public ICRLIssuingPointRecord readCRLIssuingPoint(String name)
-            throws EBaseException {
-        throw new EBaseException("NOT SUPPORTED");
-    }
-
-    public Enumeration<ICRLIssuingPointRecord> searchAllCRLIssuingPointRecord(int maxSize)
-            throws EBaseException {
-        Vector<ICRLIssuingPointRecord> recs = new Vector<ICRLIssuingPointRecord>();
-        Enumeration<X509CertImpl> keys = mCRLs.keys();
-
-        while (keys.hasMoreElements()) {
-            X509CertImpl caCert = keys.nextElement();
-            X509CRLImpl crl = mCRLs.get(caCert);
-
-            recs.addElement(new TempCRLIssuingPointRecord(caCert, crl));
-        }
-        return recs.elements();
-    }
-
-    public Enumeration<ICRLIssuingPointRecord> searchCRLIssuingPointRecord(String filter,
-            int maxSize)
-            throws EBaseException {
-        return null;
-    }
-
-    public ICRLIssuingPointRecord createCRLIssuingPointRecord(
-            String name, BigInteger crlNumber,
-            Long crlSize, Date thisUpdate, Date nextUpdate) {
-        return null;
-    }
-
-    public void addCRLIssuingPoint(String name, ICRLIssuingPointRecord rec)
-            throws EBaseException {
-        throw new EBaseException("NOT SUPPORTED");
-    }
-
-    public void deleteCRLIssuingPointRecord(String id)
-            throws EBaseException {
-        throw new EBaseException("NOT SUPPORTED");
-    }
-
-    public boolean isNotFoundGood() {
-        try {
-            return isNotFoundGood1();
-        } catch (Exception e) {
-            return false;
-        }
-    }
-
-    public boolean includeNextUpdate() throws EBaseException {
-        return mConfig.getBoolean(PROP_INCLUDE_NEXT_UPDATE, false);
-    }
-
-    public boolean isNotFoundGood1() throws EBaseException {
-        return mConfig.getBoolean(PROP_NOT_FOUND_GOOD, true);
-    }
-
-    public void incReqCount(String id) {
-        mReqCounts.put(id, Long.valueOf(getReqCount(id) + 1));
-    }
-
-    /**
-     * Check against the database for status.
-     */
-    private SingleResponse processRequest(CertID cid) throws EBaseException {
-        // locate the right CRL
-        X509CertImpl theCert = null;
-        X509CRLImpl theCRL = null;
-
-        Enumeration<X509CertImpl> caCerts = mCRLs.keys();
-
-        while (caCerts.hasMoreElements()) {
-            X509CertImpl caCert = caCerts.nextElement();
-            MessageDigest md = null;
-
-            try {
-                md = MessageDigest.getInstance(
-                            mOCSPAuthority.getDigestName(cid.getHashAlgorithm()));
-            } catch (Exception e) {
-            }
-            X509Key key = (X509Key) caCert.getPublicKey();
-
-            if (key == null) {
-                System.out.println("LDAPStore::processRequest - key is null!");
-                return null;
-            }
-
-            byte digest[] = md.digest(key.getKey());
-            byte keyhsh[] = cid.getIssuerKeyHash().toByteArray();
-
-            if (mOCSPAuthority.arraysEqual(digest, keyhsh)) {
-                theCert = caCert;
-                incReqCount(caCert.getSubjectDN().toString());
-                theCRL = mCRLs.get(caCert);
-                break;
-            }
-        }
-
-        if (theCert == null) {
-            return null;
-        }
-
-        if (theCRL == null) {
-            return null;
-        }
-
-        GeneralizedTime thisUpdate = new GeneralizedTime(
-                theCRL.getThisUpdate());
-        GeneralizedTime nextUpdate = null;
-
-        if (includeNextUpdate()) {
-            nextUpdate = new GeneralizedTime(
-                        theCRL.getNextUpdate());
-        }
-
-        CertStatus certStatus = null;
-        X509CRLEntry entry = theCRL.getRevokedCertificate(
-                cid.getSerialNumber());
-
-        if (entry == null) {
-            if (isNotFoundGood1()) {
-                certStatus = new GoodInfo();
-            } else {
-                certStatus = new UnknownInfo();
-            }
-        } else {
-            certStatus = new RevokedInfo(new GeneralizedTime(
-                            entry.getRevocationDate()));
-        }
-
-        return new SingleResponse(cid, certStatus, thisUpdate, nextUpdate);
-    }
-
-    /**
-     * Provides configuration parameters.
-     */
-    public NameValuePairs getConfigParameters() {
-        try {
-            NameValuePairs params = new NameValuePairs();
-
-            params.put(Constants.PR_OCSPSTORE_IMPL_NAME,
-                    mConfig.getString("class"));
-            int num = mConfig.getInteger(PROP_NUM_CONNS, 0);
-
-            params.put(PROP_NUM_CONNS, Integer.toString(num));
-            for (int i = 0; i < num; i++) {
-                params.put(PROP_HOST + Integer.toString(i),
-                        mConfig.getString(PROP_HOST +
-                                Integer.toString(i), ""));
-                params.put(PROP_PORT + Integer.toString(i),
-                        mConfig.getString(PROP_PORT +
-                                Integer.toString(i), "389"));
-                params.put(PROP_BASE_DN + Integer.toString(i),
-                        mConfig.getString(PROP_BASE_DN +
-                                Integer.toString(i), ""));
-                params.put(PROP_REFRESH_IN_SEC + Integer.toString(i),
-                        mConfig.getString(PROP_REFRESH_IN_SEC +
-                                Integer.toString(i), Integer.toString(DEF_REFRESH_IN_SEC)));
-            }
-            params.put(PROP_BY_NAME,
-                    mConfig.getString(PROP_BY_NAME, "true"));
-            params.put(PROP_CA_CERT_ATTR,
-                    mConfig.getString(PROP_CA_CERT_ATTR, DEF_CA_CERT_ATTR));
-            params.put(PROP_CRL_ATTR,
-                    mConfig.getString(PROP_CRL_ATTR, DEF_CRL_ATTR));
-            params.put(PROP_NOT_FOUND_GOOD,
-                    mConfig.getString(PROP_NOT_FOUND_GOOD, "true"));
-            params.put(PROP_INCLUDE_NEXT_UPDATE,
-                    mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false"));
-            return params;
-        } catch (Exception e) {
-            return null;
-        }
-    }
-
-    public void setConfigParameters(NameValuePairs pairs)
-            throws EBaseException {
-
-        for (String key : pairs.keySet()) {
-            mConfig.put(key, pairs.get(key));
-        }
-    }
-}
-
-class CRLUpdater extends Thread {
-    private LDAPConnection mC = null;
-    private String mBaseDN = null;
-    private int mSec = 0;
-    private LDAPStore mStore = null;
-
-    public CRLUpdater(LDAPStore store, LDAPConnection c,
-            String baseDN, int sec) {
-        mC = c;
-        mSec = sec;
-        mBaseDN = baseDN;
-        mStore = store;
-    }
-
-    public void run() {
-        while (true) {
-            try {
-                LDAPConnection conn = mC;
-                CMS.debug("Started CRL Update '" + mBaseDN);
-                X509CertImpl caCert = mStore.locateCACert(conn, mBaseDN);
-                X509CRLImpl crl = mStore.locateCRL(conn, mBaseDN);
-
-                mStore.updateCRLHash(caCert, crl);
-                CMS.debug("Finished CRL Update - '" + mBaseDN);
-                sleep(mSec * 1000); // turn sec into millis-sec
-            } catch (Exception e) {
-                // ignore
-            }
-        }
-    }
-}
-
-class TempCRLIssuingPointRecord implements ICRLIssuingPointRecord {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 5299660983298765746L;
-    private X509CertImpl mCACert = null;
-    private X509CRLImpl mCRL = null;
-
-    TempCRLIssuingPointRecord(X509CertImpl caCert, X509CRLImpl crl) {
-        mCACert = caCert;
-        mCRL = crl;
-    }
-
-    public String getId() {
-        return mCACert.getSubjectDN().toString();
-    }
-
-    /**
-     * Retrieves CRL serial number.
-     */
-    public BigInteger getCRLNumber() {
-        return null;
-    }
-
-    /**
-     * Retrieves delta CRL serial number.
-     */
-    public BigInteger getDeltaCRLNumber() {
-        return null;
-    }
-
-    /**
-     * Retrieves CRL size.
-     */
-    public Long getCRLSize() {
-        return Long.valueOf(mCRL.getNumberOfRevokedCertificates());
-    }
-
-    /**
-     * Retrieves CRL size.
-     */
-    public Long getDeltaCRLSize() {
-        return Long.valueOf(-1);
-    }
-
-    /**
-     * Retrieves this update time.
-     */
-    public Date getThisUpdate() {
-        return mCRL.getThisUpdate();
-    }
-
-    /**
-     * Retrieves next update time.
-     */
-    public Date getNextUpdate() {
-        return mCRL.getNextUpdate();
-    }
-
-    public String getFirstUnsaved() {
-        return null;
-    }
-
-    public Hashtable<BigInteger, RevokedCertificate> getCRLCacheNoClone() {
-        return null;
-    }
-
-    public Hashtable<BigInteger, RevokedCertificate> getCRLCache() {
-        return null;
-    }
-
-    /**
-     * Retrieves CRL encodings.
-     */
-    public byte[] getCRL() {
-        try {
-            return mCRL.getEncoded();
-        } catch (Exception e) {
-            return null;
-        }
-    }
-
-    /**
-     * Retrieves CRL encodings.
-     */
-    public byte[] getDeltaCRL() {
-        return null;
-    }
-
-    public int isCRLIssuingPointInitialized() {
-        return 1;
-    }
-
-    public byte[] getCACert() {
-        try {
-            return mCACert.getEncoded();
-        } catch (Exception e) {
-            return null;
-        }
-    }
-
-    /**
-     * Retrieves cache info of revoked certificates.
-     */
-    public Hashtable<BigInteger, RevokedCertificate> getRevokedCerts() {
-        return mCRL.getListOfRevokedCertificates();
-    }
-
-    /**
-     * Retrieves cache info of unrevoked certificates.
-     */
-    public Hashtable<BigInteger, RevokedCertificate> getUnrevokedCerts() {
-        return null;
-    }
-
-    /**
-     * Retrieves cache info of expired certificates.
-     */
-    public Hashtable<BigInteger, RevokedCertificate> getExpiredCerts() {
-        return null;
-    }
-
-    public Enumeration<String> getSerializableAttrNames() {
-        return null;
-    }
-
-    public void set(String name, Object obj) throws EBaseException {
-    }
-
-    public Object get(String name) throws EBaseException {
-        return null;
-    }
-
-    public void delete(String name) throws EBaseException {
-
-    }
-
-    public Enumeration<String> getElements() {
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/password/PasswordChecker.java b/base/common/src/com/netscape/cms/password/PasswordChecker.java
deleted file mode 100644
index ae379761d..000000000
--- a/base/common/src/com/netscape/cms/password/PasswordChecker.java
+++ /dev/null
@@ -1,103 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.password;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.password.EPasswordCheckException;
-import com.netscape.certsrv.password.IConfigPasswordCheck;
-import com.netscape.certsrv.password.IPasswordCheck;
-
-/**
- * This class checks the given password if it meets the specific requirements.
- * For example, it can also specify the format of the password which has to
- * be 8 characters long and must be in alphanumeric.
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public class PasswordChecker implements IPasswordCheck, IConfigPasswordCheck {
-
-    public static final int MIN_LEN = 8;
-
-    /**
-     * Default constructor.
-     */
-    public PasswordChecker() {
-    }
-
-    public boolean isGoodConfigPassword(String mPassword) {
-        if (mPassword == null || mPassword.length() == 0) {
-            return false;
-        } else if (mPassword.length() < MIN_LEN) {
-            return false;
-        }
-        return true;
-    }
-
-    public String getConfigReason(String mPassword) {
-        if (mPassword == null || mPassword.length() == 0) {
-            EPasswordCheckException e = new EPasswordCheckException(
-                    "Empty Password");
-
-            return e.toString();
-        } else if (mPassword.length() < MIN_LEN) {
-            EPasswordCheckException e = new EPasswordCheckException(
-                    "Minimium Length is " + MIN_LEN);
-
-            return e.toString();
-        }
-        return null;
-    }
-
-    /**
-     * Returns true if the given password meets the quality requirement;
-     * otherwise returns false.
-     *
-     * @param mPassword The given password being checked.
-     * @return true if the password meets the quality requirement; otherwise
-     *         returns false.
-     */
-    public boolean isGoodPassword(String mPassword) {
-        if (mPassword == null || mPassword.length() == 0) {
-            return false;
-        } else if (mPassword.length() < MIN_LEN) {
-            return false;
-        }
-        return true;
-    }
-
-    /**
-     * Returns a reason if the password doesnt meet the quality requirement.
-     *
-     * @return string as a reason if the password quality requirement is not met.
-     */
-    public String getReason(String mPassword) {
-        if (mPassword == null || mPassword.length() == 0) {
-            EPasswordCheckException e = new EPasswordCheckException(
-                    CMS.getUserMessage("CMS_PASSWORD_EMPTY_PASSWORD"));
-
-            return e.toString();
-        } else if (mPassword.length() < MIN_LEN) {
-            EPasswordCheckException e = new EPasswordCheckException(
-                    CMS.getUserMessage("CMS_PASSWORD_INVALID_LEN", "" + MIN_LEN));
-
-            return e.toString();
-        }
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/APolicyRule.java b/base/common/src/com/netscape/cms/policy/APolicyRule.java
deleted file mode 100644
index 8ed943503..000000000
--- a/base/common/src/com/netscape/cms/policy/APolicyRule.java
+++ /dev/null
@@ -1,363 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy;
-
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.KeyIdentifier;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.EPolicyException;
-import com.netscape.certsrv.policy.IExpression;
-import com.netscape.certsrv.policy.IPolicyRule;
-import com.netscape.certsrv.request.AgentApprovals;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-
-/**
- * The abstract policy rule that concrete implementations will
- * extend.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public abstract class APolicyRule implements IPolicyRule {
-    protected String NAME = null;
-    protected String DESC = null;
-    protected IExpression mFilterExp = null;
-    protected String mInstanceName = null;
-    protected ILogger mLogger = CMS.getLogger();
-
-    public APolicyRule() {
-    }
-
-    /**
-     * Initializes the policy rule.
-     * <P>
-     *
-     * @param config The config store reference
-     */
-    public abstract void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException;
-
-    /**
-     * Gets the description for this policy rule.
-     * <P>
-     *
-     * @return The Description for this rule.
-     */
-    public String getDescription() {
-        return DESC;
-    }
-
-    /**
-     * Sets a predicate expression for rule matching.
-     * <P>
-     *
-     * @param exp The predicate expression for the rule.
-     */
-    public void setPredicate(IExpression exp) {
-        mFilterExp = exp;
-    }
-
-    /**
-     * Returns the predicate expression for the rule.
-     * <P>
-     *
-     * @return The predicate expression for the rule.
-     */
-    public IExpression getPredicate() {
-        return mFilterExp;
-    }
-
-    /**
-     * Returns the name of the policy rule.
-     * <P>
-     *
-     * @return The name of the policy class.
-     */
-    public String getName() {
-        return NAME;
-    }
-
-    /**
-     * Sets the instance name for a policy rule.
-     * <P>
-     *
-     * @param instanceName The name of the rule instance.
-     */
-    public void setInstanceName(String instanceName) {
-        mInstanceName = instanceName;
-    }
-
-    /**
-     * Returns the name of the policy rule instance.
-     * <P>
-     *
-     * @return The name of the policy rule instance if set, else
-     *         the name of the rule class.
-     */
-    public String getInstanceName() {
-        return mInstanceName != null ? mInstanceName : NAME;
-    }
-
-    /**
-     * Applies the policy on the given Request.
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public abstract PolicyResult apply(IRequest req);
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public abstract Vector<String> getInstanceParams();
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public abstract Vector<String> getDefaultParams();
-
-    public void setError(IRequest req, String format, Object[] params) {
-        setPolicyException(req, format, params);
-    }
-
-    public void setError(IRequest req, String format, String arg1,
-            String arg2) {
-        Object[] np = new Object[2];
-
-        np[0] = arg1;
-        np[1] = arg2;
-        setPolicyException(req, format, np);
-    }
-
-    public void setError(IRequest req, String format, String arg) {
-        Object[] np = new Object[1];
-
-        np[0] = arg;
-        setPolicyException(req, format, np);
-    }
-
-    public void setPolicyException(IRequest req, EBaseException ex) {
-        Vector<String> ev = req.getExtDataInStringVector(IRequest.ERRORS);
-        if (ev == null) {
-            ev = new Vector<String>();
-        }
-        ev.addElement(ex.toString());
-        req.setExtData(IRequest.ERRORS, ev);
-
-    }
-
-    /**
-     * determines whether a DEFERRED policy result should be returned
-     * by checking the contents of the AgentApprovals attribute. This
-     * call should be used by policy modules instead of returning
-     * PolicyResult.DEFERRED directly.
-     * <p>
-     */
-    protected PolicyResult deferred(IRequest req) {
-        // Try to find an agent approval
-        AgentApprovals aa = AgentApprovals.fromStringVector(
-                req.getExtDataInStringVector(AgentApprovals.class.getName()));
-
-        // Any approvals causes success
-        if (aa != null && aa.elements().hasMoreElements()) {
-            return PolicyResult.ACCEPTED;
-        } else {
-            return PolicyResult.DEFERRED;
-        }
-    }
-
-    /**
-     * request has previously been approved by an agent
-     */
-    protected boolean agentApproved(IRequest req) {
-        // Try to find an agent approval
-        AgentApprovals aa = AgentApprovals.fromStringVector(
-                req.getExtDataInStringVector(AgentApprovals.class.getName()));
-
-        // Any approvals causes success
-        if (aa != null && aa.elements().hasMoreElements()) {
-            return true;
-        } else {
-            return false;
-        }
-    }
-
-    public void setPolicyException(IRequest req, String format,
-            Object[] params) {
-        if (format == null)
-            return;
-
-        EPolicyException ex;
-
-        if (params == null)
-            ex = new EPolicyException(format);
-        else
-            ex = new EPolicyException(format, params);
-
-        Vector<String> ev = req.getExtDataInStringVector(IRequest.ERRORS);
-        if (ev == null) {
-            ev = new Vector<String>();
-        }
-        ev.addElement(ex.toString());
-        req.setExtData(IRequest.ERRORS, ev);
-    }
-
-    /**
-     * log a message for this policy rule.
-     */
-    protected void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level,
-                "APolicyRule " + NAME + ": " + msg);
-    }
-
-    public static KeyIdentifier createKeyIdentifier(X509Key key)
-            throws NoSuchAlgorithmException, InvalidKeyException {
-        MessageDigest md = MessageDigest.getInstance("SHA-1");
-
-        md.update(key.getEncoded());
-        return new KeyIdentifier(md.digest());
-    }
-
-    /**
-     * Form a byte array of octet string key identifier from the sha-1 hash of
-     * the Subject Public Key INFO. (including algorithm ID, etc.)
-     * <p>
-     *
-     * @param certInfo cert info of the certificate.
-     * @return A Key identifier with the sha-1 hash of subject public key.
-     */
-    protected KeyIdentifier formSpkiSHA1KeyId(X509CertInfo certInfo)
-            throws EBaseException {
-        KeyIdentifier keyId = null;
-
-        try {
-            CertificateX509Key certKey =
-                    (CertificateX509Key) certInfo.get(X509CertInfo.KEY);
-
-            if (certKey == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
-                throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_MISSING_KEY", NAME));
-            }
-            X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
-
-            if (key == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
-                throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_MISSING_KEY", NAME));
-            }
-            keyId = createKeyIdentifier(key);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
-            throw new EPolicyException(
-                    CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
-            throw new EPolicyException(
-                    CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
-        } catch (NoSuchAlgorithmException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
-            throw new EPolicyException(
-                    CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
-        } catch (InvalidKeyException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
-            throw new EPolicyException(
-                    CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
-        }
-        return keyId;
-    }
-
-    /**
-     * Form a byte array of octet string key identifier from the sha-1 hash of
-     * the Subject Public Key BIT STRING.
-     * <p>
-     *
-     * @param certInfo cert info of the certificate.
-     * @return A Key identifier with the sha-1 hash of subject public key.
-     */
-    protected KeyIdentifier formSHA1KeyId(X509CertInfo certInfo)
-            throws EBaseException {
-        KeyIdentifier keyId = null;
-
-        try {
-            CertificateX509Key certKey =
-                    (CertificateX509Key) certInfo.get(X509CertInfo.KEY);
-
-            if (certKey == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
-                throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_MISSING_KEY", NAME));
-            }
-            X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
-
-            if (key == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
-                throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_MISSING_KEY", NAME));
-            }
-            byte[] rawKey = key.getKey();
-
-            MessageDigest md = MessageDigest.getInstance("SHA-1");
-
-            md.update(rawKey);
-            keyId = new KeyIdentifier(md.digest());
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
-            throw new EPolicyException(
-                    CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
-            throw new EPolicyException(
-                    CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
-        } catch (NoSuchAlgorithmException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
-            throw new EPolicyException(
-                    CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
-        }
-        return keyId;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java b/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java
deleted file mode 100644
index 2129f0f00..000000000
--- a/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java
+++ /dev/null
@@ -1,161 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.constraints;
-
-import java.util.Vector;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.policy.EPolicyException;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.request.AgentApprovals;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * AgentPolicy is an enrollment policy wraps another policy module.
- * Requests are sent first to the contained module, but if the
- * policy indicates that the request should be deferred, a check
- * for agent approvals is done. If any are found, the request
- * is approved.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class AgentPolicy extends APolicyRule
-        implements IEnrollmentPolicy {
-    public AgentPolicy() {
-        NAME = "AgentPolicy";
-        DESC = "Agent Approval Policy";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries may be of the form:
-     *
-     * ra.Policy.rule.<ruleName>.implName=AgentPolicy ra.Policy.rule.<ruleName>.enable=true
-     * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com ra.Policy.rule.<ruleName>.class=xxxx
-     * ra.Policy.rule.<ruleName>.params.*
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EPolicyException {
-
-        // Create subordinate object
-        String className = config.get("class");
-
-        System.err.println("Creating agent policy with class " + className);
-        if (className != null) {
-            IConfigStore substore = config.getSubStore("params");
-
-            try {
-                @SuppressWarnings("unchecked")
-                Class<APolicyRule> c = (Class<APolicyRule>) Class.forName(className);
-
-                Object o = c.newInstance();
-
-                if (!(o instanceof APolicyRule)) {
-                    throw new EPolicyException(
-                            CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CLASS",
-                                    getInstanceName(), className));
-                }
-
-                APolicyRule pr = (APolicyRule) o;
-
-                pr.init(owner, substore);
-                mPolicy = pr;
-            } catch (EPolicyException e) {
-                System.err.println("Agent Policy Error: " + e);
-                throw e;
-            } catch (Exception e) {
-                System.err.println("Agent Policy Error: " + e);
-                throw new EPolicyException(
-                        CMS.getUserMessage("CMS_POLICY_LOADING_POLICY_ERROR",
-                                getInstanceName(), className));
-            }
-        }
-    }
-
-    /**
-     * Applies the policy on the given Request.
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-
-        // The default is to require manual approval for everything
-        PolicyResult result = PolicyResult.DEFERRED;
-
-        // Give the underlying object a chance
-        if (mPolicy != null) {
-            result = mPolicy.apply(req);
-            System.err.println("Subordinate policy returns " + result);
-        }
-
-        if (result == PolicyResult.DEFERRED) {
-            System.err.println("Checking agent approvals");
-            // Try to find an agent approval
-            AgentApprovals aa = AgentApprovals.fromStringVector(
-                    req.getExtDataInStringVector(AgentApprovals.class.getName()));
-
-            //Object o = req.get("agentApprovals");
-
-            // Any approvals causes success
-            if (aa != null && aa.elements().hasMoreElements()) //if (o != null)
-            {
-                System.err.println("Agent approval found");
-                result = PolicyResult.ACCEPTED;
-            }
-        }
-        System.err.println("Agent policy returns " + result);
-        return result;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        return null;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        return null;
-    }
-
-    APolicyRule mPolicy = null;
-}
diff --git a/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java b/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java
deleted file mode 100644
index e12b8220f..000000000
--- a/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java
+++ /dev/null
@@ -1,399 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.constraints;
-
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.ldap.ILdapConnFactory;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * This checks if attribute present.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class AttributePresentConstraints extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    protected static final String PROP_ENABLED = "enabled";
-    protected static final String PROP_LDAP = "ldap";
-
-    protected String mName = null;
-    protected String mImplName = null;
-
-    private ILogger mLogger = CMS.getLogger();
-
-    private IConfigStore mConfig = null;
-    private IConfigStore mLdapConfig = null;
-    private ILdapConnFactory mConnFactory = null;
-    private LDAPConnection mCheckAttrLdapConnection = null;
-
-    public AttributePresentConstraints() {
-        DESC = "Rejects request if ldap attribute is not present in the " +
-                "directory.";
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String params[] = {
-                PROP_ATTR + ";string,required;Ldap attribute to check presence of (default " +
-                        DEF_ATTR + ")",
-                PROP_VALUE + ";string;if this parameter is non-empty, the attribute must " +
-                        "match this value for the request to proceed ",
-                PROP_LDAP_BASE + ";string,required;Base DN to start searching " +
-                        "under. If your user's DN is 'uid=jsmith, o=company', you " +
-                        "might want to use 'o=company' here",
-                PROP_LDAP_HOST + ";string,required;" +
-                        "LDAP host to connect to",
-                PROP_LDAP_PORT + ";number,required;" +
-                        "LDAP port number (use 389, or 636 if SSL)",
-                PROP_LDAP_SSL + ";boolean;" +
-                        "Use SSL to connect to directory?",
-                PROP_LDAP_VER + ";choice(3,2),required;" +
-                        "LDAP protocol version",
-                PROP_LDAP_BIND + ";string;DN to bind as for attribute checking. " +
-                        "For example 'CN=Pincheck User'",
-                PROP_LDAP_PW + ";password;Enter password used to bind as " +
-                        "the above user",
-                PROP_LDAP_AUTH + ";choice(BasicAuth,SslClientAuth),required;" +
-                        "How to bind to the directory",
-                PROP_LDAP_CERT + ";string;If you want to use " +
-                        "SSL client auth to the directory, set the client " +
-                        "cert nickname here",
-                PROP_LDAP_BASE + ";string,required;Base DN to start searching " +
-                        "under. If your user's DN is 'uid=jsmith, o=company', you " +
-                        "might want to use 'o=company' here",
-                PROP_LDAP_MINC + ";number;number of connections " +
-                        "to keep open to directory server. Default " + DEF_LDAP_MINC,
-                PROP_LDAP_MAXC + ";number;when needed, connection " +
-                        "pool can grow to this many (multiplexed) connections. Default " + DEF_LDAP_MAXC,
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-pinpresent",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";" + DESC + " This plugin can be used to " +
-                        "check the presence (and, optionally, the value) of any LDAP " +
-                        "attribute for the user. "
-            };
-
-        return params;
-    }
-
-    public String getName() {
-        return mName;
-    }
-
-    public String getImplName() {
-        return mImplName;
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    public void shutdown() {
-    }
-
-    // Parameters
-
-    protected static final String PROP_LDAP_HOST = "ldap.ldapconn.host";
-    protected static final String DEF_LDAP_HOST = "localhost";
-
-    protected static final String PROP_LDAP_PORT = "ldap.ldapconn.port";
-    protected static final Integer DEF_LDAP_PORT = Integer.valueOf(389);
-
-    protected static final String PROP_LDAP_SSL = "ldap.ldapconn.secureConn";
-    protected static final Boolean DEF_LDAP_SSL = Boolean.FALSE;
-
-    protected static final String PROP_LDAP_VER = "ldap.ldapconn.version";
-    protected static final Integer DEF_LDAP_VER = Integer.valueOf(3);
-
-    protected static final String PROP_LDAP_BIND = "ldap.ldapauth.bindDN";
-    protected static final String DEF_LDAP_BIND = "CN=Directory Manager";
-
-    protected static final String PROP_LDAP_PW = "ldap.ldapauth.bindPWPrompt";
-    protected static final String DEF_LDAP_PW = "";
-
-    protected static final String PROP_LDAP_CERT = "ldap.ldapauth.clientCertNickname";
-    protected static final String DEF_LDAP_CERT = "";
-
-    protected static final String PROP_LDAP_AUTH = "ldap.ldapauth.authtype";
-    protected static final String DEF_LDAP_AUTH = "BasicAuth";
-
-    protected static final String PROP_LDAP_BASE = "ldap.ldapconn.basedn";
-    protected static final String DEF_LDAP_BASE = "";
-
-    protected static final String PROP_LDAP_MINC = "ldap.ldapconn.minConns";
-    protected static final Integer DEF_LDAP_MINC = Integer.valueOf(1);
-
-    protected static final String PROP_LDAP_MAXC = "ldap.ldapconn.maxConns";
-    protected static final Integer DEF_LDAP_MAXC = Integer.valueOf(5);
-
-    protected static final String PROP_ATTR = "attribute";
-    protected static final String DEF_ATTR = "pin";
-
-    protected static final String PROP_VALUE = "value";
-    protected static final String DEF_VALUE = "";
-
-    protected static Vector<String> mParamNames;
-    protected static Hashtable<String, Object> mParamDefault;
-    protected Hashtable<String, Object> mParamValue = null;
-
-    static {
-        mParamNames = new Vector<String>();
-        mParamDefault = new Hashtable<String, Object>();
-        addParam(PROP_LDAP_HOST, DEF_LDAP_HOST);
-        addParam(PROP_LDAP_PORT, DEF_LDAP_PORT);
-        addParam(PROP_LDAP_SSL, DEF_LDAP_SSL);
-        addParam(PROP_LDAP_VER, DEF_LDAP_VER);
-        addParam(PROP_LDAP_BIND, DEF_LDAP_BIND);
-        addParam(PROP_LDAP_PW, DEF_LDAP_PW);
-        addParam(PROP_LDAP_CERT, DEF_LDAP_CERT);
-        addParam(PROP_LDAP_AUTH, DEF_LDAP_AUTH);
-        addParam(PROP_LDAP_BASE, DEF_LDAP_BASE);
-        addParam(PROP_LDAP_MINC, DEF_LDAP_MINC);
-        addParam(PROP_LDAP_MAXC, DEF_LDAP_MAXC);
-        addParam(PROP_ATTR, DEF_ATTR);
-        addParam(PROP_VALUE, DEF_VALUE);
-    };
-
-    protected static void addParam(String name, Object value) {
-        mParamNames.addElement(name);
-        mParamDefault.put(name, value);
-    }
-
-    protected void getStringConfigParam(IConfigStore config, String paramName) {
-        try {
-            mParamValue.put(
-                    paramName, config.getString(paramName, (String) mParamDefault.get(paramName))
-                    );
-        } catch (Exception e) {
-        }
-    }
-
-    protected void getIntConfigParam(IConfigStore config, String paramName) {
-        try {
-            mParamValue.put(
-                    paramName, Integer.valueOf(
-                            config.getInteger(paramName,
-                                    ((Integer) mParamDefault.get(paramName)).intValue()
-                                    )
-                            )
-                    );
-        } catch (Exception e) {
-        }
-    }
-
-    protected void getBooleanConfigParam(IConfigStore config, String paramName) {
-        try {
-            mParamValue.put(
-                    paramName, Boolean.valueOf(
-                            config.getBoolean(paramName,
-                                    ((Boolean) mParamDefault.get(paramName)).booleanValue()
-                                    )
-                            )
-                    );
-        } catch (Exception e) {
-        }
-    }
-
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-
-        mParamValue = new Hashtable<String, Object>();
-
-        getStringConfigParam(mConfig, PROP_LDAP_HOST);
-        getIntConfigParam(mConfig, PROP_LDAP_PORT);
-        getBooleanConfigParam(mConfig, PROP_LDAP_SSL);
-        getIntConfigParam(mConfig, PROP_LDAP_VER);
-        getStringConfigParam(mConfig, PROP_LDAP_BIND);
-        getStringConfigParam(mConfig, PROP_LDAP_PW);
-        getStringConfigParam(mConfig, PROP_LDAP_CERT);
-        getStringConfigParam(mConfig, PROP_LDAP_AUTH);
-        getStringConfigParam(mConfig, PROP_LDAP_BASE);
-        getIntConfigParam(mConfig, PROP_LDAP_MINC);
-        getIntConfigParam(mConfig, PROP_LDAP_MAXC);
-        getStringConfigParam(mConfig, PROP_ATTR);
-        getStringConfigParam(mConfig, PROP_VALUE);
-
-        mLdapConfig = mConfig.getSubStore(PROP_LDAP);
-
-        mConnFactory = CMS.getLdapBoundConnFactory();
-        mConnFactory.init(mLdapConfig);
-        mCheckAttrLdapConnection = mConnFactory.getConn();
-
-    }
-
-    public PolicyResult apply(IRequest r) {
-        PolicyResult res = PolicyResult.ACCEPTED;
-
-        String requestType = r.getRequestType();
-
-        if (requestType.equals(IRequest.ENROLLMENT_REQUEST) ||
-                requestType.equals(IRequest.RENEWAL_REQUEST)) {
-
-            String uid = r.getExtDataInString(IRequest.HTTP_PARAMS, "uid");
-
-            if (uid == null) {
-                log(ILogger.LL_INFO, "did not find UID parameter in request " + r.getRequestId());
-                setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), "");
-                return PolicyResult.REJECTED;
-            }
-
-            String userdn = null;
-
-            try {
-                String[] attrs = { (String) mParamValue.get(PROP_ATTR) };
-                LDAPSearchResults searchResult =
-                        mCheckAttrLdapConnection.search((String) mParamValue.get(PROP_LDAP_BASE),
-                                LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", attrs, false);
-
-                if (!searchResult.hasMoreElements()) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid));
-                    setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), "");
-                    return PolicyResult.REJECTED;
-                }
-
-                LDAPEntry entry = (LDAPEntry) searchResult.nextElement();
-
-                userdn = entry.getDN();
-
-                LDAPAttribute attr = entry.getAttribute((String) mParamValue.get(PROP_ATTR));
-
-                /* if attribute not present, reject the request */
-                if (attr == null) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", userdn));
-                    setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), "");
-                    return PolicyResult.REJECTED;
-                }
-                String acceptedValue = ((String) mParamValue.get(PROP_VALUE));
-
-                if (!acceptedValue.equals("")) {
-                    int matches = 0;
-
-                    String[] values = attr.getStringValueArray();
-
-                    for (int i = 0; i < values.length; i++) {
-                        if (values[i].equals(acceptedValue)) {
-                            matches++;
-                        }
-                    }
-                    if (matches == 0) {
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", userdn));
-                        setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), "");
-                        return PolicyResult.REJECTED;
-                    }
-                }
-
-                CMS.debug("AttributePresentConstraints: Attribute is present for user: \"" + userdn + "\"");
-
-            } catch (LDAPException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_PIN_UNAUTHORIZED"));
-                setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), "");
-                return PolicyResult.REJECTED;
-            }
-
-        }
-        return res;
-    }
-
-    public Vector<String> getInstanceParams() {
-        Vector<String> params = new Vector<String>();
-
-        Enumeration<String> e = mParamNames.elements();
-
-        while (e.hasMoreElements()) {
-            try {
-                String paramName = e.nextElement();
-                String paramValue = mParamValue.get(paramName).toString();
-                String temp = paramName + "=" + paramValue;
-
-                params.addElement(temp);
-            } catch (Exception ex) {
-            }
-        }
-
-        return params;
-    }
-
-    public Vector<String> getDefaultParams() {
-        Vector<String> params = new Vector<String>();
-
-        Enumeration<String> e = mParamNames.elements();
-
-        while (e.hasMoreElements()) {
-            try {
-                String paramName = e.nextElement();
-                String paramValue = mParamDefault.get(paramName).toString();
-                String temp = paramName + "=" + paramValue;
-
-                params.addElement(temp);
-            } catch (Exception ex) {
-            }
-        }
-
-        return params;
-
-        /*
-         params.addElement("ldap.ldapconn.host=localhost");
-         params.addElement("ldap.ldapconn.port=389");
-         params.addElement("ldap.ldapconn.secureConn=false");
-         params.addElement("ldap.ldapconn.version=3");
-         params.addElement("ldap.ldapauth.bindDN=CN=Directory Manager");
-         params.addElement("ldap.ldapauth.bindPWPrompt=");
-         params.addElement("ldap.ldapauth.clientCertNickname=");
-         params.addElement("ldap.ldapauth.authtype=BasicAuth");
-         params.addElement("ldap.basedn=");
-         params.addElement("ldap.minConns=1");
-         params.addElement("ldap.maxConns=5");
-         */
-    }
-
-    protected void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-                level, "AttributePresentConstraints: " + msg);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java b/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java
deleted file mode 100644
index 9b5fbd152..000000000
--- a/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java
+++ /dev/null
@@ -1,252 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.constraints;
-
-import java.math.BigInteger;
-import java.security.interfaces.DSAParams;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.provider.DSAPublicKey;
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.EPolicyException;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * DSAKeyConstraints policy enforces min and max size of the key.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class DSAKeyConstraints extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    private int mMinSize;
-    private int mMaxSize;
-
-    private final static int INCREMENT = 64;
-    private final static int DEF_MIN_SIZE = 512;
-    private final static int DEF_MAX_SIZE = 1024;
-
-    private final static String DSA = "DSA";
-    private final static String PROP_MIN_SIZE = "minSize";
-    private final static String PROP_MAX_SIZE = "maxSize";
-
-    private final static Vector<String> defConfParams = new Vector<String>();
-
-    private IConfigStore mConfig = null;
-
-    static {
-        defConfParams.addElement(PROP_MIN_SIZE + "=" + DEF_MIN_SIZE);
-        defConfParams.addElement(PROP_MAX_SIZE + "=" + DEF_MAX_SIZE);
-    }
-
-    public DSAKeyConstraints() {
-        NAME = "DSAKeyConstraints";
-        DESC = "Enforces DSA Key Constraints.";
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_MIN_SIZE + ";number;Minimum key size",
-                PROP_MAX_SIZE + ";number;Maximum key size",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-dsakeyconstraints",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Rejects request if DSA key size is out of range"
-            };
-
-        return params;
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries probably are of the form ra.Policy.rule.<ruleName>.implName=DSAKeyConstraints
-     * ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.minSize=512
-     * ra.Policy.rule.<ruleName>.maxSize=1024 ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o ==
-     * netscape.com
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EPolicyException {
-
-        // Get Min and Max sizes
-        mConfig = config;
-
-        try {
-            mMinSize = config.getInteger(PROP_MIN_SIZE, DEF_MIN_SIZE);
-            mMaxSize = config.getInteger(PROP_MAX_SIZE, DEF_MAX_SIZE);
-
-            if (mMaxSize > DEF_MAX_SIZE) {
-                String msg = "cannot be more than " + DEF_MAX_SIZE;
-
-                log(ILogger.LL_FAILURE, PROP_MAX_SIZE + " " + msg);
-                throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                                PROP_MAX_SIZE, msg));
-            }
-            if (mMinSize < DEF_MIN_SIZE) {
-                String msg = "cannot be less than " + DEF_MIN_SIZE;
-
-                log(ILogger.LL_FAILURE, PROP_MIN_SIZE + " " + msg);
-                throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                                PROP_MIN_SIZE, msg));
-            }
-            if (mMaxSize % INCREMENT != 0) {
-                String msg = "must be in increments of " + INCREMENT;
-
-                log(ILogger.LL_FAILURE, PROP_MAX_SIZE + " " + msg);
-                throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                                PROP_MIN_SIZE, msg));
-            }
-            if (mMaxSize % INCREMENT != 0) {
-                String msg = "must be in increments of " + INCREMENT;
-
-                log(ILogger.LL_FAILURE, PROP_MIN_SIZE + " " + msg);
-                throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                                PROP_MIN_SIZE, msg));
-            }
-
-            config.putInteger(PROP_MIN_SIZE, mMinSize);
-            config.putInteger(PROP_MAX_SIZE, mMaxSize);
-
-        } catch (Exception e) {
-            throw new EPolicyException(
-                    CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", getInstanceName(), e.toString()));
-        }
-    }
-
-    /**
-     * Applies the policy on the given Request.
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-
-        PolicyResult result = PolicyResult.ACCEPTED;
-
-        try {
-            // Get the certificate info from the request
-            X509CertInfo ci[] =
-                    req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-            // There should be a certificate info set.
-            if (ci == null || ci[0] == null) {
-                setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), "");
-                return PolicyResult.REJECTED;
-            }
-
-            // Else check if the key size(s) are within the limit.
-            for (int i = 0; i < ci.length; i++) {
-                CertificateX509Key certKey = (CertificateX509Key)
-                        ci[i].get(X509CertInfo.KEY);
-                X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
-                String alg = key.getAlgorithmId().toString();
-
-                if (!alg.equalsIgnoreCase(DSA))
-                    continue;
-
-                // Check DSAKey parameters.
-                // size refers to the p parameter.
-                DSAPublicKey dsaKey = new DSAPublicKey(key.getEncoded());
-                DSAParams keyParams = dsaKey.getParams();
-
-                if (keyParams == null) {
-                    // key parameters could not be parsed.
-                    setError(req,
-                            CMS.getUserMessage("CMS_POLICY_NO_KEY_PARAMS", getInstanceName(), String.valueOf(i + 1)),
-                            "");
-                    return PolicyResult.REJECTED;
-                }
-                BigInteger p = keyParams.getP();
-                int len = p.bitLength();
-
-                if (len < mMinSize || len > mMaxSize ||
-                        (len % INCREMENT) != 0) {
-                    String[] parms = new String[] {
-                            getInstanceName(),
-                            String.valueOf(len),
-                            String.valueOf(mMinSize),
-                            String.valueOf(mMaxSize),
-                            String.valueOf(INCREMENT) };
-
-                    setError(req, CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION_1", parms), "");
-                    return PolicyResult.REJECTED;
-                }
-            }
-        } catch (Exception e) {
-            // e.printStackTrace();
-            String[] params = { getInstanceName(), e.toString() };
-
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
-            result = PolicyResult.REJECTED;
-        }
-        return result;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> confParams = new Vector<String>();
-
-        try {
-            confParams.addElement(PROP_MIN_SIZE + "=" + mConfig.getInteger(PROP_MIN_SIZE, DEF_MIN_SIZE));
-            confParams.addElement(PROP_MAX_SIZE + "=" + mConfig.getInteger(PROP_MAX_SIZE, DEF_MAX_SIZE));
-        } catch (EBaseException e) {
-            ;
-        }
-        return confParams;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        return defConfParams;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java b/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java
deleted file mode 100644
index fecb59049..000000000
--- a/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java
+++ /dev/null
@@ -1,104 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.constraints;
-
-import java.util.Locale;
-import java.util.Vector;
-
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.policy.EPolicyException;
-import com.netscape.certsrv.policy.IRevocationPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * This is the default revocation policy. Currently this does
- * nothing. We can later add checks like whether or not to
- * revoke expired certs ..etc here.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class DefaultRevocation extends APolicyRule
-        implements IRevocationPolicy, IExtendedPluginInfo {
-    public DefaultRevocation() {
-        NAME = "DefaultRevocation";
-        DESC = "Default Revocation Policy";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries may be of the form:
-     *
-     * ra.Policy.rule.<ruleName>.implName=DefaultRevocation ra.Policy.rule.<ruleName>.enable=true
-     * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EPolicyException {
-    }
-
-    /**
-     * Applies the policy on the given Request.
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        return PolicyResult.ACCEPTED;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        return null;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        return null;
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-defaultrevocation"
-            };
-
-        return params;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java b/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java
deleted file mode 100644
index efd306bf3..000000000
--- a/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java
+++ /dev/null
@@ -1,215 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.constraints;
-
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.EPolicyException;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * IssuerConstraints is a rule for restricting the issuers of the
- * certificates used for certificate-based enrollments.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$ $Date$
- */
-public class IssuerConstraints extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    private final static String PROP_ISSUER_DN = "issuerDN";
-    private static final String CLIENT_ISSUER = "clientIssuer";
-    private X500Name mIssuerDN = null;
-    private String mIssuerDNString;
-
-    /**
-     * checks the issuer of the ssl client-auth cert. Only one issuer
-     * is allowed for now
-     */
-    public IssuerConstraints() {
-        NAME = "IssuerConstraints";
-        DESC = "Checks to see if the Issuer is one allowed";
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_ISSUER_DN
-                        + ";string;Subject DN of the Issuer. The IssuerDN of the authenticating cert must match what's specified here",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-issuerconstraints",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Rejects the request if the issuer in the certificate is" +
-                        "not of the one specified"
-        };
-
-        return params;
-
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EPolicyException {
-        try {
-            mIssuerDNString = config.getString(PROP_ISSUER_DN, null);
-            if ((mIssuerDNString != null) &&
-                    !mIssuerDNString.equals("")) {
-                mIssuerDN = new X500Name(mIssuerDNString);
-            }
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    NAME + CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED"));
-
-            String[] params = { getInstanceName(), e.toString() };
-
-            throw new EPolicyException(
-                    CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params));
-        }
-        CMS.debug(
-                NAME + ": init() done");
-    }
-
-    /**
-     * Applies the policy on the given Request.
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        PolicyResult result = PolicyResult.ACCEPTED;
-
-        if (mIssuerDN == null)
-            return result;
-
-        try {
-            String clientIssuerDN = req.getExtDataInString(CLIENT_ISSUER);
-
-            if (clientIssuerDN != null) {
-                X500Name ci_name = new X500Name(clientIssuerDN);
-
-                if (!ci_name.equals(mIssuerDN)) {
-                    setError(req,
-                            CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER",
-                                    getInstanceName()), "");
-                    result = PolicyResult.REJECTED;
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED"));
-                    CMS.debug(
-                            NAME + ": apply() - issuerDN mismatch: client issuerDN = " + clientIssuerDN
-                                    + "; expected issuerDN = " + mIssuerDNString);
-                }
-            } else {
-
-                // Get the certificate info from the request
-                X509CertInfo certInfo[] =
-                        req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-                if (certInfo == null) {
-                    log(ILogger.LL_FAILURE,
-                            NAME + ": apply() - missing certInfo");
-                    setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
-                            getInstanceName()), "");
-                    return PolicyResult.REJECTED;
-                }
-
-                for (int i = 0; i < certInfo.length; i++) {
-                    String oldIssuer = certInfo[i].get(X509CertInfo.ISSUER).toString();
-
-                    if (oldIssuer == null) {
-                        setError(req,
-                                CMS.getUserMessage("CMS_POLICY_CLIENT_ISSUER_NOT_FOUND",
-                                        getInstanceName()), "");
-                        result = PolicyResult.REJECTED;
-                        log(ILogger.LL_FAILURE,
-                                NAME + ": apply() - client issuerDN not found");
-                    }
-                    X500Name oi_name = new X500Name(oldIssuer);
-
-                    if (!oi_name.equals(mIssuerDN)) {
-                        setError(req,
-                                CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER",
-                                        getInstanceName()), "");
-                        result = PolicyResult.REJECTED;
-                        log(ILogger.LL_FAILURE,
-                                NAME + ": apply() - cert issuerDN mismatch: client issuerDN = " + oldIssuer
-                                        + "; expected issuerDN = " + mIssuerDNString);
-                    }
-                }
-            }
-        } catch (Exception e) {
-            String params[] = { getInstanceName(), e.toString() };
-
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
-            result = PolicyResult.REJECTED;
-        }
-
-        if (result.equals(PolicyResult.ACCEPTED)) {
-            log(ILogger.LL_INFO,
-                    NAME + ": apply() - accepted");
-        }
-        return result;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> confParams = new Vector<String>();
-
-        confParams.addElement(PROP_ISSUER_DN + "=" +
-                mIssuerDNString);
-        return confParams;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        Vector<String> defParams = new Vector<String>();
-
-        defParams.addElement(PROP_ISSUER_DN + "=");
-        return defParams;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java b/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java
deleted file mode 100644
index d656ed463..000000000
--- a/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java
+++ /dev/null
@@ -1,225 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.constraints;
-
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.policy.EPolicyException;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * KeyAlgorithmConstraints enforces a constraint that the RA or a CA
- * honor only the keys generated using one of the permitted algorithms
- * such as RSA, DSA or DH.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class KeyAlgorithmConstraints extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    private Vector<String> mAlgorithms;
-    private final static String DEF_KEY_ALGORITHM = "RSA,DSA";
-    private final static String PROP_ALGORITHMS = "algorithms";
-    private final static String[] supportedAlgorithms =
-        { "RSA", "DSA", "DH" };
-
-    private final static Vector<String> defConfParams = new Vector<String>();
-
-    static {
-        defConfParams.addElement(PROP_ALGORITHMS + "=" +
-                DEF_KEY_ALGORITHM);
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String params[] = {
-                "algorithms;choice(RSA\\,DSA,RSA,DSA);Certificate's key can be one of these algorithms",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-keyalgorithmconstraints",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Rejects the request if the key in the certificate is " +
-                        "not of the type specified"
-            };
-
-        return params;
-    }
-
-    public KeyAlgorithmConstraints() {
-        NAME = "KeyAlgorithmConstraints";
-        DESC = "Enforces Key Algorithm Constraints.";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries probably are of the form ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints
-     * ra.Policy.rule.<ruleName>.algorithms=RSA,DSA ra.Policy.rule.<ruleName>.enable=true
-     * ra.Policy.rule.<ruleName>.predicate=ou==Sales
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EPolicyException {
-
-        mAlgorithms = new Vector<String>();
-
-        if (config == null || config.size() == 0) {
-            mAlgorithms.addElement(DEF_KEY_ALGORITHM);
-            return;
-        }
-
-        // Get Algorithm names
-        String algNames = null;
-
-        try {
-            algNames = config.getString(PROP_ALGORITHMS, null);
-        } catch (Exception e) {
-            String[] params = { getInstanceName(), e.toString() };
-
-            throw new EPolicyException(
-                    CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params));
-        }
-
-        if (algNames == null) {
-            mAlgorithms.addElement(DEF_KEY_ALGORITHM);
-            return;
-        }
-        StringTokenizer tok = new StringTokenizer(algNames, ",");
-
-        while (tok.hasMoreTokens()) {
-            String alg = tok.nextToken().trim().toUpperCase();
-
-            if (alg.length() == 0)
-                continue;
-            mAlgorithms.addElement(alg);
-        }
-
-        // Check if configured algorithms are supported.
-        for (Enumeration<String> e = mAlgorithms.elements(); e.hasMoreElements();) {
-            int i;
-            String configuredAlg = e.nextElement();
-
-            // See if it is a supported algorithm.
-            for (i = 0; i < supportedAlgorithms.length; i++) {
-                if (configuredAlg.equals(supportedAlgorithms[i]))
-                    break;
-            }
-
-            // Did we not find it?
-            if (i == supportedAlgorithms.length)
-                throw new EPolicyException(
-                        CMS.getUserMessage("CMS_POLICY_UNSUPPORTED_KEY_ALG",
-                                getInstanceName(), configuredAlg));
-        }
-    }
-
-    /**
-     * Applies the policy on the given Request.
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-
-        PolicyResult result = PolicyResult.ACCEPTED;
-
-        try {
-            // Get the certificate info from the request
-            // X509CertInfo certInfo[] = (X509CertInfo[])
-            //    req.get(IRequest.CERT_INFO);
-            X509CertInfo certInfo[] = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-            // We need to have a certificate info set
-            if (certInfo == null) {
-                setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
-                        getInstanceName()), "");
-                return PolicyResult.REJECTED;
-            }
-
-            // Else check if the key algorithm is supported.
-            for (int i = 0; i < certInfo.length; i++) {
-                CertificateX509Key certKey = (CertificateX509Key)
-                        certInfo[i].get(X509CertInfo.KEY);
-                X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
-                String alg = key.getAlgorithmId().getName().toUpperCase();
-
-                if (!mAlgorithms.contains(alg)) {
-                    setError(req, CMS.getUserMessage("CMS_POLICY_KEY_ALG_VIOLATION",
-                            getInstanceName(), alg), "");
-                    result = PolicyResult.REJECTED;
-                }
-            }
-        } catch (Exception e) {
-            String params[] = { getInstanceName(), e.toString() };
-
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
-                    params), "");
-            result = PolicyResult.REJECTED;
-        }
-        return result;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = new Vector<String>();
-        StringBuffer sb = new StringBuffer();
-
-        for (Enumeration<String> e = mAlgorithms.elements(); e.hasMoreElements();) {
-            sb.append(e.nextElement());
-            sb.append(",");
-        }
-        if (sb.length() > 0)
-            sb.setLength(sb.length() - 1);
-        v.addElement(PROP_ALGORITHMS + "=" + sb.toString());
-        return v;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        return defConfParams;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java b/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java
deleted file mode 100644
index 56b96f95f..000000000
--- a/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java
+++ /dev/null
@@ -1,101 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.constraints;
-
-import java.util.Vector;
-
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.policy.EPolicyException;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * ManualAuthentication is an enrollment policy that queues
- * all requests for issuing agent's approval if no authentication
- * is present. The policy rejects a request if any of the auth tokens
- * indicates authentication failure.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class ManualAuthentication extends APolicyRule
-        implements IEnrollmentPolicy {
-    public ManualAuthentication() {
-        NAME = "ManualAuthentication";
-        DESC = "Manual Authentication Policy";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries may be of the form:
-     *
-     * ra.Policy.rule.<ruleName>.implName=ManualAuthentication ra.Policy.rule.<ruleName>.enable=true
-     * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EPolicyException {
-    }
-
-    /**
-     * Applies the policy on the given Request.
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        IAuthToken authToken = req.getExtDataInAuthToken(IRequest.AUTH_TOKEN);
-
-        if (authToken == null)
-            return deferred(req);
-
-        return PolicyResult.ACCEPTED;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        return null;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java b/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java
deleted file mode 100644
index 363856197..000000000
--- a/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java
+++ /dev/null
@@ -1,280 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.constraints;
-
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import netscape.security.provider.RSAPublicKey;
-import netscape.security.util.BigInt;
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.policy.EPolicyException;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * RSAKeyConstraints policy enforces min and max size of the key.
- * Optionally checks the exponents.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class RSAKeyConstraints extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    private Vector<BigInt> mExponents;
-    private int mMinSize;
-    private int mMaxSize;
-
-    private final static int DEF_MIN_SIZE = 512;
-    private final static int DEF_MAX_SIZE = 2048;
-    private final static String PROP_MIN_SIZE = "minSize";
-    private final static String PROP_MAX_SIZE = "maxSize";
-    private final static String PROP_EXPONENTS = "exponents";
-    private final static String RSA = "RSA";
-
-    private final static Vector<String> defConfParams = new Vector<String>();
-
-    static {
-        defConfParams.addElement(PROP_MIN_SIZE + "=" + DEF_MIN_SIZE);
-        defConfParams.addElement(PROP_MAX_SIZE + "=" + DEF_MAX_SIZE);
-        defConfParams.addElement(PROP_EXPONENTS + "=" + " ");
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_MIN_SIZE + ";number;Minimum size of user's RSA key (bits)",
-                PROP_MAX_SIZE + ";number;Maximum size of user's RSA key (bits)",
-                PROP_EXPONENTS + ";string;Comma-separated list of permissible exponents",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-rsakeyconstraints",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Reject request if RSA key length is not within the " +
-                        "specified constraints"
-            };
-
-        return params;
-    }
-
-    public RSAKeyConstraints() {
-        NAME = "RSAKeyConstraints";
-        DESC = "Enforces RSA Key Constraints.";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries probably are of the form:
-     *
-     * ra.Policy.rule.<ruleName>.implName=RSAKeyConstraints ra.Policy.rule.<ruleName>.enable=true
-     * ra.Policy.rule.<ruleName>.minSize=512 ra.Policy.rule.<ruleName>.maxSize=2048
-     * ra.Policy.rule.<ruleName>.predicate=ou==Marketing
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-
-        if (config == null || config.size() == 0)
-            throw new EPolicyException(
-                    CMS.getUserMessage("CMS_POLICY_MISSING_POLICY_CONFIG",
-                            getInstanceName()));
-        String exponents = null;
-
-        // Get Min and Max sizes
-        mMinSize = config.getInteger(PROP_MIN_SIZE, DEF_MIN_SIZE);
-        mMaxSize = config.getInteger(PROP_MAX_SIZE, DEF_MAX_SIZE);
-
-        if (mMinSize <= 0)
-            throw new EBaseException(
-                    CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MIN_SIZE));
-        if (mMaxSize <= 0)
-            throw new EBaseException(
-                    CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MAX_SIZE));
-
-        if (mMinSize > mMaxSize)
-            throw new EBaseException(
-                    CMS.getUserMessage("CMS_BASE_A_GREATER_THAN_EQUAL_B", PROP_MIN_SIZE, PROP_MAX_SIZE));
-
-        mExponents = new Vector<BigInt>();
-
-        // Get exponents
-        exponents = config.getString(PROP_EXPONENTS, null);
-
-        if (exponents != null) {
-            StringTokenizer tok = new StringTokenizer(exponents, ",");
-
-            try {
-                while (tok.hasMoreTokens()) {
-                    String exp = tok.nextToken().trim();
-
-                    mExponents.addElement(new BigInt(Integer.parseInt(exp)));
-                }
-            } catch (Exception e) {
-                // e.printStackTrace();
-                String[] params = { getInstanceName(), exponents,
-                        PROP_EXPONENTS };
-
-                throw new EPolicyException(
-                        CMS.getUserMessage("CMS_POLICY_INVALID_CONFIG_PARAM", params));
-            }
-        }
-    }
-
-    /**
-     * Applies the policy on the given Request.
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-
-        PolicyResult result = PolicyResult.ACCEPTED;
-
-        try {
-            // Get the certificate info from the request
-            X509CertInfo certInfo[] =
-                    req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-            // There should be a certificate info set.
-            if (certInfo == null) {
-                setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
-                        getInstanceName()), "");
-                return PolicyResult.REJECTED;
-            }
-
-            // Else check if the key size(s) are within the limit.
-            for (int i = 0; i < certInfo.length; i++) {
-                CertificateX509Key certKey = (CertificateX509Key)
-                        certInfo[i].get(X509CertInfo.KEY);
-                X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
-                String alg = key.getAlgorithmId().toString();
-
-                if (!alg.equalsIgnoreCase(RSA))
-                    continue;
-                X509Key newkey = null;
-
-                try {
-                    newkey = new X509Key(AlgorithmId.get("RSA"),
-                                key.getKey());
-                } catch (Exception e) {
-                    CMS.debug("RSAKeyConstraints::apply() - "
-                             + "Exception=" + e.toString());
-                    setError(req,
-                              CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION",
-                                                  getInstanceName()),
-                              "");
-                    return PolicyResult.REJECTED;
-                }
-                RSAPublicKey rsaKey = new RSAPublicKey(newkey.getEncoded());
-                int keySize = rsaKey.getKeySize();
-
-                if (keySize < mMinSize || keySize > mMaxSize) {
-                    String[] params = { getInstanceName(),
-                            String.valueOf(keySize),
-                            String.valueOf(mMinSize),
-                            String.valueOf(mMaxSize) };
-
-                    setError(req, CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION",
-                            params), "");
-                    result = PolicyResult.REJECTED;
-                }
-
-                // If the exponents are configured, see if the key's
-                // exponent is a configured one.
-                if (mExponents.size() > 0) {
-                    BigInt exp = rsaKey.getPublicExponent();
-
-                    if (!mExponents.contains(exp)) {
-                        StringBuffer sb = new StringBuffer();
-
-                        for (Enumeration<BigInt> e = mExponents.elements(); e.hasMoreElements();) {
-                            BigInt bi = e.nextElement();
-
-                            sb.append(bi.toBigInteger().toString());
-                            sb.append(" ");
-                        }
-                        String[] params = { getInstanceName(),
-                                exp.toBigInteger().toString(), new String(sb) };
-
-                        setError(req, CMS.getUserMessage("CMS_POLICY_EXPONENT_VIOLATION", params), "");
-                        result = PolicyResult.REJECTED;
-                    }
-                }
-            }
-        } catch (Exception e) {
-            // e.printStackTrace();
-            String params[] = { getInstanceName(), e.toString() };
-
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
-            result = PolicyResult.REJECTED;
-        }
-        return result;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> confParams = new Vector<String>();
-
-        confParams.addElement(PROP_MIN_SIZE + "=" + mMinSize);
-        confParams.addElement(PROP_MAX_SIZE + "=" + mMaxSize);
-        StringBuffer sb = new StringBuffer();
-
-        for (Enumeration<BigInt> e = mExponents.elements(); e.hasMoreElements();) {
-            sb.append(e.nextElement().toInt());
-            sb.append(",");
-        }
-        if (sb.length() > 0)
-            sb.setLength(sb.length() - 1);
-        confParams.addElement(PROP_EXPONENTS + "=" + sb.toString());
-        return confParams;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        return defConfParams;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java b/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java
deleted file mode 100644
index 3ff977df5..000000000
--- a/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java
+++ /dev/null
@@ -1,242 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.constraints;
-
-import java.util.Date;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.policy.EPolicyException;
-import com.netscape.certsrv.policy.IRenewalPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Whether to allow renewal of an expired cert.
- *
- * @version $Revision$, $Date$
- *          <P>
- *
- *          <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- *          <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class RenewalConstraints extends APolicyRule
-        implements IRenewalPolicy, IExtendedPluginInfo {
-
-    private static final String PROP_ALLOW_EXPIRED_CERTS = "allowExpiredCerts";
-    private static final String PROP_RENEWAL_NOT_AFTER = "renewalNotAfter";
-
-    private boolean mAllowExpiredCerts = true;
-    private long mRenewalNotAfter = 0;
-
-    public final static int DEF_RENEWAL_NOT_AFTER = 30;
-    public final static long DAYS_TO_MS_FACTOR = 24L * 3600 * 1000;
-
-    private final static Vector<String> defConfParams = new Vector<String>();
-    static {
-        defConfParams.addElement(PROP_ALLOW_EXPIRED_CERTS + "=" + true);
-        defConfParams.addElement(PROP_RENEWAL_NOT_AFTER + "=" +
-                DEF_RENEWAL_NOT_AFTER);
-    }
-
-    public RenewalConstraints() {
-        NAME = "RenewalConstraints";
-        DESC = "Whether to allow renewal of expired certs.";
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_ALLOW_EXPIRED_CERTS + ";boolean;Allow a user to renew an already-expired certificate",
-                PROP_RENEWAL_NOT_AFTER
-                        + ";number;Number of days since certificate expiry after which renewal request would be rejected",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-renewalconstraints",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Permit administrator to decide policy on whether to " +
-                        "permit renewals for already-expired certificates"
-        };
-
-        return params;
-
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries probably are of the form:
-     *
-     * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true
-     * ra.Policy.rule.<ruleName>.allowExpiredCerts=true
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EPolicyException {
-        // Get min and max validity in days and configure them.
-        try {
-            mAllowExpiredCerts =
-                    config.getBoolean(PROP_ALLOW_EXPIRED_CERTS, true);
-            String val = config.getString(PROP_RENEWAL_NOT_AFTER, null);
-
-            if (val == null)
-                mRenewalNotAfter = DEF_RENEWAL_NOT_AFTER * DAYS_TO_MS_FACTOR;
-            else {
-                mRenewalNotAfter = Long.parseLong(val) * DAYS_TO_MS_FACTOR;
-            }
-
-        } catch (EBaseException e) {
-            // never happen.
-        }
-
-        CMS.debug("RenewalConstraints: allow expired certs " + mAllowExpiredCerts);
-    }
-
-    /**
-     * Applies the policy on the given Request.
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        PolicyResult result = PolicyResult.ACCEPTED;
-
-        try {
-            // Get the certificates being renwed.
-            X509CertImpl[] oldCerts =
-                    req.getExtDataInCertArray(IRequest.OLD_CERTS);
-
-            if (oldCerts == null) {
-                setError(req, CMS.getUserMessage("CMS_POLICY_NO_OLD_CERT",
-                        getInstanceName()), "");
-                return PolicyResult.REJECTED;
-            }
-
-            if (mAllowExpiredCerts) {
-                CMS.debug("checking validity of each cert");
-                // check if each cert to be renewed is expired for more than 		    // allowed days.
-                for (int i = 0; i < oldCerts.length; i++) {
-                    X509CertInfo oldCertInfo = (X509CertInfo)
-                            oldCerts[i].get(X509CertImpl.NAME + "." +
-                                    X509CertImpl.INFO);
-                    CertificateValidity oldValidity = (CertificateValidity)
-                            oldCertInfo.get(X509CertInfo.VALIDITY);
-                    Date notAfter = (Date)
-                            oldValidity.get(CertificateValidity.NOT_AFTER);
-
-                    // Is the Certificate eligible for renewal ?
-
-                    Date now = CMS.getCurrentDate();
-
-                    Date renewedNotAfter = new Date(notAfter.getTime() +
-                            mRenewalNotAfter);
-
-                    CMS.debug("RenewalConstraints: cert " + i + " renewedNotAfter " + renewedNotAfter + " now=" + now);
-
-                    if (renewedNotAfter.before(now)) {
-                        CMS.debug(
-                                "One or more certificates is expired for more than "
-                                        + (mRenewalNotAfter / DAYS_TO_MS_FACTOR) + " days");
-                        String params[] = { getInstanceName(), Long.toString(mRenewalNotAfter / DAYS_TO_MS_FACTOR) };
-
-                        setError(req,
-                                CMS.getUserMessage("CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS_AFTER_ALLOWED_PERIOD",
-                                        params), "");
-                        return PolicyResult.REJECTED;
-                    }
-                }
-                return PolicyResult.ACCEPTED;
-            }
-
-            CMS.debug("RenewalConstraints: checking validity of each cert");
-            // check if each cert to be renewed is expired.
-            for (int i = 0; i < oldCerts.length; i++) {
-                X509CertInfo oldCertInfo = (X509CertInfo)
-                        oldCerts[i].get(
-                                X509CertImpl.NAME + "." + X509CertImpl.INFO);
-                CertificateValidity oldValidity = (CertificateValidity)
-                        oldCertInfo.get(X509CertInfo.VALIDITY);
-                Date notAfter = (Date)
-                        oldValidity.get(CertificateValidity.NOT_AFTER);
-
-                // Is the Certificate still valid?
-                Date now = CMS.getCurrentDate();
-
-                CMS.debug("RenewalConstraints: cert " + i + " notAfter " + notAfter + " now=" + now);
-                if (notAfter.before(now)) {
-                    CMS.debug(
-                            "RenewalConstraints: One or more certificates is expired.");
-                    String params[] = { getInstanceName() };
-
-                    setError(req,
-                            CMS.getUserMessage("CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS",
-                                    params), "");
-                    result = PolicyResult.REJECTED;
-                    break;
-                }
-            }
-
-        } catch (Exception e) {
-            String params[] = { getInstanceName(), e.toString() };
-
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
-            result = PolicyResult.REJECTED;
-        }
-        return result;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> confParams = new Vector<String>();
-
-        confParams.addElement(
-                PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts);
-        confParams.addElement(PROP_RENEWAL_NOT_AFTER + "=" +
-                mRenewalNotAfter / DAYS_TO_MS_FACTOR);
-        return confParams;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        return defConfParams;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java b/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
deleted file mode 100644
index 2810fae10..000000000
--- a/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
+++ /dev/null
@@ -1,351 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.constraints;
-
-import java.util.Date;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.policy.EPolicyException;
-import com.netscape.certsrv.policy.IRenewalPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * RenewalValidityConstraints is a default rule for Certificate
- * Renewal. This policy enforces the no of days before which a
- * currently active certificate can be renewed and sets new validity
- * period for the renewed certificate starting from the the ending
- * period in the old certificate.
- *
- * The main parameters are:
- *
- * The renewal leadtime in days: - i.e how many days before the
- * expiry of the current certificate can one request the renewal.
- * min and max validity duration.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class RenewalValidityConstraints extends APolicyRule
-        implements IRenewalPolicy, IExtendedPluginInfo {
-    private long mMinValidity;
-    private long mMaxValidity;
-    private long mRenewalInterval;
-
-    private final static String PROP_MIN_VALIDITY = "minValidity";
-    private final static String PROP_MAX_VALIDITY = "maxValidity";
-    private final static String PROP_RENEWAL_INTERVAL = "renewalInterval";
-    public final static int DEF_MIN_VALIDITY = 180;
-    public final static int DEF_MAX_VALIDITY = 730;
-    public final static long DEF_RENEWAL_INTERVAL = 15;
-    public final static long DAYS_TO_MS_FACTOR = 24L * 3600 * 1000;
-    public static final String CERT_HEADER = "-----BEGIN CERTIFICATE-----\n";
-    public static final String CERT_TRAILER = "-----END CERTIFICATE-----\n";
-
-    private final static Vector<String> defConfParams = new Vector<String>();
-
-    static {
-        defConfParams.addElement(PROP_MIN_VALIDITY + "=" +
-                DEF_MIN_VALIDITY);
-        defConfParams.addElement(PROP_MAX_VALIDITY + "=" +
-                DEF_MAX_VALIDITY);
-        defConfParams.addElement(PROP_RENEWAL_INTERVAL + "=" +
-                DEF_RENEWAL_INTERVAL);
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_MIN_VALIDITY
-                        + ";number;Specifies the minimum validity period, in days, for renewed certificates.",
-                PROP_MAX_VALIDITY
-                        + ";number;Specifies the maximum validity period, in days, for renewed certificates.",
-                PROP_RENEWAL_INTERVAL
-                        + ";number;Specifies how many days before its expiration that a certificate can be renewed.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-renewalvalidityconstraints",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Reject renewal request if the certificate is too far " +
-                        "before it's expiry date"
-        };
-
-        return params;
-
-    }
-
-    public RenewalValidityConstraints() {
-        NAME = "RenewalValidityConstraints";
-        DESC = "Enforces minimum and maximum validity and renewal interval for certificate renewal.";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries probably are of the form:
-     *
-     * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true
-     * ra.Policy.rule.<ruleName>.minValidity=30 ra.Policy.rule.<ruleName>.maxValidity=180
-     * ra.Policy.rule.<ruleName>.renewalInterval=15 ra.Policy.rule.<ruleName>.predicate=ou==Sales
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EPolicyException {
-
-        // Get min and max validity in days and onfigure them.
-        try {
-            String val = config.getString(PROP_MIN_VALIDITY, null);
-
-            if (val == null)
-                mMinValidity = DEF_MIN_VALIDITY * DAYS_TO_MS_FACTOR;
-            else
-                mMinValidity = Long.parseLong(val) * DAYS_TO_MS_FACTOR;
-
-            val = config.getString(PROP_MAX_VALIDITY, null);
-            if (val == null)
-                mMaxValidity = DEF_MAX_VALIDITY * DAYS_TO_MS_FACTOR;
-            else {
-                mMaxValidity = Long.parseLong(val) * DAYS_TO_MS_FACTOR;
-            }
-            val = config.getString(PROP_RENEWAL_INTERVAL, null);
-            if (val == null)
-                mRenewalInterval = DEF_RENEWAL_INTERVAL * DAYS_TO_MS_FACTOR;
-            else {
-                mRenewalInterval = Long.parseLong(val) * DAYS_TO_MS_FACTOR;
-            }
-
-            // minValidity can't be bigger than maxValidity.
-            if (mMinValidity > mMaxValidity) {
-                String params[] = { getInstanceName(),
-                        String.valueOf(mMinValidity / DAYS_TO_MS_FACTOR),
-                        String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) };
-
-                throw new EPolicyException(
-                        CMS.getUserMessage("CMS_POLICY_INVALID_RENEWAL_MIN_MAX", params));
-            }
-
-            // Renewal interval can't be more than maxValidity.
-            if (mRenewalInterval > mMaxValidity) {
-                String params[] = { getInstanceName(),
-                        String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR),
-                        String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) };
-
-                throw new EPolicyException(
-                        CMS.getUserMessage("CMS_POLICY_INVALID_RENEWAL_INTERVAL", params));
-            }
-        } catch (Exception e) {
-            // e.printStackTrace();
-            String[] params = { getInstanceName(), e.toString() };
-
-            throw new EPolicyException(
-                    CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params));
-        }
-    }
-
-    /**
-     * Applies the policy on the given Request.
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-
-        PolicyResult result = PolicyResult.ACCEPTED;
-
-        if (agentApproved(req))
-            return result;
-
-        try {
-            // Get the certificate info from the request
-            X509CertInfo certInfo[] =
-                    req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-            // Get the certificates being renwed.
-            X509CertImpl currentCerts[] =
-                    req.getExtDataInCertArray(IRequest.OLD_CERTS);
-
-            // Both certificate info and current certs should be set
-            if (certInfo == null) {
-                setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
-                        getInstanceName()), "");
-                return PolicyResult.REJECTED;
-            }
-            if (currentCerts == null) {
-                setError(req, CMS.getUserMessage("CMS_POLICY_NO_OLD_CERT",
-                        getInstanceName()), "");
-                return PolicyResult.REJECTED;
-            }
-            if (certInfo.length != currentCerts.length) {
-                setError(req, CMS.getUserMessage("CMS_POLICY_MISMATCHED_CERTINFO",
-                        getInstanceName()), "");
-                return PolicyResult.REJECTED;
-            }
-
-            // Else check if the renewal interval is okay and then
-            // set the validity.
-            for (int i = 0; i < certInfo.length; i++) {
-                X509CertInfo oldCertInfo = (X509CertInfo)
-                        currentCerts[i].get(X509CertImpl.NAME +
-                                "." + X509CertImpl.INFO);
-                CertificateValidity oldValidity = (CertificateValidity)
-                        oldCertInfo.get(X509CertInfo.VALIDITY);
-                Date notAfter = (Date)
-                        oldValidity.get(CertificateValidity.NOT_AFTER);
-
-                // Is the Certificate still valid?
-                Date now = CMS.getCurrentDate();
-
-                if (notAfter.after(now)) {
-                    // Check if the renewal interval is alright.
-                    long interval = notAfter.getTime() - now.getTime();
-
-                    if (interval > mRenewalInterval) {
-                        setError(req,
-                                CMS.getUserMessage("CMS_POLICY_LONG_RENEWAL_LEAD_TIME",
-                                        getInstanceName(),
-                                        String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR)), "");
-                        setError(req,
-                                CMS.getUserMessage("CMS_POLICY_EXISTING_CERT_DETAILS",
-                                        getInstanceName(),
-                                        getCertDetails(req, currentCerts[i])), "");
-
-                        result = PolicyResult.REJECTED;
-                        setDummyValidity(certInfo[i]);
-                        continue;
-                    }
-                }
-
-                // Else compute new  validity.
-                Date renewedNotBef = notAfter;
-                Date renewedNotAfter = new Date(notAfter.getTime() +
-                        mMaxValidity);
-
-                // If the new notAfter is within renewal interval days from
-                // today or already expired, set the notBefore to today.
-                if (renewedNotAfter.before(now) ||
-                        (renewedNotAfter.getTime() - now.getTime()) <=
-                        mRenewalInterval) {
-                    renewedNotBef = now;
-                    renewedNotAfter = new Date(now.getTime() +
-                                mMaxValidity);
-                }
-                CertificateValidity newValidity =
-                        new CertificateValidity(renewedNotBef, renewedNotAfter);
-
-                certInfo[i].set(X509CertInfo.VALIDITY, newValidity);
-            }
-        } catch (Exception e) {
-            String params[] = { getInstanceName(), e.toString() };
-
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
-            result = PolicyResult.REJECTED;
-        }
-        return result;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> confParams = new Vector<String>();
-
-        confParams.addElement(PROP_MIN_VALIDITY + "=" +
-                mMinValidity / DAYS_TO_MS_FACTOR);
-        confParams.addElement(PROP_MAX_VALIDITY + "=" +
-                mMaxValidity / DAYS_TO_MS_FACTOR);
-        confParams.addElement(PROP_RENEWAL_INTERVAL + "=" +
-                mRenewalInterval / DAYS_TO_MS_FACTOR);
-        return confParams;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        return defConfParams;
-    }
-
-    // Set dummy validity field so the request will serialize properly
-    private void setDummyValidity(X509CertInfo certInfo) {
-        try {
-            certInfo.set(X509CertInfo.VALIDITY,
-                    new CertificateValidity(CMS.getCurrentDate(), new Date()));
-        } catch (Exception e) {
-        }
-    }
-
-    private String getCertDetails(IRequest req, X509CertImpl cert) {
-        StringBuffer sb = new StringBuffer();
-
-        sb.append("\n");
-        sb.append("Serial No: " + cert.getSerialNumber().toString(16));
-        sb.append("\n");
-        sb.append("Validity: " + cert.getNotBefore().toString() +
-                " - " + cert.getNotAfter().toString());
-        sb.append("\n");
-        String certType = req.getExtDataInString(IRequest.CERT_TYPE);
-
-        if (certType == null)
-            certType = IRequest.SERVER_CERT;
-        if (certType.equals(IRequest.CLIENT_CERT)) {
-
-            /***
-             * Take this our - URL formulation hard to do here.
-             * sb.append("Use the following url with your CA/RA gateway spec to download the certificate.");
-             * sb.append("\n");
-             * sb.append("/query/certImport?op=displayByserial&serialNumber=");
-             * sb.append(cert.getSerialNumber().toString(16));
-             ***/
-            sb.append("\n");
-        } else {
-            sb.append("Certificate Content is as follows:");
-            sb.append("\n");
-            try {
-                byte[] ba = cert.getEncoded();
-                String encodedCert = Utils.base64encode(ba);
-
-                sb.append(CERT_HEADER + encodedCert + CERT_TRAILER);
-            } catch (Exception e) {
-                //throw new AssertionException(e.toString());
-            }
-        }
-        return sb.toString();
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java b/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java
deleted file mode 100644
index 88c59b2fd..000000000
--- a/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java
+++ /dev/null
@@ -1,215 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.constraints;
-
-import java.util.Date;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.RevocationReason;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.policy.EPolicyException;
-import com.netscape.certsrv.policy.IRevocationPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Whether to allow revocation of an expired cert.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class RevocationConstraints extends APolicyRule
-        implements IRevocationPolicy, IExtendedPluginInfo {
-    private static final String PROP_ALLOW_EXPIRED_CERTS = "allowExpiredCerts";
-    private static final String PROP_ALLOW_ON_HOLD = "allowOnHold";
-
-    private boolean mAllowExpiredCerts = true;
-    private boolean mAllowOnHold = true;
-
-    private final static Vector<String> defConfParams = new Vector<String>();
-    static {
-        defConfParams.addElement(PROP_ALLOW_EXPIRED_CERTS + "=" + true);
-        defConfParams.addElement(PROP_ALLOW_ON_HOLD + "=" + true);
-    }
-
-    public RevocationConstraints() {
-        NAME = "RevocationConstraints";
-        DESC = "Whether to allow revocation of expired certs and on-hold.";
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_ALLOW_EXPIRED_CERTS + ";boolean;Allow a user to revoke an already-expired certificate",
-                PROP_ALLOW_ON_HOLD + ";boolean;Allow a user to set reason to On-Hold",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-revocationconstraints",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Allow administrator to decide policy on whether to allow " +
-                        "recovation of expired certificates" +
-                        "and set reason to On-Hold"
-
-        };
-
-        return params;
-
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries probably are of the form:
-     *
-     * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true
-     * ra.Policy.rule.<ruleName>.allowExpiredCerts=true
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EPolicyException {
-        // Get min and max validity in days and onfigure them.
-        try {
-            mAllowExpiredCerts =
-                    config.getBoolean(PROP_ALLOW_EXPIRED_CERTS, true);
-            mAllowOnHold =
-                    config.getBoolean(PROP_ALLOW_ON_HOLD, true);
-        } catch (EBaseException e) {
-            // never happen.
-        }
-
-        CMS.debug("RevocationConstraints: allow expired certs " + mAllowExpiredCerts);
-        CMS.debug("RevocationConstraints: allow on hold " + mAllowOnHold);
-    }
-
-    /**
-     * Applies the policy on the given Request.
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        CMS.debug("RevocationConstraints: apply begins");
-        if (req.getExtDataInInteger(IRequest.REVOKED_REASON) == null) {
-            CMS.debug("RevocationConstraints: apply: no revocationReason found in request");
-            return PolicyResult.REJECTED;
-        }
-        RevocationReason rr = RevocationReason.fromInt(
-                req.getExtDataInInteger(IRequest.REVOKED_REASON).intValue());
-
-        if (!mAllowOnHold && (rr != null)) {
-            int reason = rr.toInt();
-
-            if (reason == RevocationReason.CERTIFICATE_HOLD.toInt()) {
-                String params[] = { getInstanceName() };
-
-                setError(req, CMS.getUserMessage("CMS_POLICY_NO_ON_HOLD_ALLOWED", params), "");
-                return PolicyResult.REJECTED;
-            }
-        }
-
-        if (mAllowExpiredCerts)
-            // nothing to check.
-            return PolicyResult.ACCEPTED;
-
-        PolicyResult result = PolicyResult.ACCEPTED;
-
-        try {
-            // Get the certificates being renwed.
-            X509CertImpl[] oldCerts =
-                    req.getExtDataInCertArray(IRequest.OLD_CERTS);
-
-            if (oldCerts == null) {
-                setError(req, CMS.getUserMessage("CMS_POLICY_NO_OLD_CERT"),
-                        getInstanceName());
-                return PolicyResult.REJECTED;
-            }
-
-            // check if each cert to be renewed is expired.
-            for (int i = 0; i < oldCerts.length; i++) {
-                X509CertInfo oldCertInfo = (X509CertInfo)
-                        oldCerts[i].get(
-                                X509CertImpl.NAME + "." + X509CertImpl.INFO);
-                CertificateValidity oldValidity = (CertificateValidity)
-                        oldCertInfo.get(X509CertInfo.VALIDITY);
-                Date notAfter = (Date)
-                        oldValidity.get(CertificateValidity.NOT_AFTER);
-
-                // Is the Certificate still valid?
-                Date now = CMS.getCurrentDate();
-
-                if (notAfter.before(now)) {
-                    String params[] = { getInstanceName() };
-
-                    setError(req,
-                            CMS.getUserMessage("CMS_POLICY_CANNOT_REVOKE_EXPIRED_CERTS",
-                                    params), "");
-                    result = PolicyResult.REJECTED;
-                    break;
-                }
-            }
-
-        } catch (Exception e) {
-            String params[] = { getInstanceName(), e.toString() };
-
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
-            result = PolicyResult.REJECTED;
-        }
-        return result;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> confParams = new Vector<String>();
-
-        confParams.addElement(
-                PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts);
-        confParams.addElement(
-                PROP_ALLOW_ON_HOLD + "=" + mAllowOnHold);
-        return confParams;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        return defConfParams;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java b/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java
deleted file mode 100644
index 15b12af40..000000000
--- a/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java
+++ /dev/null
@@ -1,449 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.constraints;
-
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.CertificateAlgorithmId;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.EPolicyException;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.policy.IPolicyProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * SigningAlgorithmConstraints enforces that only a supported
- * signing algorithm be requested.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class SigningAlgorithmConstraints extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    private String[] mAllowedAlgs = null; // algs allowed by this policy
-    static String[] mDefaultAllowedAlgs = null; // default algs allowed by this policy based on CA's key
-    private String[] mConfigAlgs = null; // algs listed in config file
-    private boolean winnowedByKey = false;
-    IAuthority mAuthority = null;
-    private final static String PROP_ALGORITHMS = "algorithms";
-
-    private final static Vector<String> defConfParams = new Vector<String>();
-
-    static {
-        StringBuffer sb = new StringBuffer();
-        sb.append(PROP_ALGORITHMS);
-        sb.append("=");
-        int i = 0;
-        boolean first = true;
-
-        mDefaultAllowedAlgs = new String[AlgorithmId.ALL_SIGNING_ALGORITHMS.length];
-        for (i = 0; i < AlgorithmId.ALL_SIGNING_ALGORITHMS.length; i++) {
-            mDefaultAllowedAlgs[i] = AlgorithmId.ALL_SIGNING_ALGORITHMS[i];
-            if (first == true) {
-                sb.append(AlgorithmId.ALL_SIGNING_ALGORITHMS[i]);
-                first = false;
-            } else {
-                sb.append(",");
-                sb.append(AlgorithmId.ALL_SIGNING_ALGORITHMS[i]);
-            }
-        }
-        defConfParams.addElement(sb.toString());
-    }
-
-    public SigningAlgorithmConstraints() {
-        NAME = "SigningAlgorithmConstraints";
-        DESC = "Enforces Signing Algorithm Constraints.";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries probably are of the form ra.Policy.rule.<ruleName>.implName=SigningAlgorithmConstraints
-     * ra.Policy.rule.<ruleName>.algorithms=SHA-1WithRSA, SHA-1WithDSA ra.Policy.rule.<ruleName>.enable=true
-     * ra.Policy.rule.<ruleName>.predicate=ou==Sales
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mAuthority = (IAuthority) ((IPolicyProcessor) owner).getAuthority();
-
-        // Get allowed algorithms from config file
-        if (config != null) {
-            String algNames = null;
-
-            try {
-                algNames = config.getString(PROP_ALGORITHMS, null);
-            } catch (Exception e) {
-                String[] params = { getInstanceName(), e.toString(), PROP_ALGORITHMS };
-
-                throw new EPolicyException(
-                        CMS.getUserMessage("CMS_POLICY_PARAM_CONFIG_ERROR", params));
-            }
-
-            if (algNames != null) {
-                // parse alg names into Vector
-                StringTokenizer tok = new StringTokenizer(algNames, ",");
-                Vector<String> algs = new Vector<String>();
-
-                while (tok.hasMoreTokens()) {
-                    algs.addElement(tok.nextToken().trim());
-                }
-
-                // convert to array for speedy traversals during apply()
-                int itemCount = algs.size();
-
-                mAllowedAlgs = new String[itemCount];
-                for (int i = 0; i < itemCount; i++) {
-                    mAllowedAlgs[i] = algs.elementAt(i);
-                }
-
-            }
-
-        }
-
-        // these are the algorithms from the config file
-        mConfigAlgs = mAllowedAlgs;
-        if (mConfigAlgs == null) {
-            mConfigAlgs = new String[0];
-        }
-
-        if (mAllowedAlgs != null) {
-            // winnow out unknown algorithms
-            winnowAlgs(AlgorithmId.ALL_SIGNING_ALGORITHMS,
-                    "CMS_POLICY_UNKNOWN_SIGNING_ALG", true);
-        } else {
-            // if nothing was in the config file, allow all known algs
-            mAllowedAlgs = AlgorithmId.ALL_SIGNING_ALGORITHMS;
-        }
-
-        // winnow out algorithms that don't make sense for the key
-        winnowByKey();
-
-        if (mAllowedAlgs.length == 0) {
-            throw new EPolicyException(
-                    CMS.getUserMessage("CMS_POLICY_SIGNALG_NOT_MATCH_CAKEY", NAME));
-        }
-
-    }
-
-    /**
-     * winnow out algorithms that don't make sense for the CA's key
-     */
-    private synchronized void winnowByKey() throws EBaseException {
-        // only do this successfully once
-        if (winnowedByKey) {
-            return;
-        }
-
-        // don't do this ever for DRM
-        if (!(mAuthority instanceof ICertAuthority)) {
-            winnowedByKey = true;
-            return;
-        }
-
-        // get list of algorithms allowed for the key
-        String[] allowedByKey =
-                ((ICertAuthority) mAuthority).getCASigningAlgorithms();
-
-        if (allowedByKey != null) {
-            // don't show algorithms that don't match CA's key in UI.
-            mDefaultAllowedAlgs = new String[allowedByKey.length];
-            for (int i = 0; i < allowedByKey.length; i++)
-                mDefaultAllowedAlgs[i] = allowedByKey[i];
-            // winnow out algorithms that don't match CA's signing key
-            winnowAlgs(allowedByKey,
-                    "CMS_POLICY_SIGNALG_NOT_MATCH_CAKEY_1", false);
-            winnowedByKey = true;
-        } else {
-            // We don't know the CA's signing algorithms.  Maybe we're
-            // an RA that hasn't talked to the CA yet? Try again later.
-        }
-    }
-
-    /**
-     * Winnows out of mAllowedAlgorithms those algorithms that aren't allowed
-     * for some reason.
-     *
-     * @param allowed An array of allowed algorithms. Only algorithms in this
-     *            list will survive the winnowing process.
-     * @param reason A string describing the problem with an algorithm
-     *            that is not allowed by this list. Must be a predefined string in PolicyResources.
-     */
-    private void winnowAlgs(String[] allowed, String reason, boolean isError)
-            throws EBaseException {
-        int i, j, goodSize;
-
-        // validate the currently-allowed algorithms
-        Vector<String> goodAlgs = new Vector<String>();
-
-        for (i = 0; i < mAllowedAlgs.length; i++) {
-            for (j = 0; j < allowed.length; j++) {
-                if (mAllowedAlgs[i].equals(allowed[j])) {
-                    goodAlgs.addElement(mAllowedAlgs[i]);
-                    break;
-                }
-            }
-            // if algorithm is not allowed, log a warning
-            if (j == allowed.length) {
-                EPolicyException e = new EPolicyException(CMS.getUserMessage(reason, NAME, mAllowedAlgs[i]));
-
-                if (isError) {
-                    log(ILogger.LL_FAILURE, e.toString());
-                    throw new EPolicyException(CMS.getUserMessage(reason,
-                                NAME, mAllowedAlgs[i]));
-                } else {
-                    log(ILogger.LL_WARN, e.toString());
-                }
-            }
-        }
-
-        // convert back into an array
-        goodSize = goodAlgs.size();
-        if (mAllowedAlgs.length != goodSize) {
-            mAllowedAlgs = new String[goodSize];
-            for (i = 0; i < goodSize; i++) {
-                mAllowedAlgs[i] = goodAlgs.elementAt(i);
-            }
-        }
-    }
-
-    /**
-     * Applies the policy on the given Request.
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        int i, j;
-
-        PolicyResult result = PolicyResult.ACCEPTED;
-
-        try {
-
-            // Get the certificate info from the request
-            //X509CertInfo certInfo[] = (X509CertInfo[])
-            //    req.get(IRequest.CERT_INFO);
-            X509CertInfo certInfo[] = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-            // We need to have a certificate info set
-            if (certInfo == null) {
-                setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
-                        getInstanceName()), "");
-                return PolicyResult.REJECTED;
-            }
-
-            // Else check if the key algorithm is supported.
-            for (i = 0; i < certInfo.length; i++) {
-                // make sure our list of allowed algorithms makes
-                // sense for our key. Do this each time.
-                if (!winnowedByKey) {
-                    winnowByKey();
-                }
-
-                CertificateAlgorithmId certAlgId = (CertificateAlgorithmId)
-                        certInfo[i].get(X509CertInfo.ALGORITHM_ID);
-
-                AlgorithmId algId = (AlgorithmId)
-                        certAlgId.get(CertificateAlgorithmId.ALGORITHM);
-                String alg = algId.getName();
-
-                // test against the list of allowed algorithms
-                for (j = 0; j < mAllowedAlgs.length; j++) {
-                    if (mAllowedAlgs[j].equals(alg)) {
-                        break;
-                    }
-                }
-                if (j == mAllowedAlgs.length) {
-                    // if the algor doesn't match the CA's key replace
-                    // it with one that does.
-                    if (mAllowedAlgs[0].equals("SHA1withDSA") ||
-                            alg.equals("SHA1withDSA")) {
-                        certInfo[i].set(X509CertInfo.ALGORITHM_ID,
-                                new CertificateAlgorithmId(
-                                        AlgorithmId.get(mAllowedAlgs[0])));
-                        return PolicyResult.ACCEPTED;
-                    }
-
-                    // didn't find a match, alg not allowed
-                    setError(req, CMS.getUserMessage("CMS_POLICY_SIGNING_ALG_VIOLATION",
-                            getInstanceName(), alg), "");
-                    result = PolicyResult.REJECTED;
-                }
-            }
-        } catch (Exception e) {
-            // e.printStackTrace();
-            String params[] = { getInstanceName(), e.toString() };
-
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
-                    params), "");
-            result = PolicyResult.REJECTED;
-        }
-        return result;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> confParams = new Vector<String>();
-        StringBuffer sb = new StringBuffer();
-
-        for (int i = 0; i < mConfigAlgs.length; i++) {
-            sb.append(mConfigAlgs[i]);
-            sb.append(",");
-        }
-        if (sb.length() > 0)
-            sb.setLength(sb.length() - 1);
-        confParams.addElement(PROP_ALGORITHMS + "=" + sb.toString());
-        return confParams;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        StringBuffer sb = new StringBuffer();
-        sb.append(PROP_ALGORITHMS);
-        sb.append("=");
-        boolean first = true;
-
-        defConfParams.removeAllElements();
-
-        for (int i = 0; i < mDefaultAllowedAlgs.length; i++) {
-            if (first == true) {
-                sb.append(mDefaultAllowedAlgs[i]);
-                first = false;
-            } else {
-                sb.append(",");
-                sb.append(mDefaultAllowedAlgs[i]);
-            }
-        }
-        defConfParams.addElement(sb.toString());
-
-        return defConfParams;
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        if (!winnowedByKey) {
-            try {
-                winnowByKey();
-            } catch (Exception e) {
-            }
-        }
-
-        String[] params = null;
-
-        String[] params_BOTH = {
-                PROP_ALGORITHMS
-                        + ";"
-                        + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA256withRSA\\,SHA512withRSA\\,SHA1withDSA,"
-                        +
-                        "MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA1withDSA," +
-                        "MD2withRSA\\,MD5withRSA\\,SHA1withRSA," +
-                        "MD2withRSA\\,SHA1withRSA\\,SHA1withDSA," +
-                        "MD5withRSA\\,SHA1withRSA\\,SHA1withDSA," +
-                        "MD2withRSA\\,MD5withRSA\\,SHA1withDSA," +
-                        "MD2withRSA\\,MD5withRSA," +
-                        "MD2withRSA\\,SHA1withRSA," +
-                        "MD2withRSA\\,SHA1withDSA," +
-                        "MD5withRSA\\,SHA1withRSA," +
-                        "MD5withRSA\\,SHA1withDSA," +
-                        "SHA1withRSA\\,SHA1withDSA," +
-                        "MD2withRSA," +
-                        "MD5withRSA," +
-                        "SHA1withRSA," +
-                        "SHA1withDSA);List of algorithms to restrict the requested signing algorithm " +
-                        "to be one of the algorithms supported by Certificate System",
-                IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-signingalgconstraints",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Restricts the requested signing algorithm to be one of" +
-                        " the algorithms supported by Certificate System"
-        };
-
-        String[] params_RSA = {
-                PROP_ALGORITHMS + ";" + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA," +
-                        "MD2withRSA\\,MD5withRSA," +
-                        "MD2withRSA\\,SHA1withRSA," +
-                        "MD5withRSA\\,SHA1withRSA," +
-                        "MD2withRSA," +
-                        "MD5withRSA," +
-                        "SHA1withRSA);Restrict the requested signing algorithm to be " +
-                        "one of the algorithms supported by Certificate System",
-                IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-signingalgconstraints",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Restricts the requested signing algorithm to be one of" +
-                        " the algorithms supported by Certificate System"
-        };
-
-        String[] params_DSA = {
-                PROP_ALGORITHMS + ";" + "choice(SHA1withDSA);Restrict the requested signing " +
-                        "algorithm to be one of the algorithms supported by Certificate " +
-                        "System",
-                IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-signingalgconstraints",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Restricts the requested signing algorithm to be one of" +
-                        " the algorithms supported by Certificate System"
-        };
-
-        switch (mDefaultAllowedAlgs.length) {
-        case 1:
-            params = params_DSA;
-            break;
-
-        case 3:
-            params = params_RSA;
-            break;
-
-        case 4:
-        default:
-            params = params_BOTH;
-            break;
-
-        }
-
-        return params;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java b/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java
deleted file mode 100644
index 07cc3b956..000000000
--- a/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java
+++ /dev/null
@@ -1,195 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.constraints;
-
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.policy.IPolicyProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.certsrv.security.ISigningUnit;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * This simple policy checks the subordinate CA CSR to see
- * if it is the same as the local CA.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class SubCANameConstraints extends APolicyRule implements IEnrollmentPolicy, IExtendedPluginInfo {
-    public ICertificateAuthority mCA = null;
-    public String mIssuerNameStr = null;
-
-    public SubCANameConstraints() {
-        NAME = "SubCANameConstraints";
-        DESC = "Enforces Subordinate CA name.";
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-subcanamecheck",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Checks if subordinate CA request matches the local CA. There are no parameters to change"
-            };
-
-        return params;
-
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries probably are of the form ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints
-     * ra.Policy.rule.<ruleName>.algorithms=RSA,DSA ra.Policy.rule.<ruleName>.enable=true
-     * ra.Policy.rule.<ruleName>.predicate=ou==Sales
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        // get CA's public key to create authority key id.
-        ICertAuthority certAuthority = (ICertAuthority)
-                ((IPolicyProcessor) owner).getAuthority();
-
-        if (certAuthority == null) {
-            // should never get here.
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER"));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                        "Cannot find the Certificate Manager"));
-        }
-        if (!(certAuthority instanceof ICertificateAuthority)) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER"));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                        "Cannot find the Certificate Manager"));
-        }
-        mCA = (ICertificateAuthority) certAuthority;
-        ISigningUnit su = mCA.getSigningUnit();
-        if (su == null || CMS.isPreOpMode()) {
-            return;
-        }
-
-        X509CertImpl cert = su.getCertImpl();
-
-        if (cert == null)
-            return;
-        X500Name issuerName = (X500Name) cert.getSubjectDN();
-
-        if (issuerName == null)
-            return;
-        mIssuerNameStr = issuerName.toString();
-    }
-
-    /**
-     * Applies the policy on the given Request.
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        PolicyResult result = PolicyResult.ACCEPTED;
-
-        try {
-
-            // Get the certificate templates
-            X509CertInfo[] certInfos = req.getExtDataInCertInfoArray(
-                    IRequest.CERT_INFO);
-
-            if (certInfos == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_CERT_INFO", getInstanceName()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME + ":" + getInstanceName()), "");
-                return PolicyResult.REJECTED;
-            }
-
-            // retrieve the subject name and check its unqiueness
-            for (int i = 0; i < certInfos.length; i++) {
-                CertificateSubjectName subName = (CertificateSubjectName) certInfos[i].get(X509CertInfo.SUBJECT);
-
-                // if there is no name set, set one here.
-                if (subName == null) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_SUBJECT_NAME_1", getInstanceName()));
-                    setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUBJECT_NAME", NAME + ":" + getInstanceName()), "");
-                    return PolicyResult.REJECTED;
-                }
-                String certSubjectName = subName.toString();
-
-                if (certSubjectName.equalsIgnoreCase(mIssuerNameStr)) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_SUBJECT_NAME_EXIST_1", mIssuerNameStr));
-                    setError(req,
-                            CMS.getUserMessage("CMS_POLICY_SUBJECT_NAME_EXIST", NAME + ":" + "Same As Issuer Name "
-                                    + mIssuerNameStr), "");
-                    result = PolicyResult.REJECTED;
-                }
-            }
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_SUBJECT_NAME_1", getInstanceName()));
-            String params[] = { getInstanceName(), e.toString() };
-
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
-                    params), "");
-            result = PolicyResult.REJECTED;
-        }
-        return result;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = new Vector<String>();
-
-        return v;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        Vector<String> v = new Vector<String>();
-
-        return v;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java b/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java
deleted file mode 100644
index 27b5d1a92..000000000
--- a/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java
+++ /dev/null
@@ -1,33 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.constraints;
-
-/**
- * This class is used to help migrate CMS4.1 to CMS4.2.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class UniqueSubjectName extends UniqueSubjectNameConstraints {
-}
diff --git a/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java b/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java
deleted file mode 100644
index fb52b1302..000000000
--- a/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java
+++ /dev/null
@@ -1,313 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.constraints;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.KeyUsageExtension;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.policy.IPolicyProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Checks the uniqueness of the subject name. This policy
- * can only be used (installed) in Certificate Authority
- * subsystem.
- *
- * This policy can perform pre-agent-approval checking or
- * post-agent-approval checking based on configuration
- * setting.
- *
- * In some situations, user may want to have 2 certificates with
- * the same subject name. For example, one key for encryption,
- * and one for signing. This policy does not deal with this case
- * directly. But it can be easily extended to do that.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class UniqueSubjectNameConstraints extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    protected static final String PROP_PRE_AGENT_APPROVAL_CHECKING =
-            "enablePreAgentApprovalChecking";
-    protected static final String PROP_KEY_USAGE_EXTENSION_CHECKING =
-            "enableKeyUsageExtensionChecking";
-
-    public ICertificateAuthority mCA = null;
-
-    public boolean mPreAgentApprovalChecking = false;
-    public boolean mKeyUsageExtensionChecking = true;
-
-    public UniqueSubjectNameConstraints() {
-        NAME = "UniqueSubjectName";
-        DESC = "Ensure the uniqueness of the subject name.";
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_PRE_AGENT_APPROVAL_CHECKING
-                        + ";boolean;If checked, check subject name uniqueness BEFORE agent approves, (else checks AFTER approval)",
-                PROP_KEY_USAGE_EXTENSION_CHECKING
-                        + ";boolean;If checked, allow non-unique subject names if Key Usage Extension differs",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-uniquesubjectname",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Rejects a request if there exists an unrevoked, unexpired " +
-                        "certificate with the same subject name"
-        };
-
-        return params;
-
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries probably are of the form:
-     *
-     * ca.Policy.rule.<ruleName>.implName=UniqueSubjectName ca.Policy.rule.<ruleName>.enable=true
-     * ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.enablePreAgentApprovalChecking=true
-     * ca.Policy.rule.<ruleName>.enableKeyUsageExtensionChecking=true
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        // get CA's public key to create authority key id.
-        ICertAuthority certAuthority = (ICertAuthority)
-                ((IPolicyProcessor) owner).getAuthority();
-
-        if (certAuthority == null) {
-            // should never get here.
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER"));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                    "Cannot find the Certificate Manager or Registration Manager"));
-        }
-        if (!(certAuthority instanceof ICertificateAuthority)) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER"));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                    "Cannot find the Certificate Manager"));
-        }
-
-        mCA = (ICertificateAuthority) certAuthority;
-        try {
-            mPreAgentApprovalChecking =
-                    config.getBoolean(PROP_PRE_AGENT_APPROVAL_CHECKING, false);
-        } catch (EBaseException e) {
-        }
-        try {
-            mKeyUsageExtensionChecking =
-                    config.getBoolean(PROP_KEY_USAGE_EXTENSION_CHECKING, true);
-        } catch (EBaseException e) {
-        }
-    }
-
-    /**
-     * Applies the policy on the given Request.
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        if (!mPreAgentApprovalChecking) {
-            // post agent approval checking
-            if (!agentApproved(req))
-                return PolicyResult.ACCEPTED;
-        }
-        PolicyResult result = PolicyResult.ACCEPTED;
-
-        try {
-
-            // Get the certificate templates
-            X509CertInfo[] certInfos = req.getExtDataInCertInfoArray(
-                    IRequest.CERT_INFO);
-
-            if (certInfos == null) {
-                setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
-                        getInstanceName()), "");
-                return PolicyResult.REJECTED;
-            }
-
-            // retrieve the subject name and check its unqiueness
-            for (int i = 0; i < certInfos.length; i++) {
-                CertificateSubjectName subName = (CertificateSubjectName)
-                        certInfos[i].get(X509CertInfo.SUBJECT);
-
-                // if there is no name set, set one here.
-                if (subName == null) {
-                    setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUBJECT_NAME",
-                            getInstanceName()), "");
-                    return PolicyResult.REJECTED;
-                }
-                String certSubjectName = subName.toString();
-                String filter = "x509Cert.subject=" + certSubjectName;
-                // subject name is indexed, so we only use subject name
-                // in the filter
-                Enumeration<ICertRecord> matched =
-                        mCA.getCertificateRepository().findCertRecords(filter);
-
-                while (matched.hasMoreElements()) {
-                    ICertRecord rec = matched.nextElement();
-                    String status = rec.getStatus();
-
-                    if (status.equals(ICertRecord.STATUS_REVOKED)
-                            || status.equals(ICertRecord.STATUS_EXPIRED)
-                            || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
-                        // accept this only if we have a REVOKED,
-                        // EXPIRED or REVOKED_EXPIRED certificate
-                        continue;
-
-                    }
-                    // you already have an VALID or INVALID (not yet valid) certificate
-                    if (mKeyUsageExtensionChecking && agentApproved(req)) {
-                        // This request is agent approved which
-                        // means all requested extensions are finalized
-                        // to the request,
-                        // We will accept duplicated subject name with
-                        // different keyUsage extension if
-                        // keyUsageExtension is different.
-                        if (!sameKeyUsageExtension(rec, certInfos[i])) {
-                            continue;
-                        }
-                    }
-
-                    setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_NAME_EXIST",
-                            getInstanceName() + " " + certSubjectName), "");
-                    return PolicyResult.REJECTED;
-                }
-            }
-        } catch (Exception e) {
-            String params[] = { getInstanceName(), e.toString() };
-
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
-                    params), "");
-            result = PolicyResult.REJECTED;
-        }
-        return result;
-    }
-
-    /**
-     * Checks if the key extension in the issued certificate
-     * is the same as the one in the certificate template.
-     */
-    private boolean sameKeyUsageExtension(ICertRecord rec,
-            X509CertInfo certInfo) {
-        X509CertImpl impl = rec.getCertificate();
-        boolean bits[] = impl.getKeyUsage();
-
-        CertificateExtensions extensions = null;
-
-        try {
-            extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-        } catch (IOException e) {
-        } catch (java.security.cert.CertificateException e) {
-        }
-        KeyUsageExtension ext = null;
-
-        if (extensions == null) {
-            if (bits != null)
-                return false;
-        } else {
-            try {
-                ext = (KeyUsageExtension) extensions.get(
-                            KeyUsageExtension.NAME);
-            } catch (IOException e) {
-                // extension isn't there.
-            }
-
-            if (ext == null) {
-                if (bits != null)
-                    return false;
-            } else {
-                boolean[] InfoBits = ext.getBits();
-
-                if (InfoBits == null) {
-                    if (bits != null)
-                        return false;
-                } else {
-                    if (bits == null)
-                        return false;
-                    if (InfoBits.length != bits.length) {
-                        return false;
-                    }
-                    for (int i = 0; i < InfoBits.length; i++) {
-                        if (InfoBits[i] != bits[i])
-                            return false;
-                    }
-                }
-            }
-        }
-        return true;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> confParams = new Vector<String>();
-
-        confParams.addElement(PROP_PRE_AGENT_APPROVAL_CHECKING +
-                "=" + mPreAgentApprovalChecking);
-        confParams.addElement(PROP_KEY_USAGE_EXTENSION_CHECKING +
-                "=" + mKeyUsageExtensionChecking);
-        return confParams;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        Vector<String> defParams = new Vector<String>();
-
-        defParams.addElement(PROP_PRE_AGENT_APPROVAL_CHECKING + "=");
-        defParams.addElement(PROP_KEY_USAGE_EXTENSION_CHECKING + "=");
-        return defParams;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java b/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java
deleted file mode 100644
index 72be9d75a..000000000
--- a/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java
+++ /dev/null
@@ -1,317 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.constraints;
-
-import java.util.Date;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.policy.EPolicyException;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * ValidityConstraints is a default rule for Enrollment and
- * Renewal that enforces minimum and maximum validity periods
- * and changes them if not met.
- *
- * Optionally the lead and lag times - i.e how far back into the
- * front or back the notBefore date could go in minutes can also
- * be specified.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class ValidityConstraints extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    protected long mMinValidity;
-    protected long mMaxValidity;
-    protected long mLeadTime;
-    protected long mLagTime;
-    protected long mNotBeforeSkew;
-
-    private final static String PROP_MIN_VALIDITY = "minValidity";
-    private final static String PROP_MAX_VALIDITY = "maxValidity";
-    private final static String PROP_LEAD_TIME = "leadTime";
-    private final static String PROP_LAG_TIME = "lagTime";
-    private final static String PROP_NOT_BEFORE_SKEW = "notBeforeSkew";
-    public final static int DEF_MIN_VALIDITY = 180;
-    public final static int DEF_MAX_VALIDITY = 730;
-    public final static int DEF_LEAD_TIME = 10;
-    public final static int DEF_LAG_TIME = 10;
-    public final static int DEF_NOT_BEFORE_SKEW = 5;
-    public final static long DAYS_TO_MS_FACTOR = 24L * 3600 * 1000;
-    public final static long MINS_TO_MS_FACTOR = 60L * 1000;
-
-    private final static Vector<String> defConfParams = new Vector<String>();
-
-    static {
-        defConfParams.addElement(PROP_MIN_VALIDITY + "=" +
-                DEF_MIN_VALIDITY);
-        defConfParams.addElement(PROP_MAX_VALIDITY + "=" +
-                DEF_MAX_VALIDITY);
-        defConfParams.addElement(PROP_LEAD_TIME + "=" +
-                DEF_LEAD_TIME);
-        defConfParams.addElement(PROP_LAG_TIME + "=" +
-                DEF_LAG_TIME);
-        defConfParams.addElement(PROP_NOT_BEFORE_SKEW + "=" +
-                DEF_NOT_BEFORE_SKEW);
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_MIN_VALIDITY + ";number;Minimum Validity time, in days",
-                PROP_MAX_VALIDITY + ";number;Maximum Validity time, in days",
-                PROP_LEAD_TIME + ";number;Number of minutes in the future a request's notBefore can be",
-                PROP_LAG_TIME + ";number;NOT CURRENTLY IN USE",
-                PROP_NOT_BEFORE_SKEW + ";number;Number of minutes a cert's notBefore should be in the past",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-validityconstraints",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Ensures that the user's requested validity period is " +
-                        "acceptable. If not specified, as is usually the case, " +
-                        "this policy will set the validity. See RFC 2459."
-            };
-
-        return params;
-
-    }
-
-    public ValidityConstraints() {
-        NAME = "ValidityConstraints";
-        DESC = "Enforces minimum and maximum validity constraints.";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries probably are of the form:
-     *
-     * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true
-     * ra.Policy.rule.<ruleName>.minValidity=30 ra.Policy.rule.<ruleName>.maxValidity=180
-     * ra.Policy.rule.<ruleName>.predicate=ou==Sales
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EPolicyException {
-
-        // Get min and max validity in days and configure them.
-        try {
-            String val = config.getString(PROP_MIN_VALIDITY, null);
-
-            if (val == null)
-                mMinValidity = DEF_MIN_VALIDITY * DAYS_TO_MS_FACTOR;
-            else
-                mMinValidity = Long.parseLong(val) * DAYS_TO_MS_FACTOR;
-
-            val = config.getString(PROP_MAX_VALIDITY, null);
-            if (val == null)
-                mMaxValidity = DEF_MAX_VALIDITY * DAYS_TO_MS_FACTOR;
-            else
-                mMaxValidity = Long.parseLong(val) * DAYS_TO_MS_FACTOR;
-
-            val = config.getString(PROP_LEAD_TIME, null);
-            if (val != null)
-                mLeadTime = Long.parseLong(val) * MINS_TO_MS_FACTOR;
-            else
-                mLeadTime = DEF_LEAD_TIME * MINS_TO_MS_FACTOR;
-
-            val = config.getString(PROP_LAG_TIME, null);
-            if (val != null)
-                mLagTime = Long.parseLong(val) * MINS_TO_MS_FACTOR;
-            else
-                mLagTime = DEF_LAG_TIME * MINS_TO_MS_FACTOR;
-
-            val = config.getString(PROP_NOT_BEFORE_SKEW, null);
-            if (val != null)
-                mNotBeforeSkew = Long.parseLong(val) * MINS_TO_MS_FACTOR;
-            else
-                mNotBeforeSkew = DEF_NOT_BEFORE_SKEW * MINS_TO_MS_FACTOR;
-        } catch (Exception e) {
-            // e.printStackTrace();
-            String[] params = { getInstanceName(), e.toString() };
-
-            throw new EPolicyException(
-                    CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params));
-        }
-    }
-
-    /**
-     * Applies the policy on the given Request.
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-
-        PolicyResult result = PolicyResult.ACCEPTED;
-
-        try {
-            // Get the certificate info from the request
-            //X509CertInfo certInfo[] = (X509CertInfo[])
-            //    req.get(IRequest.CERT_INFO);
-            X509CertInfo certInfo[] = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-            // There should be a certificate info set.
-            if (certInfo == null) {
-                setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
-                        getInstanceName()), "");
-                return PolicyResult.REJECTED;
-            }
-
-            // Else check if validity is within the limit
-            for (int i = 0; i < certInfo.length; i++) {
-                CertificateValidity validity = (CertificateValidity)
-                        certInfo[i].get(X509CertInfo.VALIDITY);
-
-                Date notBefore = null, notAfter = null;
-
-                if (validity != null) {
-                    notBefore = (Date)
-                            validity.get(CertificateValidity.NOT_BEFORE);
-                    notAfter = (Date)
-                            validity.get(CertificateValidity.NOT_AFTER);
-                }
-
-                // If no validity is supplied yet, make one.  The default
-                // validity is supposed to pass the following checks, so
-                // bypass further checking.
-                // (date = 0 is hack for serialization)
-
-                if (validity == null ||
-                        (notBefore.getTime() == 0 && notAfter.getTime() == 0)) {
-                    certInfo[i].set(X509CertInfo.VALIDITY,
-                            makeDefaultValidity(req));
-                    continue;
-                }
-
-                Date now = CMS.getCurrentDate();
-
-                if (notBefore.getTime() > (now.getTime() + mLeadTime)) {
-                    setError(req, CMS.getUserMessage("CMS_POLICY_INVALID_BEGIN_TIME",
-                            getInstanceName()), "");
-                    result = PolicyResult.REJECTED;
-                }
-                if ((notAfter.getTime() - notBefore.getTime()) > mMaxValidity) {
-                    String params[] = { getInstanceName(),
-                            String.valueOf(
-                                    ((notAfter.getTime() - notBefore.getTime()) / DAYS_TO_MS_FACTOR)),
-                            String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) };
-
-                    setError(req, CMS.getUserMessage("CMS_POLICY_MORE_THAN_MAX_VALIDITY", params), "");
-                    result = PolicyResult.REJECTED;
-                }
-                if ((notAfter.getTime() - notBefore.getTime()) < mMinValidity) {
-                    String params[] = { getInstanceName(),
-                            String.valueOf(
-                                    ((notAfter.getTime() - notBefore.getTime()) / DAYS_TO_MS_FACTOR)),
-                            String.valueOf(mMinValidity / DAYS_TO_MS_FACTOR) };
-
-                    setError(req, CMS.getUserMessage("CMS_POLICY_LESS_THAN_MIN_VALIDITY", params), "");
-                    result = PolicyResult.REJECTED;
-                }
-            }
-        } catch (Exception e) {
-            // e.printStackTrace();
-            String params[] = { getInstanceName(), e.toString() };
-
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
-                    params), "");
-            result = PolicyResult.REJECTED;
-        }
-        return result;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> confParams = new Vector<String>();
-
-        confParams.addElement(PROP_MIN_VALIDITY + "=" +
-                mMinValidity / DAYS_TO_MS_FACTOR);
-        confParams.addElement(PROP_MAX_VALIDITY + "=" +
-                mMaxValidity / DAYS_TO_MS_FACTOR);
-        confParams.addElement(PROP_LEAD_TIME + "="
-                + mLeadTime / MINS_TO_MS_FACTOR);
-        confParams.addElement(PROP_LAG_TIME + "=" +
-                mLagTime / MINS_TO_MS_FACTOR);
-        confParams.addElement(PROP_NOT_BEFORE_SKEW + "=" +
-                mNotBeforeSkew / MINS_TO_MS_FACTOR);
-        return confParams;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        return defConfParams;
-    }
-
-    /**
-     * Create a default validity value for a request
-     *
-     * This code can be easily overridden in a derived class, if the
-     * calculations here aren't accepatble.
-     *
-     * TODO: it might be good to base this calculation on the creation
-     * time of the request.
-     */
-    protected CertificateValidity makeDefaultValidity(IRequest req) {
-        long now = roundTimeToSecond((CMS.getCurrentDate()).getTime());
-
-        // We will set the max duration as the default validity.
-        long notBeforeTime = now - mNotBeforeSkew;
-        Date notBefore = new Date(notBeforeTime);
-        Date notAfter = new Date(notBeforeTime + mMaxValidity);
-
-        return new CertificateValidity(notBefore, notAfter);
-    }
-
-    /**
-     * convert a millisecond resolution time into one with 1 second
-     * resolution. Most times in certificates are storage at 1
-     * second resolution, so its better if we deal with things at
-     * that level.
-     */
-    protected long roundTimeToSecond(long input) {
-        return (input / 1000) * 1000;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java b/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java
deleted file mode 100644
index 21e4ad920..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java
+++ /dev/null
@@ -1,394 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.io.Serializable;
-import java.security.cert.CertificateException;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.extensions.AuthInfoAccessExtension;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.GeneralName;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.policy.IGeneralNameUtil;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Authority Information Access extension policy.
- * If this policy is enabled, it adds an authority
- * information access extension to the certificate.
- *
- * The following listed sample configuration parameters:
- *
- * ca.Policy.impl.AuthInfoAccess.class=com.netscape.certsrv.policy.AuthInfoAccessExt
- * ca.Policy.rule.aia.ad0_location=uriName:http://ocsp1.netscape.com
- * ca.Policy.rule.aia.ad0_method=ocsp
- * ca.Policy.rule.aia.ad1_location_type=URI
- * ca.Policy.rule.aia.ad1_location=http://ocsp2.netscape.com
- * ca.Policy.rule.aia.ad1_method=ocsp
- * ca.Policy.rule.aia.ad2_location=
- * ca.Policy.rule.aia.ad2_method=
- * ca.Policy.rule.aia.ad3_location=
- * ca.Policy.rule.aia.ad3_method=
- * ca.Policy.rule.aia.ad4_location=
- * ca.Policy.rule.aia.ad4_method=
- * ca.Policy.rule.aia.critical=true
- * ca.Policy.rule.aia.enable=true
- * ca.Policy.rule.aia.implName=AuthInfoAccess
- * ca.Policy.rule.aia.predicate=
- *
- * Currently, this policy only supports the following location:
- * uriName:[URI], dirName:[DN]
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class AuthInfoAccessExt extends APolicyRule implements
-        IEnrollmentPolicy, IExtendedPluginInfo {
-    protected static final String PROP_CRITICAL =
-            "critical";
-    protected static final String PROP_AD =
-            "ad";
-    protected static final String PROP_METHOD =
-            "method";
-    protected static final String PROP_LOCATION =
-            "location";
-    protected static final String PROP_LOCATION_TYPE =
-            "location_type";
-
-    protected static final String PROP_NUM_ADS =
-            "numADs";
-
-    public static final int MAX_AD = 5;
-
-    public IConfigStore mConfig = null;
-
-    public AuthInfoAccessExt() {
-        NAME = "AuthInfoAccessExt";
-        DESC = "Sets authority information access extension for certificates";
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement(PROP_CRITICAL +
-                ";boolean;RFC 2459 recommendation: This extension MUST be non-critical.");
-        v.addElement(PROP_NUM_ADS +
-                ";number;The total number of access descriptions.");
-        v.addElement(IExtendedPluginInfo.HELP_TEXT +
-                ";Adds Authority Info Access Extension. Defined in RFC 2459 " + "(4.2.2.1)");
-        v.addElement(IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-authinfoaccess");
-
-        for (int i = 0; i < MAX_AD; i++) {
-            v.addElement(PROP_AD
-                    + Integer.toString(i)
-                    + "_"
-                    + PROP_METHOD
-                    + ";string;"
-                    + "A unique,valid OID specified in dot-separated numeric component notation. e.g. 1.3.6.1.5.5.7.48.1 (ocsp), 1.3.6.1.5.5.7.48.2 (caIssuers), 2.16.840.1.113730.1.16.1 (renewal)");
-            v.addElement(PROP_AD
-                    + Integer.toString(i) + "_" + PROP_LOCATION_TYPE + ";" + IGeneralNameUtil.GENNAME_CHOICE_INFO);
-            v.addElement(PROP_AD
-                    + Integer.toString(i) + "_" + PROP_LOCATION + ";" + IGeneralNameUtil.GENNAME_VALUE_INFO);
-        }
-        return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries may be of the form:
-     *
-     * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt ca.Policy.rule.<ruleName>.enable=true
-     * ca.Policy.rule.<ruleName>.predicate=
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-    }
-
-    /**
-     * Returns a sequence of access descriptions.
-     */
-    private Enumeration<Vector<Serializable>> getAccessDescriptions() throws EBaseException {
-        Vector<Vector<Serializable>> ads = new Vector<Vector<Serializable>>();
-
-        //
-        // read until there is *NO* ad<NUM>_method
-        //
-        for (int i = 0;; i++) {
-            ObjectIdentifier methodOID = null;
-            String method = mConfig.getString(PROP_AD +
-                    Integer.toString(i) + "_" + PROP_METHOD, null);
-
-            if (method == null)
-                break;
-            method = method.trim();
-            if (method.equals(""))
-                break;
-
-            //
-            // method ::= ocsp | caIssuers | <OID>
-            // OID ::= [object identifier]
-            //
-            try {
-                if (method.equalsIgnoreCase("ocsp")) {
-                    methodOID = ObjectIdentifier.getObjectIdentifier("1.3.6.1.5.5.7.48.1");
-                } else if (method.equalsIgnoreCase("caIssuers")) {
-                    methodOID = ObjectIdentifier.getObjectIdentifier("1.3.6.1.5.5.7.48.2");
-                } else if (method.equalsIgnoreCase("renewal")) {
-                    methodOID = ObjectIdentifier.getObjectIdentifier("2.16.840.1.113730.1.16.1");
-                } else {
-                    // it could be an object identifier, test it
-                    methodOID = ObjectIdentifier.getObjectIdentifier(method);
-                }
-            } catch (IOException e) {
-                throw new EBaseException(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NAME_CAN_NOT_BE_RESOLVED", method));
-            }
-
-            //
-            // location ::= <TAG> : <VALUE>
-            // TAG ::= uriName | dirName
-            // VALUE ::= [value defined by TAG]
-            //
-            String location_type = mConfig.getString(PROP_AD +
-                    Integer.toString(i) +
-                    "_" + PROP_LOCATION_TYPE, null);
-            String location = mConfig.getString(PROP_AD +
-                    Integer.toString(i) +
-                    "_" + PROP_LOCATION, null);
-
-            if (location == null)
-                break;
-            GeneralName gn = CMS.form_GeneralName(location_type, location);
-            Vector<Serializable> e = new Vector<Serializable>();
-
-            e.addElement(methodOID);
-            e.addElement(gn);
-            ads.addElement(e);
-        }
-        return ads.elements();
-    }
-
-    /**
-     * If this policy is enabled, add the authority information
-     * access extension to the certificate.
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        PolicyResult res = PolicyResult.ACCEPTED;
-
-        X509CertInfo certInfo;
-        X509CertInfo[] ci = req.getExtDataInCertInfoArray(
-                IRequest.CERT_INFO);
-
-        if (ci == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), "");
-            return PolicyResult.REJECTED; // unrecoverable error.
-        }
-
-        for (int j = 0; j < ci.length; j++) {
-
-            certInfo = ci[j];
-            if (certInfo == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, ""));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
-                        NAME, "Configuration Info Error"), "");
-                return PolicyResult.REJECTED; // unrecoverable error.
-            }
-
-            try {
-                // Find the extensions in the certInfo
-                CertificateExtensions extensions = (CertificateExtensions)
-                        certInfo.get(X509CertInfo.EXTENSIONS);
-
-                // add access descriptions
-                Enumeration<Vector<Serializable>> e = getAccessDescriptions();
-
-                if (!e.hasMoreElements()) {
-                    return res;
-                }
-
-                if (extensions == null) {
-                    // create extension if not exist
-                    certInfo.set(X509CertInfo.VERSION,
-                            new CertificateVersion(CertificateVersion.V3));
-                    extensions = new CertificateExtensions();
-                    certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-                } else {
-                    // check to see if AIA is already exist
-                    try {
-                        extensions.delete(AuthInfoAccessExtension.NAME);
-                        log(ILogger.LL_WARN,
-                                "Previous extension deleted: " + AuthInfoAccessExtension.NAME);
-                    } catch (IOException ex) {
-                    }
-                }
-
-                // Create the extension
-                AuthInfoAccessExtension aiaExt = new
-                        AuthInfoAccessExtension(mConfig.getBoolean(
-                                PROP_CRITICAL, false));
-
-                while (e.hasMoreElements()) {
-                    Vector<Serializable> ad = e.nextElement();
-                    ObjectIdentifier oid = (ObjectIdentifier) ad.elementAt(0);
-                    GeneralName gn = (GeneralName) ad.elementAt(1);
-
-                    aiaExt.addAccessDescription(oid, gn);
-                }
-                extensions.set(AuthInfoAccessExtension.NAME, aiaExt);
-
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
-                        NAME, e.getMessage()), "");
-                return PolicyResult.REJECTED; // unrecoverable error.
-            } catch (EBaseException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
-                        NAME, "Configuration Info Error"), "");
-                return PolicyResult.REJECTED; // unrecoverable error.
-            } catch (CertificateException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
-                        NAME, "Certificate Info Error"), "");
-                return PolicyResult.REJECTED; // unrecoverable error.
-            }
-        }
-
-        return res;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> params = new Vector<String>();
-
-        try {
-            params.addElement(PROP_CRITICAL + "=" +
-                    mConfig.getBoolean(PROP_CRITICAL, false));
-        } catch (EBaseException e) {
-            params.addElement(PROP_CRITICAL + "=false");
-        }
-
-        int numADs = MAX_AD;
-
-        try {
-            numADs = mConfig.getInteger(PROP_NUM_ADS, MAX_AD);
-            params.addElement(PROP_NUM_ADS + "=" + numADs);
-        } catch (EBaseException e) {
-            params.addElement(PROP_NUM_ADS + "=" + MAX_AD);
-        }
-
-        for (int i = 0; i < numADs; i++) {
-            String method = null;
-
-            try {
-                method = mConfig.getString(PROP_AD +
-                            Integer.toString(i) + "_" + PROP_METHOD,
-                            "");
-            } catch (EBaseException e) {
-            }
-            params.addElement(PROP_AD +
-                    Integer.toString(i) +
-                    "_" + PROP_METHOD + "=" + method);
-            String location_type = null;
-
-            try {
-                location_type = mConfig.getString(PROP_AD +
-                            Integer.toString(i) + "_" + PROP_LOCATION_TYPE,
-                            IGeneralNameUtil.GENNAME_CHOICE_URL);
-            } catch (EBaseException e) {
-            }
-            params.addElement(PROP_AD +
-                    Integer.toString(i) +
-                    "_" + PROP_LOCATION_TYPE + "=" + location_type);
-            String location = null;
-
-            try {
-                location = mConfig.getString(PROP_AD +
-                            Integer.toString(i) + "_" + PROP_LOCATION,
-                            "");
-            } catch (EBaseException e) {
-            }
-            params.addElement(PROP_AD +
-                    Integer.toString(i) +
-                    "_" + PROP_LOCATION + "=" + location);
-        }
-        return params;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        Vector<String> defParams = new Vector<String>();
-
-        defParams.addElement(PROP_CRITICAL + "=false");
-        defParams.addElement(PROP_NUM_ADS + "=" + MAX_AD);
-
-        //
-        // By default, we create MAX_AD access descriptions.
-        // If this is not enough, admin can manually edit
-        // the CMS.cfg
-        //
-        for (int i = 0; i < MAX_AD; i++) {
-            defParams.addElement(PROP_AD + Integer.toString(i) +
-                    "_" + PROP_METHOD + "=");
-            defParams.addElement(PROP_AD + Integer.toString(i) +
-                    "_" + PROP_LOCATION_TYPE + "=" + IGeneralNameUtil.GENNAME_CHOICE_URL);
-            defParams.addElement(PROP_AD + Integer.toString(i) +
-                    "_" + PROP_LOCATION + "=");
-        }
-        return defParams;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java b/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java
deleted file mode 100644
index d7e058bf8..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java
+++ /dev/null
@@ -1,425 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.AuthorityKeyIdentifierExtension;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.KeyIdentifier;
-import netscape.security.x509.SubjectKeyIdentifierExtension;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.policy.IPolicyProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Authority Public Key Extension Policy
- * Adds the subject public key id extension to certificates.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class AuthorityKeyIdentifierExt extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    protected static final String PROP_CRITICAL = "critical";
-    protected static final String PROP_ALT_KEYID_TYPE = "AltKeyIdType";
-
-    protected static final String ALT_KEYID_TYPE_SPKISHA1 = "SpkiSHA1";
-    protected static final String ALT_KEYID_TYPE_NONE = "None";
-    protected static final String ALT_KEYID_TYPE_EMPTY = "Empty";
-
-    protected static final boolean DEF_CRITICAL = false;
-    protected static final String DEF_ALT_KEYID_TYPE = ALT_KEYID_TYPE_SPKISHA1;
-
-    protected boolean mEnabled = false;
-    protected IConfigStore mConfig = null;
-
-    // config params.
-    protected boolean mCritical = DEF_CRITICAL;
-    protected String mAltKeyIdType = DEF_ALT_KEYID_TYPE;
-
-    // the extension to add to certs.
-    protected AuthorityKeyIdentifierExtension mTheExtension = null;
-
-    // instance params for console
-    protected Vector<String> mInstanceParams = new Vector<String>();
-
-    // default params for console.
-    protected static Vector<String> mDefaultParams = new Vector<String>();
-    static {
-        // form static default params.
-        mDefaultParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
-        mDefaultParams.addElement(PROP_ALT_KEYID_TYPE + "=" + DEF_ALT_KEYID_TYPE);
-    }
-
-    public AuthorityKeyIdentifierExt() {
-        NAME = "AuthorityKeyIdentifierExt";
-        DESC = "Adds Authority Key Idenifier Extension to certs";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * Reads configuration file and creates a authority key identifier
-     * extension to add. Key identifier inside the extension is constructed as
-     * the CA's subject key identifier extension if it exists.
-     * If it does not exist this can be configured to use:
-     * (1) sha-1 hash of the CA's subject public key info
-     * (what communicator expects if the CA does not have a subject key
-     * identifier extension) or (2) No extension set (3) Empty sequence
-     * in Authority Key Identifier extension.
-     *
-     * <P>
-     *
-     * The entries may be of the form:
-     *
-     * ca.Policy.rule.<ruleName>.predicate= ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-
-        mEnabled = mConfig.getBoolean(
-                    IPolicyProcessor.PROP_ENABLE, false);
-        mCritical = mConfig.getBoolean(PROP_CRITICAL, DEF_CRITICAL);
-
-        mAltKeyIdType = mConfig.getString(
-                    PROP_ALT_KEYID_TYPE, DEF_ALT_KEYID_TYPE);
-
-        if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_SPKISHA1))
-            mAltKeyIdType = ALT_KEYID_TYPE_SPKISHA1;
-
-        /*
-         else if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_EMPTY))
-         mAltKeyIdType = ALT_KEYID_TYPE_EMPTY;
-         */
-        else if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_NONE))
-            mAltKeyIdType = ALT_KEYID_TYPE_NONE;
-        else {
-            log(ILogger.LL_FAILURE, NAME +
-                    CMS.getLogMessage("CA_UNKNOWN_ALT_KEY_ID_TYPE", mAltKeyIdType));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", PROP_ALT_KEYID_TYPE,
-                        "value must be one of " + ALT_KEYID_TYPE_SPKISHA1 + ", " + ALT_KEYID_TYPE_NONE));
-        }
-
-        // create authority key id extension.
-        ICertAuthority certAuthority = (ICertAuthority)
-                ((IPolicyProcessor) owner).getAuthority();
-
-        if (certAuthority == null) {
-            // should never get here.
-            String msg = NAME + ": " +
-                    "Cannot find the Certificate Manager or Registration Manager";
-
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER"));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg));
-        }
-        if (!(certAuthority instanceof ICertificateAuthority)) {
-            log(ILogger.LL_FAILURE, NAME +
-                    CMS.getLogMessage("POLICY_INVALID_POLICY", NAME));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                        NAME + " policy can only be used in a Certificate Authority."));
-        }
-        //CertificateChain caChain = certAuthority.getCACertChain();
-        //X509Certificate caCert = caChain.getFirstCertificate();
-        X509CertImpl caCert = certAuthority.getCACert();
-        if (caCert == null || CMS.isPreOpMode()) {
-            return;
-        }
-        KeyIdentifier keyId = formKeyIdentifier(caCert);
-
-        if (keyId != null) {
-            try {
-                mTheExtension = new AuthorityKeyIdentifierExtension(
-                            mCritical, keyId, null, null);
-            } catch (IOException e) {
-                String msg = NAME + ": " +
-                        "Error forming Authority Key Identifier extension: " + e;
-
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_AUTHORITY_KEY_ID_1", NAME));
-                throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg));
-            }
-        } else {
-        }
-
-        // form instance params
-        mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
-        mInstanceParams.addElement(PROP_ALT_KEYID_TYPE + "=" + mAltKeyIdType);
-    }
-
-    /**
-     * Adds Authority Key Identifier Extension to a certificate.
-     * If the extension is already there, accept it if it's from the agent,
-     * else replace it.
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        // get certInfo from request.
-        X509CertInfo[] ci =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), "");
-            return PolicyResult.REJECTED;
-        }
-
-        for (int i = 0; i < ci.length; i++) {
-            PolicyResult certResult = applyCert(req, ci[i]);
-
-            if (certResult == PolicyResult.REJECTED)
-                return certResult;
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
-
-        try {
-            // if authority key id extension already exists, leave it if
-            // from agent. else replace it.
-            AuthorityKeyIdentifierExtension authorityKeyIdExt = null;
-            CertificateExtensions extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-
-            try {
-                if (extensions != null) {
-                    authorityKeyIdExt = (AuthorityKeyIdentifierExtension)
-                            extensions.get(AuthorityKeyIdentifierExtension.NAME);
-                }
-            } catch (IOException e) {
-                // extension isn't there.
-            }
-            if (authorityKeyIdExt != null) {
-                if (agentApproved(req)) {
-                    CMS.debug(
-                            "AuthorityKeyIdentifierKeyExt: agent approved request id " + req.getRequestId() +
-                                    " already has authority key id extension with value " +
-                                    authorityKeyIdExt);
-                    return PolicyResult.ACCEPTED;
-                } else {
-                    CMS.debug(
-                            "AuthorityKeyIdentifierKeyExt: request id from user " + req.getRequestId() +
-                                    " had authority key identifier - deleted");
-                    extensions.delete(AuthorityKeyIdentifierExtension.NAME);
-                }
-            }
-
-            // if no authority key identifier should be set b/c CA does not
-            // have a subject key identifier, return here.
-            if (mTheExtension == null)
-                return PolicyResult.ACCEPTED;
-
-            // add authority key id extension.
-            if (extensions == null) {
-                certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
-                extensions = new CertificateExtensions();
-                certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-            }
-            extensions.set(
-                    AuthorityKeyIdentifierExtension.NAME, mTheExtension);
-            CMS.debug(
-                    "AuthorityKeyIdentifierKeyExt: added authority key id ext to request " + req.getRequestId());
-            return PolicyResult.ACCEPTED;
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.toString()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
-                    NAME, e.getMessage()), "");
-            return PolicyResult.REJECTED;
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("BASE_INVALID_CERT", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
-                    NAME, "Certificate Info Error"), "");
-            return PolicyResult.REJECTED;
-        }
-    }
-
-    /**
-     * Form the Key Identifier in the Authority Key Identifier extension.
-     * from the CA's cert.
-     * <p>
-     *
-     * @param caCertImpl Certificate Info
-     * @return A Key Identifier.
-     * @throws com.netscape.certsrv.base.EBaseException on error
-     */
-    protected KeyIdentifier formKeyIdentifier(X509CertImpl caCertImpl)
-            throws EBaseException {
-        KeyIdentifier keyId = null;
-
-        // get CA's certInfo.
-        X509CertInfo certInfo = null;
-
-        try {
-            certInfo = (X509CertInfo) caCertImpl.get(
-                        X509CertImpl.NAME + "." + X509CertImpl.INFO);
-            if (certInfo == null) {
-                String msg = "Bad CA certificate encountered. " +
-                        "TBS Certificate missing.";
-
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_CERT_FORMAT"));
-                throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", NAME + ": " + msg));
-            }
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, NAME + ": " +
-                    CMS.getLogMessage("BASE_DECODE_CERT_FAILED_1", e.toString()));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                        NAME + " Error decoding the CA Certificate: " + e));
-        }
-
-        // get Key Id from CA's Subject Key Id extension in CA's CertInfo.
-        keyId = getKeyIdentifier(certInfo);
-        if (keyId != null)
-            return keyId;
-
-        // if none exists use the configured alternate.
-        if (mAltKeyIdType == ALT_KEYID_TYPE_SPKISHA1) {
-            keyId = formSpkiSHA1KeyId(certInfo);
-        } /*
-          else if (mAltKeyIdType == ALT_KEYID_TYPE_EMPTY) {
-          keyId = formEmptyKeyId(certInfo);
-          }
-          */else if (mAltKeyIdType == ALT_KEYID_TYPE_NONE) {
-            keyId = null;
-        } else {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                        mAltKeyIdType,
-                        "Unknown Alternate Key Identifier type."));
-        }
-        return keyId;
-    }
-
-    /**
-     * Get the Key Identifier in a subject key identifier extension from a
-     * CertInfo.
-     *
-     * @param certInfo the CertInfo structure.
-     * @return Key Identifier in a Subject Key Identifier extension if any.
-     */
-    protected KeyIdentifier getKeyIdentifier(X509CertInfo certInfo)
-            throws EBaseException {
-        CertificateExtensions exts = null;
-        SubjectKeyIdentifierExtension subjKeyIdExt = null;
-        KeyIdentifier keyId = null;
-
-        try {
-            exts = (CertificateExtensions) certInfo.get(X509CertInfo.EXTENSIONS);
-        } catch (IOException e) {
-            // extension isn't there.
-            CMS.debug(NAME + ": " + "No extensions found. Error " + e);
-            return null;
-        } catch (CertificateException e) {
-            // extension isn't there.
-            CMS.debug(NAME + ": " + "No extensions found. Error " + e);
-            return null;
-        }
-        if (exts == null)
-            return null;
-
-        try {
-            subjKeyIdExt = (SubjectKeyIdentifierExtension)
-                    exts.get(SubjectKeyIdentifierExtension.NAME);
-        } catch (IOException e) {
-            // extension isn't there.
-            CMS.debug(
-                    "AuthorityKeyIdentifierKeyExt: No Subject Key Identifier Extension found. Error: " + e);
-            return null;
-        }
-        if (subjKeyIdExt == null)
-            return null;
-
-        try {
-            keyId = (KeyIdentifier) subjKeyIdExt.get(
-                        SubjectKeyIdentifierExtension.KEY_ID);
-        } catch (IOException e) {
-            // no key identifier in subject key id extension.
-            String msg = NAME + ": " +
-                    "Bad Subject Key Identifier Extension found. Error: " + e;
-
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_AUTHORITY_KEY_ID_1", NAME));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg));
-        }
-        return keyId;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        return mInstanceParams;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        return mDefaultParams;
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_CRITICAL + ";boolean;" +
-                        "RFC 2459 recommendation: MUST NOT be marked critical.",
-                PROP_ALT_KEYID_TYPE + ";" +
-                        "choice(" + ALT_KEYID_TYPE_SPKISHA1 + "," + ALT_KEYID_TYPE_NONE + ");" +
-                        "Specifies whether to use a SHA1 hash of the CA's subject " +
-                        "public key info for key identifier or leave out the " +
-                        "authority key identifier extension if the CA certificate " +
-                        "does not have a Subject Key Identifier extension.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-authkeyid",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Adds Authority Key Identifier Extension. " +
-                        "See RFC 2459 (4.2.1.1)"
-            };
-
-        return params;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java b/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java
deleted file mode 100644
index eeee26994..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java
+++ /dev/null
@@ -1,508 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.BasicConstraintsExtension;
-import netscape.security.x509.CertificateChain;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotDefined;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.EPolicyException;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.policy.IPolicyProcessor;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Basic Constraints policy.
- * Adds the Basic constraints extension.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class BasicConstraintsExt extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    protected static final String PROP_MAXPATHLEN = "maxPathLen";
-    protected static final String PROP_IS_CA = "isCA";
-    protected static final String PROP_IS_CRITICAL = "critical";
-
-    protected static final String ARG_PATHLEN = "BasicConstraintsPathLen";
-
-    protected int mMaxPathLen = 0; // < 0 means unlimited
-    protected String mOrigMaxPathLen = ""; // for UI display only
-    protected boolean mCritical = true;
-    protected int mDefaultMaxPathLen = 0; // depends on the CA's path length.
-    protected int mCAPathLen = 0;
-    protected boolean mRemoveExt = true;
-    protected boolean mIsCA = true;
-
-    public static final boolean DEFAULT_CRITICALITY = true;
-
-    /**
-     * Adds the basic constraints extension as a critical extension in
-     * CA certificates i.e. certype is ca, with either a requested
-     * or configured path len.
-     * The requested or configured path length cannot be greater than
-     * or equal to the CA's basic constraints path length.
-     * If the CA path length is 0, all requests for CA certs are rejected.
-     */
-    public BasicConstraintsExt() {
-        NAME = "BasicConstraintsExt";
-        DESC =
-                "Sets critical basic constraints extension in subordinate CA certs";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <p>
-     * The entries may be of the form:
-     *
-     * ca.Policy.rule.<ruleName>.implName=BasicConstraintsExtImpl ca.Policy.rule.<ruleName>.pathLen=<n>, -1 for
-     * undefined. ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-
-        // get the CA's path len to check against configured max path len.
-        ICertAuthority certAuthority = (ICertAuthority)
-                ((IPolicyProcessor) owner).getAuthority();
-
-        if (certAuthority == null) {
-            // should never get here.
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER"));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                        "Cannot find the Certificate Manager or Registration Manager"));
-        }
-        if (certAuthority instanceof IRegistrationAuthority) {
-            log(ILogger.LL_WARN,
-                    "default basic constraints extension path len to -1.");
-            mCAPathLen = -1;
-        } else {
-            CertificateChain caChain = certAuthority.getCACertChain();
-            if (caChain == null || CMS.isPreOpMode()) {
-                return;
-            }
-            X509Certificate caCert = caChain.getFirstCertificate();
-
-            mCAPathLen = caCert.getBasicConstraints();
-        }
-        // set default to one less than the CA's pathlen or 0 if CA's
-        // pathlen is 0.
-        // If it's unlimited default the max pathlen also to unlimited.
-        if (mCAPathLen < 0)
-            mDefaultMaxPathLen = -1;
-        else if (mCAPathLen > 0)
-            mDefaultMaxPathLen = mCAPathLen - 1;
-        else // (mCAPathLen == 0)
-        {
-            log(ILogger.LL_WARN,
-                    CMS.getLogMessage("POLICY_PATHLEN_ZERO"));
-            //return;
-        }
-
-        // get configured max path len, use defaults if not configured.
-        boolean pathLenConfigured = true;
-
-        try {
-            mCritical = config.getBoolean(PROP_IS_CRITICAL, true);
-            mIsCA = config.getBoolean(PROP_IS_CA, true);
-            mMaxPathLen = config.getInteger(PROP_MAXPATHLEN);
-            if (mMaxPathLen < 0) {
-                log(ILogger.LL_MISCONF,
-                        CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_4", "",
-                                String.valueOf(mMaxPathLen)));
-                throw new EPolicyException(
-                        CMS.getUserMessage("CMS_POLICY_INVALID_MAXPATHLEN_1",
-                                NAME, String.valueOf(mMaxPathLen)));
-            }
-            mOrigMaxPathLen = Integer.toString(mMaxPathLen);
-        } catch (EBaseException e) {
-            if (!(e instanceof EPropertyNotFound) &&
-                    !(e instanceof EPropertyNotDefined)) {
-                log(ILogger.LL_MISCONF,
-                        CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN"));
-                throw e;
-            }
-
-            // Set the max path len to default if not configured.
-            pathLenConfigured = false;
-            mMaxPathLen = mDefaultMaxPathLen;
-            mOrigMaxPathLen = "";
-        }
-
-        // check if configured path len is valid.
-        if (pathLenConfigured) {
-            // if CA's pathlen is unlimited, any max pathlen is ok.
-            // else maxPathlen must be at most one less than the CA's
-            // pathlen or 0 if CA's pathlen is 0.
-
-            if (mCAPathLen > 0 &&
-                    (mMaxPathLen >= mCAPathLen || mMaxPathLen < 0)) {
-                String maxStr = (mMaxPathLen < 0) ?
-                        String.valueOf(mMaxPathLen) + "(unlimited)" :
-                        String.valueOf(mMaxPathLen);
-
-                log(ILogger.LL_MISCONF,
-                        CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", "",
-                                maxStr,
-                                String.valueOf(mCAPathLen)));
-                throw new EPolicyException(
-                        CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG_1",
-                                NAME, maxStr, Integer.toString(mCAPathLen)));
-            } else if (mCAPathLen == 0 && mMaxPathLen != 0) {
-                log(ILogger.LL_MISCONF,
-                        CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_2", "", String.valueOf(mMaxPathLen)));
-                throw new EPolicyException(
-                        CMS.getUserMessage("CMS_POLICY_INVALID_MAXPATHLEN",
-                                NAME, String.valueOf(mMaxPathLen)));
-            }
-        }
-
-    }
-
-    /**
-     * Checks if the basic contraints extension in certInfo is valid and
-     * add the basic constraints extension for CA certs if none exists.
-     * Non-CA certs do not get a basic constraints extension.
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-
-        // get cert info.
-        X509CertInfo[] ci =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        X509CertInfo certInfo = null;
-
-        if (ci == null || (certInfo = ci[0]) == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), "");
-            return PolicyResult.REJECTED; // unrecoverable error.
-        }
-
-        // get cert type
-        boolean isCA = mIsCA;
-
-        /**
-         * boolean isCA = false;
-         * String type = (String)req.get(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
-         * if (type != null && type.equalsIgnoreCase(IRequest.CA_CERT)) {
-         * isCA = true;
-         * }
-         **/
-
-        for (int i = 0; i < ci.length; i++) {
-            PolicyResult certResult = applyCert(req, isCA, certInfo);
-
-            if (certResult == PolicyResult.REJECTED)
-                return certResult;
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    public PolicyResult applyCert(
-            IRequest req, boolean isCA, X509CertInfo certInfo) {
-
-        // get basic constraints extension from cert info if any.
-        CertificateExtensions extensions = null;
-        BasicConstraintsExtension basicExt = null;
-
-        try {
-            // get basic constraints extension if any.
-            extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-            if (extensions != null) {
-                basicExt = (BasicConstraintsExtension)
-                        extensions.get(BasicConstraintsExtension.NAME);
-            }
-        } catch (IOException e) {
-            // no extensions or basic constraints extension.
-        } catch (CertificateException e) {
-            // no extensions or basic constraints extension.
-        }
-
-        // for non-CA certs, pkix says it SHOULD NOT have the extension
-        // so remove it.
-        if (!isCA) {
-            if (extensions == null) {
-                try {
-                    // create extensions set if none.
-                    certInfo.set(X509CertInfo.VERSION,
-                            new CertificateVersion(CertificateVersion.V3));
-                    extensions = new CertificateExtensions();
-                    certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-                } catch (CertificateException e) {
-                } catch (IOException e) {
-                    // not possible
-                }
-            }
-            if (basicExt != null) {
-                try {
-                    extensions.delete(BasicConstraintsExtension.NAME);
-                } catch (IOException e) {
-                }
-            }
-
-            BasicConstraintsExtension critExt;
-
-            try {
-                critExt = new BasicConstraintsExtension(isCA, mCritical, mMaxPathLen);
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2",
-                                e.toString()));
-                setError(req,
-                        CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
-                return PolicyResult.REJECTED; // unrecoverable error.
-            }
-
-            try {
-                extensions.set(BasicConstraintsExtension.NAME, critExt);
-            } catch (IOException e) {
-            }
-            CMS.debug(
-                    "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " +
-                            req.getRequestId());
-            return PolicyResult.ACCEPTED;
-        }
-
-        // For CA certs, check if existing extension is valid, and adjust.
-        // Extension must be marked critial and pathlen must be < CA's pathlen.
-        // if CA's pathlen is 0 all ca certs are rejected.
-
-        if (mCAPathLen == 0) {
-            // reject all subordinate CA cert requests because CA's
-            // path length is 0.
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_NO_SUB_CA_CERTS_ALLOWED_1", NAME));
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED", NAME), "");
-            return PolicyResult.REJECTED;
-        }
-
-        if (basicExt != null) {
-            try {
-                boolean extIsCA =
-                        ((Boolean) basicExt.get(BasicConstraintsExtension.IS_CA)).booleanValue();
-                int pathLen =
-                        ((Integer) basicExt.get(BasicConstraintsExtension.PATH_LEN)).intValue();
-
-                if (mMaxPathLen > -1) {
-                    if (pathLen > mMaxPathLen || pathLen < 0) {
-                        log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", NAME, "unlimited",
-                                        String.valueOf(pathLen)));
-                        if (pathLen < 0)
-                            setError(req, CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG",
-                                    NAME, "unlimited", Integer.toString(mMaxPathLen)), "");
-                        else
-                            setError(req, CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG",
-                                    NAME, Integer.toString(pathLen),
-                                    Integer.toString(mMaxPathLen)), "");
-                        return PolicyResult.REJECTED;
-                    }
-                }
-
-                // adjust isCA field
-                if (!extIsCA) {
-                    basicExt.set(BasicConstraintsExtension.IS_CA,
-                            Boolean.valueOf(true));
-                }
-
-                // adjust path length field.
-                if (mMaxPathLen == 0) {
-                    if (pathLen != 0) {
-                        basicExt.set(BasicConstraintsExtension.PATH_LEN,
-                                Integer.valueOf(0));
-                        pathLen = 0;
-                    }
-                } else if (mMaxPathLen > 0 && pathLen > mMaxPathLen) {
-                    basicExt.set(BasicConstraintsExtension.PATH_LEN,
-                            Integer.valueOf(mMaxPathLen));
-                    pathLen = mMaxPathLen;
-                }
-
-                // adjust critical field.
-                if (!basicExt.isCritical()) {
-                    BasicConstraintsExtension critExt;
-
-                    try {
-                        critExt = new BasicConstraintsExtension(isCA, mCritical, pathLen);
-                    } catch (IOException e) {
-                        log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_1", NAME));
-                        setError(req,
-                                CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
-                        return PolicyResult.REJECTED; // unrecoverable error.
-                    }
-                    extensions.delete(BasicConstraintsExtension.NAME);
-                    extensions.set(BasicConstraintsExtension.NAME, critExt);
-                }
-            } catch (IOException e) {
-                // not possible in these cases.
-            }
-            CMS.debug(
-                    "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " +
-                            req.getRequestId());
-            return PolicyResult.ACCEPTED;
-        }
-
-        // add the extension for the CA cert.
-        if (extensions == null) {
-            try {
-                // create extensions set if none.
-                certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
-                extensions = new CertificateExtensions();
-                certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-            } catch (CertificateException e) {
-                // not possible
-            } catch (IOException e) {
-                // not possible
-            }
-        }
-
-        // set path len to requested path len if it's valid.
-        // if no path len requested set path len to max allowed path len.
-        String reqPathLenStr = req.getExtDataInString(ARG_PATHLEN);
-        int reqPathLen;
-
-        if (reqPathLenStr == null) {
-            reqPathLen = mMaxPathLen;
-        } else {
-            try {
-                reqPathLen = Integer.parseInt(reqPathLenStr);
-                if ((mMaxPathLen == 0 && reqPathLen != 0) ||
-                        (mMaxPathLen > 0 &&
-                        (reqPathLen > mMaxPathLen || reqPathLen < 0))) {
-                    String plenStr =
-                            ((reqPathLen < 0) ?
-                                    reqPathLenStr + "(unlimited)" : reqPathLenStr);
-
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("POLICY_PATHLEN_TOO_BIG_3", plenStr,
-                                    String.valueOf(mMaxPathLen)));
-                    setError(req,
-                            CMS.getUserMessage("CMS_POLICY_PATHLEN_TOO_BIG",
-                                    NAME, plenStr, String.valueOf(mMaxPathLen)), "");
-                    return PolicyResult.REJECTED;
-                }
-            } catch (NumberFormatException e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("POLICY_INVALID_PATHLEN_FORMAT_2", NAME, reqPathLenStr));
-                setError(req, CMS.getUserMessage("CMS_POLICY_INVALID_PATHLEN_FORMAT",
-                        NAME, reqPathLenStr), "");
-                return PolicyResult.REJECTED;
-            }
-        }
-        BasicConstraintsExtension newExt;
-
-        try {
-            newExt = new BasicConstraintsExtension(isCA, mCritical, reqPathLen);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2", e.toString()));
-            setError(req,
-                    CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
-            return PolicyResult.REJECTED; // unrecoverable error.
-        }
-        try {
-            extensions.set(BasicConstraintsExtension.NAME, newExt);
-        } catch (IOException e) {
-            // doesn't happen.
-        }
-        CMS.debug(
-                "BasicConstraintsExt: added the extension to request " +
-                        req.getRequestId());
-        return PolicyResult.ACCEPTED;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> params = new Vector<String>();
-
-        // Because of one of the UI bugs 385273, we should leave the empty space
-        // as is. Do not convert the space to some definite numbers.
-        params.addElement(PROP_MAXPATHLEN + "=" + mOrigMaxPathLen);
-        params.addElement(PROP_IS_CRITICAL + "=" + mCritical);
-        params.addElement(PROP_IS_CA + "=" + mIsCA);
-        return params;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        Vector<String> defParams = new Vector<String>();
-
-        defParams.addElement(PROP_IS_CRITICAL + "=true");
-        defParams.addElement(PROP_MAXPATHLEN + "=");
-        defParams.addElement(PROP_IS_CA + "=true");
-        return defParams;
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_MAXPATHLEN
-                        + ";number;'0' means : no subordinates allowed, 'n' means : at most n subordinates allowed.",
-                PROP_IS_CRITICAL + ";boolean;" +
-                        "RFC 2459 recommendation: MUST be critical in CA certs, SHOULD NOT appear in EE certs.",
-                PROP_IS_CA + ";boolean;" +
-                        "Identifies the subject of the certificate is a CA or not.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-basicconstraints",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Adds the Basic Constraints extension. See RFC 2459 (4.2.1.10)"
-        };
-
-        return params;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java b/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java
deleted file mode 100644
index 7cf50385e..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java
+++ /dev/null
@@ -1,484 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import netscape.security.util.BitArray;
-import netscape.security.x509.CRLDistributionPoint;
-import netscape.security.x509.CRLDistributionPointsExtension;
-import netscape.security.x509.CRLDistributionPointsExtension.Reason;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.GeneralName;
-import netscape.security.x509.GeneralNames;
-import netscape.security.x509.GeneralNamesException;
-import netscape.security.x509.RDN;
-import netscape.security.x509.URIName;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * The type of the distribution point or issuer name. The name is expressed
- * as a simple string in the configuration file, so this attribute is needed
- * to tell whether the simple string should be stored in an X.500 Name,
- * a URL, or an RDN.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-class NameType {
-    private NameType() {
-    } // no default constructor
-
-    private String stringRep; // string representation of this type
-
-    private NameType(String s) {
-        map.put(s, this);
-        stringRep = s;
-    }
-
-    private static Hashtable<String, NameType> map = new Hashtable<String, NameType>();
-
-    /**
-     * Looks up a NameType from its string representation. Returns null
-     * if no matching NameType was found.
-     */
-    public static NameType fromString(String s) {
-        return map.get(s);
-    }
-
-    public String toString() {
-        return stringRep;
-    }
-
-    public static final NameType DIRECTORY_NAME = new NameType("DirectoryName");
-    public static final NameType URI = new NameType("URI");
-    public static final NameType RELATIVE_TO_ISSUER =
-            new NameType("RelativeToIssuer");
-}
-
-/**
- * These are the parameters that may be given in the configuration file
- * for each distribution point. They are parsed by DPParamsToDP().
- * Any of them may be null.
- */
-class DistPointParams {
-    public String pointName;
-    public String pointType;
-
-    public String reasons;
-
-    public String issuerName;
-    public String issuerType;
-
-    public DistPointParams() {
-    }
-
-    public DistPointParams(DistPointParams old) {
-        pointName = old.pointName;
-        pointType = old.pointType;
-        reasons = old.reasons;
-        issuerName = old.issuerName;
-        issuerType = old.issuerType;
-    }
-
-}
-
-/**
- * CRL Distribution Points policy.
- * Adds the CRL Distribution Points extension to the certificate.
- */
-public class CRLDistributionPointsExt extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-
-    public static final String PROP_IS_CRITICAL = "critical";
-    public static final String PROP_NUM_POINTS = "numPoints";
-    public static final String PROP_POINT_TYPE = "pointType";
-    public static final String PROP_POINT_NAME = "pointName";
-    public static final String PROP_REASONS = "reasons";
-    public static final String PROP_ISSUER_NAME = "issuerName";
-    public static final String PROP_ISSUER_TYPE = "issuerType";
-
-    private static final int MAX_POINTS = 10;
-    private static final int DEFAULT_NUM_BLANK_POINTS = 3;
-    private int mNumPoints = DEFAULT_NUM_BLANK_POINTS;
-
-    // PKIX specifies the that the extension SHOULD NOT be critical
-    public static final boolean DEFAULT_CRITICALITY = false;
-
-    private Vector<String> defaultParams = new Vector<String>();
-
-    private Vector<String> mParams = new Vector<String>();
-    private String mExtParams[] = null;
-    private CRLDistributionPointsExtension mCrldpExt = null;
-
-    public CRLDistributionPointsExt() {
-        NAME = "CRLDistributionPointsExt";
-        DESC = "Sets CRL distribution points extension";
-        defaultParams.addElement(PROP_IS_CRITICAL + "=" + DEFAULT_CRITICALITY);
-        defaultParams.addElement(PROP_NUM_POINTS + "=0");
-        for (int i = 0; i < DEFAULT_NUM_BLANK_POINTS; i++) {
-            defaultParams.addElement(PROP_POINT_NAME + i + "=");
-            defaultParams.addElement(PROP_POINT_TYPE + i + "=");
-            defaultParams.addElement(PROP_REASONS + i + "=");
-            defaultParams.addElement(PROP_ISSUER_NAME + i + "=");
-            defaultParams.addElement(PROP_ISSUER_TYPE + i + "=");
-        }
-    }
-
-    private void setExtendedPluginInfo() {
-        Vector<String> v = new Vector<String>();
-
-        // should replace MAX_POINTS with mNumPoints if bug 385118 is fixed
-        for (int i = 0; i < MAX_POINTS; i++) {
-            v.addElement(PROP_POINT_TYPE + Integer.toString(i) + ";choice(" +
-                    "DirectoryName,URI,RelativeToIssuer);" +
-                    "The type of the CRL distribution point.");
-            v.addElement(PROP_POINT_NAME + Integer.toString(i) + ";string;" +
-                    "The name of the CRL distribution point depending on the CRLDP type.");
-            v.addElement(PROP_REASONS
-                    + Integer.toString(i)
-                    + ";string;"
-                    +
-                    "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold.");
-            v.addElement(PROP_ISSUER_TYPE + Integer.toString(i) + ";choice(" +
-                    "DirectoryName,URI);" +
-                    "The type of the issuer that has signed the CRL maintained at this distribution point.");
-            v.addElement(PROP_ISSUER_NAME
-                    + Integer.toString(i)
-                    + ";string;"
-                    +
-                    "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type.");
-        }
-
-        v.addElement(PROP_NUM_POINTS +
-                ";number;The total number of CRL distribution points to be contained or allowed in the extension.");
-        v.addElement(PROP_IS_CRITICAL
-                +
-                ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications.");
-        v.addElement(IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-crldistributionpoints");
-        v.addElement(IExtendedPluginInfo.HELP_TEXT +
-                ";This policy inserts the CRL Distribution Points " +
-                "Extension into the certificate. See RFC 2459 (4.2.1.14). "
-                );
-
-        mExtParams = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        if (mExtParams == null) {
-            setExtendedPluginInfo();
-        }
-        return mExtParams;
-
-    }
-
-    /**
-     * Performs one-time initialization of the policy.
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        // Register the CRL Distribution Points extension.
-        try {
-            netscape.security.x509.OIDMap.addAttribute(
-                    CRLDistributionPointsExtension.class.getName(),
-                    CRLDistributionPointsExtension.OID,
-                    CRLDistributionPointsExtension.NAME);
-        } catch (CertificateException e) {
-            // ignore, just means it has already been added
-        }
-
-        // assemble the list of Distribution Points from the config file
-        int numPoints = config.getInteger(PROP_NUM_POINTS, 0);
-
-        mParams.addElement(PROP_NUM_POINTS + "=" + numPoints);
-        mNumPoints = numPoints;
-
-        for (int i = 0; i < numPoints; i++) {
-            // construct a distribution point from the parameters
-            DistPointParams params = new DistPointParams();
-
-            params.pointType = config.getString(PROP_POINT_TYPE + i, "");
-            params.pointName = config.getString(PROP_POINT_NAME + i, "");
-            params.reasons = config.getString(PROP_REASONS + i, "");
-            params.issuerType = config.getString(PROP_ISSUER_TYPE + i, "");
-            params.issuerName = config.getString(PROP_ISSUER_NAME + i, "");
-
-            DistPointParams configparams = new DistPointParams(params);
-            CRLDistributionPoint crldp = DPParamsToDP(params);
-
-            mParams.addElement(PROP_POINT_TYPE + i + "=" + configparams.pointType);
-            mParams.addElement(PROP_POINT_NAME + i + "=" + configparams.pointName);
-            mParams.addElement(PROP_REASONS + i + "=" + configparams.reasons);
-            mParams.addElement(PROP_ISSUER_TYPE + i + "=" + configparams.issuerType);
-            mParams.addElement(PROP_ISSUER_NAME + i + "=" + configparams.issuerName);
-
-            // add the distribution point to the extension
-            if (mCrldpExt == null) {
-                mCrldpExt = new CRLDistributionPointsExtension(crldp);
-            } else {
-                mCrldpExt.addPoint(crldp);
-            }
-        }
-
-        boolean crit = config.getBoolean(PROP_IS_CRITICAL,
-                DEFAULT_CRITICALITY);
-
-        mParams.addElement(PROP_IS_CRITICAL + "=" + crit);
-        if (mCrldpExt != null) {
-            // configure the extension itself
-            mCrldpExt.setCritical(crit);
-        }
-        setExtendedPluginInfo();
-
-    }
-
-    /**
-     * Parses the parameters in the config file to create an
-     * actual CRL Distribution Point object.
-     */
-    private CRLDistributionPoint DPParamsToDP(DistPointParams params)
-            throws EBaseException {
-        CRLDistributionPoint crlDP = new CRLDistributionPoint();
-
-        try {
-
-            if (params.pointName != null && params.pointName.length() == 0) {
-                params.pointName = null;
-            }
-            if (params.pointType != null && params.pointType.length() == 0) {
-                params.pointType = null;
-            }
-            if (params.reasons != null && params.reasons.length() == 0) {
-                params.reasons = null;
-            }
-            if (params.issuerName != null && params.issuerName.length() == 0) {
-                params.issuerName = null;
-            }
-            if (params.issuerType != null && params.issuerType.length() == 0) {
-                params.issuerType = null;
-            }
-
-            // deal with the distribution point name
-            if (params.pointName != null && params.pointType != null) {
-                // decode the type of the name
-                NameType nType = NameType.fromString(params.pointType);
-
-                if (nType == null) {
-                    String err = "Unknown name type: " + params.pointType;
-
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", params.pointType));
-                    throw new EBaseException(err);
-                }
-
-                if (nType == NameType.DIRECTORY_NAME) {
-                    GeneralNames gen = new GeneralNames();
-
-                    gen.addElement(new GeneralName(new X500Name(params.pointName)));
-                    crlDP.setFullName(gen);
-                } else if (nType == NameType.URI) {
-                    GeneralNames gen = new GeneralNames();
-
-                    gen.addElement(new GeneralName(new URIName(params.pointName)));
-                    crlDP.setFullName(gen);
-                } else if (nType == NameType.RELATIVE_TO_ISSUER) {
-                    crlDP.setRelativeName(new RDN(params.pointName));
-                } else {
-                    String err = "Unknown name type: " + nType.toString();
-
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", nType.toString()));
-                    throw new EBaseException(err);
-                }
-            }
-
-            // deal with the reasons
-            if (params.reasons != null) {
-                StringTokenizer tok = new StringTokenizer(params.reasons, ", \t");
-                byte reasonBits = 0;
-
-                while (tok.hasMoreTokens()) {
-                    String s = tok.nextToken();
-                    Reason r = Reason.fromString(s);
-
-                    if (r == null) {
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_REASON", s));
-                        throw new EBaseException("Unknown reason: " + s);
-                    } else {
-                        reasonBits |= r.getBitMask();
-                    }
-                }
-                if (reasonBits != 0) {
-                    BitArray ba = new BitArray(8, new byte[] { reasonBits }
-                            );
-
-                    crlDP.setReasons(ba);
-                }
-            }
-
-            // deal with the issuer name
-            if (params.issuerName != null && params.issuerType != null) {
-                // decode the type of the name
-                NameType nType = NameType.fromString(params.issuerType);
-
-                if (nType == null) {
-                    String err = "Unknown name type: " + params.issuerType;
-
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", params.issuerType));
-                    throw new EBaseException(err);
-                }
-
-                if (nType == NameType.DIRECTORY_NAME) {
-                    GeneralNames gen = new GeneralNames();
-
-                    gen.addElement(new GeneralName(new X500Name(params.issuerName)));
-                    crlDP.setCRLIssuer(gen);
-                } else if (nType == NameType.URI) {
-                    GeneralNames gen = new GeneralNames();
-
-                    gen.addElement(new GeneralName(new URIName(params.issuerName)));
-                    crlDP.setCRLIssuer(gen);
-                } else {
-                    String err = "Unknown name type: " + nType.toString();
-
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", nType.toString()));
-                    throw new EBaseException(err);
-                }
-            }
-
-        } catch (GeneralNamesException e) {
-            throw new EBaseException(e.getMessage());
-        } catch (IOException e) {
-            throw new EBaseException(e.getMessage());
-        }
-
-        // done, return this distribution point
-        return crlDP;
-    }
-
-    /**
-     * Applies the policy to the given request.
-     */
-    public PolicyResult apply(IRequest req) {
-
-        // if the extension was not configured correctly, just skip it
-        if (mCrldpExt == null) {
-            return PolicyResult.ACCEPTED;
-        }
-
-        X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED;
-        }
-
-        for (int i = 0; i < ci.length; i++) {
-            PolicyResult certRes = applyCert(req, ci[i]);
-
-            if (certRes == PolicyResult.REJECTED)
-                return certRes;
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
-
-        try {
-            // find the extensions in the certInfo
-            CertificateExtensions extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-
-            // prepare the extensions data structure
-            if (extensions == null) {
-                certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
-                extensions = new CertificateExtensions();
-                certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
-                certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-            } else {
-                // remove any previously computed version of the extension
-                try {
-                    extensions.delete(CRLDistributionPointsExtension.NAME);
-                } catch (IOException e) {
-                    // extension isn't there
-                }
-            }
-            extensions.set(CRLDistributionPointsExtension.NAME, mCrldpExt);
-
-            return PolicyResult.ACCEPTED;
-
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
-                    e.getMessage());
-            return PolicyResult.REJECTED;
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR",
-                    e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
-                    e.getMessage());
-            return PolicyResult.REJECTED;
-        }
-    }
-
-    // parameters must be entered in the config file
-    public Vector<String> getDefaultParams() {
-        for (int i = DEFAULT_NUM_BLANK_POINTS; i < mNumPoints; i++) {
-            defaultParams.addElement(PROP_POINT_NAME + i + "=");
-            defaultParams.addElement(PROP_POINT_TYPE + i + "=");
-            defaultParams.addElement(PROP_REASONS + i + "=");
-            defaultParams.addElement(PROP_ISSUER_NAME + i + "=");
-            defaultParams.addElement(PROP_ISSUER_TYPE + i + "=");
-        }
-        return defaultParams;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        return mParams;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java b/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java
deleted file mode 100644
index 4124d430d..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java
+++ /dev/null
@@ -1,534 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.CPSuri;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificatePoliciesExtension;
-import netscape.security.x509.CertificatePolicyId;
-import netscape.security.x509.CertificatePolicyInfo;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.DisplayText;
-import netscape.security.x509.NoticeReference;
-import netscape.security.x509.PolicyQualifierInfo;
-import netscape.security.x509.PolicyQualifiers;
-import netscape.security.x509.UserNotice;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.policy.IPolicyProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Certificate Policies.
- * Adds certificate policies extension.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class CertificatePoliciesExt extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    protected static final String PROP_CRITICAL = "critical";
-    protected static final String PROP_NUM_CERTPOLICIES = "numCertPolicies";
-
-    protected static final String PROP_CERTPOLICY = "certPolicy";
-
-    protected static final boolean DEF_CRITICAL = false;
-    protected static final int DEF_NUM_CERTPOLICIES = 1;
-
-    protected boolean mEnabled = false;
-    protected IConfigStore mConfig = null;
-
-    protected boolean mCritical = DEF_CRITICAL;
-    protected int mNumCertPolicies = DEF_NUM_CERTPOLICIES;
-    protected CertPolicy[] mCertPolicies = null;
-
-    protected Vector<String> mInstanceParams = new Vector<String>();
-    protected CertificatePoliciesExtension mCertificatePoliciesExtension = null;
-
-    public CertificatePoliciesExt() {
-        NAME = "CertificatePoliciesExt";
-        DESC = "Sets non-critical certificate policies extension in certs";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries may be of the form:
-     *
-     * ca.Policy.rule.<ruleName>.predicate=certType==ca ca.Policy.rule.<ruleName>.implName=
-     * ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-
-        mEnabled = mConfig.getBoolean(
-                    IPolicyProcessor.PROP_ENABLE, false);
-        mCritical = mConfig.getBoolean(PROP_CRITICAL, DEF_CRITICAL);
-
-        mNumCertPolicies = mConfig.getInteger(
-                    PROP_NUM_CERTPOLICIES, DEF_NUM_CERTPOLICIES);
-        if (mNumCertPolicies < 1) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_ATTR_VALUE_2", NAME, ""));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                        PROP_NUM_CERTPOLICIES,
-                        "value must be greater than or equal to 1"));
-        }
-
-        // init Policy Mappings, check values if enabled.
-        mCertPolicies = new CertPolicy[mNumCertPolicies];
-        for (int i = 0; i < mNumCertPolicies; i++) {
-            String subtreeName = PROP_CERTPOLICY + i;
-
-            try {
-                mCertPolicies[i] = new CertPolicy(subtreeName, mConfig, mEnabled);
-            } catch (EBaseException e) {
-                log(ILogger.LL_FAILURE, NAME + ": " +
-                        CMS.getLogMessage("POLICY_ERROR_CREATE_CERT_POLICY", e.toString()));
-                throw e;
-            }
-        }
-
-        // create instance of certificate policy extension if enabled.
-        if (mEnabled) {
-            try {
-                Vector<CertificatePolicyInfo> CertPolicies = new Vector<CertificatePolicyInfo>();
-
-                for (int j = 0; j < mNumCertPolicies; j++) {
-                    CertPolicies.addElement(
-                            mCertPolicies[j].mCertificatePolicyInfo);
-                }
-                mCertificatePoliciesExtension =
-                        new CertificatePoliciesExtension(mCritical, CertPolicies);
-            } catch (IOException e) {
-                throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                                "Error initializing " + NAME + " Error: " + e));
-            }
-        }
-
-        // form instance params
-        mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
-        mInstanceParams.addElement(
-                PROP_NUM_CERTPOLICIES + "=" + mNumCertPolicies);
-        for (int i = 0; i < mNumCertPolicies; i++) {
-            mCertPolicies[i].getInstanceParams(mInstanceParams);
-        }
-    }
-
-    /**
-     * Applies the policy on the given Request.
-     * <p>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-
-        // get certInfo from request.
-        X509CertInfo[] ci =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED;
-        }
-
-        for (int i = 0; i < ci.length; i++) {
-            PolicyResult certRes = applyCert(req, ci[i]);
-
-            if (certRes == PolicyResult.REJECTED)
-                return certRes;
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
-        CertificateExtensions extensions = null;
-
-        try {
-            extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-            if (extensions == null) {
-                extensions = new CertificateExtensions();
-                try {
-                    certInfo.set(X509CertInfo.VERSION,
-                            new CertificateVersion(CertificateVersion.V3));
-                    certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-                } catch (Exception e) {
-                }
-            } else {
-                // remove any previously computed version of the extension
-                try {
-                    extensions.delete(CertificatePoliciesExtension.NAME);
-                } catch (IOException e) {
-                    // this is the hack: for some reason, the key which is the name
-                    // of the policy has been converted into the OID
-                    try {
-                        extensions.delete("2.5.29.32");
-                    } catch (IOException ee) {
-                    }
-                }
-            }
-            extensions.set(CertificatePoliciesExtension.NAME,
-                    mCertificatePoliciesExtension);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1",
-                    e.toString()));
-            setError(req,
-                    CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
-            return PolicyResult.REJECTED;
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1",
-                    e.toString()));
-            setError(req,
-                    CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
-            return PolicyResult.REJECTED;
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1",
-                    e.toString()));
-            setError(req,
-                    CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
-            return PolicyResult.REJECTED;
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        return mInstanceParams;
-    }
-
-    /**
-     * Default config parameters.
-     * To add more permitted or excluded subtrees,
-     * increase the num to greater than 0 and more configuration params
-     * will show up in the console.
-     */
-    private static Vector<String> mDefParams = new Vector<String>();
-    static {
-        mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
-        mDefParams.addElement(
-                PROP_NUM_CERTPOLICIES + "=" + DEF_NUM_CERTPOLICIES);
-        String certPolicy0Dot = PROP_CERTPOLICY + "0.";
-
-        mDefParams.addElement(
-                certPolicy0Dot + CertPolicy.PROP_POLICY_IDENTIFIER + "=" + "");
-        mDefParams.addElement(
-                certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_ORG + "=" + "");
-        mDefParams.addElement(
-                certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_NUMS + "=" + "");
-        mDefParams.addElement(
-                certPolicy0Dot + CertPolicy.PROP_USER_NOTICE_TEXT + "=" + "");
-        mDefParams.addElement(
-                certPolicy0Dot + CertPolicy.PROP_CPS_URI + "=" + "");
-
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        return mDefParams;
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        Vector<String> theparams = new Vector<String>();
-
-        theparams.addElement(PROP_CRITICAL + ";boolean;RFC 3280 recommendation: MUST be non-critical.");
-        theparams.addElement(PROP_NUM_CERTPOLICIES
-                + ";number; Number of certificate policies. The value must be greater than or equal to 1");
-
-        for (int k = 0; k < 5; k++) {
-            String certPolicykDot = PROP_CERTPOLICY + k + ".";
-
-            theparams.addElement(certPolicykDot +
-                    CertPolicy.PROP_POLICY_IDENTIFIER + ";string,required;An object identifier in the form n.n.n.n");
-            theparams.addElement(certPolicykDot +
-                    CertPolicy.PROP_NOTICE_REF_ORG + ";string;See RFC 3280 sec 4.2.1.5");
-            theparams.addElement(certPolicykDot +
-                    CertPolicy.PROP_NOTICE_REF_NUMS +
-                    ";string;comma-separated list of numbers. See RFC 3280 sec 4.2.1.5");
-            theparams.addElement(certPolicykDot +
-                    CertPolicy.PROP_USER_NOTICE_TEXT + ";string;See RFC 3280 sec 4.2.1.5");
-            theparams.addElement(certPolicykDot +
-                    CertPolicy.PROP_CPS_URI + ";string;See RFC 3280 sec 4.2.1.5");
-        }
-
-        theparams.addElement(IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-certificatepolicies");
-        theparams.addElement(IExtendedPluginInfo.HELP_TEXT +
-                ";Adds Certificate Policies Extension. See RFC 3280 (4.2.1.5)");
-
-        String[] params = new String[theparams.size()];
-
-        theparams.copyInto(params);
-        return params;
-    }
-}
-
-class CertPolicy {
-
-    protected static final String PROP_POLICY_IDENTIFIER = "policyId";
-    protected static final String PROP_NOTICE_REF_ORG = "noticeRefOrganization";
-    protected static final String PROP_NOTICE_REF_NUMS = "noticeRefNumbers";
-    protected static final String PROP_USER_NOTICE_TEXT = "userNoticeExplicitText";
-    protected static final String PROP_CPS_URI = "cpsURI";
-
-    protected String mName = null;
-    protected String mNameDot = null;
-    protected IConfigStore mConfig = null;
-
-    protected String mPolicyId = null;
-    protected String mNoticeRefOrg = null;
-    protected String mNoticeRefNums = null;
-    protected String mNoticeRefExplicitText = null;
-    protected String mCpsUri = null;
-
-    protected CertificatePolicyInfo mCertificatePolicyInfo = null;
-
-    /**
-     * forms policy map parameters.
-     *
-     * @param name name of this policy map, for example certPolicy0
-     * @param config parent's config from where we find this configuration.
-     * @param enabled whether policy was enabled.
-     */
-    protected CertPolicy(String name, IConfigStore config, boolean enabled)
-            throws EBaseException {
-        mName = name;
-        mConfig = config.getSubStore(mName);
-        mNameDot = mName + ".";
-
-        if (mConfig == null) {
-            CMS.debug("CertificatePoliciesExt::CertPolicy - mConfig is " +
-                       "null!");
-            throw new EBaseException("mConfig is null");
-        }
-
-        // if there's no configuration for this policy put it there.
-        if (mConfig.size() == 0) {
-            config.putString(mNameDot + PROP_POLICY_IDENTIFIER, "");
-            config.putString(mNameDot + PROP_NOTICE_REF_ORG, "");
-            config.putString(mNameDot + PROP_NOTICE_REF_NUMS, "");
-            config.putString(mNameDot + PROP_USER_NOTICE_TEXT, "");
-            config.putString(mNameDot + PROP_CPS_URI, "");
-            mConfig = config.getSubStore(mName);
-            if (mConfig == null || mConfig.size() == 0) {
-                CMS.debug("CertificatePoliciesExt::CertPolicy - mConfig " +
-                           "is null or empty!");
-                throw new EBaseException("mConfig is null or empty");
-            }
-        }
-
-        // get policy ids from configuration.
-        mPolicyId = mConfig.getString(PROP_POLICY_IDENTIFIER, null);
-        mNoticeRefOrg = mConfig.getString(PROP_NOTICE_REF_ORG, null);
-        mNoticeRefNums = mConfig.getString(PROP_NOTICE_REF_NUMS, null);
-        mNoticeRefExplicitText = mConfig.getString(PROP_USER_NOTICE_TEXT, null);
-        mCpsUri = mConfig.getString(PROP_CPS_URI, null);
-
-        // adjust for "" and console returning "null"
-        if (mPolicyId != null &&
-                (mPolicyId.length() == 0 ||
-                mPolicyId.equals("null"))) {
-            mPolicyId = null;
-        }
-        if (mNoticeRefOrg != null &&
-                (mNoticeRefOrg.length() == 0 ||
-                mNoticeRefOrg.equals("null"))) {
-            mNoticeRefOrg = null;
-        }
-        if (mNoticeRefNums != null &&
-                (mNoticeRefNums.length() == 0 ||
-                mNoticeRefNums.equals("null"))) {
-            mNoticeRefNums = null;
-        }
-        if (mNoticeRefExplicitText != null &&
-                (mNoticeRefExplicitText.length() == 0 ||
-                mNoticeRefExplicitText.equals("null"))) {
-            mNoticeRefExplicitText = null;
-        }
-        if (mCpsUri != null &&
-                (mCpsUri.length() == 0 ||
-                mCpsUri.equals("null"))) {
-            mCpsUri = null;
-        }
-
-        // policy ids cannot be null if policy is enabled.
-        String msg = "value cannot be null.";
-
-        if (mPolicyId == null && enabled)
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                        mNameDot + PROP_POLICY_IDENTIFIER, msg));
-        msg = "NoticeReference is optional; If chosen to include, NoticeReference must at least has 'organization'";
-        if (mNoticeRefOrg == null && mNoticeRefNums != null && enabled)
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                        mNameDot + PROP_NOTICE_REF_ORG, msg));
-
-        // if a policy id is not null check that it is a valid OID.
-
-        if (mPolicyId != null)
-            CMS.checkOID(mNameDot + PROP_POLICY_IDENTIFIER, mPolicyId);
-
-        // if enabled, form CertificatePolicyInfo to be encoded in
-        // extension. Policy ids should be all set.
-        if (enabled) {
-            CMS.debug("CertPolicy: in CertPolicy");
-            DisplayText displayText = null;
-
-            if (mNoticeRefExplicitText != null &&
-                    !mNoticeRefExplicitText.equals(""))
-                displayText = new DisplayText(DisplayText.tag_VisibleString, mNoticeRefExplicitText);
-            //		  new DisplayText(DisplayText.tag_IA5String, mNoticeRefExplicitText);
-            DisplayText orgName = null;
-
-            if (mNoticeRefOrg != null &&
-                    !mNoticeRefOrg.equals(""))
-                orgName =
-                        new DisplayText(DisplayText.tag_VisibleString, mNoticeRefOrg);
-            //		  new DisplayText(DisplayText.tag_VisibleString, mNoticeRefOrg);
-
-            int[] nums = new int[0];
-            ;
-            if (mNoticeRefNums != null &&
-                    !mNoticeRefNums.equals("")) {
-
-                // should add a method to NoticeReference to take a
-                // Vector...but let's do this for now
-
-                Vector<String> numsVector = new Vector<String>();
-                StringTokenizer tokens = new StringTokenizer(mNoticeRefNums,
-                        ",");
-
-                while (tokens.hasMoreTokens()) {
-                    String num = tokens.nextToken().trim();
-
-                    numsVector.addElement(num);
-                }
-
-                nums = new int[numsVector.size()];
-
-                for (int i = 0; i < numsVector.size(); i++) {
-                    Integer ii = new Integer(numsVector.elementAt(i));
-
-                    nums[i] = ii.intValue();
-                }
-            }
-            CertificatePolicyId cpolicyId = null;
-
-            try {
-                cpolicyId = new CertificatePolicyId(ObjectIdentifier.getObjectIdentifier(mPolicyId));
-            } catch (Exception e) {
-                throw new EBaseException(CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR", mPolicyId));
-            }
-
-            PolicyQualifiers policyQualifiers = new PolicyQualifiers();
-
-            NoticeReference noticeReference = null;
-
-            if (orgName != null)
-                noticeReference = new NoticeReference(orgName, nums);
-
-            UserNotice userNotice = null;
-
-            if (displayText != null || noticeReference != null) {
-                userNotice = new UserNotice(noticeReference, displayText);
-
-                PolicyQualifierInfo policyQualifierInfo1 =
-                        new PolicyQualifierInfo(PolicyQualifierInfo.QT_UNOTICE, userNotice);
-
-                policyQualifiers.add(policyQualifierInfo1);
-            }
-
-            CPSuri cpsUri = null;
-
-            if (mCpsUri != null && mCpsUri.length() > 0) {
-                cpsUri = new CPSuri(mCpsUri);
-                PolicyQualifierInfo policyQualifierInfo2 =
-                        new PolicyQualifierInfo(PolicyQualifierInfo.QT_CPS, cpsUri);
-
-                policyQualifiers.add(policyQualifierInfo2);
-            }
-
-            if ((mNoticeRefOrg == null || mNoticeRefOrg.equals("")) &&
-                    (mNoticeRefExplicitText == null || mNoticeRefExplicitText.equals("")) &&
-                    (mCpsUri == null || mCpsUri.equals(""))) {
-                CMS.debug("CertPolicy mNoticeRefOrg = " + mNoticeRefOrg);
-                CMS.debug("CertPolicy mNoticeRefExplicitText = " + mNoticeRefExplicitText);
-                CMS.debug("CertPolicy mCpsUri = " + mCpsUri);
-
-                mCertificatePolicyInfo = new CertificatePolicyInfo(cpolicyId);
-            } else {
-                CMS.debug("CertPolicy mNoticeRefOrg = " + mNoticeRefOrg);
-                CMS.debug("CertPolicy mNoticeRefExplicitText = " + mNoticeRefExplicitText);
-                CMS.debug("CertPolicy mCpsUri = " + mCpsUri);
-                mCertificatePolicyInfo = new CertificatePolicyInfo(cpolicyId, policyQualifiers);
-            }
-        }
-    }
-
-    protected void getInstanceParams(Vector<String> instanceParams) {
-        instanceParams.addElement(
-                mNameDot + PROP_POLICY_IDENTIFIER + "=" + (mPolicyId == null ? "" :
-                        mPolicyId));
-        instanceParams.addElement(
-                mNameDot + PROP_NOTICE_REF_ORG + "=" + (mNoticeRefOrg == null ? "" :
-                        mNoticeRefOrg));
-        instanceParams.addElement(
-                mNameDot + PROP_NOTICE_REF_NUMS + "=" + (mNoticeRefNums == null ? "" :
-                        mNoticeRefNums));
-        instanceParams.addElement(
-                mNameDot + PROP_USER_NOTICE_TEXT + "=" + (mNoticeRefExplicitText == null ? "" :
-                        mNoticeRefExplicitText));
-        instanceParams.addElement(
-                mNameDot + PROP_CPS_URI + "=" + (mCpsUri == null ? "" :
-                        mCpsUri));
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java b/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java
deleted file mode 100644
index 58ce112f3..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java
+++ /dev/null
@@ -1,254 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Date;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.extensions.CertificateRenewalWindowExtension;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Certificate Renewal Window Extension Policy
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class CertificateRenewalWindowExt extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-
-    protected static final String PROP_END_TIME = "relativeEndTime";
-    protected static final String PROP_BEGIN_TIME = "relativeBeginTime";
-    protected static final String PROP_CRITICAL = "critical";
-
-    protected boolean mCritical;
-    protected String mBeginTime;
-    protected String mEndTime;
-
-    /**
-     * Adds the Netscape comment in the end-entity certificates or
-     * CA certificates. The policy is set to be non-critical with the
-     * provided OID.
-     */
-    public CertificateRenewalWindowExt() {
-        NAME = "CertificateRenewalWindowExt";
-        DESC = "Sets non-critical Certificate Renewal Window extension in certs";
-    }
-
-    /**
-     * Initializes this policy rule.
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mCritical = config.getBoolean(PROP_CRITICAL, false);
-        mBeginTime = config.getString(PROP_BEGIN_TIME, null);
-        mEndTime = config.getString(PROP_END_TIME, null);
-
-    }
-
-    /**
-     * Applies the policy on the given Request.
-     * <p>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        PolicyResult res = PolicyResult.ACCEPTED;
-
-        // get cert info.
-        X509CertInfo[] ci =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED; // unrecoverable error.
-        }
-
-        for (int i = 0; i < ci.length; i++) {
-            PolicyResult r = applyCert(req, ci[i]);
-
-            if (r == PolicyResult.REJECTED)
-                return r;
-        }
-        return res;
-    }
-
-    public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
-
-        CertificateExtensions extensions = null;
-
-        try {
-            extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-        } catch (IOException e) {
-        } catch (CertificateException e) {
-        }
-
-        if (extensions == null) {
-            extensions = new CertificateExtensions();
-            try {
-                certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
-                certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-            } catch (Exception e) {
-            }
-        } else {
-            // remove any previously computed version of the extension
-            try {
-                extensions.delete(CertificateRenewalWindowExtension.NAME);
-
-            } catch (IOException e) {
-                // this is the hack: for some reason, the key which is the name
-                // of the policy has been converted into the OID
-                try {
-                    extensions.delete("2.16.840.1.113730.1.15");
-                } catch (IOException ee) {
-                }
-            }
-        }
-
-        try {
-            Date now = CMS.getCurrentDate();
-            CertificateRenewalWindowExtension crwExt = null;
-
-            if (mEndTime == null || mEndTime.equals("")) {
-                crwExt = new CertificateRenewalWindowExtension(
-                            mCritical,
-                            getDateValue(now, mBeginTime),
-                            null);
-            } else {
-                crwExt = new CertificateRenewalWindowExtension(
-                            mCritical,
-                            getDateValue(now, mBeginTime),
-                            getDateValue(now, mEndTime));
-            }
-            extensions.set(CertificateRenewalWindowExtension.NAME,
-                    crwExt);
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME));
-            setError(req,
-                    CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
-            return PolicyResult.REJECTED;
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    public Date getDateValue(Date relativeFrom, String s) {
-        long time;
-
-        if (s.endsWith("s")) {
-            time = 1000 * Long.parseLong(s.substring(0,
-                            s.length() - 1));
-        } else if (s.endsWith("m")) {
-            time = 60 * 1000 * Long.parseLong(s.substring(0,
-                            s.length() - 1));
-        } else if (s.endsWith("h")) {
-            time = 60 * 60 * 1000 * Long.parseLong(s.substring(0,
-                            s.length() - 1));
-        } else if (s.endsWith("D")) {
-            time = 24 * 60 * 60 * 1000 * Long.parseLong(
-                        s.substring(0, s.length() - 1));
-        } else if (s.endsWith("M")) {
-            time = 30 * 60 * 60 * 1000 * Long.parseLong(
-                        s.substring(0, s.length() - 1));
-        } else {
-            time = 1000 * Long.parseLong(s);
-        }
-
-        return new Date(relativeFrom.getTime() + time);
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_CRITICAL + ";boolean;Netscape recommendation: non-critical.",
-                PROP_BEGIN_TIME
-                        + ";string;Start Time in seconds (Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.",
-                PROP_END_TIME
-                        + ";string;End Time in seconds (Optional, Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-certificaterenewalwindow",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Adds 'Certificate Renewal Window' extension. See manual"
-        };
-
-        return params;
-
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> params = new Vector<String>();
-
-        params.addElement(PROP_CRITICAL + "=" + mCritical);
-        if (mBeginTime == null) {
-            params.addElement(PROP_BEGIN_TIME + "=");
-        } else {
-            params.addElement(PROP_BEGIN_TIME + "=" + mBeginTime);
-        }
-        if (mEndTime == null) {
-            params.addElement(PROP_END_TIME + "=");
-        } else {
-            params.addElement(PROP_END_TIME + "=" + mEndTime);
-        }
-        return params;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        Vector<String> defParams = new Vector<String>();
-
-        defParams.addElement(PROP_CRITICAL + "=false");
-        defParams.addElement(PROP_BEGIN_TIME + "=");
-        defParams.addElement(PROP_END_TIME + "=");
-        return defParams;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java b/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java
deleted file mode 100644
index 779be165b..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java
+++ /dev/null
@@ -1,326 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.extensions.CertificateScopeEntry;
-import netscape.security.extensions.CertificateScopeOfUseExtension;
-import netscape.security.util.BigInt;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.GeneralName;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.policy.IGeneralNameUtil;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Certificate Scope Of Use extension policy. This extension
- * is defined in draft-thayes-cert-scope-00.txt
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class CertificateScopeOfUseExt extends APolicyRule implements
-        IEnrollmentPolicy, IExtendedPluginInfo {
-    protected static final String PROP_CRITICAL =
-            "critical";
-    protected static final String PROP_ENTRY =
-            "entry";
-    protected static final String PROP_NAME =
-            "name";
-    protected static final String PROP_NAME_TYPE =
-            "name_type";
-    protected static final String PROP_PORT_NUMBER =
-            "port_number";
-
-    public static final int MAX_ENTRY = 5;
-
-    public IConfigStore mConfig = null;
-
-    public CertificateScopeOfUseExt() {
-        NAME = "CertificateScopeOfUseExt";
-        DESC = "Sets scope of use extension for certificates";
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement(PROP_CRITICAL +
-                ";boolean; This extension may be either critical or non-critical.");
-        v.addElement(IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-certificatescopeofuse");
-        v.addElement(IExtendedPluginInfo.HELP_TEXT +
-                ";Adds Certificate Scope of Use Extension.");
-
-        for (int i = 0; i < MAX_ENTRY; i++) {
-            v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_NAME + ";" + IGeneralNameUtil.GENNAME_VALUE_INFO);
-            v.addElement(PROP_ENTRY
-                    + Integer.toString(i) + "_" + PROP_NAME_TYPE + ";" + IGeneralNameUtil.GENNAME_CHOICE_INFO);
-            v.addElement(PROP_ENTRY
-                    + Integer.toString(i) + "_" + PROP_PORT_NUMBER + ";string;" + "The port number (optional).");
-        }
-        return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries may be of the form:
-     *
-     * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt ca.Policy.rule.<ruleName>.enable=true
-     * ca.Policy.rule.<ruleName>.predicate=
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-    }
-
-    /**
-     * Returns a sequence of scope entry.
-     */
-    private Vector<CertificateScopeEntry> getScopeEntries() throws EBaseException {
-        Vector<CertificateScopeEntry> entries = new Vector<CertificateScopeEntry>();
-
-        //
-        // read until there is *NO* ad<NUM>_method
-        //
-        for (int i = 0;; i++) {
-            // get port number (optional)
-            String port = mConfig.getString(PROP_ENTRY +
-                    Integer.toString(i) + "_" + PROP_PORT_NUMBER, null);
-            BigInt portNumber = null;
-
-            if (port != null && !port.equals("")) {
-                portNumber = new BigInt(Integer.parseInt(port));
-            }
-
-            //
-            // location ::= <TAG> : <VALUE>
-            // TAG ::= uriName | dirName
-            // VALUE ::= [value defined by TAG]
-            //
-            String name_type = mConfig.getString(PROP_ENTRY +
-                    Integer.toString(i) +
-                    "_" + PROP_NAME_TYPE, null);
-            String name = mConfig.getString(PROP_ENTRY +
-                    Integer.toString(i) +
-                    "_" + PROP_NAME, null);
-
-            if (name == null || name.equals(""))
-                break;
-            GeneralName gn = CMS.form_GeneralNameAsConstraints(name_type, name);
-
-            entries.addElement(new CertificateScopeEntry(gn, portNumber));
-        }
-        return entries;
-    }
-
-    /**
-     * If this policy is enabled, add the authority information
-     * access extension to the certificate.
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        PolicyResult res = PolicyResult.ACCEPTED;
-
-        X509CertInfo certInfo;
-        X509CertInfo[] ci = req.getExtDataInCertInfoArray(
-                IRequest.CERT_INFO);
-
-        if (ci == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED; // unrecoverable error.
-        }
-
-        for (int j = 0; j < ci.length; j++) {
-
-            certInfo = ci[j];
-            if (certInfo == null) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CA_CERT_INFO_ERROR", NAME));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                        NAME, "Configuration Info Error");
-                return PolicyResult.REJECTED; // unrecoverable error.
-            }
-
-            try {
-                // Find the extensions in the certInfo
-                CertificateExtensions extensions = (CertificateExtensions)
-                        certInfo.get(X509CertInfo.EXTENSIONS);
-
-                // add access descriptions
-                Vector<CertificateScopeEntry> entries = getScopeEntries();
-
-                if (entries.size() == 0) {
-                    return res;
-                }
-
-                if (extensions == null) {
-                    // create extension if not exist
-                    certInfo.set(X509CertInfo.VERSION,
-                            new CertificateVersion(CertificateVersion.V3));
-                    extensions = new CertificateExtensions();
-                    certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-                } else {
-                    // check to see if AIA is already exist
-                    try {
-                        extensions.delete(CertificateScopeOfUseExtension.NAME);
-                        log(ILogger.LL_INFO, "Previous extension deleted: " + CertificateScopeOfUseExtension.NAME);
-                    } catch (IOException ex) {
-                    }
-                }
-
-                // Create the extension
-                CertificateScopeOfUseExtension suExt = new
-                        CertificateScopeOfUseExtension(mConfig.getBoolean(
-                                PROP_CRITICAL, false), entries);
-
-                extensions.set(CertificateScopeOfUseExtension.NAME, suExt);
-
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                        NAME, e.getMessage());
-                return PolicyResult.REJECTED; // unrecoverable error.
-            } catch (EBaseException e) {
-                log(ILogger.LL_FAILURE,
-                        "Configuration Info Error encountered: " +
-                                e.getMessage());
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                        NAME, "Configuration Info Error");
-                return PolicyResult.REJECTED; // unrecoverable error.
-            } catch (CertificateException e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                        NAME, "Certificate Info Error");
-                return PolicyResult.REJECTED; // unrecoverable error.
-            }
-        }
-
-        return res;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> params = new Vector<String>();
-
-        try {
-            params.addElement(PROP_CRITICAL + "=" +
-                    mConfig.getBoolean(PROP_CRITICAL, false));
-        } catch (EBaseException e) {
-        }
-
-        for (int i = 0;; i++) {
-            String name_type = null;
-
-            try {
-                name_type = mConfig.getString(PROP_ENTRY +
-                            Integer.toString(i) + "_" + PROP_NAME_TYPE,
-                            null);
-            } catch (EBaseException e) {
-            }
-            if (name_type == null)
-                break;
-            params.addElement(PROP_ENTRY +
-                    Integer.toString(i) +
-                    "_" + PROP_NAME_TYPE + "=" + name_type);
-            String name = null;
-
-            try {
-                name = mConfig.getString(PROP_ENTRY +
-                            Integer.toString(i) + "_" + PROP_NAME,
-                            null);
-            } catch (EBaseException e) {
-            }
-            if (name == null)
-                break;
-            params.addElement(PROP_ENTRY +
-                    Integer.toString(i) +
-                    "_" + PROP_NAME + "=" + name);
-            String port = null;
-
-            try {
-                port = mConfig.getString(PROP_ENTRY +
-                            Integer.toString(i) + "_" + PROP_PORT_NUMBER,
-                            "");
-            } catch (EBaseException e) {
-            }
-            params.addElement(PROP_ENTRY +
-                    Integer.toString(i) +
-                    "_" + PROP_PORT_NUMBER + "=" + port);
-        }
-        return params;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        Vector<String> defParams = new Vector<String>();
-
-        defParams.addElement(PROP_CRITICAL + "=false");
-
-        //
-        // By default, we create MAX_AD access descriptions.
-        // If this is not enough, admin can manually edit
-        // the CMS.cfg
-        //
-        for (int i = 0; i < MAX_ENTRY; i++) {
-            defParams.addElement(PROP_ENTRY + Integer.toString(i) +
-                    "_" + PROP_NAME_TYPE + "=");
-            defParams.addElement(PROP_ENTRY + Integer.toString(i) +
-                    "_" + PROP_NAME + "=");
-            defParams.addElement(PROP_ENTRY + Integer.toString(i) +
-                    "_" + PROP_PORT_NUMBER + "=");
-        }
-        return defParams;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java b/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java
deleted file mode 100644
index 5f33efe1b..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java
+++ /dev/null
@@ -1,285 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.extensions.ExtendedKeyUsageExtension;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * This implements the extended key usage extension.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class ExtendedKeyUsageExt extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    public static final String PROP_CRITICAL = "critical";
-    protected static final String PROP_PURPOSE_ID = "id";
-    protected static final String PROP_NUM_IDS = "numIds";
-    protected static int MAX_PURPOSE_ID = 10;
-    private boolean mCritical = false;
-    private IConfigStore mConfig = null;
-    private Vector<ObjectIdentifier> mUsages = null;
-
-    private String[] mParams = null;
-
-    // PKIX specifies the that the extension SHOULD NOT be critical
-    public static final boolean DEFAULT_CRITICALITY = false;
-
-    private ExtendedKeyUsageExtension mExtendedKeyUsage = null;
-
-    /**
-     * Constructs extended Key Usage extension.
-     */
-    public ExtendedKeyUsageExt() {
-        NAME = "ExtendedKeyUsageExt";
-        DESC = "Sets ExtendedKeyUsage extension for certificates";
-    }
-
-    /**
-     * Performs one-time initialization of the policy.
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-        setExtendedPluginInfo();
-        setupParams();
-        mExtendedKeyUsage = new ExtendedKeyUsageExtension(mCritical, mUsages);
-    }
-
-    /**
-     * Applies the policy to the given request.
-     */
-    public PolicyResult apply(IRequest req) {
-
-        // if the extension was not configured correctly, just skip it
-        if (mExtendedKeyUsage == null) {
-            return PolicyResult.ACCEPTED;
-        }
-
-        X509CertInfo[] ci =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED;
-        }
-
-        for (int i = 0; i < ci.length; i++) {
-            PolicyResult certRes = applyCert(req, ci[i]);
-
-            if (certRes == PolicyResult.REJECTED)
-                return certRes;
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
-        try {
-            // find the extensions in the certInfo
-            CertificateExtensions extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-
-            // prepare the extensions data structure
-            if (extensions == null) {
-                certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
-                extensions = new CertificateExtensions();
-                certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
-                certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-            } else {
-                try {
-                    extensions.delete(ExtendedKeyUsageExtension.NAME);
-                } catch (IOException ex) {
-                    // ExtendedKeyUsage extension is not already there
-                }
-            }
-
-            extensions.set(ExtendedKeyUsageExtension.NAME, mExtendedKeyUsage);
-
-            return PolicyResult.ACCEPTED;
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
-                    e.getMessage());
-            return PolicyResult.REJECTED;
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR",
-                    e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
-                    e.getMessage());
-            return PolicyResult.REJECTED;
-        }
-    }
-
-    /**
-     * Returns instance specific parameters.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> params = new Vector<String>();
-
-        params.addElement(PROP_CRITICAL + "=" + mCritical);
-        int numIds = MAX_PURPOSE_ID;
-
-        try {
-            numIds = mConfig.getInteger(PROP_NUM_IDS, MAX_PURPOSE_ID);
-        } catch (EBaseException e) {
-        }
-        params.addElement(PROP_NUM_IDS + "=" + numIds);
-        String usage = null;
-
-        for (int i = 0; i < numIds; i++) {
-            if (mUsages.size() <= i) {
-                params.addElement(PROP_PURPOSE_ID +
-                        Integer.toString(i) + "=");
-            } else {
-                usage = mUsages.elementAt(i).toString();
-                if (usage == null) {
-                    params.addElement(PROP_PURPOSE_ID +
-                            Integer.toString(i) + "=");
-                } else {
-                    params.addElement(PROP_PURPOSE_ID +
-                            Integer.toString(i) + "=" + usage);
-                }
-            }
-        }
-        return params;
-    }
-
-    private void setExtendedPluginInfo() {
-        Vector<String> v = new Vector<String>();
-        int mNum = MAX_PURPOSE_ID;
-
-        if (mConfig != null) {
-            try {
-                mConfig.getInteger(PROP_NUM_IDS, MAX_PURPOSE_ID);
-            } catch (EBaseException e) {
-            }
-        }
-        for (int i = 0; i < mNum; i++) {
-            v.addElement(PROP_PURPOSE_ID
-                    + Integer.toString(i)
-                    + ";string;"
-                    +
-                    "A unique,valid OID specified in dot-separated numeric component notation. e.g. 2.16.840.1.113730.1.99");
-        }
-
-        v.addElement(PROP_NUM_IDS + ";number;The total number of policy IDs.");
-        v.addElement(PROP_CRITICAL
-                +
-                ";boolean;RFC 2459 recommendation: This extension may, at the option of the certificate issuer, be either critical or non-critical.");
-        v.addElement(IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-extendedkeyusage");
-        v.addElement(IExtendedPluginInfo.HELP_TEXT +
-                ";Adds Extended Key Usage Extension. Defined in RFC 2459 " +
-                "(4.2.1.13)");
-
-        mParams = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        if (mParams == null) {
-            setExtendedPluginInfo();
-        }
-        return mParams;
-    }
-
-    /**
-     * Returns default parameters.
-     */
-    public Vector<String> getDefaultParams() {
-        Vector<String> defParams = new Vector<String>();
-
-        defParams.addElement(PROP_CRITICAL + "=false");
-        defParams.addElement(PROP_NUM_IDS + "=" + MAX_PURPOSE_ID);
-        for (int i = 0; i < MAX_PURPOSE_ID; i++) {
-            defParams.addElement(PROP_PURPOSE_ID + Integer.toString(i) + "=");
-        }
-        return defParams;
-    }
-
-    /**
-     * Setups parameters.
-     */
-    private void setupParams() throws EBaseException {
-
-        mCritical = mConfig.getBoolean(PROP_CRITICAL, false);
-        if (mUsages == null) {
-            mUsages = new Vector<ObjectIdentifier>();
-        }
-
-        int mNum = mConfig.getInteger(PROP_NUM_IDS, MAX_PURPOSE_ID);
-
-        for (int i = 0; i < mNum; i++) {
-            ObjectIdentifier usageOID = null;
-
-            String usage = mConfig.getString(PROP_PURPOSE_ID +
-                    Integer.toString(i), null);
-
-            try {
-
-                if (usage == null)
-                    break;
-                usage = usage.trim();
-                if (usage.equals(""))
-                    break;
-                if (usage.equalsIgnoreCase("ocspsigning")) {
-                    usageOID = ObjectIdentifier.getObjectIdentifier(ExtendedKeyUsageExtension.OID_OCSPSigning);
-                } else if (usage.equalsIgnoreCase("codesigning")) {
-                    usageOID = ObjectIdentifier.getObjectIdentifier(ExtendedKeyUsageExtension.OID_CODESigning);
-                } else {
-                    // it could be an object identifier, test it
-                    usageOID = ObjectIdentifier.getObjectIdentifier(usage);
-                }
-            } catch (IOException ex) {
-                throw new EBaseException(this.getClass().getName() + ":" +
-                        ex.getMessage());
-            } catch (NumberFormatException ex) {
-                throw new EBaseException(this.getClass().getName() + ":" +
-                        "OID '" + usage + "' format error");
-            }
-            mUsages.addElement(usageOID);
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java b/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java
deleted file mode 100644
index 35f5313c1..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java
+++ /dev/null
@@ -1,509 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.text.ParseException;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.extensions.GenericASN1Extension;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.OIDMap;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Private Integer extension policy.
- * If this policy is enabled, it adds an Private Integer
- * extension to the certificate.
- *
- * The following listed sample configuration parameters:
- *
- * ca.Policy.impl.privateInteger.class=com.netscape.certsrv.policy.genericASNExt
- * ca.Policy.rule.genericASNExt.enable=true
- * ca.Policy.rule.genericASNExt.name=myIntegerExtension
- * ca.Policy.rule.genericASNExt.pattern={{{12}34}5}
- * ca.Policy.rule.genericASNExt.oid=280.230.123.1234.1
- * ca.Policy.rule.genericASNExt.critical=false
- * ca.Policy.rule.genericASNExt.attribute1.type=integer
- * ca.Policy.rule.genericASNExt.attribute1.source=value
- * ca.Policy.rule.genericASNExt.attribute1.value=9999
- * ca.Policy.rule.genericASNExt.attribute2.type=ia5string
- * ca.Policy.rule.genericASNExt.attribute2.source=value
- * ca.Policy.rule.genericASNExt.attribute2.value=hello
- * ca.Policy.rule.genericASNExt.attribute3.type=octetstring
- * ca.Policy.rule.genericASNExt.attribute3.source=value
- * ca.Policy.rule.genericASNExt.attribute3.value=hellohello
- * ca.Policy.rule.genericASNExt.attribute4.type=octetstring
- * ca.Policy.rule.genericASNExt.attribute4.source=file
- * ca.Policy.rule.genericASNExt.attribute4.value=c:/tmp/test.txt
- * ca.Policy.rule.genericASNExt.attribute5.type=
- * ca.Policy.rule.genericASNExt.attribute5.source=
- * ca.Policy.rule.genericASNExt.attribute5.value=
- * ca.Policy.rule.genericASNExt.implName=genericASNExt
- * ca.Policy.rule.genericASNExt.predicate=
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class GenericASN1Ext extends APolicyRule implements
-        IEnrollmentPolicy, IExtendedPluginInfo {
-    protected static final int MAX_ATTR = 10;
-
-    protected static final String PROP_CRITICAL =
-            "critical";
-    protected static final String PROP_NAME =
-            "name";
-    protected static final String PROP_OID =
-            "oid";
-    protected static final String PROP_PATTERN =
-            "pattern";
-    protected static final String PROP_ATTRIBUTE =
-            "attribute";
-    protected static final String PROP_TYPE =
-            "type";
-    protected static final String PROP_SOURCE =
-            "source";
-    protected static final String PROP_VALUE =
-            "value";
-    protected static final String PROP_PREDICATE =
-            "predicate";
-
-    protected static final String PROP_ENABLE =
-            "enable";
-
-    public IConfigStore mConfig = null;
-
-    private String pattern = null;
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String s[] = {
-                "enable" + ";boolean;Enable this policy",
-                "predicate" + ";string;",
-                PROP_CRITICAL + ";boolean;",
-                PROP_NAME + ";string;Name for this extension.",
-                PROP_OID + ";string;OID number for this extension. It should be unique.",
-                PROP_PATTERN + ";string;Pattern for extension; {012}34",
-                // Attribute 0
-                PROP_ATTRIBUTE + "." + "0" + "." + PROP_TYPE
-                    + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
-                PROP_ATTRIBUTE + "." + "0" + "." + PROP_SOURCE
-                    + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
-                PROP_ATTRIBUTE + "." + "0" + "." + PROP_VALUE
-                    + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
-                // Attribute 1
-                PROP_ATTRIBUTE + "." + "1" + "." + PROP_TYPE
-                    + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
-                PROP_ATTRIBUTE + "." + "1" + "." + PROP_SOURCE
-                    + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
-                PROP_ATTRIBUTE + "." + "1" + "." + PROP_VALUE
-                    + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
-                // Attribute 2
-                PROP_ATTRIBUTE + "." + "2" + "." + PROP_TYPE
-                    + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
-                PROP_ATTRIBUTE + "." + "2" + "." + PROP_SOURCE
-                    + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
-                PROP_ATTRIBUTE + "." + "2" + "." + PROP_VALUE
-                    + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
-                // Attribute 3
-                PROP_ATTRIBUTE + "." + "3" + "." + PROP_TYPE
-                    + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
-                PROP_ATTRIBUTE + "." + "3" + "." + PROP_SOURCE
-                    + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
-                PROP_ATTRIBUTE + "." + "3" + "." + PROP_VALUE
-                    + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
-                // Attribute 4
-                PROP_ATTRIBUTE + "." + "4" + "." + PROP_TYPE
-                    + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
-                PROP_ATTRIBUTE + "." + "4" + "." + PROP_SOURCE
-                    + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
-                PROP_ATTRIBUTE + "." + "4" + "." + PROP_VALUE
-                    + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
-                // Attribute 5
-                PROP_ATTRIBUTE + "." + "5" + "." + PROP_TYPE
-                    + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
-                PROP_ATTRIBUTE + "." + "5" + "." + PROP_SOURCE
-                    + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
-                PROP_ATTRIBUTE + "." + "5" + "." + PROP_VALUE
-                    + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
-                // Attribute 6
-                PROP_ATTRIBUTE + "." + "6" + "." + PROP_TYPE
-                    + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
-                PROP_ATTRIBUTE + "." + "6" + "." + PROP_SOURCE
-                    + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
-                PROP_ATTRIBUTE + "." + "6" + "." + PROP_VALUE
-                    + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
-                // Attribute 7
-                PROP_ATTRIBUTE + "." + "7" + "." + PROP_TYPE
-                    + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
-                PROP_ATTRIBUTE + "." + "7" + "." + PROP_SOURCE
-                    + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
-                PROP_ATTRIBUTE + "." + "7" + "." + PROP_VALUE
-                    + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
-                // Attribute 8
-                PROP_ATTRIBUTE + "." + "8" + "." + PROP_TYPE
-                    + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
-                PROP_ATTRIBUTE + "." + "8" + "." + PROP_SOURCE
-                    + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
-                PROP_ATTRIBUTE + "." + "8" + "." + PROP_VALUE
-                    + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
-                // Attribute 9
-                PROP_ATTRIBUTE + "." + "9" + "." + PROP_TYPE
-                    + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
-                PROP_ATTRIBUTE + "." + "9" + "." + PROP_SOURCE
-                    + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
-                PROP_ATTRIBUTE + "." + "9" + "." + PROP_VALUE
-                    + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-genericasn1ext",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Adds Private extension based on ASN1. See manual"
-            };
-
-        return s;
-    }
-
-    public GenericASN1Ext() {
-        NAME = "GenericASN1Ext";
-        DESC = "Sets Generic extension for certificates";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries may be of the form:
-     *
-     * ca.Policy.rule.<ruleName>.implName=genericASNExt ca.Policy.rule.<ruleName>.enable=true
-     * ca.Policy.rule.<ruleName>.predicate=
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-        if (mConfig == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_INIT_ERROR"));
-            return;
-        }
-
-        boolean enable = mConfig.getBoolean(PROP_ENABLE, false);
-
-        if (enable == false)
-            return;
-
-        String oid = mConfig.getString(PROP_OID, null);
-
-        if ((oid == null) || (oid.length() == 0)) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_INIT_ERROR"));
-            return;
-        }
-
-        String name = mConfig.getString(PROP_NAME, null);
-
-        if ((name == null) || (name.length() == 0)) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_INIT_ERROR"));
-            return;
-        }
-
-        try {
-            if (File.separatorChar == '\\') {
-                pattern = mConfig.getString(PROP_PATTERN, null);
-                checkFilename(0);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, "" + e.toString());
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, "" + e.toString());
-        }
-
-        // Check OID value
-        CMS.checkOID(name, oid);
-        pattern = mConfig.getString(PROP_PATTERN, null);
-        checkOID(0);
-
-        try {
-            ObjectIdentifier tmpid = new ObjectIdentifier(oid);
-
-            if (OIDMap.getName(tmpid) == null)
-                OIDMap.addAttribute("netscape.security.extensions.GenericASN1Extension", oid, name);
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, "" + e.toString());
-        }
-
-    }
-
-    // Check filename
-    private int checkFilename(int index)
-            throws IOException, EBaseException {
-        String source = null;
-
-        while (index < pattern.length()) {
-            char ch = pattern.charAt(index);
-
-            switch (ch) {
-            case '{':
-                index++;
-                index = checkFilename(index);
-                break;
-
-            case '}':
-                return index;
-
-            default:
-                source = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_SOURCE, null);
-                if ((source != null) && (source.equalsIgnoreCase("file"))) {
-                    String oValue = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, null);
-                    String nValue = oValue.replace('\\', '/');
-
-                    mConfig.putString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, nValue);
-                    FileInputStream fis = new FileInputStream(nValue);
-                    fis.close();
-                }
-            }
-            index++;
-        }
-
-        return index;
-    }
-
-    // Check oid
-    private int checkOID(int index)
-            throws EBaseException {
-        String type = null;
-        String oid = null;
-
-        while (index < pattern.length()) {
-            char ch = pattern.charAt(index);
-
-            switch (ch) {
-            case '{':
-                index++;
-                index = checkOID(index);
-                break;
-
-            case '}':
-                return index;
-
-            default:
-                type = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_TYPE, null);
-                if ((type != null) && (type.equalsIgnoreCase("OID"))) {
-                    oid = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, null);
-                    CMS.checkOID(oid, oid);
-                }
-            }
-            index++;
-        }
-
-        return index;
-    }
-
-    /**
-     * If this policy is enabled, add the private Integer
-     * information extension to the certificate.
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        PolicyResult res = PolicyResult.ACCEPTED;
-        X509CertInfo certInfo;
-        X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        if (ci == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED; // unrecoverable error.
-        }
-
-        for (int j = 0; j < ci.length; j++) {
-
-            certInfo = ci[j];
-            if (certInfo == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", ""));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
-                        "Configuration Info Error");
-                return PolicyResult.REJECTED; // unrecoverable error.
-            }
-
-            try {
-                // Find the extensions in the certInfo
-                CertificateExtensions extensions = (CertificateExtensions) certInfo.get(X509CertInfo.EXTENSIONS);
-
-                if (extensions == null) {
-                    // create extension if not exist
-                    certInfo.set(X509CertInfo.VERSION,
-                            new CertificateVersion(CertificateVersion.V3));
-                    extensions = new CertificateExtensions();
-                    certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-                } else {
-                    //
-                    // Remove any previousely computed extension
-                    //
-                    try {
-                        extensions.delete(mConfig.getString(PROP_NAME, ""));
-                    } catch (Exception e) {/* extension isn't there */
-                    }
-                }
-
-                // Create the extension
-                GenericASN1Extension priExt = mkExtension();
-
-                extensions.set(priExt.getName(), priExt);
-
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                        NAME, e.getMessage());
-                return PolicyResult.REJECTED; // unrecoverable error.
-            } catch (EBaseException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                        NAME, "Configuration Info Error");
-                return PolicyResult.REJECTED; // unrecoverable error.
-            } catch (CertificateException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                        NAME, "Certificate Info Error");
-                return PolicyResult.REJECTED; // unrecoverable error.
-            } catch (ParseException e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("BASE_EXTENSION_ERROR", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                        NAME, "Pattern parsing error");
-                return PolicyResult.REJECTED; // unrecoverable error.
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("BASE_UNKNOWN_EXCEPTION", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                        NAME, "Unknown Error");
-                return PolicyResult.REJECTED; // unrecoverable error.
-            }
-        }
-        return res;
-    }
-
-    /**
-     * Construct GenericASN1Extension with value from CMS.cfg
-     */
-    protected GenericASN1Extension mkExtension()
-            throws IOException, EBaseException, ParseException {
-        GenericASN1Extension ext;
-
-        Hashtable<String, String> h = new Hashtable<String, String>();
-        // This only show one level, not substores!
-        Enumeration<String> e = mConfig.getPropertyNames();
-
-        while (e.hasMoreElements()) {
-            String n = e.nextElement();
-
-            h.put(n, mConfig.getString(n));
-        }
-        for (int idx = 0; idx < MAX_ATTR; idx++) {
-            String proptype = PROP_ATTRIBUTE + "." + idx + "." + PROP_TYPE;
-            String propsource = PROP_ATTRIBUTE + "." + idx + "." + PROP_SOURCE;
-            String propvalue = PROP_ATTRIBUTE + "." + idx + "." + PROP_VALUE;
-
-            h.put(proptype, mConfig.getString(proptype, null));
-            h.put(propsource, mConfig.getString(propsource, null));
-            h.put(propvalue, mConfig.getString(propvalue, null));
-        }
-        ext = new GenericASN1Extension(h);
-        return ext;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        int idx = 0;
-        Vector<String> params = new Vector<String>();
-
-        try {
-            params.addElement(PROP_CRITICAL + "=" + mConfig.getBoolean(PROP_CRITICAL, false));
-            params.addElement(PROP_NAME + "=" + mConfig.getString(PROP_NAME, null));
-            params.addElement(PROP_OID + "=" + mConfig.getString(PROP_OID, null));
-            params.addElement(PROP_PATTERN + "=" + mConfig.getString(PROP_PATTERN, null));
-
-            for (idx = 0; idx < MAX_ATTR; idx++) {
-                String proptype = PROP_ATTRIBUTE + "." + idx + "." + PROP_TYPE;
-                String propsource = PROP_ATTRIBUTE + "." + idx + "." + PROP_SOURCE;
-                String propvalue = PROP_ATTRIBUTE + "." + idx + "." + PROP_VALUE;
-
-                params.addElement(proptype + "=" + mConfig.getString(proptype, null));
-                params.addElement(propsource + "=" + mConfig.getString(propsource, null));
-                params.addElement(propvalue + "=" + mConfig.getString(propvalue, null));
-            }
-            params.addElement(PROP_PREDICATE + "=" + mConfig.getString(PROP_PREDICATE, null));
-        } catch (EBaseException e) {
-            ;
-        }
-
-        return params;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        int idx = 0;
-
-        Vector<String> defParams = new Vector<String>();
-
-        defParams.addElement(PROP_CRITICAL + "=false");
-        defParams.addElement(PROP_NAME + "=");
-        defParams.addElement(PROP_OID + "=");
-        defParams.addElement(PROP_PATTERN + "=");
-
-        for (idx = 0; idx < MAX_ATTR; idx++) {
-            defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_TYPE + "=");
-            defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_SOURCE + "=");
-            defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_VALUE + "=");
-        }
-
-        return defParams;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java b/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java
deleted file mode 100644
index 9ceaf99bd..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java
+++ /dev/null
@@ -1,249 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.IssuerAlternativeNameExtension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.policy.IGeneralNamesConfig;
-import com.netscape.certsrv.policy.IPolicyProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Issuer Alt Name Extension policy.
- *
- * This extension is used to associate Internet-style identities
- * with the Certificate issuer.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class IssuerAltNameExt extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    public static final String PROP_CRITICAL = "critical";
-
-    // PKIX specifies the that the extension SHOULD NOT be critical
-    public static final boolean DEFAULT_CRITICALITY = false;
-
-    private static Vector<String> defaultParams = new Vector<String>();
-    private static String[] mInfo = null;
-
-    static {
-        defaultParams.addElement(PROP_CRITICAL + "=" + DEFAULT_CRITICALITY);
-        CMS.getGeneralNamesConfigDefaultParams(null, true, defaultParams);
-
-        Vector<String> info = new Vector<String>();
-
-        info.addElement(PROP_CRITICAL + ";boolean;RFC 2459 recommendation: SHOULD NOT be marked critical.");
-        info.addElement(IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-issueraltname");
-        info.addElement(IExtendedPluginInfo.HELP_TEXT +
-                ";This policy inserts the Issuer Alternative Name " +
-                "Extension into the certificate. See RFC 2459 (4.2.1.8). ");
-
-        CMS.getGeneralNamesConfigExtendedPluginInfo(null, true, info);
-
-        mInfo = new String[info.size()];
-        info.copyInto(mInfo);
-    }
-
-    private Vector<String> mParams = new Vector<String>();
-    private IConfigStore mConfig = null;
-    private boolean mCritical = DEFAULT_CRITICALITY;
-    private boolean mEnabled = false;
-    IGeneralNamesConfig mGNs = null;
-    IssuerAlternativeNameExtension mExtension = null;
-
-    /**
-     * Adds the issuer alternate name extension to all certs.
-     */
-    public IssuerAltNameExt() {
-        NAME = "IssuerAltNameExt";
-        DESC = "Associate Internet-style Identities with Issuer";
-    }
-
-    /**
-     * Initializes this policy rule.
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-
-        // get criticality
-        mCritical = mConfig.getBoolean(PROP_CRITICAL, DEFAULT_CRITICALITY);
-
-        // get enabled.
-        mEnabled = mConfig.getBoolean(
-                    IPolicyProcessor.PROP_ENABLE, false);
-
-        // form general names.
-        mGNs = CMS.createGeneralNamesConfig(null, config, true, mEnabled);
-
-        // form extension
-        try {
-            if (mEnabled &&
-                    mGNs.getGeneralNames() != null && !mGNs.getGeneralNames().isEmpty()) {
-                mExtension =
-                        new IssuerAlternativeNameExtension(
-                                Boolean.valueOf(mCritical), mGNs.getGeneralNames());
-            }
-        } catch (Exception e) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
-        }
-
-        // init instance params
-        mParams.addElement(PROP_CRITICAL + "=" + mCritical);
-        mGNs.getInstanceParams(mParams);
-
-        return;
-    }
-
-    /**
-     * Adds a extension if none exists.
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        PolicyResult res = PolicyResult.ACCEPTED;
-
-        if (mEnabled == false || mExtension == null)
-            return res;
-
-        // get cert info.
-        X509CertInfo[] ci =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED; // unrecoverable error.
-        }
-
-        for (int i = 0; i < ci.length; i++) {
-            PolicyResult certRes = applyCert(req, ci[i]);
-
-            if (certRes == PolicyResult.REJECTED)
-                return certRes;
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
-
-        // get extension from cert info if any.
-        CertificateExtensions extensions = null;
-
-        try {
-            // get extension if any.
-            extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-        } catch (IOException e) {
-            // no extensions.
-        } catch (CertificateException e) {
-            // no extension.
-        }
-
-        if (extensions == null) {
-            extensions = new CertificateExtensions();
-            try {
-                certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
-                certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-            } catch (CertificateException e) {
-                // not possible
-            } catch (Exception e) {
-            }
-        } else {
-
-            // remove any previously computed version of the extension
-            try {
-                extensions.delete(IssuerAlternativeNameExtension.NAME);
-
-            } catch (IOException e) {
-                // this is the hack
-                // If name is not found, try deleting using the OID
-
-                try {
-                    extensions.delete("2.5.29.18");
-                } catch (IOException ee) {
-                }
-            }
-        }
-
-        try {
-            extensions.set(IssuerAlternativeNameExtension.NAME, mExtension);
-        } catch (Exception e) {
-            if (e instanceof RuntimeException)
-                throw (RuntimeException) e;
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CRL_CREATE_ISSUER_ALT_NAME_EXT", e.toString()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR"), NAME);
-            return PolicyResult.REJECTED;
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return Empty Vector since this policy has no configuration parameters.
-     *         for this policy instance.
-     */
-    public Vector<String> getInstanceParams() {
-        return mParams;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return Empty Vector since this policy implementation has no
-     *         configuration parameters.
-     */
-    public Vector<String> getDefaultParams() {
-        return defaultParams;
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        return mInfo;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java b/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java
deleted file mode 100644
index 24e5f45ed..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java
+++ /dev/null
@@ -1,362 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateChain;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.KeyUsageExtension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.policy.IPolicyProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Policy to add Key Usage Extension.
- * Adds the key usage extension based on what's requested.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class KeyUsageExt extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-
-    private final static String HTTP_INPUT = "HTTP_INPUT";
-    protected static final boolean[] DEF_BITS =
-            new boolean[KeyUsageExtension.NBITS];
-    protected int mCAPathLen = -1;
-    protected IConfigStore mConfig = null;
-    protected static final String PROP_CRITICAL = "critical";
-    protected static final String PROP_DIGITAL_SIGNATURE = "digitalSignature";
-    protected static final String PROP_NON_REPUDIATION = "nonRepudiation";
-    protected static final String PROP_KEY_ENCIPHERMENT = "keyEncipherment";
-    protected static final String PROP_DATA_ENCIPHERMENT = "dataEncipherment";
-    protected static final String PROP_KEY_AGREEMENT = "keyAgreement";
-    protected static final String PROP_KEY_CERTSIGN = "keyCertsign";
-    protected static final String PROP_CRL_SIGN = "crlSign";
-    protected static final String PROP_ENCIPHER_ONLY = "encipherOnly";
-    protected static final String PROP_DECIPHER_ONLY = "decipherOnly";
-
-    protected boolean mCritical;
-    protected String mDigitalSignature;
-    protected String mNonRepudiation;
-    protected String mKeyEncipherment;
-    protected String mDataEncipherment;
-    protected String mKeyAgreement;
-    protected String mKeyCertsign;
-    protected String mCrlSign;
-    protected String mEncipherOnly;
-    protected String mDecipherOnly;
-
-    protected KeyUsageExtension mKeyUsage;
-
-    public KeyUsageExt() {
-        NAME = "KeyUsageExtPolicy";
-        DESC = "Sets Key Usage Extension in certificates.";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries may be of the form:
-     *
-     * ca.Policy.rule.<ruleName>.implName=KeyUsageExt ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-
-        ICertAuthority certAuthority = (ICertAuthority)
-                ((IPolicyProcessor) owner).getAuthority();
-
-        if (certAuthority == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER"));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                        "Cannot find the Certificate Manager or Registration Manager"));
-        }
-
-        if (certAuthority instanceof ICertificateAuthority) {
-            CertificateChain caChain = certAuthority.getCACertChain();
-            X509Certificate caCert = null;
-
-            // Note that in RA the chain could be null if CA was not up when
-            // RA was started. In that case just set the length to -1 and let
-            // CA reject if it does not allow any subordinate CA certs.
-            if (caChain != null) {
-                caCert = caChain.getFirstCertificate();
-                mCAPathLen = caCert.getBasicConstraints();
-            }
-        }
-
-        mCritical = mConfig.getBoolean(PROP_CRITICAL, true);
-        mDigitalSignature = mConfig.getString(PROP_DIGITAL_SIGNATURE, HTTP_INPUT);
-        mNonRepudiation = mConfig.getString(PROP_NON_REPUDIATION, HTTP_INPUT);
-        mKeyEncipherment = mConfig.getString(PROP_KEY_ENCIPHERMENT, HTTP_INPUT);
-        mDataEncipherment = mConfig.getString(PROP_DATA_ENCIPHERMENT, HTTP_INPUT);
-        mKeyAgreement = mConfig.getString(PROP_KEY_AGREEMENT, HTTP_INPUT);
-        mKeyCertsign = mConfig.getString(PROP_KEY_CERTSIGN, HTTP_INPUT);
-        mCrlSign = mConfig.getString(PROP_CRL_SIGN, HTTP_INPUT);
-        mEncipherOnly = mConfig.getString(PROP_ENCIPHER_ONLY, HTTP_INPUT);
-        mDecipherOnly = mConfig.getString(PROP_DECIPHER_ONLY, HTTP_INPUT);
-    }
-
-    /**
-     * Adds the key usage extension if not set already.
-     * (CRMF, agent, authentication (currently) or PKCS#10 (future)
-     * or RA could have set the extension.)
-     * If not set, set from http input parameters or use default if
-     * no http input parameters are set.
-     *
-     * Note: this allows any bits requested - does not check if user
-     * authenticated is allowed to have a Key Usage Extension with
-     * those bits. Unless the CA's certificate path length is 0, then
-     * we do not allow CA sign or CRL sign bits in any request.
-     *
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-
-        X509CertInfo[] ci =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED; // unrecoverable error.
-        }
-
-        for (int i = 0; i < ci.length; i++) {
-            PolicyResult certRes = applyCert(req, ci[i]);
-
-            if (certRes == PolicyResult.REJECTED)
-                return certRes;
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
-        try {
-            CertificateExtensions extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-            KeyUsageExtension ext = null;
-
-            if (extensions != null) {
-                try {
-                    ext = (KeyUsageExtension)
-                            extensions.get(KeyUsageExtension.NAME);
-                } catch (IOException e) {
-                    // extension isn't there.
-                    ext = null;
-                }
-                // check if CA does not allow subordinate CA certs.
-                // otherwise accept existing key usage extension.
-                if (ext != null) {
-                    if (mCAPathLen == 0) {
-                        boolean[] bits = ext.getBits();
-
-                        if ((bits.length > KeyUsageExtension.KEY_CERTSIGN_BIT &&
-                                bits[KeyUsageExtension.KEY_CERTSIGN_BIT] == true) ||
-                                (bits.length > KeyUsageExtension.CRL_SIGN_BIT &&
-                                bits[KeyUsageExtension.CRL_SIGN_BIT] == true)) {
-                            setError(req,
-                                    CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"),
-                                    NAME);
-                            return PolicyResult.REJECTED;
-                        }
-                    }
-                    return PolicyResult.ACCEPTED;
-                }
-            } else {
-                // create extensions set if none.
-                if (extensions == null) {
-                    certInfo.set(X509CertInfo.VERSION,
-                            new CertificateVersion(CertificateVersion.V3));
-                    extensions = new CertificateExtensions();
-                    certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-                }
-            }
-
-            boolean[] bits = new boolean[KeyUsageExtension.NBITS];
-
-            bits[KeyUsageExtension.DIGITAL_SIGNATURE_BIT] = getBit("digital_signature",
-                        mDigitalSignature, req);
-            bits[KeyUsageExtension.NON_REPUDIATION_BIT] = getBit("non_repudiation",
-                        mNonRepudiation, req);
-            bits[KeyUsageExtension.KEY_ENCIPHERMENT_BIT] = getBit("key_encipherment",
-                        mKeyEncipherment, req);
-            bits[KeyUsageExtension.DATA_ENCIPHERMENT_BIT] = getBit("data_encipherment",
-                        mDataEncipherment, req);
-            bits[KeyUsageExtension.KEY_AGREEMENT_BIT] = getBit("key_agreement",
-                        mKeyAgreement, req);
-            bits[KeyUsageExtension.KEY_CERTSIGN_BIT] = getBit("key_certsign",
-                        mKeyCertsign, req);
-            bits[KeyUsageExtension.CRL_SIGN_BIT] = getBit("crl_sign", mCrlSign, req);
-            bits[KeyUsageExtension.ENCIPHER_ONLY_BIT] = getBit("encipher_only",
-                        mEncipherOnly, req);
-            bits[KeyUsageExtension.DECIPHER_ONLY_BIT] = getBit("decipher_only",
-                        mDecipherOnly, req);
-
-            // don't allow no bits set or the extension does not
-            // encode/decode properlly.
-            boolean bitset = false;
-
-            for (int i = 0; i < bits.length; i++) {
-                if (bits[i]) {
-                    bitset = true;
-                    break;
-                }
-            }
-            if (!bitset) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_KEYUSAGE_EXTENSION_BITS_SET", NAME));
-                setError(req, CMS.getUserMessage("CMS_POLICY_NO_KEYUSAGE_EXTENSION_BITS_SET"),
-                        NAME);
-                return PolicyResult.REJECTED;
-            }
-
-            // create the extension.
-            try {
-                mKeyUsage = new KeyUsageExtension(mCritical, bits);
-            } catch (IOException e) {
-            }
-            extensions.set(KeyUsageExtension.NAME, mKeyUsage);
-            return PolicyResult.ACCEPTED;
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, e.getMessage());
-            return PolicyResult.REJECTED; // unrecoverable error.
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, "Certificate Info Error");
-            return PolicyResult.REJECTED; // unrecoverable error.
-        }
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> params = new Vector<String>();
-
-        params.addElement(PROP_CRITICAL + "=" + mCritical);
-        params.addElement(PROP_DIGITAL_SIGNATURE + "=" + mDigitalSignature);
-        params.addElement(PROP_NON_REPUDIATION + "=" + mNonRepudiation);
-        params.addElement(PROP_KEY_ENCIPHERMENT + "=" + mKeyEncipherment);
-        params.addElement(PROP_DATA_ENCIPHERMENT + "=" + mDataEncipherment);
-        params.addElement(PROP_KEY_AGREEMENT + "=" + mKeyAgreement);
-        params.addElement(PROP_KEY_CERTSIGN + "=" + mKeyCertsign);
-        params.addElement(PROP_CRL_SIGN + "=" + mCrlSign);
-        params.addElement(PROP_ENCIPHER_ONLY + "=" + mEncipherOnly);
-        params.addElement(PROP_DECIPHER_ONLY + "=" + mDecipherOnly);
-        return params;
-    }
-
-    private static Vector<String> mDefParams = new Vector<String>();
-    static {
-        mDefParams.addElement(PROP_CRITICAL + "=true");
-        mDefParams.addElement(PROP_DIGITAL_SIGNATURE + "=");
-        mDefParams.addElement(PROP_NON_REPUDIATION + "=");
-        mDefParams.addElement(PROP_KEY_ENCIPHERMENT + "=");
-        mDefParams.addElement(PROP_DATA_ENCIPHERMENT + "=");
-        mDefParams.addElement(PROP_KEY_AGREEMENT + "=");
-        mDefParams.addElement(PROP_KEY_CERTSIGN + "=");
-        mDefParams.addElement(PROP_CRL_SIGN + "=");
-        mDefParams.addElement(PROP_ENCIPHER_ONLY + "=");
-        mDefParams.addElement(PROP_DECIPHER_ONLY + "=");
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_CRITICAL + ";boolean;RFC 2459 recommendation: SHOULD be critical",
-                PROP_DIGITAL_SIGNATURE
-                        + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
-                PROP_NON_REPUDIATION
-                        + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
-                PROP_KEY_ENCIPHERMENT
-                        + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
-                PROP_DATA_ENCIPHERMENT
-                        + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
-                PROP_KEY_AGREEMENT
-                        + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
-                PROP_KEY_CERTSIGN
-                        + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
-                PROP_CRL_SIGN
-                        + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
-                PROP_ENCIPHER_ONLY
-                        + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
-                PROP_DECIPHER_ONLY
-                        + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-keyusage",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Adds Key Usage Extension; See in RFC 2459 (4.2.1.3)"
-
-        };
-
-        return params;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        return mDefParams;
-    }
-
-    private boolean getBit(String usage, String choice, IRequest req) {
-        if (choice.equals(HTTP_INPUT)) {
-            choice = req.getExtDataInString(IRequest.HTTP_PARAMS, usage);
-            if (choice == null)
-                choice = "false";
-        }
-        return Boolean.valueOf(choice).booleanValue();
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java b/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java
deleted file mode 100644
index ca18b8023..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java
+++ /dev/null
@@ -1,293 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.BufferedReader;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.FileReader;
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.NSCCommentExtension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.EPolicyException;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Netscape comment
- * Adds Netscape comment policy
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class NSCCommentExt extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-
-    protected static final String PROP_USER_NOTICE_DISPLAY_TEXT = "displayText";
-    protected static final String PROP_COMMENT_FILE = "commentFile";
-    protected static final String PROP_CRITICAL = "critical";
-    protected static final String PROP_INPUT_TYPE = "inputType";
-    protected static final String TEXT = "Text";
-    protected static final String FILE = "File";
-
-    protected String mUserNoticeDisplayText;
-    protected String mCommentFile;
-    protected String mInputType;
-    protected boolean mCritical;
-    private Vector<String> mParams = new Vector<String>();
-
-    protected String tempCommentFile;
-    protected boolean certApplied = false;
-
-    /**
-     * Adds the Netscape comment in the end-entity certificates or
-     * CA certificates. The policy is set to be non-critical with the
-     * provided OID.
-     */
-    public NSCCommentExt() {
-        NAME = "NSCCommentExt";
-        DESC = "Sets non-critical Netscape Comment extension in certs";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <p>
-     * The entries may be of the form:
-     *
-     * ca.Policy.rule.<ruleName>.implName=NSCCommentExtImpl ca.Policy.rule.<ruleName>.displayText=<n>
-     * ca.Policy.rule.<ruleName>.commentFile=<n> ca.Policy.rule.<ruleName>.enable=false
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-
-        FileInputStream fileStream = null;
-
-        try {
-            mCritical = config.getBoolean(PROP_CRITICAL, false);
-            mParams.addElement(PROP_CRITICAL + "=" + mCritical);
-
-            mInputType = config.getString(PROP_INPUT_TYPE, null);
-            mParams.addElement(PROP_INPUT_TYPE + "=" + mInputType);
-
-            mUserNoticeDisplayText = config.getString(PROP_USER_NOTICE_DISPLAY_TEXT, "");
-            mParams.addElement(PROP_USER_NOTICE_DISPLAY_TEXT + "=" + mUserNoticeDisplayText);
-
-            tempCommentFile = config.getString(PROP_COMMENT_FILE, "");
-
-            boolean enable = config.getBoolean(PROP_ENABLE, false);
-
-            if ((enable == true)) {
-
-                if (mInputType.equals("File")) {
-                    if (tempCommentFile.equals(""))
-                        throw new Exception("No file name provided");
-
-                    fileStream = new FileInputStream(tempCommentFile);
-                    fileStream.close();
-                }
-            }
-
-            if (tempCommentFile.equals(""))
-                mCommentFile = "";
-            else
-                mCommentFile = tempCommentFile.replace('\\', '/');
-
-            config.putString(PROP_COMMENT_FILE, mCommentFile);
-
-            mParams.addElement(PROP_COMMENT_FILE + "=" + mCommentFile);
-        } catch (FileNotFoundException e) {
-            Object[] params = { getInstanceName(), "File not found : " + tempCommentFile };
-
-            throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"), params);
-        } catch (Exception e) {
-            Object[] params = { getInstanceName(), e.getMessage() };
-
-            throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"), params);
-        }
-    }
-
-    /**
-     * Applies the policy on the given Request.
-     * <p>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        PolicyResult res = PolicyResult.ACCEPTED;
-
-        // get cert info.
-        X509CertInfo[] ci =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED; // unrecoverable error.
-        }
-
-        for (int i = 0; i < ci.length; i++) {
-            PolicyResult r = applyCert(req, ci[i]);
-
-            if (r == PolicyResult.REJECTED)
-                return r;
-        }
-        return res;
-    }
-
-    public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
-
-        certApplied = false;
-        CertificateExtensions extensions = null;
-
-        try {
-            extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-        } catch (IOException e) {
-        } catch (CertificateException e) {
-        }
-
-        if (extensions == null) {
-            extensions = new CertificateExtensions();
-            try {
-                certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
-                certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-            } catch (Exception e) {
-            }
-        } else {
-            // remove any previously computed version of the extension
-            try {
-                extensions.delete(NSCCommentExtension.NAME);
-
-            } catch (IOException e) {
-                // this is the hack: for some reason, the key which is the name
-                // of the policy has been converted into the OID
-                try {
-                    extensions.delete("2.16.840.1.113730.1.13");
-                } catch (IOException ee) {
-                }
-            }
-        }
-        if (mInputType.equals("File")) {
-            //		if ((mUserNoticeDisplayText.equals("")) && !(mCommentFile.equals(""))) {
-            try {
-                // Read the comments file
-                BufferedReader fis = new BufferedReader(new FileReader(mCommentFile));
-
-                String line = null;
-                StringBuffer buffer = new StringBuffer();
-
-                while ((line = fis.readLine()) != null)
-                    buffer.append(line);
-                mUserNoticeDisplayText = new String(buffer);
-                fis.close();
-            } catch (IOException e) {
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                        NAME, " Comment Text file not found : " + mCommentFile);
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("POLICY_COMMENT_FILE_NOT_FOUND", e.toString()));
-                return PolicyResult.REJECTED;
-
-            }
-
-        }
-
-        certApplied = true;
-
-        try {
-            NSCCommentExtension cpExt =
-                    new NSCCommentExtension(mCritical, mUserNoticeDisplayText);
-
-            extensions.set(NSCCommentExtension.NAME, cpExt);
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME));
-            setError(req,
-                    CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
-            return PolicyResult.REJECTED;
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_CRITICAL + ";boolean;Netscape recommendation: non-critical.",
-                PROP_INPUT_TYPE + ";choice(Text,File);Whether the comments " +
-                        "would be entered in the displayText field or come from " +
-                        "a file.",
-                PROP_USER_NOTICE_DISPLAY_TEXT + ";string;The comment that may be " +
-                        "displayed to the user when the certificate is viewed.",
-                PROP_COMMENT_FILE + ";string; If data source is 'File', specify " +
-                        "the file name with full path.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-nsccomment",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Adds 'netscape comment' extension. See manual"
-            };
-
-        return params;
-
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        return mParams;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        Vector<String> defParams = new Vector<String>();
-
-        defParams.addElement(PROP_CRITICAL + "=false");
-        defParams.addElement(PROP_INPUT_TYPE + "=" + TEXT);
-        defParams.addElement(PROP_USER_NOTICE_DISPLAY_TEXT + "=");
-        defParams.addElement(PROP_COMMENT_FILE + "=");
-        return defParams;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java b/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java
deleted file mode 100644
index c5daabed9..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java
+++ /dev/null
@@ -1,535 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.extensions.NSCertTypeExtension;
-import netscape.security.x509.CertificateChain;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.KeyUsageExtension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.policy.IPolicyProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * NS Cert Type policy.
- * Adds the ns cert type extension depending on cert type requested.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class NSCertTypeExt extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    protected static final String PROP_SET_DEFAULT_BITS = "setDefaultBits";
-    protected static final boolean DEF_SET_DEFAULT_BITS = true;
-    protected static final String DEF_SET_DEFAULT_BITS_VAL =
-            Boolean.valueOf(DEF_SET_DEFAULT_BITS).toString();
-
-    protected static final int DEF_PATHLEN = -1;
-
-    protected static final boolean[] DEF_BITS =
-            new boolean[NSCertTypeExtension.NBITS];
-
-    // XXX for future use. currenlty always allow.
-    protected static final String PROP_AGENT_OVERR = "allowAgentOverride";
-    protected static final String PROP_EE_OVERR = "AllowEEOverride";
-
-    // XXX for future use. currently always critical
-    // (standard says SHOULD be marked critical if included.)
-    protected static final String PROP_CRITICAL = "critical";
-
-    // XXX for future use to allow overrides from forms.
-    // request must be agent approved or authenticated.
-    protected boolean mAllowAgentOverride = false;
-    protected boolean mAllowEEOverride = false;
-
-    // XXX for future use. currently always non-critical
-    protected boolean mCritical = false;
-
-    protected int mCAPathLen = -1;
-
-    protected IConfigStore mConfig = null;
-    protected boolean mSetDefaultBits = false;
-
-    static {
-        // set default bits used when request missing ns cert type info.
-        // default is a client cert
-        DEF_BITS[NSCertTypeExtension.SSL_CLIENT_BIT] = true;
-        DEF_BITS[NSCertTypeExtension.SSL_SERVER_BIT] = false;
-        DEF_BITS[NSCertTypeExtension.EMAIL_BIT] = true;
-        DEF_BITS[NSCertTypeExtension.OBJECT_SIGNING_BIT] = true;
-        DEF_BITS[NSCertTypeExtension.SSL_CA_BIT] = false;
-        DEF_BITS[NSCertTypeExtension.EMAIL_CA_BIT] = false;
-        DEF_BITS[NSCertTypeExtension.OBJECT_SIGNING_CA_BIT] = false;
-    }
-
-    public NSCertTypeExt() {
-        NAME = "NSCertType";
-        DESC = "Sets Netscape Cert Type on all certs";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries may be of the form:
-     *
-     * ra.Policy.rule.<ruleName>.implName=nsCertTypeExt ra.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-
-        // XXX future use.
-        //mAllowAgentOverride = config.getBoolean(PROP_AGENT_OVERR, false);
-        //mAllowEEOverride = config.getBoolean(PROP_EE_OVERR, false);
-        mCritical = config.getBoolean(PROP_CRITICAL, false);
-
-        ICertAuthority certAuthority = (ICertAuthority)
-                ((IPolicyProcessor) owner).getAuthority();
-
-        if (certAuthority instanceof ICertificateAuthority) {
-            CertificateChain caChain = certAuthority.getCACertChain();
-            X509Certificate caCert = null;
-
-            // Note that in RA the chain could be null if CA was not up when
-            // RA was started. In that case just set the length to -1 and let
-            // CA reject if it does not allow any subordinate CA certs.
-            if (caChain != null) {
-                caCert = caChain.getFirstCertificate();
-                if (caCert != null)
-                    mCAPathLen = caCert.getBasicConstraints();
-            }
-        }
-
-        mSetDefaultBits = mConfig.getBoolean(
-                    PROP_SET_DEFAULT_BITS, DEF_SET_DEFAULT_BITS);
-    }
-
-    /**
-     * Adds the ns cert type if not set already.
-     * reads ns cert type choices from form. If no choices from form
-     * will defaults to all.
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        CMS.debug("NSCertTypeExt: Impl: " + NAME + ", Instance: " + getInstanceName() + "::apply()");
-
-        X509CertInfo[] ci =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED; // unrecoverable error.
-        }
-
-        for (int i = 0; i < ci.length; i++) {
-            PolicyResult certRes = applyCert(req, ci[i]);
-
-            if (certRes == PolicyResult.REJECTED)
-                return certRes;
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
-        try {
-            String certType =
-                    req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
-            CertificateExtensions extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-            NSCertTypeExtension nsCertTypeExt = null;
-
-            if (extensions != null) {
-                // See if extension is already set and contains correct values.
-                try {
-                    nsCertTypeExt = (NSCertTypeExtension)
-                            extensions.get(NSCertTypeExtension.NAME);
-                } catch (IOException e) {
-                    // extension isn't there.
-                    nsCertTypeExt = null;
-                }
-                // XXX agent servlet currently sets this. it should be
-                // delayed to here.
-                if (nsCertTypeExt != null &&
-                        extensionIsGood(nsCertTypeExt, req)) {
-                    CMS.debug(
-                            "NSCertTypeExt: already has correct ns cert type ext");
-                    return PolicyResult.ACCEPTED;
-                } else if ((nsCertTypeExt != null) &&
-                        (certType.equals("ocspResponder"))) {
-                    // Fix for #528732 : Always delete
-                    // this extension from OCSP signing cert
-                    extensions.delete(NSCertTypeExtension.NAME);
-                    return PolicyResult.ACCEPTED;
-                }
-            } else {
-                // create extensions set if none.
-                if (extensions == null) {
-                    certInfo.set(X509CertInfo.VERSION,
-                            new CertificateVersion(CertificateVersion.V3));
-                    extensions = new CertificateExtensions();
-                    certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-                    CMS.debug(
-                            "NSCertTypeExt: Created extensions for adding ns cert type..");
-                }
-            }
-            // add ns cert type extension if not set or not set correctly.
-            boolean[] bits = null;
-
-            bits = getBitsFromRequest(req, mSetDefaultBits);
-
-            // check if ca doesn't allow any subordinate ca
-            if (mCAPathLen == 0 && bits != null) {
-                if (bits[NSCertTypeExtension.SSL_CA_BIT] ||
-                        bits[NSCertTypeExtension.EMAIL_CA_BIT] ||
-                        bits[NSCertTypeExtension.OBJECT_SIGNING_CA_BIT]) {
-                    setError(req,
-                            CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"), NAME);
-                    return PolicyResult.REJECTED;
-                }
-            }
-
-            if (nsCertTypeExt != null) {
-                // replace with correct bits to comply to policy.
-                // take all that are true.
-                extensions.delete(NSCertTypeExtension.NAME);
-            }
-
-            int j;
-
-            for (j = 0; bits != null && j < bits.length; j++)
-                if (bits[j])
-                    break;
-            if (bits == null || j == bits.length) {
-                if (!mSetDefaultBits) {
-                    CMS.debug(
-                            "NSCertTypeExt: no bits requested, not setting default.");
-                    return PolicyResult.ACCEPTED;
-                } else
-                    bits = DEF_BITS;
-            }
-
-            nsCertTypeExt = new NSCertTypeExtension(mCritical, bits);
-            extensions.set(NSCertTypeExtension.NAME, nsCertTypeExt);
-            return PolicyResult.ACCEPTED;
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, e.getMessage());
-            return PolicyResult.REJECTED; // unrecoverable error.
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, "Certificate Info Error");
-            return PolicyResult.REJECTED; // unrecoverable error.
-        }
-    }
-
-    /**
-     * check if ns cert type extension is set correctly,
-     * correct bits if not.
-     * if not authorized to set extension, bits will be replaced.
-     */
-    protected boolean extensionIsGood(
-            NSCertTypeExtension nsCertTypeExt, IRequest req)
-            throws IOException, CertificateException {
-        // always return false for now to make sure minimum is set.
-        // agents and ee can add others.
-
-        // must be agent approved or authenticated for allowing extensions
-        // which is always the case if we get to this point.
-        IAuthToken token = req.getExtDataInAuthToken(IRequest.AUTH_TOKEN);
-
-        if (!agentApproved(req) && token == null) {
-            // don't know where this came from.
-            // set all bits to false to reset.
-            CMS.debug(
-                    "NSCertTypeExt: unknown origin: setting ns cert type bits to false");
-            boolean[] bits = new boolean[8];
-
-            for (int i = bits.length - 1; i >= 0; i--) {
-                nsCertTypeExt.set(i, false);
-            }
-            return false;
-        } else {
-            // check for min bits, set default if not there.
-            String certType = req.getExtDataInString(IRequest.HTTP_PARAMS,
-                    IRequest.CERT_TYPE);
-
-            if ((certType != null) && certType.equals("ocspResponder")) {
-                return false;
-            }
-            if (certType == null || certType.length() == 0) {
-                // if don't know cert type let agent override anything.
-                return true;
-            }
-            if (certType.equals(IRequest.CA_CERT)) {
-                if (!nsCertTypeExt.isSet(NSCertTypeExtension.SSL_CA_BIT) &&
-                        !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_CA_BIT) &&
-                        !nsCertTypeExt.isSet(
-                                NSCertTypeExtension.OBJECT_SIGNING_CA_BIT)) {
-                    // min not set so set all.
-                    CMS.debug(
-                            "NSCertTypeExt: is extension good: no ca bits set. set all");
-
-                    nsCertTypeExt.set(NSCertTypeExtension.SSL_CA,
-                            Boolean.valueOf(true));
-                    nsCertTypeExt.set(NSCertTypeExtension.EMAIL_CA,
-                            Boolean.valueOf(true));
-                    nsCertTypeExt.set(NSCertTypeExtension.OBJECT_SIGNING_CA,
-                            Boolean.valueOf(true));
-                }
-                return true;
-            } else if (certType.equals(IRequest.CLIENT_CERT)) {
-                if (!nsCertTypeExt.isSet(NSCertTypeExtension.SSL_CLIENT_BIT) &&
-                        !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_BIT) &&
-                        !nsCertTypeExt.isSet(NSCertTypeExtension.SSL_SERVER_BIT) &&
-                        !nsCertTypeExt.isSet(
-                                NSCertTypeExtension.OBJECT_SIGNING_BIT)) {
-                    // min not set so set all.
-                    CMS.debug(
-                            "NSCertTypeExt: is extension good: no cl bits set. set all");
-                    nsCertTypeExt.set(NSCertTypeExtension.SSL_CLIENT,
-                            new Boolean(true));
-                    nsCertTypeExt.set(NSCertTypeExtension.EMAIL,
-                            new Boolean(true));
-                    nsCertTypeExt.set(NSCertTypeExtension.OBJECT_SIGNING,
-                            new Boolean(true));
-                }
-                return true;
-            } else if (certType.equals(IRequest.SERVER_CERT)) {
-                // this bit must be true.
-                nsCertTypeExt.set(NSCertTypeExtension.SSL_SERVER_BIT, true);
-                return true;
-            }
-        }
-        return false;
-    }
-
-    /**
-     * Gets ns cert type bits from request.
-     * If none set, use cert type to determine correct bits.
-     * If no cert type, use default.
-     */
-
-    protected boolean[] getBitsFromRequest(IRequest req, boolean setDefault) {
-        boolean[] bits = null;
-
-        CMS.debug("NSCertTypeExt: ns cert type getting ns cert type vars");
-        bits = getNSCertTypeBits(req);
-        if (bits == null && setDefault) {
-            // no ns cert type bits set in request. go with cert type.
-            CMS.debug("NSCertTypeExt: ns cert type getting cert type vars");
-            bits = getCertTypeBits(req);
-
-            if (bits == null && setDefault) {
-                CMS.debug("NSCertTypeExt: ns cert type getting def bits");
-                bits = DEF_BITS;
-            }
-        }
-        return bits;
-    }
-
-    /**
-     * get ns cert type bits from actual sets in the request
-     */
-    protected boolean[] getNSCertTypeBits(IRequest req) {
-        boolean[] bits = new boolean[NSCertTypeExtension.NBITS];
-
-        bits[NSCertTypeExtension.SSL_CLIENT_BIT] =
-                // XXX should change this to is ns cert type ssl_client defn.
-                req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
-                        NSCertTypeExtension.SSL_CLIENT, false);
-
-        bits[NSCertTypeExtension.SSL_SERVER_BIT] =
-                req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
-                        NSCertTypeExtension.SSL_SERVER, false);
-
-        bits[NSCertTypeExtension.EMAIL_BIT] =
-                // XXX should change this to is ns cert type ssl_client defn.
-                req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
-                        NSCertTypeExtension.EMAIL, false);
-
-        bits[NSCertTypeExtension.OBJECT_SIGNING_BIT] =
-                // XXX should change this to is ns cert type ssl_client defn.
-                req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
-                        NSCertTypeExtension.OBJECT_SIGNING, false);
-
-        bits[NSCertTypeExtension.SSL_CA_BIT] =
-                req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
-                        NSCertTypeExtension.SSL_CA, false);
-
-        bits[NSCertTypeExtension.EMAIL_CA_BIT] =
-                req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
-                        NSCertTypeExtension.EMAIL_CA, false);
-
-        bits[NSCertTypeExtension.OBJECT_SIGNING_CA_BIT] =
-                req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
-                        NSCertTypeExtension.OBJECT_SIGNING_CA, false);
-
-        // if nothing set, return null.
-        int i;
-
-        for (i = bits.length - 1; i >= 0; i--) {
-            if (bits[i] == true) {
-                CMS.debug("NSCertTypeExt: bit " + i + " is set.");
-                break;
-            }
-        }
-        if (i < 0) {
-            // nothing was set.
-            CMS.debug("NSCertTypeExt: No bits were set.");
-            bits = null;
-        }
-        return bits;
-    }
-
-    /**
-     * get cert type bits according to cert type.
-     */
-    protected boolean[] getCertTypeBits(IRequest req) {
-        String certType =
-                req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
-
-        if (certType == null || certType.length() == 0)
-            return null;
-
-        boolean[] bits = new boolean[KeyUsageExtension.NBITS];
-
-        for (int i = bits.length - 1; i >= 0; i--)
-            bits[i] = false;
-
-        if (certType.equals(IRequest.CLIENT_CERT)) {
-            CMS.debug("NSCertTypeExt: setting bits for client cert");
-            // we can only guess here when it's client.
-            // sets all client bit for default.
-            bits[NSCertTypeExtension.SSL_CLIENT_BIT] = true;
-            bits[NSCertTypeExtension.EMAIL_BIT] = true;
-            //bits[NSCertTypeExtension.OBJECT_SIGNING_BIT] = true;
-        } else if (certType.equals(IRequest.SERVER_CERT)) {
-            CMS.debug("NSCertTypeExt: setting bits for server cert");
-            bits[NSCertTypeExtension.SSL_SERVER_BIT] = true;
-        } else if (certType.equals(IRequest.CA_CERT)) {
-            CMS.debug("NSCertType: setting bits for ca cert");
-            bits[NSCertTypeExtension.SSL_CA_BIT] = true;
-            bits[NSCertTypeExtension.EMAIL_CA_BIT] = true;
-            bits[NSCertTypeExtension.OBJECT_SIGNING_CA_BIT] = true;
-        } else if (certType.equals(IRequest.RA_CERT)) {
-            CMS.debug("NSCertType: setting bits for ra cert");
-            bits[NSCertTypeExtension.SSL_CLIENT_BIT] = true;
-        } else {
-            CMS.debug("NSCertTypeExt: no other cert bits set");
-            // return null to use default.
-            bits = DEF_BITS;
-        }
-        return bits;
-    }
-
-    /**
-     * merge bits with those set from form.
-     * make sure required minimum is set. Agent or auth can set others.
-     * XXX form shouldn't set the extension
-     */
-    public void mergeBits(NSCertTypeExtension nsCertTypeExt, boolean[] bits) {
-        for (int i = bits.length - 1; i >= 0; i--) {
-            if (bits[i] == true) {
-                CMS.debug("NSCertTypeExt: ns cert type merging bit " + i);
-                nsCertTypeExt.set(i, true);
-            }
-        }
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> params = new Vector<String>();
-
-        params.addElement(PROP_CRITICAL + "=" + mCritical);
-        params.addElement(PROP_SET_DEFAULT_BITS + "=" + mSetDefaultBits);
-        //new Boolean(mSetDefaultBits).toString());
-        return params;
-    }
-
-    private static Vector<String> mDefParams = new Vector<String>();
-    static {
-        mDefParams.addElement(
-                PROP_CRITICAL + "=false");
-        mDefParams.addElement(
-                PROP_SET_DEFAULT_BITS + "=" + DEF_SET_DEFAULT_BITS);
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_CRITICAL + ";boolean;Netscape recommendation: non-critical.",
-                PROP_SET_DEFAULT_BITS + ";boolean;Specify whether to set the Netscape certificate " +
-                        "type extension with default bits ('ssl client' and 'email') in certificates " +
-                        "specified by the predicate " +
-                        "expression.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-nscerttype",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Adds Netscape Certificate Type extension."
-            };
-
-        return params;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        return mDefParams;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java b/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java
deleted file mode 100644
index 1b132e835..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java
+++ /dev/null
@@ -1,475 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.GeneralSubtree;
-import netscape.security.x509.GeneralSubtrees;
-import netscape.security.x509.NameConstraintsExtension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.policy.IGeneralNameAsConstraintsConfig;
-import com.netscape.certsrv.policy.IPolicyProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Name Constraints Extension Policy
- * Adds the name constraints extension to a (CA) certificate.
- * Filtering of CA certificates is done through predicates.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class NameConstraintsExt extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    protected static final String PROP_CRITICAL = "critical";
-    protected static final String PROP_NUM_PERMITTEDSUBTREES = "numPermittedSubtrees";
-    protected static final String PROP_NUM_EXCLUDEDSUBTREES = "numExcludedSubtrees";
-
-    protected static final String PROP_PERMITTEDSUBTREES = "permittedSubtrees";
-    protected static final String PROP_EXCLUDEDSUBTREES = "excludedSubtrees";
-
-    protected static final boolean DEF_CRITICAL = true;
-    protected static final int DEF_NUM_PERMITTEDSUBTREES = 8;
-    protected static final int DEF_NUM_EXCLUDEDSUBTREES = 8;
-
-    protected boolean mEnabled = false;
-    protected IConfigStore mConfig = null;
-
-    protected boolean mCritical = DEF_CRITICAL;
-    protected int mNumPermittedSubtrees = 0;
-    protected int mNumExcludedSubtrees = 0;
-    protected Subtree[] mPermittedSubtrees = null;
-    protected Subtree[] mExcludedSubtrees = null;
-    protected NameConstraintsExtension mNameConstraintsExtension = null;
-
-    protected Vector<String> mInstanceParams = new Vector<String>();
-
-    public NameConstraintsExt() {
-        NAME = "NameConstraintsExt";
-        DESC = "Sets Name Constraints Extension on subordinate CA certificates";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries may be of the form:
-     *
-     * ca.Policy.rule.<ruleName>.predicate=certType==ca ca.Policy.rule.<ruleName>.implName=
-     * ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-
-        // XXX should do do this ?
-        // if CA does not allow subordinate CAs by way of basic constraints,
-        // this policy always rejects
-        /*****
-         * ICertAuthority certAuthority = (ICertAuthority)
-         * ((IPolicyProcessor)owner).getAuthority();
-         * if (certAuthority instanceof ICertificateAuthority) {
-         * CertificateChain caChain = certAuthority.getCACertChain();
-         * X509Certificate caCert = null;
-         * // Note that in RA the chain could be null if CA was not up when
-         * // RA was started. In that case just set the length to -1 and let
-         * // CA reject if it does not allow any subordinate CA certs.
-         * if (caChain != null) {
-         * caCert = caChain.getFirstCertificate();
-         * if (caCert != null)
-         * mCAPathLen = caCert.getBasicConstraints();
-         * }
-         * }
-         ****/
-
-        mEnabled = mConfig.getBoolean(
-                    IPolicyProcessor.PROP_ENABLE, false);
-        mCritical = mConfig.getBoolean(PROP_CRITICAL, DEF_CRITICAL);
-        mNumPermittedSubtrees = mConfig.getInteger(
-                    PROP_NUM_PERMITTEDSUBTREES, DEF_NUM_PERMITTEDSUBTREES);
-        mNumExcludedSubtrees = mConfig.getInteger(
-                    PROP_NUM_EXCLUDEDSUBTREES, DEF_NUM_EXCLUDEDSUBTREES);
-
-        if (mNumPermittedSubtrees < 0) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                        PROP_NUM_PERMITTEDSUBTREES,
-                        "value must be greater than or equal to 0"));
-        }
-        if (mNumExcludedSubtrees < 0) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                        PROP_NUM_EXCLUDEDSUBTREES,
-                        "value must be greater than or equal to 0"));
-        }
-
-        // init permitted subtrees if any.
-        if (mNumPermittedSubtrees > 0) {
-            mPermittedSubtrees =
-                    form_subtrees(PROP_PERMITTEDSUBTREES, mNumPermittedSubtrees);
-            CMS.debug("NameConstraintsExt: formed permitted subtrees");
-        }
-
-        // init excluded subtrees if any.
-        if (mNumExcludedSubtrees > 0) {
-            mExcludedSubtrees =
-                    form_subtrees(PROP_EXCLUDEDSUBTREES, mNumExcludedSubtrees);
-            CMS.debug("NameConstraintsExt: formed excluded subtrees");
-        }
-
-        // create instance of name constraints extension if enabled.
-        if (mEnabled) {
-            try {
-                Vector<GeneralSubtree> permittedSubtrees = new Vector<GeneralSubtree>();
-
-                for (int i = 0; i < mNumPermittedSubtrees; i++) {
-                    permittedSubtrees.addElement(
-                            mPermittedSubtrees[i].mGeneralSubtree);
-                }
-                Vector<GeneralSubtree> excludedSubtrees = new Vector<GeneralSubtree>();
-
-                for (int j = 0; j < mNumExcludedSubtrees; j++) {
-                    excludedSubtrees.addElement(
-                            mExcludedSubtrees[j].mGeneralSubtree);
-                }
-                GeneralSubtrees psb = null;
-
-                if (permittedSubtrees.size() > 0) {
-                    psb = new GeneralSubtrees(permittedSubtrees);
-                }
-                GeneralSubtrees esb = null;
-
-                if (excludedSubtrees.size() > 0) {
-                    esb = new GeneralSubtrees(excludedSubtrees);
-                }
-                mNameConstraintsExtension =
-                        new NameConstraintsExtension(mCritical,
-                                psb,
-                                esb);
-                CMS.debug("NameConstraintsExt: formed Name Constraints Extension " +
-                        mNameConstraintsExtension);
-            } catch (IOException e) {
-                throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                                "Error initializing Name Constraints Extension: " + e));
-            }
-        }
-
-        // form instance params
-        mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
-        mInstanceParams.addElement(
-                PROP_NUM_PERMITTEDSUBTREES + "=" + mNumPermittedSubtrees);
-        mInstanceParams.addElement(
-                PROP_NUM_EXCLUDEDSUBTREES + "=" + mNumExcludedSubtrees);
-        if (mNumPermittedSubtrees > 0) {
-            for (int i = 0; i < mPermittedSubtrees.length; i++)
-                mPermittedSubtrees[i].getInstanceParams(mInstanceParams);
-        }
-        if (mNumExcludedSubtrees > 0) {
-            for (int j = 0; j < mExcludedSubtrees.length; j++)
-                mExcludedSubtrees[j].getInstanceParams(mInstanceParams);
-        }
-    }
-
-    Subtree[] form_subtrees(String subtreesName, int numSubtrees)
-            throws EBaseException {
-        Subtree[] subtrees = new Subtree[numSubtrees];
-
-        for (int i = 0; i < numSubtrees; i++) {
-            String subtreeName = subtreesName + i;
-            IConfigStore subtreeConfig = mConfig.getSubStore(subtreeName);
-            Subtree subtree =
-                    new Subtree(subtreeName, subtreeConfig, mEnabled);
-
-            subtrees[i] = subtree;
-        }
-        return subtrees;
-    }
-
-    /**
-     * Adds Name Constraints Extension to a (CA) certificate.
-     *
-     * If a Name constraints Extension is already there, accept it if
-     * it's been approved by agent, else replace it.
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        // if extension hasn't been properly configured reject requests until
-        // it has been resolved (or disabled).
-        if (mNameConstraintsExtension == null) {
-            //setError(req, PolicyResources.EXTENSION_NOT_INITED_1, NAME);
-            //return PolicyResult.REJECTED;
-            return PolicyResult.ACCEPTED;
-        }
-
-        // get certInfo from request.
-        X509CertInfo[] ci =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED;
-        }
-
-        for (int i = 0; i < ci.length; i++) {
-            PolicyResult certRes = applyCert(req, ci[i]);
-
-            if (certRes == PolicyResult.REJECTED)
-                return certRes;
-        }
-        return PolicyResult.ACCEPTED;
-
-    }
-
-    public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
-        // check if name constraints extension already exists.
-        // if not agent approved, replace name constraints extension with ours.
-        // else ignore.
-        try {
-            NameConstraintsExtension nameConstraintsExt = null;
-            CertificateExtensions extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-
-            try {
-                if (extensions != null) {
-                    nameConstraintsExt = (NameConstraintsExtension)
-                            extensions.get(NameConstraintsExtension.NAME);
-                }
-            } catch (IOException e) {
-                // extension isn't there.
-            }
-
-            if (nameConstraintsExt != null) {
-                if (agentApproved(req)) {
-                    CMS.debug(
-                            "NameConstraintsExt: request id from agent " + req.getRequestId() +
-                                    " already has name constraints - accepted");
-                    return PolicyResult.ACCEPTED;
-                } else {
-                    CMS.debug(
-                            "NameConstraintsExt: request id " + req.getRequestId() + " from user " +
-                                    " already has name constraints - deleted");
-                    extensions.delete(NameConstraintsExtension.NAME);
-                }
-            }
-
-            if (extensions == null) {
-                certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
-                extensions = new CertificateExtensions();
-                certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-            }
-            extensions.set(
-                    NameConstraintsExtension.NAME, mNameConstraintsExtension);
-            CMS.debug(
-                    "NameConstraintsExt: added Name Constraints Extension to request " +
-                            req.getRequestId());
-            return PolicyResult.ACCEPTED;
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_ERROR_NAME_CONST_EXTENSION", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, e.getMessage());
-            return PolicyResult.REJECTED;
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, "Certificate Info Error");
-            return PolicyResult.REJECTED;
-        }
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        return mInstanceParams;
-    }
-
-    /**
-     * Default config parameters.
-     * To add more permitted or excluded subtrees,
-     * increase the num to greater than 0 and more configuration params
-     * will show up in the console.
-     */
-    private static Vector<String> mDefParams = new Vector<String>();
-    static {
-        mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
-        mDefParams.addElement(
-                PROP_NUM_PERMITTEDSUBTREES + "=" + DEF_NUM_PERMITTEDSUBTREES);
-        mDefParams.addElement(
-                PROP_NUM_EXCLUDEDSUBTREES + "=" + DEF_NUM_EXCLUDEDSUBTREES);
-        for (int k = 0; k < DEF_NUM_PERMITTEDSUBTREES; k++) {
-            Subtree.getDefaultParams(PROP_PERMITTEDSUBTREES + k, mDefParams);
-        }
-        for (int l = 0; l < DEF_NUM_EXCLUDEDSUBTREES; l++) {
-            Subtree.getDefaultParams(PROP_EXCLUDEDSUBTREES + l, mDefParams);
-        }
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        return mDefParams;
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        Vector<String> theparams = new Vector<String>();
-
-        theparams.addElement(PROP_CRITICAL + ";boolean;RFC 2459 recommendation: MUST be critical.");
-        theparams.addElement(
-                PROP_NUM_PERMITTEDSUBTREES + ";number;See RFC 2459 sec 4.2.1.11");
-        theparams.addElement(
-                PROP_NUM_EXCLUDEDSUBTREES + ";number;See RFC 2459 sec 4.2.1.11");
-
-        // now do the subtrees.
-        for (int k = 0; k < DEF_NUM_PERMITTEDSUBTREES; k++) {
-            Subtree.getExtendedPluginInfo(PROP_PERMITTEDSUBTREES + k, theparams);
-        }
-        for (int l = 0; l < DEF_NUM_EXCLUDEDSUBTREES; l++) {
-            Subtree.getExtendedPluginInfo(PROP_EXCLUDEDSUBTREES + l, theparams);
-        }
-        theparams.addElement(IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-nameconstraints");
-        theparams.addElement(IExtendedPluginInfo.HELP_TEXT +
-                ";Adds Name Constraints Extension. See RFC 2459");
-
-        String[] info = new String[theparams.size()];
-
-        theparams.copyInto(info);
-        return info;
-    }
-}
-
-/**
- * subtree configuration
- */
-class Subtree {
-
-    protected static final String PROP_BASE = "base";
-    protected static final String PROP_MIN = "min";
-    protected static final String PROP_MAX = "max";
-
-    protected static final int DEF_MIN = 0;
-    protected static final int DEF_MAX = -1; // -1 (less than 0) means not set.
-
-    protected static final String MINMAX_INFO = "number;See RFC 2459 section 4.2.1.11";
-
-    String mName = null;
-    IConfigStore mConfig = null;
-    int mMin = DEF_MIN, mMax = DEF_MAX;
-    IGeneralNameAsConstraintsConfig mBase = null;
-    GeneralSubtree mGeneralSubtree = null;
-
-    String mNameDot = null;
-    String mNameDotMin = null;
-    String mNameDotMax = null;
-
-    public Subtree(
-            String subtreeName, IConfigStore config, boolean policyEnabled)
-            throws EBaseException {
-        mName = subtreeName;
-        mConfig = config;
-
-        if (mName != null) {
-            mNameDot = mName + ".";
-            mNameDotMin = mNameDot + PROP_MIN;
-            mNameDotMax = mNameDot + PROP_MAX;
-        } else {
-            mNameDot = "";
-            mNameDotMin = PROP_MIN;
-            mNameDotMax = PROP_MAX;
-        }
-
-        // necessary to expand/shrink # general names from console.
-        if (mConfig.size() == 0) {
-            mConfig.putInteger(mNameDotMin, mMin);
-            mConfig.putInteger(mNameDotMax, mMax);
-            // GeneralNameConfig will take care of stuff for generalname.
-        }
-
-        // if policy enabled get values to form the general subtree.
-        mMin = mConfig.getInteger(PROP_MIN, DEF_MIN);
-        mMax = mConfig.getInteger(PROP_MAX, DEF_MAX);
-        if (mMax < -1)
-            mMax = -1;
-        mBase = CMS.createGeneralNameAsConstraintsConfig(
-                    mNameDot + PROP_BASE, mConfig.getSubStore(PROP_BASE),
-                    true, policyEnabled);
-
-        if (policyEnabled) {
-            mGeneralSubtree =
-                    new GeneralSubtree(mBase.getGeneralName(), mMin, mMax);
-        }
-    }
-
-    void getInstanceParams(Vector<String> instanceParams) {
-        mBase.getInstanceParams(instanceParams);
-        instanceParams.addElement(mNameDotMin + "=" + mMin);
-        instanceParams.addElement(mNameDotMax + "=" + mMax);
-    }
-
-    static void getDefaultParams(String name, Vector<String> params) {
-        String nameDot = "";
-
-        if (name != null && name.length() >= 0)
-            nameDot = name + ".";
-        CMS.getGeneralNameConfigDefaultParams(nameDot + PROP_BASE, true, params);
-        params.addElement(nameDot + PROP_MIN + "=" + DEF_MIN);
-        params.addElement(nameDot + PROP_MAX + "=" + DEF_MAX);
-    }
-
-    static void getExtendedPluginInfo(String name, Vector<String> info) {
-        String nameDot = "";
-
-        if (name != null && name.length() > 0)
-            nameDot = name + ".";
-        CMS.getGeneralNameConfigExtendedPluginInfo(nameDot + PROP_BASE, true, info);
-        info.addElement(nameDot + PROP_MIN + ";" + MINMAX_INFO);
-        info.addElement(nameDot + PROP_MAX + ";" + MINMAX_INFO);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java b/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java
deleted file mode 100644
index aece9664a..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java
+++ /dev/null
@@ -1,190 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.extensions.OCSPNoCheckExtension;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * This implements an OCSP Signing policy, it
- * adds the OCSP Signing extension to the certificate.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$ $Date$
- */
-public class OCSPNoCheckExt extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-
-    public static final String PROP_CRITICAL = "critical";
-    private boolean mCritical = false;
-
-    // PKIX specifies the that the extension SHOULD NOT be critical
-    public static final boolean DEFAULT_CRITICALITY = false;
-
-    private OCSPNoCheckExtension mOCSPNoCheck = null;
-
-    /**
-     * Constructs an OCSP No check extension.
-     */
-    public OCSPNoCheckExt() {
-        NAME = "OCSPNoCheckExt";
-        DESC = "Sets OCSPNoCheck extension for certificates";
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_CRITICAL + ";boolean;RFC 2560 recommendation: SHOULD be non-critical.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-ocspnocheck",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Adds OCSP signing extension to certificate"
-            };
-
-        return params;
-
-    }
-
-    /**
-     * Performs one-time initialization of the policy.
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mOCSPNoCheck = new OCSPNoCheckExtension();
-
-        if (mOCSPNoCheck != null) {
-            // configure the extension itself
-            mCritical = config.getBoolean(PROP_CRITICAL,
-                        DEFAULT_CRITICALITY);
-            mOCSPNoCheck.setCritical(mCritical);
-        }
-    }
-
-    /**
-     * Applies the policy to the given request.
-     */
-    public PolicyResult apply(IRequest req) {
-
-        // if the extension was not configured correctly, just skip it
-        if (mOCSPNoCheck == null) {
-            return PolicyResult.ACCEPTED;
-        }
-
-        X509CertInfo[] ci =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED;
-        }
-
-        for (int i = 0; i < ci.length; i++) {
-            PolicyResult certRes = applyCert(req, ci[i]);
-
-            if (certRes == PolicyResult.REJECTED)
-                return certRes;
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
-        try {
-
-            // find the extensions in the certInfo
-            CertificateExtensions extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-
-            // prepare the extensions data structure
-            if (extensions == null) {
-                certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
-                extensions = new CertificateExtensions();
-                certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
-                certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-            } else {
-                try {
-                    extensions.delete(OCSPNoCheckExtension.NAME);
-                } catch (IOException ex) {
-                    // OCSPNoCheck extension is not already there
-                    //  log(ILogger.LL_FAILURE, "No previous extension: "+OCSPNoCheckExtension.NAME+" "+ex.getMessage());
-                }
-            }
-
-            extensions.set(OCSPNoCheckExtension.NAME, mOCSPNoCheck);
-
-            return PolicyResult.ACCEPTED;
-
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
-                    e.getMessage());
-            return PolicyResult.REJECTED;
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
-                    e.getMessage());
-            return PolicyResult.REJECTED;
-        }
-    }
-
-    /**
-     * Returns instance parameters.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> params = new Vector<String>();
-
-        params.addElement(PROP_CRITICAL + "=" + mCritical);
-        return params;
-
-    }
-
-    /**
-     * Returns default parameters.
-     */
-    public Vector<String> getDefaultParams() {
-        Vector<String> defParams = new Vector<String>();
-
-        defParams.addElement(PROP_CRITICAL + "=false");
-        return defParams;
-
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java b/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java
deleted file mode 100644
index 0bb77e207..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java
+++ /dev/null
@@ -1,287 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.PolicyConstraintsExtension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.policy.IPolicyProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Policy Constraints Extension Policy
- * Adds the policy constraints extension to (CA) certificates.
- * Filtering of CA certificates is done through predicates.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class PolicyConstraintsExt extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    protected static final String PROP_CRITICAL = "critical";
-    protected static final String PROP_REQ_EXPLICIT_POLICY = "reqExplicitPolicy";
-    protected static final String PROP_INHIBIT_POLICY_MAPPING = "inhibitPolicyMapping";
-
-    protected static final boolean DEF_CRITICAL = false;
-    protected static final int DEF_REQ_EXPLICIT_POLICY = -1; // not set
-    protected static final int DEF_INHIBIT_POLICY_MAPPING = -1; // not set
-
-    protected boolean mEnabled = false;
-    protected IConfigStore mConfig = null;
-
-    protected boolean mCritical = DEF_CRITICAL;
-    protected int mReqExplicitPolicy = DEF_REQ_EXPLICIT_POLICY;
-    protected int mInhibitPolicyMapping = DEF_INHIBIT_POLICY_MAPPING;
-    protected PolicyConstraintsExtension mPolicyConstraintsExtension = null;
-
-    protected Vector<String> mInstanceParams = new Vector<String>();
-
-    protected static Vector<String> mDefaultParams = new Vector<String>();
-    static {
-        mDefaultParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
-        mDefaultParams.addElement(
-                PROP_REQ_EXPLICIT_POLICY + "=" + DEF_REQ_EXPLICIT_POLICY);
-        mDefaultParams.addElement(
-                PROP_INHIBIT_POLICY_MAPPING + "=" + DEF_INHIBIT_POLICY_MAPPING);
-    }
-
-    public PolicyConstraintsExt() {
-        NAME = "PolicyConstriantsExt";
-        DESC = "Sets Policy Constraints Extension on subordinate CA certs";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries may be of the form:
-     *
-     * ca.Policy.rule.<ruleName>.predicate=certType==ca ca.Policy.rule.<ruleName>.implName=
-     * ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-
-        // XXX should do do this ?
-        // if CA does not allow subordinate CAs by way of basic constraints,
-        // this policy always rejects
-        /*****
-         * ICertAuthority certAuthority = (ICertAuthority)
-         * ((GenericPolicyProcessor)owner).mAuthority;
-         * if (certAuthority instanceof ICertificateAuthority) {
-         * CertificateChain caChain = certAuthority.getCACertChain();
-         * X509Certificate caCert = null;
-         * // Note that in RA the chain could be null if CA was not up when
-         * // RA was started. In that case just set the length to -1 and let
-         * // CA reject if it does not allow any subordinate CA certs.
-         * if (caChain != null) {
-         * caCert = caChain.getFirstCertificate();
-         * if (caCert != null)
-         * mCAPathLen = caCert.getBasicConstraints();
-         * }
-         * }
-         ****/
-
-        mEnabled = mConfig.getBoolean(
-                    IPolicyProcessor.PROP_ENABLE, false);
-        mCritical = mConfig.getBoolean(PROP_CRITICAL, DEF_CRITICAL);
-
-        mReqExplicitPolicy = mConfig.getInteger(
-                    PROP_REQ_EXPLICIT_POLICY, DEF_REQ_EXPLICIT_POLICY);
-        mInhibitPolicyMapping = mConfig.getInteger(
-                    PROP_INHIBIT_POLICY_MAPPING, DEF_INHIBIT_POLICY_MAPPING);
-
-        if (mReqExplicitPolicy < -1)
-            mReqExplicitPolicy = -1;
-        if (mInhibitPolicyMapping < -1)
-            mInhibitPolicyMapping = -1;
-
-        // create instance of policy constraings extension
-        try {
-            mPolicyConstraintsExtension =
-                    new PolicyConstraintsExtension(mCritical,
-                            mReqExplicitPolicy, mInhibitPolicyMapping);
-            CMS.debug(
-                    "PolicyConstraintsExt: Created Policy Constraints Extension: " +
-                            mPolicyConstraintsExtension);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_ERROR_CANT_INIT_POLICY_CONST_EXT", e.toString()));
-            throw new EBaseException(
-                    CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                            "Could not init Policy Constraints Extension. Error: " + e));
-        }
-
-        // form instance params
-        mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
-        mInstanceParams.addElement(
-                PROP_REQ_EXPLICIT_POLICY + "=" + mReqExplicitPolicy);
-        mInstanceParams.addElement(
-                PROP_INHIBIT_POLICY_MAPPING + "=" + mInhibitPolicyMapping);
-    }
-
-    /**
-     * Adds Policy Constraints Extension to a (CA) certificate.
-     *
-     * If a Policy constraints Extension is already there, accept it if
-     * it's been approved by agent, else replace it.
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        // if extension hasn't been properly configured reject requests until
-        // it has been resolved (or disabled).
-        if (mPolicyConstraintsExtension == null) {
-            return PolicyResult.ACCEPTED;
-        }
-
-        // get certInfo from request.
-        X509CertInfo[] ci =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED;
-        }
-
-        for (int i = 0; i < ci.length; i++) {
-            PolicyResult certRes = applyCert(req, ci[i]);
-
-            if (certRes == PolicyResult.REJECTED)
-                return certRes;
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
-
-        // check if name constraints extension already exists.
-        // if not agent approved, replace name constraints extension with ours.
-        // else ignore.
-        try {
-            PolicyConstraintsExtension policyConstraintsExt = null;
-            CertificateExtensions extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-
-            try {
-                if (extensions != null) {
-                    policyConstraintsExt = (PolicyConstraintsExtension)
-                            extensions.get(PolicyConstraintsExtension.NAME);
-                }
-            } catch (IOException e) {
-                // extension isn't there.
-            }
-
-            if (policyConstraintsExt != null) {
-                if (agentApproved(req)) {
-                    return PolicyResult.ACCEPTED;
-                } else {
-                    extensions.delete(PolicyConstraintsExtension.NAME);
-                }
-            }
-
-            if (extensions == null) {
-                certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
-                extensions = new CertificateExtensions();
-                certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-            }
-            extensions.set(
-                    "PolicyConstriantsExt", mPolicyConstraintsExtension);
-            CMS.debug("PolicyConstraintsExt: added our policy constraints extension");
-            return PolicyResult.ACCEPTED;
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_ERROR_CANT_PROCESS_POLICY_CONST_EXT", e.toString()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, e.getMessage());
-            return PolicyResult.REJECTED;
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, "Certificate Info Error");
-            return PolicyResult.REJECTED;
-        }
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        return mInstanceParams;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        return mDefaultParams;
-    }
-
-    /**
-     * gets plugin info for pretty console edit displays.
-     */
-    public String[] getExtendedPluginInfo(Locale locale) {
-        mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
-        mInstanceParams.addElement(
-                PROP_REQ_EXPLICIT_POLICY + "=" + mReqExplicitPolicy);
-        mInstanceParams.addElement(
-                PROP_INHIBIT_POLICY_MAPPING + "=" + mInhibitPolicyMapping);
-
-        String[] params = {
-                PROP_CRITICAL + ";boolean;RFC 2459 recommendation: may be critical or non-critical.",
-                PROP_REQ_EXPLICIT_POLICY
-                        + ";integer;Number of addional certificates that may appear in the path before an explicit policy is required. If less than 0 this field is unset in the extension.",
-                PROP_INHIBIT_POLICY_MAPPING
-                        + ";integer;Number of addional certificates that may appear in the path before policy mapping is no longer permitted. If less than 0 this field is unset in the extension.",
-                IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-policyconstraints"
-        };
-
-        return params;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java b/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java
deleted file mode 100644
index 0af8b86ca..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java
+++ /dev/null
@@ -1,426 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificatePolicyId;
-import netscape.security.x509.CertificatePolicyMap;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.PolicyMappingsExtension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.policy.IPolicyProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Policy Mappings Extension Policy
- * Adds the Policy Mappings extension to a (CA) certificate.
- * Filtering of CA certificates is done through predicates.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class PolicyMappingsExt extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    protected static final String PROP_CRITICAL = "critical";
-    protected static final String PROP_NUM_POLICYMAPPINGS = "numPolicyMappings";
-
-    protected static final String PROP_POLICYMAP = "policyMap";
-
-    protected static final boolean DEF_CRITICAL = false;
-    protected static final int DEF_NUM_POLICYMAPPINGS = 1;
-
-    protected boolean mEnabled = false;
-    protected IConfigStore mConfig = null;
-
-    protected boolean mCritical = DEF_CRITICAL;
-    protected int mNumPolicyMappings = DEF_NUM_POLICYMAPPINGS;
-    protected PolicyMap[] mPolicyMaps = null;
-    protected PolicyMappingsExtension mPolicyMappingsExtension = null;
-
-    protected Vector<String> mInstanceParams = new Vector<String>();
-
-    public PolicyMappingsExt() {
-        NAME = "PolicyMappingsExt";
-        DESC = "Sets Policy Mappings Extension on subordinate CA certificates";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries may be of the form:
-     *
-     * ca.Policy.rule.<ruleName>.predicate=certType==ca ca.Policy.rule.<ruleName>.implName=
-     * ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-
-        // XXX should do do this ?
-        // if CA does not allow subordinate CAs by way of basic constraints,
-        // this policy always rejects
-        /*****
-         * ICertAuthority certAuthority = (ICertAuthority)
-         * ((IPolicyProcessor)owner).getAuthority();
-         * if (certAuthority instanceof ICertificateAuthority) {
-         * CertificateChain caChain = certAuthority.getCACertChain();
-         * X509Certificate caCert = null;
-         * // Note that in RA the chain could be null if CA was not up when
-         * // RA was started. In that case just set the length to -1 and let
-         * // CA reject if it does not allow any subordinate CA certs.
-         * if (caChain != null) {
-         * caCert = caChain.getFirstCertificate();
-         * if (caCert != null)
-         * mCAPathLen = caCert.getBasicConstraints();
-         * }
-         * }
-         ****/
-
-        mEnabled = mConfig.getBoolean(
-                    IPolicyProcessor.PROP_ENABLE, false);
-        mCritical = mConfig.getBoolean(PROP_CRITICAL, DEF_CRITICAL);
-
-        mNumPolicyMappings = mConfig.getInteger(
-                    PROP_NUM_POLICYMAPPINGS, DEF_NUM_POLICYMAPPINGS);
-        if (mNumPolicyMappings < 1) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_ATTR_VALUE_2", NAME, ""));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                        PROP_NUM_POLICYMAPPINGS,
-                        "value must be greater than or equal to 1"));
-        }
-
-        // init Policy Mappings, check values if enabled.
-        mPolicyMaps = new PolicyMap[mNumPolicyMappings];
-        for (int i = 0; i < mNumPolicyMappings; i++) {
-            String subtreeName = PROP_POLICYMAP + i;
-
-            try {
-                mPolicyMaps[i] = new PolicyMap(subtreeName, mConfig, mEnabled);
-            } catch (EBaseException e) {
-                log(ILogger.LL_FAILURE, NAME + ": " +
-                        CMS.getLogMessage("POLICY_ERROR_CREATE_MAP", e.toString()));
-                throw e;
-            }
-        }
-
-        // create instance of policy mappings extension if enabled.
-        if (mEnabled) {
-            try {
-                Vector<CertificatePolicyMap> certPolicyMaps = new Vector<CertificatePolicyMap>();
-
-                for (int j = 0; j < mNumPolicyMappings; j++) {
-                    certPolicyMaps.addElement(
-                            mPolicyMaps[j].mCertificatePolicyMap);
-                }
-                mPolicyMappingsExtension =
-                        new PolicyMappingsExtension(mCritical, certPolicyMaps);
-            } catch (IOException e) {
-                throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                                "Error initializing " + NAME + " Error: " + e));
-            }
-        }
-
-        // form instance params
-        mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
-        mInstanceParams.addElement(
-                PROP_NUM_POLICYMAPPINGS + "=" + mNumPolicyMappings);
-        for (int i = 0; i < mNumPolicyMappings; i++) {
-            mPolicyMaps[i].getInstanceParams(mInstanceParams);
-        }
-    }
-
-    /**
-     * Adds policy mappings Extension to a (CA) certificate.
-     *
-     * If a policy mappings Extension is already there, accept it if
-     * it's been approved by agent, else replace it.
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        // if extension hasn't been properly configured reject requests until
-        // it has been resolved (or disabled).
-        if (mPolicyMappingsExtension == null) {
-            //setError(req, PolicyResources.EXTENSION_NOT_INITED_1, NAME);
-            //return PolicyResult.REJECTED;
-            return PolicyResult.ACCEPTED;
-        }
-
-        // get certInfo from request.
-        X509CertInfo[] ci =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED;
-        }
-
-        for (int i = 0; i < ci.length; i++) {
-            PolicyResult certRes = applyCert(req, ci[i]);
-
-            if (certRes == PolicyResult.REJECTED)
-                return certRes;
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
-        // check if policy mappings extension already exists.
-        // if not agent approved, replace policy mappings extension with ours.
-        // else ignore.
-        try {
-            PolicyMappingsExtension policyMappingsExt = null;
-            CertificateExtensions extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-
-            try {
-                if (extensions != null) {
-                    policyMappingsExt = (PolicyMappingsExtension)
-                            extensions.get(PolicyMappingsExtension.NAME);
-                }
-            } catch (IOException e) {
-                // extension isn't there.
-            }
-
-            if (policyMappingsExt != null) {
-                if (agentApproved(req)) {
-                    return PolicyResult.ACCEPTED;
-                } else {
-                    extensions.delete(PolicyMappingsExtension.NAME);
-                }
-            }
-
-            if (extensions == null) {
-                certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
-                extensions = new CertificateExtensions();
-                certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-            }
-            extensions.set(
-                    PolicyMappingsExtension.NAME, mPolicyMappingsExtension);
-            return PolicyResult.ACCEPTED;
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_ERROR_PROCESS_POLICYMAP_EXT", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, e.getMessage());
-            return PolicyResult.REJECTED;
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString()));
-
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, "Certificate Info Error");
-            return PolicyResult.REJECTED;
-        }
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        return mInstanceParams;
-    }
-
-    /**
-     * Default config parameters.
-     * To add more permitted or excluded subtrees,
-     * increase the num to greater than 0 and more configuration params
-     * will show up in the console.
-     */
-    private static Vector<String> mDefParams = new Vector<String>();
-    static {
-        mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
-        mDefParams.addElement(
-                PROP_NUM_POLICYMAPPINGS + "=" + DEF_NUM_POLICYMAPPINGS);
-        String policyMap0Dot = PROP_POLICYMAP + "0.";
-
-        mDefParams.addElement(
-                policyMap0Dot + PolicyMap.PROP_ISSUER_DOMAIN_POLICY + "=" + "");
-        mDefParams.addElement(
-                policyMap0Dot + PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + "=" + "");
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        return mDefParams;
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        Vector<String> theparams = new Vector<String>();
-
-        theparams.addElement(PROP_CRITICAL + ";boolean;RFC 2459 recommendation: MUST be non-critical.");
-        theparams.addElement(PROP_NUM_POLICYMAPPINGS
-                + ";number; Number of policy mappings. The value must be greater than or equal to 1");
-
-        String policyInfo =
-                ";string;An object identifier in the form n.n.n.n";
-
-        for (int k = 0; k < 5; k++) {
-            String policyMapkDot = PROP_POLICYMAP + k + ".";
-
-            theparams.addElement(policyMapkDot +
-                    PolicyMap.PROP_ISSUER_DOMAIN_POLICY + policyInfo);
-            theparams.addElement(policyMapkDot +
-                    PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + policyInfo);
-        }
-
-        theparams.addElement(IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-policymappings");
-        theparams.addElement(IExtendedPluginInfo.HELP_TEXT +
-                ";Adds Policy Mappings Extension. See RFC 2459 (4.2.1.6)");
-
-        String[] params = new String[theparams.size()];
-
-        theparams.copyInto(params);
-        return params;
-    }
-}
-
-class PolicyMap {
-
-    protected static String PROP_ISSUER_DOMAIN_POLICY = "issuerDomainPolicy";
-    protected static String PROP_SUBJECT_DOMAIN_POLICY = "subjectDomainPolicy";
-
-    protected String mName = null;
-    protected String mNameDot = null;
-    protected IConfigStore mConfig = null;
-    protected String mIssuerDomainPolicy = null;
-    protected String mSubjectDomainPolicy = null;
-    protected CertificatePolicyMap mCertificatePolicyMap = null;
-
-    /**
-     * forms policy map parameters.
-     *
-     * @param name name of this policy map, for example policyMap0
-     * @param config parent's config from where we find this configuration.
-     * @param enabled whether policy was enabled.
-     */
-    protected PolicyMap(String name, IConfigStore config, boolean enabled)
-            throws EBaseException {
-        mName = name;
-        mConfig = config.getSubStore(mName);
-        mNameDot = mName + ".";
-
-        if (mConfig == null) {
-            CMS.debug("PolicyMappingsExt::PolicyMap - mConfig is null!");
-            return;
-        }
-
-        // if there's no configuration for this map put it there.
-        if (mConfig.size() == 0) {
-            config.putString(mNameDot + PROP_ISSUER_DOMAIN_POLICY, "");
-            config.putString(mNameDot + PROP_SUBJECT_DOMAIN_POLICY, "");
-            mConfig = config.getSubStore(mName);
-            if (mConfig == null || mConfig.size() == 0) {
-                CMS.debug("PolicyMappingsExt::PolicyMap - mConfig " +
-                           "is null or empty!");
-                return;
-            }
-        }
-
-        // get policy ids from configuration.
-        mIssuerDomainPolicy =
-                mConfig.getString(PROP_ISSUER_DOMAIN_POLICY, null);
-        mSubjectDomainPolicy =
-                mConfig.getString(PROP_SUBJECT_DOMAIN_POLICY, null);
-
-        // adjust for "" and console returning "null"
-        if (mIssuerDomainPolicy != null &&
-                (mIssuerDomainPolicy.length() == 0 ||
-                mIssuerDomainPolicy.equals("null"))) {
-            mIssuerDomainPolicy = null;
-        }
-        if (mSubjectDomainPolicy != null &&
-                (mSubjectDomainPolicy.length() == 0 ||
-                mSubjectDomainPolicy.equals("null"))) {
-            mSubjectDomainPolicy = null;
-        }
-
-        // policy ids cannot be null if policy is enabled.
-        String msg = "value cannot be null.";
-
-        if (mIssuerDomainPolicy == null && enabled)
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                        mNameDot + PROP_ISSUER_DOMAIN_POLICY, msg));
-        if (mSubjectDomainPolicy == null && enabled)
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                        mNameDot + PROP_SUBJECT_DOMAIN_POLICY, msg));
-
-        // if a policy id is not null check that it is a valid OID.
-        ObjectIdentifier issuerPolicyId = null;
-        ObjectIdentifier subjectPolicyId = null;
-
-        if (mIssuerDomainPolicy != null)
-            issuerPolicyId = CMS.checkOID(
-                        mNameDot + PROP_ISSUER_DOMAIN_POLICY, mIssuerDomainPolicy);
-        if (mSubjectDomainPolicy != null)
-            subjectPolicyId = CMS.checkOID(
-                        mNameDot + PROP_SUBJECT_DOMAIN_POLICY, mSubjectDomainPolicy);
-
-        // if enabled, form CertificatePolicyMap to be encoded in extension.
-        // policy ids should be all set.
-        if (enabled) {
-            mCertificatePolicyMap = new CertificatePolicyMap(
-                        new CertificatePolicyId(issuerPolicyId),
-                        new CertificatePolicyId(subjectPolicyId));
-        }
-    }
-
-    protected void getInstanceParams(Vector<String> instanceParams) {
-        instanceParams.addElement(
-                mNameDot + PROP_ISSUER_DOMAIN_POLICY + "=" + (mIssuerDomainPolicy == null ? "" :
-                        mIssuerDomainPolicy));
-        instanceParams.addElement(
-                mNameDot + PROP_SUBJECT_DOMAIN_POLICY + "=" + (mSubjectDomainPolicy == null ? "" :
-                        mSubjectDomainPolicy));
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java b/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java
deleted file mode 100644
index 7f44c8eb0..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java
+++ /dev/null
@@ -1,158 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.util.Locale;
-import java.util.Vector;
-
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Checks extension presence.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class PresenceExt extends APolicyRule {
-    private static Vector<String> mDefParams = new Vector<String>();
-    @SuppressWarnings("unused")
-    private IConfigStore mConfig;
-    private String mOID = null;
-    private boolean mCritical;
-    private int mVersion = 0;
-    private String mStreetAddress;
-    private String mTelephoneNumber;
-    private String mRFC822Name;
-    private String mID;
-    private String mHostName;
-    private int mPortNumber = 0;
-    private int mMaxUsers = 0;
-    private int mServiceLevel = 0;
-
-    public static final String PROP_IS_CRITICAL = "critical";
-    public static final String PROP_OID = "oid";
-    public static final String PROP_VERSION = "version";
-    public static final String PROP_STREET_ADDRESS = "streetAddress";
-    public static final String PROP_TELEPHONE_NUMBER = "telephoneNumber";
-    public static final String PROP_RFC822_NAME = "rfc822Name";
-    public static final String PROP_ID = "id";
-    public static final String PROP_HOSTNAME = "hostName";
-    public static final String PROP_PORT_NUMBER = "portNumber";
-    public static final String PROP_MAX_USERS = "maxUsers";
-    public static final String PROP_SERVICE_LEVEL = "serviceLevel";
-
-    static {
-        mDefParams.addElement(PROP_IS_CRITICAL + "=false");
-    }
-
-    public PresenceExt() {
-        NAME = "PresenceExtPolicy";
-        DESC = "Sets Presence Server Extension in certificates.";
-    }
-
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-
-        mCritical = config.getBoolean(PROP_IS_CRITICAL, false);
-        mOID = config.getString(PROP_OID, "");
-        mVersion = config.getInteger(PROP_VERSION, 0);
-        mStreetAddress = config.getString(PROP_STREET_ADDRESS, "");
-        mTelephoneNumber = config.getString(PROP_TELEPHONE_NUMBER, "");
-        mRFC822Name = config.getString(PROP_RFC822_NAME, "");
-        mID = config.getString(PROP_ID, "");
-        mHostName = config.getString(PROP_HOSTNAME, "");
-        mPortNumber = config.getInteger(PROP_PORT_NUMBER, 0);
-        mMaxUsers = config.getInteger(PROP_MAX_USERS, 0);
-        mServiceLevel = config.getInteger(PROP_SERVICE_LEVEL, 0);
-    }
-
-    public PolicyResult apply(IRequest req) {
-        PolicyResult res = PolicyResult.ACCEPTED;
-
-        /*
-         PresenceServerExtension ext = new PresenceServerExtension(mCritical,
-         mOID, mVersion, mStreetAddress,
-         mTelephoneNumber, mRFC822Name, mID,
-         mHostName, mPortNumber, mMaxUsers, mServiceLevel);
-         */
-
-        return res;
-    }
-
-    public Vector<String> getInstanceParams() {
-        Vector<String> params = new Vector<String>();
-
-        params.addElement(PROP_IS_CRITICAL + "=" + mCritical);
-        params.addElement(PROP_OID + "=" + mOID);
-        params.addElement(PROP_VERSION + "=" + mVersion);
-        params.addElement(PROP_STREET_ADDRESS + "=" + mStreetAddress);
-        params.addElement(PROP_TELEPHONE_NUMBER + "=" + mTelephoneNumber);
-        params.addElement(PROP_RFC822_NAME + "=" + mRFC822Name);
-        params.addElement(PROP_ID + "=" + mID);
-        params.addElement(PROP_HOSTNAME + "=" + mHostName);
-        params.addElement(PROP_PORT_NUMBER + "=" + mPortNumber);
-        params.addElement(PROP_MAX_USERS + "=" + mMaxUsers);
-        params.addElement(PROP_SERVICE_LEVEL + "=" + mServiceLevel);
-        return params;
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_IS_CRITICAL + ";boolean;Criticality",
-                PROP_OID + ";string; Object identifier of this extension",
-                PROP_VERSION + ";string; version",
-                PROP_STREET_ADDRESS + ";string; street address",
-                PROP_TELEPHONE_NUMBER + ";string; telephone number",
-                PROP_RFC822_NAME + ";string; rfc822 name",
-                PROP_ID + ";string; identifier",
-                PROP_HOSTNAME + ";string; host name",
-                PROP_PORT_NUMBER + ";string; port number",
-                PROP_MAX_USERS + ";string; max users",
-                PROP_SERVICE_LEVEL + ";string; service level",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-presenceext",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Adds Presence Server Extension;"
-
-        };
-
-        return params;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        return mDefParams;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java b/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java
deleted file mode 100644
index fd52e9bb1..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java
+++ /dev/null
@@ -1,252 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.PrivateKeyUsageExtension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.EPolicyException;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * PrivateKeyUsagePeriod Identifier Extension policy.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class PrivateKeyUsagePeriodExt extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-
-    private final static String PROP_NOT_BEFORE = "notBefore";
-    private final static String PROP_NOT_AFTER = "notAfter";
-    protected static final String PROP_IS_CRITICAL = "critical";
-
-    // 6 months roughly
-    private final static long defDuration = 60L * 60 * 24 * 180 * 1000;
-
-    private static final String DATE_PATTERN = "MM/dd/yyyy";
-    static SimpleDateFormat formatter = new SimpleDateFormat(DATE_PATTERN);
-    private static Date now = CMS.getCurrentDate();
-    private static Date six_months = new Date(now.getTime() + defDuration);
-
-    public static final String DEFAULT_NOT_BEFORE = formatter.format(now);
-    public static final String DEFAULT_NOT_AFTER = formatter.format(six_months);
-
-    // PKIX specifies the that the extension SHOULD NOT be critical
-    public static final boolean DEFAULT_CRITICALITY = false;
-
-    protected String mNotBefore;
-    protected String mNotAfter;
-    protected boolean mCritical;
-
-    private static Vector<String> defaultParams;
-
-    static {
-
-        formatter.setLenient(false);
-
-        defaultParams = new Vector<String>();
-        defaultParams.addElement(PROP_IS_CRITICAL + "=" + DEFAULT_CRITICALITY);
-        defaultParams.addElement(PROP_NOT_BEFORE + "=" + DEFAULT_NOT_BEFORE);
-        defaultParams.addElement(PROP_NOT_AFTER + "=" + DEFAULT_NOT_AFTER);
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_IS_CRITICAL + ";boolean;RFC 2459 recommendation: The profile " +
-                        "recommends against the use of this extension. CAs " +
-                        "conforming to the profile MUST NOT generate certs with " +
-                        "critical private key usage period extensions.",
-                PROP_NOT_BEFORE + ";string; Date before which the Private Key is invalid.",
-                PROP_NOT_AFTER + ";string; Date after which the Private Key is invalid.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-privatekeyusageperiod",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Adds (deprecated) Private Key Usage Period Extension. " +
-                        "Defined in RFC 2459 (4.2.1.4)"
-            };
-
-        return params;
-    }
-
-    /**
-     * Adds the private key usage extension to all certs.
-     */
-    public PrivateKeyUsagePeriodExt() {
-        NAME = "PrivateKeyUsagePeriodExt";
-        DESC = "Sets Private Key Usage Extension for a certificate";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * ra.Policy.rule.<ruleName>.implName=PrivateKeyUsageExtension
-     * ra.Policy.rule.<ruleName>.enable=true
-     * ra.Policy.rule.<ruleName>.notBefore=30
-     * ra.Policy.rule.<ruleName>.notAfter=180
-     * ra.Policy.rule.<ruleName>.critical=false
-     * ra.Policy.rule.<ruleName>.predicate=ou==Sales
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-
-        try {
-            // Get params.
-            mNotBefore = config.getString(PROP_NOT_BEFORE, null);
-            mNotAfter = config.getString(PROP_NOT_AFTER, null);
-            mCritical = config.getBoolean(PROP_IS_CRITICAL, false);
-
-            // Check the parameter formats for errors
-            formatter.format(formatter.parse(mNotBefore.trim()));
-            formatter.format(formatter.parse(mNotAfter.trim()));
-        } catch (Exception e) {
-            // e.printStackTrace();
-            Object[] params = { getInstanceName(), e };
-
-            throw new EPolicyException(
-                    CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"), params);
-        }
-
-    }
-
-    /**
-     * Adds a private key usage extension if none exists.
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-
-        // get cert info.
-        X509CertInfo[] ci =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED; // unrecoverable error.
-        }
-
-        for (int i = 0; i < ci.length; i++) {
-            PolicyResult certRes = applyCert(req, ci[i]);
-
-            if (certRes == PolicyResult.REJECTED)
-                return certRes;
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
-        // get private key usage extension from cert info if any.
-        CertificateExtensions extensions = null;
-        PrivateKeyUsageExtension ext = null;
-
-        try {
-            // get subject key id extension if any.
-            extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-        } catch (IOException e) {
-            // no extensions or subject key identifier extension.
-        } catch (CertificateException e) {
-            // no extensions or subject key identifier extension.
-        }
-
-        if (extensions == null) {
-            extensions = new CertificateExtensions();
-        } else {
-            // remove any previously computed version of the extension
-            try {
-                extensions.delete(PrivateKeyUsageExtension.NAME);
-
-            } catch (IOException e) {
-            }
-
-        }
-
-        try {
-            ext = new PrivateKeyUsageExtension(
-                        formatter.parse(mNotBefore),
-                        formatter.parse(mNotAfter));
-            certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
-            extensions.set(PrivateKeyUsageExtension.NAME, ext);
-        } catch (Exception e) {
-            if (e instanceof RuntimeException)
-                throw (RuntimeException) e;
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_ERROR_CREATE_PRIVATE_KEY_EXT", e.toString()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR"), NAME);
-            return PolicyResult.REJECTED;
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return Empty Vector since this policy has no configuration parameters.
-     *         for this policy instance.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> params = new Vector<String>();
-
-        params.addElement(PROP_IS_CRITICAL + "=" + mCritical);
-        params.addElement(PROP_NOT_BEFORE + "=" + mNotBefore);
-        params.addElement(PROP_NOT_AFTER + "=" + mNotAfter);
-        return params;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return Empty Vector since this policy implementation has no
-     *         configuration parameters.
-     */
-    public Vector<String> getDefaultParams() {
-        Vector<String> defParams = new Vector<String>();
-
-        defParams.addElement(PROP_IS_CRITICAL + "=" + DEFAULT_CRITICALITY);
-        defParams.addElement(PROP_NOT_BEFORE + "=" + DEFAULT_NOT_BEFORE);
-        defParams.addElement(PROP_NOT_AFTER + "=" + DEFAULT_NOT_AFTER);
-        return defParams;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java b/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java
deleted file mode 100644
index b5d6d8eec..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java
+++ /dev/null
@@ -1,143 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.BasicConstraintsExtension;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Remove Basic Constraints policy.
- * Adds the Basic constraints extension.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class RemoveBasicConstraintsExt extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    public RemoveBasicConstraintsExt() {
-        NAME = "RemoveBasicConstraintsExt";
-        DESC = "Remove Basic Constraints extension";
-    }
-
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-    }
-
-    public PolicyResult apply(IRequest req) {
-
-        // get cert info.
-        X509CertInfo[] ci =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        X509CertInfo certInfo = null;
-
-        if (ci == null || (certInfo = ci[0]) == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED; // unrecoverable error.
-        }
-
-        for (int i = 0; i < ci.length; i++) {
-            PolicyResult certResult = applyCert(req, certInfo);
-
-            if (certResult == PolicyResult.REJECTED)
-                return certResult;
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    public PolicyResult applyCert(
-            IRequest req, X509CertInfo certInfo) {
-        // get basic constraints extension from cert info if any.
-        CertificateExtensions extensions = null;
-
-        try {
-            // get basic constraints extension if any.
-            extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-            if (extensions != null) {
-                try {
-                    extensions.delete(BasicConstraintsExtension.NAME);
-                    CMS.debug("PolicyRule RemoveBasicConstraintsExt: removed the extension from request "
-                            + req.getRequestId().toString());
-                } catch (IOException e) {
-                }
-            }
-        } catch (IOException e) {
-            // no extensions or basic constraints extension.
-        } catch (CertificateException e) {
-            // no extensions or basic constraints extension.
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> params = new Vector<String>();
-
-        return params;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        Vector<String> defParams = new Vector<String>();
-
-        return defParams;
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-removebasicconstraints",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Removes the Basic Constraints extension."
-            };
-
-        return params;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java b/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java
deleted file mode 100644
index d6e626aa9..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java
+++ /dev/null
@@ -1,356 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.GeneralNames;
-import netscape.security.x509.RFC822Name;
-import netscape.security.x509.SubjectAlternativeNameExtension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- *
- * THIS POLICY HAS BEEN DEPRECATED SINCE CMS 4.2.
- * New Policy is com.netscape.certsrv.policy.SubjectAltNameExt.
- * <p>
- *
- * Subject Alternative Name extension policy in CMS 4.1.
- *
- * Adds the subject alternative name extension depending on the certificate type requested.
- *
- * Two forms are supported. 1) For S/MIME certificates, email addresses are copied from data stored in the request by
- * the authentication component. Both 'e' and 'altEmail' are supported so that both the primary address and alternative
- * forms may be certified. Only the primary goes in the subjectName position (which should be phased out).
- *
- * e mailAlternateAddress
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class SubjAltNameExt extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    // for future use. currently always allow.
-    protected static final String PROP_AGENT_OVERR = "allowAgentOverride";
-    protected static final String PROP_EE_OVERR = "AllowEEOverride";
-    protected static final String PROP_ENABLE_MANUAL_VALUES =
-            "enableManualValues";
-
-    // for future use. currently always non-critical
-    // (standard says SHOULD be marked critical if included.)
-    protected static final String PROP_CRITICAL = "critical";
-
-    // for future use to allow overrides from forms.
-    // request must be agent approved or authenticated.
-    protected boolean mAllowAgentOverride = false;
-    protected boolean mAllowEEOverride = false;
-    protected boolean mEnableManualValues = false;
-
-    // for future use. currently always critical
-    // (standard says SHOULD be marked critical if included.)
-    protected boolean mCritical = false;
-
-    public SubjAltNameExt() {
-        NAME = "SubjAltNameExt";
-        DESC = "Sets alternative subject names for certificates";
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_CRITICAL
-                        + ";boolean;RFC 2459 recommendation: If the certificate subject field contains an empty sequence, the subjectAltName extension MUST be marked critical.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-subjaltname",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";This policy inserts the Subject Alternative Name " +
-                        "Extension into the certificate. See RFC 2459 (4.2.1.7). " +
-                        "* Note: you probably want to use this policy in " +
-                        "conjunction with an authentication manager which sets " +
-                        "the 'mail' or 'mailalternateaddress' values in the authToken. " +
-                        "See the 'ldapStringAttrs' parameter in the Directory-based " +
-                        "authentication plugin"
-        };
-
-        return params;
-
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries may be of the form:
-     *
-     * ra.Policy.rule.<ruleName>.implName=SubjAltNameExt ra.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        // future use.
-        mAllowAgentOverride = config.getBoolean(PROP_AGENT_OVERR, false);
-        mAllowEEOverride = config.getBoolean(PROP_EE_OVERR, false);
-        mCritical = config.getBoolean(PROP_CRITICAL, false);
-        // mEnableManualValues = config.getBoolean(PROP_ENABLE_MANUAL_VALUES, false);
-    }
-
-    /**
-     * Adds the subject alternative names extension if not set already.
-     *
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        PolicyResult res = PolicyResult.ACCEPTED;
-
-        // Find the X509CertInfo object in the request
-        X509CertInfo[] ci =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-
-            return PolicyResult.REJECTED; // unrecoverable error.
-        }
-
-        for (int i = 0; i < ci.length; i++) {
-            PolicyResult certRes = applyCert(req, ci[i]);
-
-            if (certRes == PolicyResult.REJECTED)
-                return certRes;
-        }
-        return res;
-    }
-
-    public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
-        PolicyResult res = PolicyResult.ACCEPTED;
-
-        //
-        // General error handling block
-        //
-        apply: try {
-
-            // Find the extensions in the certInfo
-            CertificateExtensions extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-
-            if (extensions != null) {
-                //
-                // Remove any previously computed version of the extension
-                //
-                try {
-                    extensions.delete(SubjectAlternativeNameExtension.NAME);
-                } catch (IOException e) {
-                    // extension isn't there
-                }
-            }
-
-            //
-            // Determine the type of the request.  For future expansion
-            // this test should dispatch to a specialized object to
-            // handle each particular type.  For now just return for
-            // non-client certs, and implement client certs directly here.
-            //
-            String certType =
-                    req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
-
-            if (certType == null ||
-                    !certType.equals(IRequest.CLIENT_CERT) ||
-                    !req.getExtDataInBoolean(IRequest.SMIME, false)) {
-                break apply;
-            }
-
-            // Create a list of email addresses that should be added
-            // to the certificate
-
-            IAuthToken tok = findAuthToken(req, null);
-
-            if (tok == null)
-                break apply;
-
-            Vector<String> emails = getEmailList(tok);
-
-            if (emails == null)
-                break apply;
-
-            // Create the extension
-            SubjectAlternativeNameExtension subjAltNameExt = mkExt(emails);
-
-            if (extensions == null)
-                extensions = createCertificateExtensions(certInfo);
-
-            extensions.set(SubjectAlternativeNameExtension.NAME,
-                    subjAltNameExt);
-
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, e.getMessage());
-            return PolicyResult.REJECTED; // unrecoverable error.
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, "Certificate Info Error");
-            return PolicyResult.REJECTED; // unrecoverable error.
-        }
-
-        return res;
-    }
-
-    /**
-     * Find a particular authentication token by manager name.
-     * If the token is not present return null
-     */
-    protected IAuthToken
-            findAuthToken(IRequest req, String authMgrName) {
-
-        return req.getExtDataInAuthToken(IRequest.AUTH_TOKEN);
-    }
-
-    /**
-     * Generate a String Vector containing all the email addresses
-     * found in this Authentication token
-     * @throws IOException
-     */
-    protected Vector<String> getEmailList(IAuthToken tok) throws IOException {
-
-        Vector<String> v = new Vector<String>();
-
-        addValues(tok, "mail", v);
-        addValues(tok, "mailalternateaddress", v);
-
-        if (v.size() == 0)
-            return null;
-
-        return v;
-    }
-
-    /**
-     * Add attribute values from an LDAP attribute to a vector
-     * @throws IOException
-     */
-    protected void
-            addValues(IAuthToken tok, String attrName, Vector<String> v) throws IOException {
-        String attr[] = tok.getInStringArray(attrName);
-
-        if (attr == null)
-            return;
-
-        for (int i = 0; i < attr.length; i++) {
-            v.addElement(attr[i]);
-        }
-    }
-
-    /**
-     * Make a Subject name extension given a list of email addresses
-     */
-    protected SubjectAlternativeNameExtension
-            mkExt(Vector<String> emails)
-                    throws IOException {
-        SubjectAlternativeNameExtension sa;
-        GeneralNames gns = new GeneralNames();
-
-        for (int i = 0; i < emails.size(); i++) {
-            String email = emails.elementAt(i);
-
-            gns.addElement(new RFC822Name(email));
-        }
-
-        sa = new SubjectAlternativeNameExtension(gns);
-
-        return sa;
-    }
-
-    /**
-     * Create a new SET of extensions in the certificate info
-     * object.
-     *
-     * This should be a method in the X509CertInfo object
-     */
-    protected CertificateExtensions
-            createCertificateExtensions(X509CertInfo certInfo)
-                    throws IOException, CertificateException {
-        CertificateExtensions extensions;
-
-        // Force version to V3
-        certInfo.set(X509CertInfo.VERSION,
-                new CertificateVersion(CertificateVersion.V3));
-
-        extensions = new CertificateExtensions();
-        certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-
-        return extensions;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> params = new Vector<String>();
-
-        //params.addElement("PROP_AGENT_OVERR = " + mAllowAgentOverride);
-        //params.addElement("PROP_EE_OVERR = " + mAllowEEOverride);
-        params.addElement(PROP_CRITICAL + "=" + mCritical);
-        // params.addElement(PROP_ENABLE_MANUAL_VALUES + " = " +
-        //	mEnableManualValues);
-        return params;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        Vector<String> defParams = new Vector<String>();
-
-        //defParams.addElement("PROP_AGENT_OVERR = " + DEF_AGENT_OVERR);
-        //defParams.addElement("PROP_EE_OVERR = " + DEF_EE_OVERR);
-        defParams.addElement(PROP_CRITICAL + "=false");
-        // defParams.addElement(PROP_ENABLE_MANUAL_VALUES + "= false");
-
-        return defParams;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java b/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java
deleted file mode 100644
index 0d89d8876..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java
+++ /dev/null
@@ -1,331 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.GeneralName;
-import netscape.security.x509.GeneralNames;
-import netscape.security.x509.SubjectAlternativeNameExtension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.policy.IGeneralNameUtil;
-import com.netscape.certsrv.policy.IPolicyProcessor;
-import com.netscape.certsrv.policy.ISubjAltNameConfig;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Subject Alternative Name extension policy.
- *
- * Adds the subject alternative name extension as configured.
- *
- * Two forms are supported. 1) For S/MIME certificates, email
- * addresses are copied from data stored in the request by the
- * authentication component. Both 'e' and 'altEmail' are supported
- * so that both the primary address and alternative forms may be
- * certified. Only the primary goes in the subjectName position (which
- * should be phased out).
- *
- * e
- * mailAlternateAddress
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class SubjectAltNameExt extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    // (standard says SHOULD be marked critical if included.)
-    protected static final String PROP_CRITICAL = "critical";
-    protected static final boolean DEF_CRITICAL = false;
-
-    protected IConfigStore mConfig = null;
-    protected boolean mEnabled = false;
-    protected boolean mCritical = DEF_CRITICAL;
-    protected int mNumGNs = 0;
-    protected ISubjAltNameConfig[] mGNs = null;
-
-    Vector<String> mInstanceParams = new Vector<String>();
-
-    // init default params and extended plugin info.
-    private static Vector<String> mDefParams = new Vector<String>();
-    static {
-        // default params.
-        mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
-        mDefParams.addElement(
-                IGeneralNameUtil.PROP_NUM_GENERALNAMES + "=" +
-                        IGeneralNameUtil.DEF_NUM_GENERALNAMES);
-        for (int i = 0; i < IGeneralNameUtil.DEF_NUM_GENERALNAMES; i++) {
-            CMS.getSubjAltNameConfigDefaultParams(
-                    IGeneralNameUtil.PROP_GENERALNAME + i, mDefParams);
-        }
-    }
-
-    private String[] mExtendedPluginInfo = null;
-
-    public SubjectAltNameExt() {
-        NAME = "SubjectAltNameExt";
-        DESC = "Sets alternative subject names for certificates";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries may be of the form:
-     *
-     * ra.Policy.rule.<ruleName>.implName=SubjectAltNameExt ra.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-
-        // get criticality
-        mCritical = mConfig.getBoolean(PROP_CRITICAL, DEF_CRITICAL);
-
-        // get enabled
-        mEnabled = mConfig.getBoolean(
-                    IPolicyProcessor.PROP_ENABLE, false);
-
-        // get general names configuration.
-        mNumGNs = mConfig.getInteger(IGeneralNameUtil.PROP_NUM_GENERALNAMES);
-        if (mNumGNs <= 0) {
-            throw new EBaseException(
-                    CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER",
-                            IGeneralNameUtil.PROP_NUM_GENERALNAMES));
-        }
-        mGNs = new ISubjAltNameConfig[mNumGNs];
-        for (int i = 0; i < mNumGNs; i++) {
-            String name = IGeneralNameUtil.PROP_GENERALNAME + i;
-            IConfigStore substore = mConfig.getSubStore(name);
-
-            mGNs[i] = CMS.createSubjAltNameConfig(name, substore, mEnabled);
-        }
-
-        // init instance params.
-        mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
-        mInstanceParams.addElement(
-                IGeneralNameUtil.PROP_NUM_GENERALNAMES + "=" + mNumGNs);
-        for (int j = 0; j < mGNs.length; j++) {
-            mGNs[j].getInstanceParams(mInstanceParams);
-        }
-    }
-
-    /**
-     * Adds the subject alternative names extension if not set already.
-     *
-     * <P>
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        PolicyResult res = PolicyResult.ACCEPTED;
-
-        // Find the X509CertInfo object in the request
-        X509CertInfo[] ci =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-
-            return PolicyResult.REJECTED; // unrecoverable error.
-        }
-
-        for (int i = 0; i < ci.length; i++) {
-            PolicyResult certRes = applyCert(req, ci[i]);
-
-            if (certRes == PolicyResult.REJECTED)
-                return certRes;
-        }
-        return res;
-    }
-
-    public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
-        PolicyResult res = PolicyResult.ACCEPTED;
-
-        try {
-            // Find the extensions in the certInfo
-            CertificateExtensions extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-
-            // Remove any previously computed version of the extension
-            // unless it is from RA. If from RA, accept what RA put in
-            // request and don't add our own.
-            if (extensions != null) {
-                String sourceId = req.getSourceId();
-
-                if (sourceId != null && sourceId.length() > 0)
-                    return res; // accepted
-                try {
-                    extensions.delete(SubjectAlternativeNameExtension.NAME);
-                } catch (IOException e) {
-                    // extension isn't there
-                }
-            }
-
-            // form list of general names for the extension.
-            GeneralNames gns = new GeneralNames();
-
-            for (int i = 0; i < mNumGNs; i++) {
-                Object value = null;
-
-                value = req.getExtDataInString(mGNs[i].getPfx(), mGNs[i].getAttr());
-                if (value == null) {
-                    continue;
-                }
-                Vector<GeneralName> gn = mGNs[i].formGeneralNames(value);
-
-                if (gn.size() == 0)
-                    continue;
-                for (Enumeration<GeneralName> n = gn.elements(); n.hasMoreElements();) {
-                    gns.addElement(n.nextElement());
-                }
-            }
-
-            // nothing was found in request to put into extension
-            if (gns.size() == 0)
-                return res; // accepted
-
-            String subject = certInfo.get(X509CertInfo.SUBJECT).toString();
-
-            boolean curCritical = mCritical;
-
-            if (subject.equals("")) {
-                curCritical = true;
-            }
-
-            // make the extension
-            SubjectAlternativeNameExtension sa = new SubjectAlternativeNameExtension(curCritical, gns);
-
-            // add it to certInfo.
-            if (extensions == null)
-                extensions = createCertificateExtensions(certInfo);
-
-            extensions.set(SubjectAlternativeNameExtension.NAME, sa);
-
-            return res; // accepted.
-
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, e.getMessage());
-            return PolicyResult.REJECTED; // unrecoverable error.
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, "Certificate Info Error");
-            return PolicyResult.REJECTED; // unrecoverable error.
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("BASE_INTERNAL_ERROR_1", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, "Internal Error");
-            return PolicyResult.REJECTED; // unrecoverable error.
-        }
-    }
-
-    /**
-     * Create a new SET of extensions in the certificate info
-     * object.
-     *
-     * This should be a method in the X509CertInfo object
-     */
-    protected CertificateExtensions
-            createCertificateExtensions(X509CertInfo certInfo)
-                    throws IOException, CertificateException {
-        CertificateExtensions extensions;
-
-        // Force version to V3
-        certInfo.set(X509CertInfo.VERSION,
-                new CertificateVersion(CertificateVersion.V3));
-
-        extensions = new CertificateExtensions();
-        certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-
-        return extensions;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        return mInstanceParams;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        return mDefParams;
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-
-        // extended plugin info.
-        Vector<String> info = new Vector<String>();
-
-        info.addElement(PROP_CRITICAL
-                + ";boolean;RFC2459 recommendation: If the certificate subject field contains an empty sequence, the extension MUST be marked critical.");
-        info.addElement(IGeneralNameUtil.PROP_NUM_GENERALNAMES_INFO);
-        for (int i = 0; i < IGeneralNameUtil.DEF_NUM_GENERALNAMES; i++) {
-            CMS.getSubjAltNameConfigExtendedPluginInfo(
-                    IGeneralNameUtil.PROP_GENERALNAME + i, info);
-        }
-        info.addElement(IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-subjaltname");
-        info.addElement(IExtendedPluginInfo.HELP_TEXT +
-                ";This policy inserts the Subject Alternative Name " +
-                "Extension into the certificate. See RFC 2459 (4.2.1.7). " +
-                "* Note: you probably want to use this policy in " +
-                "conjunction with an authentication manager which sets " +
-                "the 'mail' or 'mailalternateaddress' values in the authToken. " +
-                "See the 'ldapStringAttrs' parameter in the Directory-based " +
-                "authentication plugin");
-        mExtendedPluginInfo = new String[info.size()];
-        info.copyInto(mExtendedPluginInfo);
-        return mExtendedPluginInfo;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java b/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java
deleted file mode 100644
index bcd9c9885..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java
+++ /dev/null
@@ -1,428 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.util.DerValue;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.AVAValueConverter;
-import netscape.security.x509.Attribute;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.SubjectDirAttributesExtension;
-import netscape.security.x509.X500NameAttrMap;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Policy to add the subject directory attributes extension.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class SubjectDirectoryAttributesExt extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    protected static final String PROP_CRITICAL = "critical";
-    protected static final String PROP_ATTRIBUTE = "attribute";
-    protected static final String PROP_NUM_ATTRIBUTES = "numAttributes";
-
-    protected static final boolean DEF_CRITICAL = false;
-    protected static final int DEF_NUM_ATTRIBUTES = 3;
-    protected static final int MAX_NUM_ATTRIBUTES = 10;
-
-    protected boolean mCritical;
-    protected int mNumAttributes;
-    protected AttributeConfig[] mAttributes = null;
-
-    protected IConfigStore mConfig;
-    protected SubjectDirAttributesExtension mExt = null;
-
-    protected Vector<String> mParams = new Vector<String>();
-    private String[] mEPI = null; // extended plugin info
-    protected static Vector<String> mDefParams = new Vector<String>();
-
-    static {
-        setDefaultParams();
-    }
-
-    public SubjectDirectoryAttributesExt() {
-        NAME = "SubjectDirectoryAttributesExtPolicy";
-        DESC = "Sets Subject Directory Attributes Extension in certificates.";
-        setExtendedPluginInfo();
-    }
-
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        boolean enabled = config.getBoolean("enabled", false);
-
-        mConfig = config;
-
-        mCritical = mConfig.getBoolean(PROP_CRITICAL, false);
-        mNumAttributes = mConfig.getInteger(PROP_NUM_ATTRIBUTES, DEF_NUM_ATTRIBUTES);
-        if (mNumAttributes < 1) {
-            EBaseException ex = new EBaseException(
-                    CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_NUM_ATTRIBUTES));
-
-            log(ILogger.LL_FAILURE, NAME + " Error: " + ex.toString());
-            throw ex;
-        }
-        mAttributes = new AttributeConfig[mNumAttributes];
-        for (int i = 0; i < mNumAttributes; i++) {
-            String name = PROP_ATTRIBUTE + i;
-            IConfigStore c = mConfig.getSubStore(name);
-
-            mAttributes[i] = new AttributeConfig(name, c, enabled);
-        }
-        if (enabled) {
-            try {
-                mExt = formExt(null);
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE, NAME + " Error: " + e.getMessage());
-                throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                            "Error forming Subject Directory Attributes Extension. " +
-                                    "See log file for details."));
-            }
-        }
-        setInstanceParams();
-    }
-
-    public PolicyResult apply(IRequest req) {
-        X509CertInfo[] ci =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED; // unrecoverable error.
-        }
-
-        for (int i = 0; i < ci.length; i++) {
-            PolicyResult r = applyCert(req, ci[i]);
-
-            if (r == PolicyResult.REJECTED)
-                return r;
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
-        CertificateExtensions extensions = null;
-
-        try {
-            // get extension and remove if exists.
-            extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-            if (extensions == null) {
-                extensions = new CertificateExtensions();
-                certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
-                certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-            } else {
-                try {
-                    extensions.delete(SubjectDirAttributesExtension.NAME);
-                } catch (IOException ee) {
-                    // if name is not found, try deleting the extension using the OID
-                    try {
-                        extensions.delete("2.5.29.9");
-                    } catch (IOException eee) {
-                    }
-                }
-            }
-
-            // form extension and set.
-            if (mExt != null) {
-                extensions.set(SubjectDirAttributesExtension.NAME, mExt);
-            } else {
-                SubjectDirAttributesExtension ext = formExt(req);
-
-                if (ext != null)
-                    extensions.set(SubjectDirAttributesExtension.NAME, formExt(req));
-            }
-            return PolicyResult.ACCEPTED;
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, "Certificate Info Error");
-            return PolicyResult.REJECTED; // unrecoverable error.
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, "IOException Error");
-            return PolicyResult.REJECTED;
-        }
-    }
-
-    public Vector<String> getInstanceParams() {
-        return mParams; // inited in init()
-    }
-
-    public Vector<String> getDefaultParams() {
-        return mDefParams;
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        return mEPI; // inited in the constructor.
-    }
-
-    private void setInstanceParams() {
-        mParams.addElement(PROP_CRITICAL + "=" + mCritical);
-        mParams.addElement(PROP_NUM_ATTRIBUTES + "=" + mNumAttributes);
-        for (int i = 0; i < mNumAttributes; i++) {
-            mAttributes[i].getInstanceParams(mParams);
-        }
-        // clean up others if exists. expensive.
-        for (int j = mNumAttributes; j < MAX_NUM_ATTRIBUTES; j++) {
-            mConfig.removeSubStore(PROP_ATTRIBUTE + j);
-        }
-    }
-
-    private static void setDefaultParams() {
-        mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
-        mDefParams.addElement(PROP_NUM_ATTRIBUTES + "=" + DEF_NUM_ATTRIBUTES);
-        for (int i = 0; i < DEF_NUM_ATTRIBUTES; i++) {
-            AttributeConfig.getDefaultParams(PROP_ATTRIBUTE + i, mDefParams);
-        }
-    }
-
-    private void setExtendedPluginInfo() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement(PROP_CRITICAL + ";boolean;" +
-                "RFC 2459 recommendation: MUST be non-critical.");
-        v.addElement(PROP_NUM_ATTRIBUTES + ";number;" +
-                "Number of Attributes in the extension.");
-
-        for (int i = 0; i < MAX_NUM_ATTRIBUTES; i++) {
-            AttributeConfig.getExtendedPluginInfo(PROP_ATTRIBUTE + i, v);
-        }
-
-        v.addElement(IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-subjectdirectoryattributes");
-        v.addElement(IExtendedPluginInfo.HELP_TEXT
-                +
-                ";Adds Subject Directory Attributes extension. See RFC 2459 (4.2.1.9). It's not recommended as an essential part of the profile, but may be used in local environments.");
-
-        mEPI = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
-    }
-
-    private SubjectDirAttributesExtension formExt(IRequest req)
-            throws IOException {
-        Vector<Attribute> attrs = new Vector<Attribute>();
-
-        // if we're called from init and one attribute is from request attribute
-        // the ext can't be formed yet.
-        if (req == null) {
-            for (int i = 0; i < mNumAttributes; i++) {
-                if (mAttributes[i].mWhereToGetValue == AttributeConfig.USE_REQUEST_ATTR)
-                    return null;
-            }
-        }
-        // either we're called from apply or all values are fixed.
-        for (int i = 0; i < mNumAttributes; i++) {
-            if (mAttributes[i].mAttribute != null) {
-                attrs.addElement(mAttributes[i].mAttribute);
-            } else {
-                // skip attribute if request attribute doesn't exist.
-                Attribute a = mAttributes[i].formAttr(req);
-
-                if (a == null)
-                    continue;
-                attrs.addElement(a);
-            }
-        }
-        if (attrs.size() == 0)
-            return null;
-        Attribute[] attrList = new Attribute[attrs.size()];
-
-        attrs.copyInto(attrList);
-        SubjectDirAttributesExtension ext =
-                new SubjectDirAttributesExtension(attrList);
-
-        return ext;
-    }
-}
-
-class AttributeConfig {
-
-    protected static final String PROP_ATTRIBUTE_NAME = "attributeName";
-    protected static final String PROP_WTG_VALUE = "whereToGetValue";
-    protected static final String PROP_VALUE = "value";
-
-    protected static final String USE_REQUEST_ATTR = "Request Attribute";
-    protected static final String USE_FIXED = "Fixed Value";
-
-    protected String mAttributeName = null;
-    protected String mWhereToGetValue = null;
-    protected String mValue = null;
-
-    protected String mPrefix = null;
-    protected String mReqAttr = null;
-    protected ObjectIdentifier mAttributeOID = null;
-
-    protected String mName = null;
-    protected IConfigStore mConfig = null;
-    protected Attribute mAttribute = null;
-
-    protected static final String ATTRIBUTE_NAME_INFO = "Attribute name.";
-    protected static final String WTG_VALUE_INFO =
-            PROP_WTG_VALUE + ";choice(" + USE_REQUEST_ATTR + "," + USE_FIXED + ");" +
-                    "Get value from a request attribute or use a fixed value specified below.";
-    protected static final String VALUE_INFO =
-            PROP_VALUE + ";string;" +
-                    "Request attribute name or a fixed value to put into the extension.";
-
-    public AttributeConfig(String name, IConfigStore config, boolean enabled)
-            throws EBaseException {
-        X500NameAttrMap map = X500NameAttrMap.getDefault();
-
-        mName = name;
-        mConfig = config;
-        if (enabled) {
-            mAttributeName = mConfig.getString(PROP_ATTRIBUTE_NAME);
-            mWhereToGetValue = mConfig.getString(PROP_WTG_VALUE);
-            mValue = mConfig.getString(PROP_VALUE);
-        } else {
-            mAttributeName = mConfig.getString(PROP_ATTRIBUTE_NAME, "");
-            mWhereToGetValue = mConfig.getString(PROP_WTG_VALUE, USE_REQUEST_ATTR);
-            mValue = mConfig.getString(PROP_VALUE, "");
-        }
-
-        if (mAttributeName.length() > 0) {
-            mAttributeOID = map.getOid(mAttributeName);
-            if (mAttributeOID == null)
-                throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", mAttributeName));
-        }
-
-        if (mWhereToGetValue.equalsIgnoreCase(USE_REQUEST_ATTR)) {
-            mWhereToGetValue = USE_REQUEST_ATTR;
-            if (enabled && mValue.length() == 0) {
-                throw new EBaseException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", PROP_VALUE));
-            }
-            int dot = mValue.indexOf('.');
-
-            if (dot != -1) {
-                mPrefix = mValue.substring(0, dot);
-                mReqAttr = mValue.substring(dot + 1);
-                if (mPrefix == null || mPrefix.length() == 0 ||
-                        mReqAttr == null || mReqAttr.length() == 0) {
-                    throw new EBaseException(
-                            CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", mValue));
-                }
-            } else {
-                mPrefix = null;
-                mReqAttr = mValue;
-            }
-        } else if (mWhereToGetValue.equalsIgnoreCase(USE_FIXED)) {
-            mWhereToGetValue = USE_FIXED;
-            if (mAttributeOID != null) {
-                try {
-                    checkValue(mAttributeOID, mValue);
-                    mAttribute = new Attribute(mAttributeOID, mValue);
-                } catch (Exception e) {
-                    throw new EBaseException(
-                            CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                                    mAttributeName, e.getMessage()));
-                }
-            }
-        } else if (enabled || mWhereToGetValue.length() > 0) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_VALUE_FOR_TYPE", PROP_WTG_VALUE,
-                        "Must be either '" + USE_REQUEST_ATTR + "' or '" + USE_FIXED + "'."));
-        }
-    }
-
-    public static void getDefaultParams(String name, Vector<String> v) {
-        String nameDot = name + ".";
-
-        v.addElement(nameDot + PROP_ATTRIBUTE_NAME + "=");
-        v.addElement(nameDot + PROP_WTG_VALUE + "=" + USE_REQUEST_ATTR);
-        v.addElement(nameDot + PROP_VALUE + "=");
-    }
-
-    public static void getExtendedPluginInfo(String name, Vector<String> v) {
-        String nameDot = name + ".";
-        String attrChoices = getAllNames();
-
-        v.addElement(nameDot + PROP_ATTRIBUTE_NAME + ";choice(" + attrChoices + ");" +
-                ATTRIBUTE_NAME_INFO);
-        v.addElement(nameDot + WTG_VALUE_INFO);
-        v.addElement(nameDot + VALUE_INFO);
-    }
-
-    public void getInstanceParams(Vector<String> v) {
-        String nameDot = mName + ".";
-
-        v.addElement(nameDot + PROP_ATTRIBUTE_NAME + "=" + mAttributeName);
-        v.addElement(nameDot + PROP_WTG_VALUE + "=" + mWhereToGetValue);
-        v.addElement(nameDot + PROP_VALUE + "=" + mValue);
-    }
-
-    public Attribute formAttr(IRequest req)
-            throws IOException {
-        String val = req.getExtDataInString(mPrefix, mReqAttr);
-
-        if (val == null || val.length() == 0) {
-            return null;
-        }
-        checkValue(mAttributeOID, val);
-        return new Attribute(mAttributeOID, val);
-    }
-
-    static private String getAllNames() {
-        Enumeration<String> n = X500NameAttrMap.getDefault().getAllNames();
-        StringBuffer sb = new StringBuffer();
-        sb.append(n.nextElement());
-
-        while (n.hasMoreElements()) {
-            sb.append(",");
-            sb.append(n.nextElement());
-        }
-        return sb.toString();
-    }
-
-    private static void checkValue(ObjectIdentifier oid, String val)
-            throws IOException {
-        AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter(oid);
-
-        @SuppressWarnings("unused")
-        DerValue derval = c.getValue(val); // check for errors
-        return;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java b/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java
deleted file mode 100644
index 16fc73347..000000000
--- a/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java
+++ /dev/null
@@ -1,377 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.policy.extensions;
-
-import java.io.IOException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.KeyIdentifier;
-import netscape.security.x509.SubjectKeyIdentifierExtension;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.EPolicyException;
-import com.netscape.certsrv.policy.IEnrollmentPolicy;
-import com.netscape.certsrv.policy.IPolicyProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.PolicyResult;
-import com.netscape.cms.policy.APolicyRule;
-
-/**
- * Subject Public Key Extension Policy
- * Adds the subject public key id extension to certificates.
- * <P>
- *
- * <PRE>
- * NOTE:  The Policy Framework has been replaced by the Profile Framework.
- * </PRE>
- * <P>
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class SubjectKeyIdentifierExt extends APolicyRule
-        implements IEnrollmentPolicy, IExtendedPluginInfo {
-    protected static final String PROP_CRITICAL = "critical";
-    protected static final String PROP_KEYID_TYPE = "keyIdentifierType";
-    protected static final String PROP_REQATTR_NAME = "requestAttrName";
-
-    protected static final String KEYID_TYPE_SHA1 = "SHA1";
-    protected static final String KEYID_TYPE_TYPEFIELD = "TypeField";
-    protected static final String KEYID_TYPE_SPKISHA1 = "SpkiSHA1";
-    protected static final String KEYID_TYPE_REQATTR = "RequestAttribute";
-
-    protected static final boolean DEF_CRITICAL = false;
-    protected static final String DEF_KEYID_TYPE = KEYID_TYPE_SHA1;
-    protected static final String DEF_REQATTR_NAME = "KeyIdentifier";
-
-    protected boolean mEnabled = false;
-    protected IConfigStore mConfig = null;
-
-    protected boolean mCritical = DEF_CRITICAL;
-    protected String mKeyIdType = DEF_KEYID_TYPE;;
-    protected String mReqAttrName = DEF_REQATTR_NAME;
-
-    protected Vector<String> mInstanceParams = new Vector<String>();
-
-    protected static Vector<String> mDefaultParams = new Vector<String>();
-    static {
-        // form static default params.
-        mDefaultParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
-        mDefaultParams.addElement(PROP_KEYID_TYPE + "=" + DEF_KEYID_TYPE);
-
-        /*
-         mDefaultParams.addElement(PROP_REQATTR_NAME+"="+DEF_REQATTR_NAME);
-         */
-    }
-
-    public SubjectKeyIdentifierExt() {
-        NAME = "SubjectKeyIdentifierExt";
-        DESC = "Adds Subject Key Idenifier Extension to certs";
-    }
-
-    /**
-     * Initializes this policy rule.
-     * <P>
-     *
-     * The entries may be of the form:
-     *
-     * ca.Policy.rule.<ruleName>.predicate= ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config The config store reference
-     */
-    public void init(ISubsystem owner, IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-
-        mEnabled = mConfig.getBoolean(
-                    IPolicyProcessor.PROP_ENABLE, false);
-        mCritical = mConfig.getBoolean(PROP_CRITICAL, DEF_CRITICAL);
-
-        mKeyIdType = mConfig.getString(PROP_KEYID_TYPE, DEF_KEYID_TYPE);
-
-        /*
-         mReqAttrName = mConfig.getString(PROP_REQATTR_NAME, DEF_REQATTR_NAME);
-         */
-
-        // parse key id type
-        if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SHA1))
-            mKeyIdType = KEYID_TYPE_SHA1;
-        else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_TYPEFIELD))
-            mKeyIdType = KEYID_TYPE_TYPEFIELD;
-
-        /*
-         else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_REQATTR)
-         mKeyIdType = KEYID_TYPE_REQATTR;
-         */
-        else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SPKISHA1))
-            mKeyIdType = KEYID_TYPE_SPKISHA1;
-        else {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("KRA_UNKNOWN_KEY_ID_TYPE", mKeyIdType));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                        PROP_KEYID_TYPE,
-                        "value must be one of " +
-                                KEYID_TYPE_SHA1 + ", " +
-                                KEYID_TYPE_TYPEFIELD + ", " +
-                                KEYID_TYPE_SPKISHA1));
-        }
-
-        // form instance params
-        mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
-        mInstanceParams.addElement(PROP_KEYID_TYPE + "=" + mKeyIdType);
-
-        /*
-         mInstanceParams.addElement(PROP_REQATTR_NAME+"="+mReqAttrName);
-         */
-    }
-
-    /**
-     * Adds Subject Key identifier Extension to a certificate.
-     * If the extension is already there, accept it.
-     *
-     * @param req The request on which to apply policy.
-     * @return The policy result object.
-     */
-    public PolicyResult apply(IRequest req) {
-        // get certInfo from request.
-        X509CertInfo[] ci =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED;
-        }
-
-        for (int i = 0; i < ci.length; i++) {
-            PolicyResult certRes = applyCert(req, ci[i]);
-
-            if (certRes == PolicyResult.REJECTED)
-                return certRes;
-        }
-        return PolicyResult.ACCEPTED;
-    }
-
-    public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
-
-        try {
-            // if subject key id extension already exists, leave it if approved.
-            SubjectKeyIdentifierExtension subjectKeyIdExt = null;
-            CertificateExtensions extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-
-            try {
-                if (extensions != null) {
-                    subjectKeyIdExt = (SubjectKeyIdentifierExtension)
-                            extensions.get(SubjectKeyIdentifierExtension.NAME);
-                }
-            } catch (IOException e) {
-                // extension isn't there.
-            }
-            if (subjectKeyIdExt != null) {
-                if (agentApproved(req)) {
-                    CMS.debug(
-                            "SubjectKeyIdentifierExt: agent approved request id " + req.getRequestId() +
-                                    " already has subject key id extension with value " +
-                                    subjectKeyIdExt);
-                    return PolicyResult.ACCEPTED;
-                } else {
-                    CMS.debug(
-                            "SubjectKeyIdentifierExt: request id from user " + req.getRequestId() +
-                                    " had subject key identifier - deleted to be replaced");
-                    extensions.delete(SubjectKeyIdentifierExtension.NAME);
-                }
-            }
-
-            // create subject key id extension.
-            KeyIdentifier keyId = null;
-
-            try {
-                keyId = formKeyIdentifier(certInfo, req);
-            } catch (EBaseException e) {
-                setPolicyException(req, e);
-                return PolicyResult.REJECTED;
-            }
-            subjectKeyIdExt =
-                    new SubjectKeyIdentifierExtension(
-                            mCritical, keyId.getIdentifier());
-
-            // add subject key id extension.
-            if (extensions == null) {
-                certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
-                extensions = new CertificateExtensions();
-                certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-            }
-            extensions.set(
-                    SubjectKeyIdentifierExtension.NAME, subjectKeyIdExt);
-            CMS.debug(
-                    "SubjectKeyIdentifierExt: added subject key id ext to request " + req.getRequestId());
-            return PolicyResult.ACCEPTED;
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR,NAME", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, e.getMessage());
-            return PolicyResult.REJECTED;
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, "Certificate Info Error");
-            return PolicyResult.REJECTED;
-        }
-    }
-
-    /**
-     * Form the Key Identifier in the Subject Key Identifier extension.
-     * <p>
-     *
-     * @param certInfo Certificate Info
-     * @param req request
-     * @return A Key Identifier.
-     */
-    protected KeyIdentifier formKeyIdentifier(
-            X509CertInfo certInfo, IRequest req) throws EBaseException {
-        KeyIdentifier keyId = null;
-
-        if (mKeyIdType == KEYID_TYPE_SHA1) {
-            keyId = formSHA1KeyId(certInfo);
-        } else if (mKeyIdType == KEYID_TYPE_TYPEFIELD) {
-            keyId = formTypeFieldKeyId(certInfo);
-        } /*
-          else if (mKeyIdType == KEYID_TYPE_REQATTR) {
-          keyId = formReqAttrKeyId(certInfo, req);
-          }
-          */else if (mKeyIdType == KEYID_TYPE_SPKISHA1) {
-            keyId = formSpkiSHA1KeyId(certInfo);
-        } else {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                        mKeyIdType, "Unknown Key Identifier type."));
-        }
-        return keyId;
-    }
-
-    /**
-     * Form key identifier from a type field value of 0100 followed by
-     * the least significate 60 bits of the sha-1 hash of the subject
-     * public key BIT STRING in accordance with RFC 2459.
-     * <p>
-     *
-     * @param certInfo - certificate info
-     * @return A Key Identifier with value formulatd as described.
-     */
-
-    protected KeyIdentifier formTypeFieldKeyId(X509CertInfo certInfo)
-            throws EBaseException {
-        KeyIdentifier keyId = null;
-        X509Key key = null;
-
-        try {
-            CertificateX509Key certKey =
-                    (CertificateX509Key) certInfo.get(X509CertInfo.KEY);
-
-            if (certKey == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", NAME));
-                throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_MISSING_KEY", NAME));
-            }
-            key = (X509Key) certKey.get(CertificateX509Key.KEY);
-            if (key == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", NAME));
-                throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_MISSING_KEY", NAME));
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT", e.toString()));
-            throw new EPolicyException(
-                    CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT", e.toString()));
-            throw new EPolicyException(
-                    CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
-        }
-        try {
-            byte[] octetString = new byte[8];
-            MessageDigest md = MessageDigest.getInstance("SHA-1");
-
-            md.update(key.getKey());
-            byte[] hash = md.digest();
-
-            System.arraycopy(hash, hash.length - 8, octetString, 0, 8);
-            octetString[0] &= (0x08f & octetString[0]);
-            keyId = new KeyIdentifier(octetString);
-        } catch (NoSuchAlgorithmException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
-            throw new EPolicyException(
-                    CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
-        }
-        return keyId;
-    }
-
-    /**
-     * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getInstanceParams() {
-        return mInstanceParams;
-    }
-
-    /**
-     * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs.
-     */
-    public Vector<String> getDefaultParams() {
-        return mDefaultParams;
-    }
-
-    /**
-     * Gets extended plugin info for pretty Console displays.
-     */
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_CRITICAL + ";boolean;RFC 2459 recommendation: MUST NOT be marked critical.",
-                PROP_KEYID_TYPE + ";" +
-                        "choice(" + KEYID_TYPE_SHA1 + "," +
-                        KEYID_TYPE_TYPEFIELD + "," +
-                        KEYID_TYPE_SPKISHA1 + ");" +
-                        "Method to derive the Key Identifier.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-policyrules-subjectkeyidentifier",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Adds the Subject Key Identifier extension. See RFC 2459 (4.2.1.2)"
-            };
-
-        return params;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/common/BasicProfile.java b/base/common/src/com/netscape/cms/profile/common/BasicProfile.java
deleted file mode 100644
index ea5108445..000000000
--- a/base/common/src/com/netscape/cms/profile/common/BasicProfile.java
+++ /dev/null
@@ -1,1213 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.common;
-
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.Map;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IPolicyConstraint;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileAuthenticator;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.profile.IProfileOutput;
-import com.netscape.certsrv.profile.IProfilePolicy;
-import com.netscape.certsrv.profile.IProfileSubsystem;
-import com.netscape.certsrv.profile.IProfileUpdater;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.registry.IPluginInfo;
-import com.netscape.certsrv.registry.IPluginRegistry;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestStatus;
-
-/**
- * This class implements a basic profile.
- *
- * @version $Revision$, $Date$
- */
-public abstract class BasicProfile implements IProfile {
-
-    public static final String PROP_ENABLE = "enable";
-    public static final String PROP_ENABLE_BY = "enableBy";
-    public static final String PROP_IS_RENEWAL = "renewal";
-    public static final String PROP_XML_OUTPUT = "xmlOutput";
-    public static final String PROP_VISIBLE = "visible";
-    public static final String PROP_INPUT_LIST = "list";
-    public static final String PROP_OUTPUT_LIST = "list";
-    public static final String PROP_UPDATER_LIST = "list";
-    public static final String PROP_POLICY_LIST = "list";
-    public static final String PROP_DEFAULT = "default";
-    public static final String PROP_CONSTRAINT = "constraint";
-    public static final String PROP_INPUT = "input";
-    public static final String PROP_OUTPUT = "output";
-    public static final String PROP_CLASS_ID = "class_id";
-    public static final String PROP_INSTANCE_ID = "instance_id";
-    public static final String PROP_PARAMS = "params";
-    public static final String PROP_NAME = "name";
-    public static final String PROP_DESC = "desc";
-    public static final String PROP_NO_DEFAULT = "noDefaultImpl";
-    public static final String PROP_NO_CONSTRAINT = "noConstraintImpl";
-    public static final String PROP_GENERIC_EXT_DEFAULT = "genericExtDefaultImpl";
-
-    protected IProfileSubsystem mOwner = null;
-    protected IConfigStore mConfig = null;
-    protected IPluginRegistry mRegistry = null;
-
-    protected Vector<String> mInputNames = new Vector<String>();
-    protected Hashtable<String, IProfileInput> mInputs = new Hashtable<String, IProfileInput>();
-    protected Vector<String> mInputIds = new Vector<String>();
-    protected Hashtable<String, IProfileOutput> mOutputs = new Hashtable<String, IProfileOutput>();
-    protected Vector<String> mOutputIds = new Vector<String>();
-    protected Hashtable<String, IProfileUpdater> mUpdaters = new Hashtable<String, IProfileUpdater>();
-    protected Vector<String> mUpdaterIds = new Vector<String>();
-    protected IProfileAuthenticator mAuthenticator = null;
-    protected String mAuthInstanceId = null;
-    protected String mId = null;
-    protected String mAuthzAcl = "";
-
-    protected Hashtable<String, Vector<IProfilePolicy>> mPolicySet = new Hashtable<String, Vector<IProfilePolicy>>();
-
-    protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
-
-    public BasicProfile() {
-    }
-
-    public boolean isEnable() {
-        try {
-            return mConfig.getBoolean(PROP_ENABLE, false);
-        } catch (EBaseException e) {
-            return false;
-        }
-    }
-
-    public String isRenewal() {
-        try {
-            return mConfig.getString(PROP_IS_RENEWAL, "false");
-        } catch (EBaseException e) {
-            return "false";
-        }
-    }
-
-    public void setRenewal(boolean renewal) {
-        mConfig.putBoolean(PROP_IS_RENEWAL, renewal);
-    }
-
-    public String isXmlOutput() {
-        try {
-            return mConfig.getString(PROP_XML_OUTPUT, "false");
-        } catch (EBaseException e) {
-            return "false";
-        }
-    }
-
-    public void setXMLOutput(boolean xmlOutput) {
-        mConfig.putBoolean(PROP_XML_OUTPUT, xmlOutput);
-    }
-
-    public String getApprovedBy() {
-        try {
-            return mConfig.getString(PROP_ENABLE_BY, "");
-        } catch (EBaseException e) {
-            return "";
-        }
-    }
-
-    public void setId(String id) {
-        mId = id;
-    }
-
-    public String getId() {
-        return mId;
-    }
-
-    public IProfileAuthenticator getAuthenticator() throws EProfileException {
-        try {
-            IAuthSubsystem authSub = (IAuthSubsystem)
-                    CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-            IProfileAuthenticator auth = (IProfileAuthenticator)
-                    authSub.get(mAuthInstanceId);
-
-            if (mAuthInstanceId != null && mAuthInstanceId.length() > 0
-                    && auth == null) {
-                throw new EProfileException("Cannot load " +
-                        mAuthInstanceId);
-            }
-            return auth;
-        } catch (Exception e) {
-            if (mAuthInstanceId != null) {
-                throw new EProfileException("Cannot load " +
-                        mAuthInstanceId);
-            }
-            return null;
-        }
-    }
-
-    public String getRequestorDN(IRequest request) {
-        return null;
-    }
-
-    public String getAuthenticatorId() {
-        return mAuthInstanceId;
-    }
-
-    public void setAuthenticatorId(String id) {
-        mAuthInstanceId = id;
-        mConfig.putString("auth." + PROP_INSTANCE_ID, id);
-    }
-
-    public void setAuthzAcl(String id) {
-        mAuthzAcl = id;
-        mConfig.putString("authz.acl", id);
-    }
-
-    public String getAuthzAcl() {
-        return mAuthzAcl;
-    }
-
-    /**
-     * Initializes this profile.
-     */
-    public void init(IProfileSubsystem owner, IConfigStore config)
-            throws EBaseException {
-        CMS.debug("BasicProfile: start init");
-        mOwner = owner;
-        mConfig = config;
-
-        mRegistry = (IPluginRegistry) CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY);
-
-        // Configure File Formats:
-        // visible
-        // auth.class_id=NoAuthImpl
-        // auth.params.x1=x1
-        // input.list=i1,i2,...
-        // input.i1.class=com.netscape.cms.profile.input.CertReqInput
-        // input.i1.params.x1=x1
-        // policy.list=p1,p2,...
-        // policy.p1.enable=true
-        // policy.p1.default.class=com.netscape.cms.profile.defaults.SubjectName
-        // policy.p1.default.params.x1=x1
-        // policy.p1.default.params.x2=x2
-        // policy.p1.constraint.class= ... .cms.profile.constraints.ValidityRange
-        // policy.p1.constraint.params.x1=x1
-        // policy.p1.constraint.params.x2=x2
-
-        // handle profile authentication plugins
-        try {
-            mAuthInstanceId = config.getString("auth." + PROP_INSTANCE_ID, null);
-            mAuthzAcl = config.getString("authz.acl", "");
-        } catch (EBaseException e) {
-            CMS.debug("BasicProfile: authentication class not found " +
-                    e.toString());
-        }
-
-        // handle profile input plugins
-        IConfigStore inputStore = config.getSubStore("input");
-        String input_list = inputStore.getString(PROP_INPUT_LIST, "");
-        StringTokenizer input_st = new StringTokenizer(input_list, ",");
-
-        while (input_st.hasMoreTokens()) {
-            String input_id = input_st.nextToken();
-            String inputClassId = inputStore.getString(input_id + "." +
-                    PROP_CLASS_ID);
-            IPluginInfo inputInfo = mRegistry.getPluginInfo("profileInput",
-                    inputClassId);
-            String inputClass = inputInfo.getClassName();
-
-            IProfileInput input = null;
-
-            try {
-                input = (IProfileInput)
-                        Class.forName(inputClass).newInstance();
-            } catch (Exception e) {
-                // throw Exception
-                CMS.debug("BasicProfile: input plugin Class.forName " +
-                        inputClass + " " + e.toString());
-                throw new EBaseException(e.toString());
-            }
-            IConfigStore inputConfig = inputStore.getSubStore(input_id);
-            input.init(this, inputConfig);
-            mInputs.put(input_id, input);
-            mInputIds.addElement(input_id);
-        }
-
-        // handle profile output plugins
-        IConfigStore outputStore = config.getSubStore("output");
-        String output_list = outputStore.getString(PROP_OUTPUT_LIST, "");
-        StringTokenizer output_st = new StringTokenizer(output_list, ",");
-
-        while (output_st.hasMoreTokens()) {
-            String output_id = output_st.nextToken();
-
-            String outputClassId = outputStore.getString(output_id + "." +
-                    PROP_CLASS_ID);
-            IPluginInfo outputInfo = mRegistry.getPluginInfo("profileOutput",
-                    outputClassId);
-            String outputClass = outputInfo.getClassName();
-
-            IProfileOutput output = null;
-
-            try {
-                output = (IProfileOutput)
-                        Class.forName(outputClass).newInstance();
-            } catch (Exception e) {
-                // throw Exception
-                CMS.debug("BasicProfile: output plugin Class.forName " +
-                        outputClass + " " + e.toString());
-                throw new EBaseException(e.toString());
-            }
-            IConfigStore outputConfig = outputStore.getSubStore(output_id);
-            output.init(this, outputConfig);
-            mOutputs.put(output_id, output);
-            mOutputIds.addElement(output_id);
-        }
-
-        // handle profile output plugins
-        IConfigStore updaterStore = config.getSubStore("updater");
-        String updater_list = updaterStore.getString(PROP_UPDATER_LIST, "");
-        StringTokenizer updater_st = new StringTokenizer(updater_list, ",");
-
-        while (updater_st.hasMoreTokens()) {
-            String updater_id = updater_st.nextToken();
-
-            String updaterClassId = updaterStore.getString(updater_id + "." +
-                    PROP_CLASS_ID);
-            IPluginInfo updaterInfo = mRegistry.getPluginInfo("profileUpdater",
-                     updaterClassId);
-            String updaterClass = updaterInfo.getClassName();
-
-            IProfileUpdater updater = null;
-
-            try {
-                updater = (IProfileUpdater)
-                        Class.forName(updaterClass).newInstance();
-            } catch (Exception e) {
-                // throw Exception
-                CMS.debug("BasicProfile: updater plugin Class.forName " +
-                        updaterClass + " " + e.toString());
-                throw new EBaseException(e.toString());
-            }
-            IConfigStore updaterConfig = updaterStore.getSubStore(updater_id);
-            updater.init(this, updaterConfig);
-            mUpdaters.put(updater_id, updater);
-            mUpdaterIds.addElement(updater_id);
-        }
-
-        // handle profile policy plugins
-        IConfigStore policySetStore = config.getSubStore("policyset");
-        String setlist = policySetStore.getString("list", "");
-        StringTokenizer st = new StringTokenizer(setlist, ",");
-
-        while (st.hasMoreTokens()) {
-            String setId = st.nextToken();
-
-            IConfigStore policyStore = policySetStore.getSubStore(setId);
-            String list = policyStore.getString(PROP_POLICY_LIST, "");
-            StringTokenizer st1 = new StringTokenizer(list, ",");
-
-            while (st1.hasMoreTokens()) {
-                String id = st1.nextToken();
-
-                String defaultRoot = id + "." + PROP_DEFAULT;
-                String defaultClassId = policyStore.getString(defaultRoot + "." +
-                        PROP_CLASS_ID);
-
-                String constraintRoot = id + "." + PROP_CONSTRAINT;
-                String constraintClassId =
-                        policyStore.getString(constraintRoot + "." + PROP_CLASS_ID);
-
-                createProfilePolicy(setId, id, defaultClassId,
-                        constraintClassId, false);
-            }
-        }
-        CMS.debug("BasicProfile: done init");
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    public Enumeration<String> getInputNames() {
-        return mInputNames.elements();
-    }
-
-    public Enumeration<String> getProfileUpdaterIds() {
-        return mUpdaterIds.elements(); // ordered list
-    }
-
-    public IProfileUpdater getProfileUpdater(String name) {
-        return mUpdaters.get(name);
-    }
-
-    public Enumeration<String> getProfileOutputIds() {
-        return mOutputIds.elements(); // ordered list
-    }
-
-    public IProfileOutput getProfileOutput(String name) {
-        return mOutputs.get(name);
-    }
-
-    public Enumeration<String> getProfileInputIds() {
-        return mInputIds.elements(); // ordered list
-    }
-
-    public IProfileInput getProfileInput(String name) {
-        return mInputs.get(name);
-    }
-
-    public void addInputName(String name) {
-        mInputNames.addElement(name);
-    }
-
-    public IDescriptor getInputDescriptor(String name) {
-        return null;
-    }
-
-    public String getInput(String name, Locale locale, IRequest request)
-            throws EProfileException {
-        return null;
-    }
-
-    public void setInput(String name, Locale locale, IRequest request,
-            String value) throws EProfileException {
-    }
-
-    public Enumeration<String> getProfilePolicySetIds() {
-        return mPolicySet.keys();
-    }
-
-    public void deleteProfilePolicy(String setId, String policyId)
-            throws EProfileException {
-        Vector<IProfilePolicy> policies = mPolicySet.get(setId);
-
-        if (policies == null) {
-            return;
-        }
-        try {
-            IConfigStore policySetSubStore = mConfig.getSubStore("policyset");
-            IConfigStore policySubStore = policySetSubStore.getSubStore(setId);
-
-            policySubStore.removeSubStore(policyId);
-            String list = policySubStore.getString(PROP_POLICY_LIST, null);
-            StringTokenizer st = new StringTokenizer(list, ",");
-            String newlist = "";
-            StringBuffer sb = new StringBuffer();
-
-            while (st.hasMoreTokens()) {
-                String e = st.nextToken();
-
-                if (!e.equals(policyId)) {
-                    sb.append(e);
-                    sb.append(",");
-                }
-            }
-            newlist = sb.toString();
-            if (!newlist.equals("")) {
-                newlist = newlist.substring(0, newlist.length() - 1);
-                policySubStore.putString(PROP_POLICY_LIST, newlist);
-            } else {
-                policySetSubStore.removeSubStore(setId);
-            }
-
-            int size = policies.size();
-
-            for (int i = 0; i < size; i++) {
-                IProfilePolicy policy = policies.elementAt(i);
-                String id = policy.getId();
-
-                if (id.equals(policyId)) {
-                    policies.removeElementAt(i);
-                    if (size == 1) {
-                        mPolicySet.remove(setId);
-                        String setlist = policySetSubStore.getString(PROP_POLICY_LIST, null);
-                        StringTokenizer st1 = new StringTokenizer(setlist, ",");
-                        String newlist1 = "";
-
-                        while (st1.hasMoreTokens()) {
-                            String e = st1.nextToken();
-
-                            if (!e.equals(setId))
-                                newlist1 = newlist1 + e + ",";
-                        }
-                        if (!newlist1.equals(""))
-                            newlist1 = newlist1.substring(0, newlist1.length() - 1);
-                        policySetSubStore.putString(PROP_POLICY_LIST, newlist1);
-                    }
-                    break;
-                }
-            }
-
-            mConfig.putString("lastModified",
-                    Long.toString(CMS.getCurrentDate().getTime()));
-            mConfig.commit(false);
-        } catch (Exception e) {
-        }
-
-    }
-
-    public void deleteAllProfilePolicies() throws EProfileException {
-        for (Map.Entry<String, Vector<IProfilePolicy>> entry : mPolicySet.entrySet()) {
-            String setId = entry.getKey();
-            Vector<IProfilePolicy> pList = new Vector<IProfilePolicy>(entry.getValue());
-            for (IProfilePolicy policy: pList) {
-                deleteProfilePolicy(setId, policy.getId());
-            }
-        }
-
-        mPolicySet.clear();
-    }
-
-    public void deleteProfileInput(String inputId) throws EProfileException {
-        try {
-            mConfig.removeSubStore("input." + inputId);
-            String list = mConfig.getString("input." + PROP_INPUT_LIST, null);
-            StringTokenizer st = new StringTokenizer(list, ",");
-            String newlist = "";
-            StringBuffer sb = new StringBuffer();
-
-            while (st.hasMoreTokens()) {
-                String e = st.nextToken();
-
-                if (!e.equals(inputId)) {
-                    sb.append(e);
-                    sb.append(",");
-                }
-            }
-            newlist = sb.toString();
-            if (!newlist.equals(""))
-                newlist = newlist.substring(0, newlist.length() - 1);
-
-            int size = mInputIds.size();
-
-            for (int i = 0; i < size; i++) {
-                String id = mInputIds.elementAt(i);
-
-                if (id.equals(inputId)) {
-                    mInputIds.removeElementAt(i);
-                    break;
-                }
-            }
-
-            mInputs.remove(inputId);
-            mConfig.putString("input." + PROP_INPUT_LIST, newlist);
-            mConfig.putString("lastModified",
-                    Long.toString(CMS.getCurrentDate().getTime()));
-            mConfig.commit(false);
-        } catch (Exception e) {
-        }
-    }
-
-    public void deleteAllProfileInputs() throws EProfileException {
-        // need to use a copy here because we are removing elements from the vector
-        Vector<String> inputs = new Vector<String>(mInputIds);
-        for (String id: inputs) {
-            deleteProfileInput(id);
-        }
-    }
-
-    public void deleteProfileOutput(String outputId) throws EProfileException {
-        try {
-            mConfig.removeSubStore("output." + outputId);
-            String list = mConfig.getString("output." + PROP_OUTPUT_LIST, null);
-            StringTokenizer st = new StringTokenizer(list, ",");
-            String newlist = "";
-            StringBuffer sb = new StringBuffer();
-
-            while (st.hasMoreTokens()) {
-                String e = st.nextToken();
-
-                if (!e.equals(outputId)) {
-                    sb.append(e);
-                    sb.append(",");
-                }
-            }
-            newlist = sb.toString();
-            if (!newlist.equals(""))
-                newlist = newlist.substring(0, newlist.length() - 1);
-
-            int size = mOutputIds.size();
-
-            for (int i = 0; i < size; i++) {
-                String id = mOutputIds.elementAt(i);
-
-                if (id.equals(outputId)) {
-                    mOutputIds.removeElementAt(i);
-                    break;
-                }
-            }
-
-            mOutputs.remove(outputId);
-            mConfig.putString("output." + PROP_OUTPUT_LIST, newlist);
-            mConfig.putString("lastModified",
-                    Long.toString(CMS.getCurrentDate().getTime()));
-            mConfig.commit(false);
-        } catch (Exception e) {
-        }
-    }
-
-    public void deleteAllProfileOutputs() throws EProfileException {
-     // need to use a copy here because we are removing elements from the vector
-        Vector<String> outputs = new Vector<String>(mOutputIds);
-        for (String id: outputs) {
-            deleteProfileOutput(id);
-        }
-    }
-
-    public IProfileOutput createProfileOutput(String id, String outputId,
-            NameValuePairs nvps)
-            throws EProfileException {
-        return createProfileOutput(id, outputId, nvps, true);
-    }
-
-    public IProfileOutput createProfileOutput(String id, String outputId,
-            NameValuePairs nvps, boolean createConfig)
-
-    throws EProfileException {
-        IConfigStore outputStore = mConfig.getSubStore("output");
-
-        IPluginInfo outputInfo = mRegistry.getPluginInfo("profileOutput",
-                outputId);
-
-        if (outputInfo == null) {
-            CMS.debug("Cannot find " + outputId);
-            throw new EProfileException("Cannot find " + outputId);
-        }
-        String outputClass = outputInfo.getClassName();
-
-        CMS.debug("BasicProfile: loading output class " + outputClass);
-        IProfileOutput output = null;
-
-        try {
-            output = (IProfileOutput)
-                    Class.forName(outputClass).newInstance();
-        } catch (Exception e) {
-            // throw Exception
-            CMS.debug(e.toString());
-        }
-        if (output == null) {
-            CMS.debug("BasicProfile: failed to create " + outputClass);
-        } else {
-            CMS.debug("BasicProfile: initing " + id + " output");
-
-            CMS.debug("BasicProfile: outputStore " + outputStore);
-            output.init(this, outputStore);
-
-            mOutputs.put(id, output);
-            mOutputIds.addElement(id);
-        }
-
-        if (createConfig) {
-            String list = null;
-
-            try {
-                list = outputStore.getString(PROP_OUTPUT_LIST, null);
-            } catch (EBaseException e) {
-            }
-            if (list == null || list.equals("")) {
-                outputStore.putString(PROP_OUTPUT_LIST, id);
-            } else {
-                StringTokenizer st1 = new StringTokenizer(list, ",");
-
-                while (st1.hasMoreTokens()) {
-                    String pid = st1.nextToken();
-
-                    if (pid.equals(id)) {
-                        throw new EProfileException("Duplicate output id: " + id);
-                    }
-                }
-                outputStore.putString(PROP_OUTPUT_LIST, list + "," + id);
-            }
-            String prefix = id + ".";
-
-            outputStore.putString(prefix + "name",
-                    outputInfo.getName(Locale.getDefault()));
-            outputStore.putString(prefix + "class_id", outputId);
-
-            for (String name : nvps.keySet()) {
-
-                outputStore.putString(prefix + "params." + name, nvps.get(name));
-                try {
-                    if (output != null) {
-                        output.setConfig(name, nvps.get(name));
-                    }
-                } catch (EBaseException e) {
-                    CMS.debug(e.toString());
-                }
-            }
-
-            try {
-                mConfig.putString("lastModified",
-                        Long.toString(CMS.getCurrentDate().getTime()));
-                mConfig.commit(false);
-            } catch (EBaseException e) {
-                CMS.debug(e.toString());
-            }
-        }
-
-        return output;
-    }
-
-    public IProfileInput createProfileInput(String id, String inputId,
-            NameValuePairs nvps)
-            throws EProfileException {
-        return createProfileInput(id, inputId, nvps, true);
-    }
-
-    public IProfileInput createProfileInput(String id, String inputId,
-            NameValuePairs nvps, boolean createConfig)
-            throws EProfileException {
-        IConfigStore inputStore = mConfig.getSubStore("input");
-
-        IPluginInfo inputInfo = mRegistry.getPluginInfo("profileInput",
-                inputId);
-
-        if (inputInfo == null) {
-            CMS.debug("Cannot find " + inputId);
-            throw new EProfileException("Cannot find " + inputId);
-        }
-        String inputClass = inputInfo.getClassName();
-
-        CMS.debug("BasicProfile: loading input class " + inputClass);
-        IProfileInput input = null;
-
-        try {
-            input = (IProfileInput)
-                    Class.forName(inputClass).newInstance();
-        } catch (Exception e) {
-            // throw Exception
-            CMS.debug(e.toString());
-        }
-        if (input == null) {
-            CMS.debug("BasicProfile: failed to create " + inputClass);
-        } else {
-            CMS.debug("BasicProfile: initing " + id + " input");
-
-            CMS.debug("BasicProfile: inputStore " + inputStore);
-            input.init(this, inputStore);
-
-            mInputs.put(id, input);
-            mInputIds.addElement(id);
-        }
-
-        if (createConfig) {
-            String list = null;
-
-            try {
-                list = inputStore.getString(PROP_INPUT_LIST, null);
-            } catch (EBaseException e) {
-            }
-            if (list == null || list.equals("")) {
-                inputStore.putString(PROP_INPUT_LIST, id);
-            } else {
-                StringTokenizer st1 = new StringTokenizer(list, ",");
-
-                while (st1.hasMoreTokens()) {
-                    String pid = st1.nextToken();
-
-                    if (pid.equals(id)) {
-                        throw new EProfileException("Duplicate input id: " + id);
-                    }
-                }
-                inputStore.putString(PROP_INPUT_LIST, list + "," + id);
-            }
-            String prefix = id + ".";
-
-            inputStore.putString(prefix + "name",
-                    inputInfo.getName(Locale.getDefault()));
-            inputStore.putString(prefix + "class_id", inputId);
-
-            for (String name : nvps.keySet()) {
-
-                inputStore.putString(prefix + "params." + name, nvps.get(name));
-                try {
-                    if (input != null) {
-                        input.setConfig(name, nvps.get(name));
-                    }
-                } catch (EBaseException e) {
-                    CMS.debug(e.toString());
-                }
-            }
-
-            try {
-                mConfig.putString("lastModified",
-                        Long.toString(CMS.getCurrentDate().getTime()));
-                mConfig.commit(false);
-            } catch (EBaseException e) {
-                CMS.debug(e.toString());
-            }
-        }
-
-        return input;
-    }
-
-    /**
-     * Creates a profile policy
-     */
-    public IProfilePolicy createProfilePolicy(String setId, String id,
-            String defaultClassId, String constraintClassId)
-            throws EProfileException {
-        return createProfilePolicy(setId, id, defaultClassId,
-                constraintClassId, true);
-    }
-
-    public IProfilePolicy createProfilePolicy(String setId, String id,
-            String defaultClassId, String constraintClassId,
-            boolean createConfig)
-            throws EProfileException {
-
-        // String setId ex: policyset.set1
-        // String id    Id of policy : examples: p1,p2,p3
-        // String defaultClassId : id of the default plugin ex: validityDefaultImpl
-        // String constraintClassId : if of the constraint plugin ex: basicConstraintsExtConstraintImpl
-        // boolean createConfig : true : being called from the console. false: being called from server startup code
-
-        Vector<IProfilePolicy> policies = mPolicySet.get(setId);
-
-        IConfigStore policyStore = mConfig.getSubStore("policyset." + setId);
-        if (policies == null) {
-            policies = new Vector<IProfilePolicy>();
-            mPolicySet.put(setId, policies);
-            if (createConfig) {
-                // re-create policyset.list
-                StringBuffer setlist = new StringBuffer();
-                Enumeration<String> keys = mPolicySet.keys();
-
-                while (keys.hasMoreElements()) {
-                    String k = keys.nextElement();
-
-                    if (!(setlist.toString()).equals("")) {
-                        setlist.append(",");
-                    }
-                    setlist.append(k);
-                }
-                mConfig.putString("policyset.list", setlist.toString());
-            }
-        } else {
-            String ids = null;
-
-            try {
-                ids = policyStore.getString(PROP_POLICY_LIST, "");
-            } catch (Exception ee) {
-            }
-
-            if (ids == null) {
-                CMS.debug("BasicProfile::createProfilePolicy() - ids is null!");
-                return null;
-            }
-
-            StringTokenizer st1 = new StringTokenizer(ids, ",");
-            int appearances = 0;
-            int appearancesTooMany = 0;
-            if (createConfig)
-                appearancesTooMany = 1;
-            else
-                appearancesTooMany = 2;
-
-            while (st1.hasMoreTokens()) {
-                String pid = st1.nextToken();
-                if (pid.equals(id)) {
-                    appearances++;
-                    if (appearances >= appearancesTooMany) {
-                        CMS.debug("WARNING detected duplicate policy id:   " + id + " Profile: " + mId);
-                        if (createConfig) {
-                            throw new EProfileException("Duplicate policy id: " + id);
-                        }
-                    }
-                }
-            }
-        }
-
-        // Now make sure we aren't trying to add a policy that already exists
-        IConfigStore policySetStore = mConfig.getSubStore("policyset");
-        String setlist = null;
-        try {
-            setlist = policySetStore.getString("list", "");
-        } catch (Exception e) {
-        }
-        StringTokenizer st = new StringTokenizer(setlist, ",");
-
-        int matches = 0;
-        while (st.hasMoreTokens()) {
-            String sId = st.nextToken();
-
-            //Only search the setId set. Ex: encryptionCertSet
-            if (!sId.equals(setId)) {
-                continue;
-            }
-            IConfigStore pStore = policySetStore.getSubStore(sId);
-
-            String list = null;
-            try {
-                list = pStore.getString(PROP_POLICY_LIST, "");
-            } catch (Exception e) {
-                CMS.debug("WARNING, can't get policy id list!");
-            }
-
-            StringTokenizer st1 = new StringTokenizer(list, ",");
-
-            while (st1.hasMoreTokens()) {
-                String curId = st1.nextToken();
-
-                String defaultRoot = curId + "." + PROP_DEFAULT;
-                String curDefaultClassId = null;
-                try {
-                    curDefaultClassId = pStore.getString(defaultRoot + "." +
-                            PROP_CLASS_ID);
-                } catch (Exception e) {
-                    CMS.debug("WARNING, can't get default plugin id!");
-                }
-
-                //Disallow duplicate defaults  with the following exceptions:
-                // noDefaultImpl, genericExtDefaultImpl
-
-                if ((curDefaultClassId.equals(defaultClassId) &&
-                        !curDefaultClassId.equals(PROP_NO_DEFAULT) &&
-                        !curDefaultClassId.equals(PROP_GENERIC_EXT_DEFAULT))) {
-
-                    matches++;
-                    if (createConfig) {
-                        if (matches == 1) {
-                            CMS.debug("WARNING attempt to add duplicate Policy "
-                                    + defaultClassId + ":" + constraintClassId +
-                                    " Contact System Administrator.");
-                            throw new EProfileException("Attempt to add duplicate Policy : "
-                                    + defaultClassId + ":" + constraintClassId);
-                        }
-                    } else {
-                        if (matches > 1) {
-                            CMS.debug("WARNING attempt to add duplicate Policy "
-                                    + defaultClassId + ":" + constraintClassId +
-                                    " Contact System Administrator.");
-                        }
-                    }
-                }
-            }
-        }
-
-        String defaultRoot = id + "." + PROP_DEFAULT;
-        String constraintRoot = id + "." + PROP_CONSTRAINT;
-        IPluginInfo defInfo = mRegistry.getPluginInfo("defaultPolicy",
-                defaultClassId);
-
-        if (defInfo == null) {
-            CMS.debug("BasicProfile: Cannot find " + defaultClassId);
-            throw new EProfileException("Cannot find " + defaultClassId);
-        }
-        String defaultClass = defInfo.getClassName();
-
-        CMS.debug("BasicProfile: loading default class " + defaultClass);
-        IPolicyDefault def = null;
-
-        try {
-            def = (IPolicyDefault)
-                    Class.forName(defaultClass).newInstance();
-        } catch (Exception e) {
-            // throw Exception
-            CMS.debug("BasicProfile: default policy " +
-                    defaultClass + " " + e.toString());
-        }
-        if (def == null) {
-            CMS.debug("BasicProfile: failed to create " + defaultClass);
-        } else {
-            IConfigStore defStore = null;
-
-            defStore = policyStore.getSubStore(defaultRoot);
-            def.init(this, defStore);
-        }
-
-        IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy",
-                constraintClassId);
-        String constraintClass = conInfo.getClassName();
-        IPolicyConstraint constraint = null;
-
-        try {
-            constraint = (IPolicyConstraint)
-                    Class.forName(constraintClass).newInstance();
-        } catch (Exception e) {
-            // throw Exception
-            CMS.debug("BasicProfile: constraint policy " +
-                    constraintClass + " " + e.toString());
-        }
-        ProfilePolicy policy = null;
-        if (constraint == null) {
-            CMS.debug("BasicProfile: failed to create " + constraintClass);
-        } else {
-            IConfigStore conStore = null;
-
-            conStore = policyStore.getSubStore(constraintRoot);
-            constraint.init(this, conStore);
-            policy = new ProfilePolicy(id, def, constraint);
-            policies.addElement(policy);
-        }
-
-        if (createConfig) {
-            String list = null;
-
-            try {
-                list = policyStore.getString(PROP_POLICY_LIST, null);
-            } catch (EBaseException e) {
-            }
-            if (list == null || list.equals("")) {
-                policyStore.putString(PROP_POLICY_LIST, id);
-            } else {
-                policyStore.putString(PROP_POLICY_LIST, list + "," + id);
-            }
-            policyStore.putString(id + ".default.name",
-                    defInfo.getName(Locale.getDefault()));
-            policyStore.putString(id + ".default.class_id",
-                    defaultClassId);
-            policyStore.putString(id + ".constraint.name",
-                    conInfo.getName(Locale.getDefault()));
-            policyStore.putString(id + ".constraint.class_id",
-                    constraintClassId);
-            try {
-                mConfig.putString("lastModified",
-                        Long.toString(CMS.getCurrentDate().getTime()));
-                policyStore.commit(false);
-            } catch (EBaseException e) {
-                CMS.debug("BasicProfile: commiting config store " +
-                        e.toString());
-            }
-        }
-
-        return policy;
-    }
-
-    public IProfilePolicy getProfilePolicy(String setId, String id) {
-        Vector<IProfilePolicy> policies = mPolicySet.get(setId);
-
-        if (policies == null)
-            return null;
-
-        for (int i = 0; i < policies.size(); i++) {
-            IProfilePolicy policy = policies.elementAt(i);
-
-            if (policy.getId().equals(id)) {
-                return policy;
-            }
-        }
-        return null;
-    }
-
-    public boolean isVisible() {
-        try {
-            return mConfig.getBoolean(PROP_VISIBLE, false);
-        } catch (EBaseException e) {
-            return false;
-        }
-    }
-
-    public void setVisible(boolean v) {
-        mConfig.putBoolean(PROP_VISIBLE, v);
-    }
-
-    /**
-     * Returns the profile name.
-     */
-    public String getName(Locale locale) {
-        try {
-            return mConfig.getString(PROP_NAME, "");
-        } catch (EBaseException e) {
-            return "";
-        }
-    }
-
-    public void setName(Locale locale, String name) {
-        mConfig.putString(PROP_NAME, name);
-    }
-
-    public abstract IProfileContext createContext();
-
-    /**
-     * Creates request.
-     */
-    public abstract IRequest[] createRequests(IProfileContext ctx, Locale locale)
-            throws EProfileException;
-
-    /**
-     * Returns the profile description.
-     */
-    public String getDescription(Locale locale) {
-        try {
-            return mConfig.getString(PROP_DESC, "");
-        } catch (EBaseException e) {
-            return "";
-        }
-    }
-
-    public void setDescription(Locale locale, String desc) {
-        mConfig.putString(PROP_DESC, desc);
-    }
-
-    public void populateInput(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-        Enumeration<String> ids = getProfileInputIds();
-
-        while (ids.hasMoreElements()) {
-            String id = ids.nextElement();
-            IProfileInput input = getProfileInput(id);
-
-            input.populate(ctx, request);
-        }
-    }
-
-    public Vector<IProfilePolicy> getPolicies(String setId) {
-        Vector<IProfilePolicy> policies = mPolicySet.get(setId);
-
-        return policies;
-    }
-
-    /**
-     * Passes the request to the set of default policies that
-     * populate the profile information against the profile.
-     */
-    public void populate(IRequest request)
-            throws EProfileException {
-        String setId = getPolicySetId(request);
-        Vector<IProfilePolicy> policies = getPolicies(setId);
-        CMS.debug("BasicProfile: populate() policy setid =" + setId);
-
-        for (int i = 0; i < policies.size(); i++) {
-            IProfilePolicy policy = policies.elementAt(i);
-
-            policy.getDefault().populate(request);
-        }
-    }
-
-    /**
-     * Passes the request to the set of constraint policies
-     * that validate the request against the profile.
-     */
-    public void validate(IRequest request)
-            throws ERejectException {
-        String setId = getPolicySetId(request);
-        CMS.debug("BasicProfile: validate start on setId=" + setId);
-        Vector<IProfilePolicy> policies = getPolicies(setId);
-
-        for (int i = 0; i < policies.size(); i++) {
-            IProfilePolicy policy = policies.elementAt(i);
-
-            policy.getConstraint().validate(request);
-        }
-        CMS.debug("BasicProfile: change to pending state");
-        request.setRequestStatus(RequestStatus.PENDING);
-        CMS.debug("BasicProfile: validate end");
-    }
-
-    public Enumeration<IProfilePolicy> getProfilePolicies(String setId) {
-        Vector<IProfilePolicy> policies = mPolicySet.get(setId);
-
-        if (policies == null)
-            return null;
-        return policies.elements();
-    }
-
-    public Enumeration<String> getProfilePolicyIds(String setId) {
-        Vector<IProfilePolicy> policies = mPolicySet.get(setId);
-
-        if (policies == null)
-            return null;
-
-        Vector<String> v = new Vector<String>();
-
-        for (int i = 0; i < policies.size(); i++) {
-            IProfilePolicy policy = policies.elementAt(i);
-
-            v.addElement(policy.getId());
-        }
-        return v.elements();
-    }
-
-    public void execute(IRequest request)
-            throws EProfileException {
-    }
-
-    /**
-     * Signed Audit Log
-     *
-     * This method is inherited by all extended "BasicProfile"s,
-     * and is called to store messages to the signed audit log.
-     * <P>
-     *
-     * @param msg signed audit log message
-     */
-    protected void audit(String msg) {
-        // in this case, do NOT strip preceding/trailing whitespace
-        // from passed-in String parameters
-
-        if (mSignedAuditLogger == null) {
-            return;
-        }
-
-        mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-                null,
-                ILogger.S_SIGNED_AUDIT,
-                ILogger.LL_SECURITY,
-                msg);
-    }
-
-    /**
-     * Signed Audit Log Subject ID
-     *
-     * This method is inherited by all extended "BasicProfile"s,
-     * and is called to obtain the "SubjectID" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @return id string containing the signed audit log message SubjectID
-     */
-    protected String auditSubjectID() {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        String subjectID = null;
-
-        // Initialize subjectID
-        SessionContext auditContext = SessionContext.getExistingContext();
-
-        if (auditContext != null) {
-            subjectID = (String)
-                    auditContext.get(SessionContext.USER_ID);
-
-            if (subjectID != null) {
-                subjectID = subjectID.trim();
-            } else {
-                subjectID = ILogger.NONROLEUSER;
-            }
-        } else {
-            subjectID = ILogger.UNIDENTIFIED;
-        }
-
-        return subjectID;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java b/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java
deleted file mode 100644
index 1ae2f0853..000000000
--- a/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java
+++ /dev/null
@@ -1,107 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.common;
-
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfileEx;
-import com.netscape.certsrv.profile.IProfilePolicy;
-
-/**
- * This class implements a Certificate Manager enrollment
- * profile for CA Certificates.
- *
- * @version $Revision$, $Date$
- */
-public class CACertCAEnrollProfile extends CAEnrollProfile
-        implements IProfileEx {
-
-    /**
-     * Called after initialization. It populates default
-     * policies, inputs, and outputs.
-     */
-    public void populate() throws EBaseException {
-        // create inputs
-        NameValuePairs inputParams1 = new NameValuePairs();
-        createProfileInput("i1", "certReqInputImpl", inputParams1);
-        NameValuePairs inputParams2 = new NameValuePairs();
-        createProfileInput("i2", "submitterInfoInputImpl", inputParams2);
-
-        // create outputs
-        NameValuePairs outputParams1 = new NameValuePairs();
-        createProfileOutput("o1", "certOutputImpl", outputParams1);
-
-        // create policies
-        createProfilePolicy("set1", "p1",
-                        "userSubjectNameDefaultImpl", "noConstraintImpl");
-
-        IProfilePolicy policy2 =
-                createProfilePolicy("set1", "p2",
-                        "validityDefaultImpl", "noConstraintImpl");
-        IPolicyDefault def2 = policy2.getDefault();
-        IConfigStore defConfig2 = def2.getConfigStore();
-        defConfig2.putString("params.range", "180");
-        defConfig2.putString("params.startTime", "0");
-
-        IProfilePolicy policy3 =
-                createProfilePolicy("set1", "p3",
-                        "userKeyDefaultImpl", "noConstraintImpl");
-        IPolicyDefault def3 = policy3.getDefault();
-        IConfigStore defConfig3 = def3.getConfigStore();
-        defConfig3.putString("params.keyType", "RSA");
-        defConfig3.putString("params.keyMinLength", "512");
-        defConfig3.putString("params.keyMaxLength", "4096");
-
-        IProfilePolicy policy4 =
-                createProfilePolicy("set1", "p4",
-                        "signingAlgDefaultImpl", "noConstraintImpl");
-        IPolicyDefault def4 = policy4.getDefault();
-        IConfigStore defConfig4 = def4.getConfigStore();
-        defConfig4.putString("params.signingAlg", "-");
-        defConfig4.putString("params.signingAlgsAllowed",
-                "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC");
-
-        // extensions
-        IProfilePolicy policy5 =
-                createProfilePolicy("set1", "p5",
-                        "keyUsageExtDefaultImpl", "noConstraintImpl");
-        IPolicyDefault def5 = policy5.getDefault();
-        IConfigStore defConfig5 = def5.getConfigStore();
-        defConfig5.putString("params.keyUsageCritical", "true");
-        defConfig5.putString("params.keyUsageCrlSign", "true");
-        defConfig5.putString("params.keyUsageDataEncipherment", "false");
-        defConfig5.putString("params.keyUsageDecipherOnly", "false");
-        defConfig5.putString("params.keyUsageDigitalSignature", "true");
-        defConfig5.putString("params.keyUsageEncipherOnly", "false");
-        defConfig5.putString("params.keyUsageKeyAgreement", "false");
-        defConfig5.putString("params.keyUsageKeyCertSign", "true");
-        defConfig5.putString("params.keyUsageKeyEncipherment", "false");
-        defConfig5.putString("params.keyUsageNonRepudiation", "true");
-
-        IProfilePolicy policy6 =
-                createProfilePolicy("set1", "p6",
-                        "basicConstraintsExtDefaultImpl", "noConstraintImpl");
-        IPolicyDefault def6 = policy6.getDefault();
-        IConfigStore defConfig6 = def6.getConfigStore();
-        defConfig6.putString("params.basicConstraintsPathLen", "-1");
-        defConfig6.putString("params.basicConstraintsIsCA", "true");
-        defConfig6.putString("params.basicConstraintsPathLen", "-1");
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java b/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java
deleted file mode 100644
index d0bfdb8a6..000000000
--- a/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java
+++ /dev/null
@@ -1,243 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.common;
-
-import java.util.Enumeration;
-
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import org.mozilla.jss.pkix.crmf.PKIArchiveOptions;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.ca.ICAService;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.connector.IConnector;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IProfileUpdater;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestStatus;
-
-/**
- * This class implements a Certificate Manager enrollment
- * profile.
- *
- * @version $Revision$, $Date$
- */
-public class CAEnrollProfile extends EnrollProfile {
-
-    private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST =
-            "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4";
-
-    public CAEnrollProfile() {
-        super();
-    }
-
-    public IAuthority getAuthority() {
-        IAuthority authority = (IAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-
-        if (authority == null)
-            return null;
-        return authority;
-    }
-
-    public X500Name getIssuerName() {
-        ICertificateAuthority ca = (ICertificateAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-        X500Name issuerName = ca.getX500Name();
-
-        return issuerName;
-    }
-
-    public void execute(IRequest request)
-            throws EProfileException {
-
-        long startTime = CMS.getCurrentDate().getTime();
-
-        if (!isEnable()) {
-            CMS.debug("CAEnrollProfile: Profile Not Enabled");
-            throw new EProfileException("Profile Not Enabled");
-        }
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditRequesterID = auditRequesterID(request);
-        String auditArchiveID = ILogger.UNIDENTIFIED;
-
-        String id = request.getRequestId().toString();
-        if (id != null) {
-            auditArchiveID = id.trim();
-        }
-
-        CMS.debug("CAEnrollProfile: execute reqId=" +
-                request.getRequestId().toString());
-        ICertificateAuthority ca = (ICertificateAuthority) getAuthority();
-        ICAService caService = (ICAService) ca.getCAService();
-
-        if (caService == null) {
-            throw new EProfileException("No CA Service");
-        }
-
-        // if PKI Archive Option present, send this request
-        // to DRM
-        byte optionsData[] = request.getExtDataInByteArray(REQUEST_ARCHIVE_OPTIONS);
-        // do not archive keys for renewal requests
-        if ((optionsData != null) && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) {
-            PKIArchiveOptions options = toPKIArchiveOptions(optionsData);
-
-            if (options != null) {
-                CMS.debug("CAEnrollProfile: execute found " +
-                        "PKIArchiveOptions");
-                try {
-                    IConnector kraConnector = caService.getKRAConnector();
-
-                    if (kraConnector == null) {
-                        CMS.debug("CAEnrollProfile: KRA connector " +
-                                "not configured");
-
-                        auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditArchiveID);
-
-                        audit(auditMessage);
-
-                    } else {
-                        CMS.debug("CAEnrollProfile: execute send request");
-                        kraConnector.send(request);
-
-                        // check response
-                        if (!request.isSuccess()) {
-                            auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditRequesterID,
-                                    auditArchiveID);
-
-                            audit(auditMessage);
-                            if (request.getError(getLocale(request)) != null &&
-                                (request.getError(getLocale(request))).equals(CMS.getUserMessage("CMS_KRA_INVALID_TRANSPORT_CERT"))) {
-                                CMS.debug("CAEnrollProfile: execute set request status: REJECTED");
-                                request.setRequestStatus(RequestStatus.REJECTED);
-                                ca.getRequestQueue().updateRequest(request);
-                            }
-                            throw new ERejectException(
-                                    request.getError(getLocale(request)));
-                        }
-
-                        auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
-                                auditSubjectID,
-                                ILogger.SUCCESS,
-                                auditRequesterID,
-                                auditArchiveID);
-
-                        audit(auditMessage);
-                    }
-                } catch (Exception e) {
-
-                    if (e instanceof ERejectException) {
-                        throw (ERejectException) e;
-                    }
-                    CMS.debug("CAEnrollProfile: " + e.toString());
-                    CMS.debug(e);
-
-                    auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRequesterID,
-                            auditArchiveID);
-
-                    audit(auditMessage);
-                    throw new EProfileException(e.toString());
-                }
-            }
-        }
-        // process certificate issuance
-        X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO);
-        X509CertImpl theCert = null;
-        // #615460 - added audit log (transaction)
-        SessionContext sc = SessionContext.getExistingContext();
-        sc.put("profileId", getId());
-        String setId = request.getExtDataInString("profileSetId");
-        if (setId != null) {
-            sc.put("profileSetId", setId);
-        }
-        try {
-            theCert = caService.issueX509Cert(info, getId() /* profileId */,
-                    id /* requestId */);
-        } catch (EBaseException e) {
-            CMS.debug(e.toString());
-
-            throw new EProfileException(e.toString());
-        }
-        request.setExtData(REQUEST_ISSUED_CERT, theCert);
-
-        long endTime = CMS.getCurrentDate().getTime();
-
-        String initiative = AuditFormat.FROMAGENT
-                          + " userID: "
-                          + (String) sc.get(SessionContext.USER_ID);
-        String authMgr = (String) sc.get(SessionContext.AUTH_MANAGER_ID);
-
-        ILogger logger = CMS.getLogger();
-        if (logger != null) {
-            logger.log(ILogger.EV_AUDIT,
-                        ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.FORMAT,
-                        new Object[] {
-                                request.getRequestType(),
-                                request.getRequestId(),
-                                initiative,
-                                authMgr,
-                                "completed",
-                                theCert.getSubjectDN(),
-                                "cert issued serial number: 0x" +
-                                        theCert.getSerialNumber().toString(16) +
-                                        " time: " + (endTime - startTime) }
-                    );
-        }
-
-        request.setRequestStatus(RequestStatus.COMPLETE);
-        // notifies updater plugins
-        Enumeration<String> updaterIds = getProfileUpdaterIds();
-        while (updaterIds.hasMoreElements()) {
-            String updaterId = updaterIds.nextElement();
-            IProfileUpdater updater = getProfileUpdater(updaterId);
-            updater.update(request, RequestStatus.COMPLETE);
-        }
-
-        // set value for predicate value - checking in getRule
-        if (CMS.isEncryptionCert(theCert))
-            request.setExtData("isEncryptionCert", "true");
-        else
-            request.setExtData("isEncryptionCert", "false");
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java b/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java
deleted file mode 100644
index ca665baf1..000000000
--- a/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java
+++ /dev/null
@@ -1,1506 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.common;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.InvalidKeyException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-
-import netscape.security.pkcs.PKCS10;
-import netscape.security.pkcs.PKCS10Attribute;
-import netscape.security.pkcs.PKCS10Attributes;
-import netscape.security.pkcs.PKCS9Attribute;
-import netscape.security.util.DerInputStream;
-import netscape.security.util.DerOutputStream;
-import netscape.security.util.DerValue;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.CertificateAlgorithmId;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateIssuerName;
-import netscape.security.x509.CertificateSerialNumber;
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.Extension;
-import netscape.security.x509.Extensions;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.asn1.ASN1Util;
-import org.mozilla.jss.asn1.ASN1Value;
-import org.mozilla.jss.asn1.INTEGER;
-import org.mozilla.jss.asn1.InvalidBERException;
-import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
-import org.mozilla.jss.asn1.OCTET_STRING;
-import org.mozilla.jss.asn1.SEQUENCE;
-import org.mozilla.jss.asn1.SET;
-import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.pkcs10.CertificationRequest;
-import org.mozilla.jss.pkcs10.CertificationRequestInfo;
-import org.mozilla.jss.pkix.cmc.LraPopWitness;
-import org.mozilla.jss.pkix.cmc.OtherMsg;
-import org.mozilla.jss.pkix.cmc.PKIData;
-import org.mozilla.jss.pkix.cmc.TaggedAttribute;
-import org.mozilla.jss.pkix.cmc.TaggedCertificationRequest;
-import org.mozilla.jss.pkix.cmc.TaggedRequest;
-import org.mozilla.jss.pkix.crmf.CertReqMsg;
-import org.mozilla.jss.pkix.crmf.CertRequest;
-import org.mozilla.jss.pkix.crmf.CertTemplate;
-import org.mozilla.jss.pkix.crmf.PKIArchiveOptions;
-import org.mozilla.jss.pkix.crmf.ProofOfPossession;
-import org.mozilla.jss.pkix.primitive.AVA;
-import org.mozilla.jss.pkix.primitive.Attribute;
-import org.mozilla.jss.pkix.primitive.Name;
-import org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authentication.ISharedToken;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.EDeferException;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.cmsutil.util.HMACDigest;
-
-/**
- * This class implements a generic enrollment profile.
- *
- * @version $Revision$, $Date$
- */
-public abstract class EnrollProfile extends BasicProfile
-        implements IEnrollProfile {
-
-    private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST =
-            "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5";
-    private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION =
-            "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
-
-    private PKIData mCMCData;
-
-    public EnrollProfile() {
-        super();
-    }
-
-    public abstract IAuthority getAuthority();
-
-    public IRequestQueue getRequestQueue() {
-        IAuthority authority = getAuthority();
-
-        return authority.getRequestQueue();
-    }
-
-    public IProfileContext createContext() {
-        return new EnrollProfileContext();
-    }
-
-    /**
-     * Creates request.
-     */
-    public IRequest[] createRequests(IProfileContext context, Locale locale)
-            throws EProfileException {
-        EnrollProfileContext ctx = (EnrollProfileContext) context;
-
-        // determine how many requests should be created
-        String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE);
-        String cert_request = ctx.get(CTX_CERT_REQUEST);
-        String is_renewal = ctx.get(CTX_RENEWAL);
-        Integer renewal_seq_num = 0;
-
-        /* cert_request_type can be null for the case of CMC */
-        if (cert_request_type == null) {
-            CMS.debug("EnrollProfile: request type is null");
-        }
-
-        int num_requests = 1; // default to 1 request
-
-        if (cert_request_type != null && cert_request_type.startsWith("pkcs10")) {
-            // catch for invalid request
-            parsePKCS10(locale, cert_request);
-        }
-        if (cert_request_type != null && cert_request_type.startsWith("crmf")) {
-            CertReqMsg msgs[] = parseCRMF(locale, cert_request);
-
-            num_requests = msgs.length;
-        }
-        if (cert_request_type != null && cert_request_type.startsWith("cmc")) {
-            // catch for invalid request
-            TaggedRequest[] msgs = parseCMC(locale, cert_request);
-            if (msgs == null)
-                return null;
-            else
-                num_requests = msgs.length;
-        }
-
-        // only 1 request for renewal
-        if ((is_renewal != null) && (is_renewal.equals("true"))) {
-            num_requests = 1;
-            String renewal_seq_num_str = ctx.get(CTX_RENEWAL_SEQ_NUM);
-            if (renewal_seq_num_str != null) {
-                renewal_seq_num = Integer.parseInt(renewal_seq_num_str);
-            } else {
-                renewal_seq_num = 0;
-            }
-        }
-
-        // populate requests with appropriate content
-        IRequest result[] = new IRequest[num_requests];
-
-        for (int i = 0; i < num_requests; i++) {
-            result[i] = createEnrollmentRequest();
-            if ((is_renewal != null) && (is_renewal.equals("true"))) {
-                result[i].setExtData(REQUEST_SEQ_NUM, renewal_seq_num);
-            } else {
-                result[i].setExtData(REQUEST_SEQ_NUM, Integer.valueOf(i));
-            }
-            if (locale != null) {
-                result[i].setExtData(REQUEST_LOCALE, locale.getLanguage());
-            }
-        }
-        return result;
-    }
-
-    public abstract X500Name getIssuerName();
-
-    public void setDefaultCertInfo(IRequest req) throws EProfileException {
-        // create an empty certificate template so that
-        // default plugins that store stuff
-        X509CertInfo info = new X509CertInfo();
-
-        // retrieve issuer name
-        X500Name issuerName = getIssuerName();
-
-        byte[] dummykey = new byte[] {
-                48, 92, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5,
-                0, 3, 75, 0, 48, 72, 2, 65, 0, -65, 121, -119, -59, 105, 66,
-                -122, -78, -30, -64, 63, -47, 44, -48, -104, 103, -47, -108,
-                42, -38, 46, -8, 32, 49, -29, -26, -112, -29, -86, 71, 24,
-                -104, 78, -31, -75, -128, 90, -92, -34, -51, -125, -13, 80, 101,
-                -78, 39, -119, -38, 117, 28, 67, -19, -71, -124, -85, 105, -53,
-                -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1 };
-        // default values into x509 certinfo. This thing is
-        // not serializable by default
-        try {
-            info.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
-            info.set(X509CertInfo.SERIAL_NUMBER,
-                    new CertificateSerialNumber(new BigInteger("0")));
-            info.set(X509CertInfo.ISSUER,
-                    new CertificateIssuerName(issuerName));
-            info.set(X509CertInfo.KEY,
-                    new CertificateX509Key(X509Key.parse(new DerValue(dummykey))));
-            info.set(X509CertInfo.SUBJECT,
-                    new CertificateSubjectName(issuerName));
-            info.set(X509CertInfo.VALIDITY,
-                    new CertificateValidity(new Date(), new Date()));
-            info.set(X509CertInfo.ALGORITHM_ID,
-                    new CertificateAlgorithmId(AlgorithmId.get("MD5withRSA")));
-
-            // add default extension container
-            info.set(X509CertInfo.EXTENSIONS,
-                    new CertificateExtensions());
-        } catch (Exception e) {
-            // throw exception - add key to template
-            CMS.debug("EnrollProfile: Building X509CertInfo - " + e.toString());
-            throw new EProfileException(e.toString());
-        }
-        req.setExtData(REQUEST_CERTINFO, info);
-    }
-
-    public IRequest createEnrollmentRequest()
-            throws EProfileException {
-        IRequest req = null;
-
-        try {
-            req = getRequestQueue().newRequest("enrollment");
-
-            setDefaultCertInfo(req);
-
-            // put the certificate info into request
-            req.setExtData(REQUEST_EXTENSIONS,
-                    new CertificateExtensions());
-
-            CMS.debug("EnrollProfile: createRequest " +
-                    req.getRequestId().toString());
-        } catch (EBaseException e) {
-            // raise exception
-            CMS.debug("EnrollProfile: create new enroll request " +
-                    e.toString());
-        }
-
-        return req;
-    }
-
-    public abstract void execute(IRequest request)
-            throws EProfileException;
-
-    /**
-     * Perform simple policy set assignment.
-     */
-    public String getPolicySetId(IRequest req) {
-        Integer seq = req.getExtDataInInteger(REQUEST_SEQ_NUM);
-        int seq_no = seq.intValue(); // start from 0
-
-        int count = 0;
-        Enumeration<String> setIds = getProfilePolicySetIds();
-
-        while (setIds.hasMoreElements()) {
-            String setId = setIds.nextElement();
-
-            if (count == seq_no) {
-                return setId;
-            }
-            count++;
-        }
-        return null;
-    }
-
-    public String getRequestorDN(IRequest request) {
-        X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO);
-
-        try {
-            CertificateSubjectName sn = (CertificateSubjectName)
-                    info.get(X509CertInfo.SUBJECT);
-
-            return sn.toString();
-        } catch (Exception e) {
-            CMS.debug("EnrollProfile: getRequestDN " + e.toString());
-        }
-        return null;
-    }
-
-    /**
-     * This method is called after the user submits the
-     * request from the end-entity page.
-     */
-    public void submit(IAuthToken token, IRequest request)
-            throws EDeferException, EProfileException {
-        // Request Submission Logic:
-        //
-        // if (Authentication Failed) {
-        //   return Error
-        // } else {
-        //   if (No Auth Token) {
-        //     queue request
-        //   } else {
-        //     process request
-        //   }
-        // }
-
-        IAuthority authority = getAuthority();
-        IRequestQueue queue = authority.getRequestQueue();
-
-        // this profile queues request that is authenticated
-        // by NoAuth
-        try {
-            queue.updateRequest(request);
-        } catch (EBaseException e) {
-            // save request to disk
-            CMS.debug("EnrollProfile: Update request " + e.toString());
-        }
-
-        if (token == null) {
-            CMS.debug("EnrollProfile: auth token is null");
-            CMS.debug("EnrollProfile: validating request");
-            validate(request);
-            try {
-                queue.updateRequest(request);
-            } catch (EBaseException e) {
-                CMS.debug("EnrollProfile: Update request (after validation) " + e.toString());
-            }
-
-            throw new EDeferException("defer request");
-        } else {
-            // this profile executes request that is authenticated
-            // by non NoAuth
-            CMS.debug("EnrollProfile: auth token is not null");
-            validate(request);
-            execute(request);
-        }
-    }
-
-    public TaggedRequest[] parseCMC(Locale locale, String certreq)
-            throws EProfileException {
-        /* cert request must not be null */
-        if (certreq == null) {
-            CMS.debug("EnrollProfile: parseCMC() certreq null");
-            throw new EProfileException(
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
-        }
-        CMS.debug("EnrollProfile: Start parseCMC(): " + certreq);
-
-        TaggedRequest msgs[] = null;
-
-        String creq = normalizeCertReq(certreq);
-        try {
-            byte data[] = CMS.AtoB(creq);
-            ByteArrayInputStream cmcBlobIn =
-                    new ByteArrayInputStream(data);
-
-            org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo)
-                    org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
-            org.mozilla.jss.pkix.cms.SignedData cmcFullReq =
-                (org.mozilla.jss.pkix.cms.SignedData) cmcReq.getInterpretedContent();
-            org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
-            OCTET_STRING content = ci.getContent();
-
-            ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray());
-            PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s);
-
-            mCMCData = pkiData;
-            //PKIData pkiData = (PKIData)
-            //    (new PKIData.Template()).decode(cmcBlobIn);
-            SEQUENCE controlSeq = pkiData.getControlSequence();
-            int numcontrols = controlSeq.size();
-            SEQUENCE reqSeq = pkiData.getReqSequence();
-            byte randomSeed[] = null;
-            SessionContext context = SessionContext.getContext();
-            if (!context.containsKey("numOfControls")) {
-                if (numcontrols > 0) {
-                    context.put("numOfControls", Integer.valueOf(numcontrols));
-                    TaggedAttribute[] attributes = new TaggedAttribute[numcontrols];
-                    for (int i = 0; i < numcontrols; i++) {
-                        attributes[i] = (TaggedAttribute) controlSeq.elementAt(i);
-                        OBJECT_IDENTIFIER oid = attributes[i].getType();
-                        if (oid.equals(OBJECT_IDENTIFIER.id_cmc_identityProof)) {
-                            boolean valid = verifyIdentityProof(attributes[i],
-                                    reqSeq);
-                            if (!valid) {
-                                SEQUENCE bpids = getRequestBpids(reqSeq);
-                                context.put("identityProof", bpids);
-                                return null;
-                            }
-                        } else if (oid.equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkRandom)) {
-                            SET vals = attributes[i].getValues();
-                            OCTET_STRING ostr =
-                                    (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(),
-                                            ASN1Util.encode(vals.elementAt(0))));
-                            randomSeed = ostr.toByteArray();
-                        } else {
-                            context.put(attributes[i].getType(), attributes[i]);
-                        }
-                    }
-                }
-            }
-
-            SEQUENCE otherMsgSeq = pkiData.getOtherMsgSequence();
-            int numOtherMsgs = otherMsgSeq.size();
-            if (!context.containsKey("numOfOtherMsgs")) {
-                context.put("numOfOtherMsgs", Integer.valueOf(numOtherMsgs));
-                for (int i = 0; i < numOtherMsgs; i++) {
-                    OtherMsg omsg = (OtherMsg) (ASN1Util.decode(OtherMsg.getTemplate(),
-                            ASN1Util.encode(otherMsgSeq.elementAt(i))));
-                    context.put("otherMsg" + i, omsg);
-                }
-            }
-
-            int nummsgs = reqSeq.size();
-            if (nummsgs > 0) {
-                msgs = new TaggedRequest[reqSeq.size()];
-                SEQUENCE bpids = new SEQUENCE();
-                boolean valid = true;
-                for (int i = 0; i < nummsgs; i++) {
-                    msgs[i] = (TaggedRequest) reqSeq.elementAt(i);
-                    if (!context.containsKey("POPLinkWitness")) {
-                        if (randomSeed != null) {
-                            valid = verifyPOPLinkWitness(randomSeed, msgs[i], bpids);
-                            if (!valid || bpids.size() > 0) {
-                                context.put("POPLinkWitness", bpids);
-                                return null;
-                            }
-                        }
-                    }
-                }
-            } else
-                return null;
-
-            return msgs;
-        } catch (Exception e) {
-            CMS.debug("EnrollProfile: parseCMC " + e.toString());
-            throw new EProfileException(
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
-        }
-    }
-
-    private boolean verifyPOPLinkWitness(byte[] randomSeed, TaggedRequest req,
-            SEQUENCE bpids) {
-        ISharedToken tokenClass = null;
-        boolean sharedSecretFound = true;
-        String name = null;
-        try {
-            name = CMS.getConfigStore().getString("cmc.sharedSecret.class");
-        } catch (EPropertyNotFound e) {
-            CMS.debug("EnrollProfile: Failed to find the token class in the configuration file.");
-            sharedSecretFound = false;
-        } catch (EBaseException e) {
-            CMS.debug("EnrollProfile: Failed to find the token class in the configuration file.");
-            sharedSecretFound = false;
-        }
-
-        try {
-            tokenClass = (ISharedToken) Class.forName(name).newInstance();
-        } catch (ClassNotFoundException e) {
-            CMS.debug("EnrollProfile: Failed to find class name: " + name);
-            sharedSecretFound = false;
-        } catch (InstantiationException e) {
-            CMS.debug("EnrollProfile: Failed to instantiate class: " + name);
-            sharedSecretFound = false;
-        } catch (IllegalAccessException e) {
-            CMS.debug("EnrollProfile: Illegal access: " + name);
-            sharedSecretFound = false;
-        }
-
-        INTEGER reqId = null;
-        byte[] bv = null;
-        String sharedSecret = null;
-        if (tokenClass != null)
-            sharedSecret = tokenClass.getSharedToken(mCMCData);
-        if (req.getType().equals(TaggedRequest.PKCS10)) {
-            TaggedCertificationRequest tcr = req.getTcr();
-            if (!sharedSecretFound) {
-                bpids.addElement(tcr.getBodyPartID());
-                return false;
-            } else {
-                CertificationRequest creq = tcr.getCertificationRequest();
-                CertificationRequestInfo cinfo = creq.getInfo();
-                SET attrs = cinfo.getAttributes();
-                for (int j = 0; j < attrs.size(); j++) {
-                    Attribute pkcs10Attr = (Attribute) attrs.elementAt(j);
-                    if (pkcs10Attr.getType().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) {
-                        SET witnessVal = pkcs10Attr.getValues();
-                        if (witnessVal.size() > 0) {
-                            try {
-                                OCTET_STRING str =
-                                        (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(),
-                                                ASN1Util.encode(witnessVal.elementAt(0))));
-                                bv = str.toByteArray();
-                                return verifyDigest(sharedSecret.getBytes(),
-                                        randomSeed, bv);
-                            } catch (InvalidBERException ex) {
-                                return false;
-                            }
-                        }
-                    }
-                }
-
-                return false;
-            }
-        } else if (req.getType().equals(TaggedRequest.CRMF)) {
-            CertReqMsg crm = req.getCrm();
-            CertRequest certReq = crm.getCertReq();
-            reqId = certReq.getCertReqId();
-            if (!sharedSecretFound) {
-                bpids.addElement(reqId);
-                return false;
-            } else {
-                for (int i = 0; i < certReq.numControls(); i++) {
-                    AVA ava = certReq.controlAt(i);
-
-                    if (ava.getOID().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) {
-                        ASN1Value value = ava.getValue();
-                        ByteArrayInputStream bis = new ByteArrayInputStream(
-                                ASN1Util.encode(value));
-                        OCTET_STRING ostr = null;
-                        try {
-                            ostr = (OCTET_STRING)
-                                    (new OCTET_STRING.Template()).decode(bis);
-                            bv = ostr.toByteArray();
-                        } catch (Exception e) {
-                            bpids.addElement(reqId);
-                            return false;
-                        }
-
-                        boolean valid = verifyDigest(sharedSecret.getBytes(),
-                                randomSeed, bv);
-                        if (!valid) {
-                            bpids.addElement(reqId);
-                            return valid;
-                        }
-                    }
-                }
-            }
-        }
-
-        return true;
-    }
-
-    private boolean verifyDigest(byte[] sharedSecret, byte[] text, byte[] bv) {
-        byte[] key = null;
-        try {
-            MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1");
-            key = SHA1Digest.digest(sharedSecret);
-        } catch (NoSuchAlgorithmException ex) {
-            CMS.debug("EnrollProfile: No such algorithm for this message digest.");
-            return false;
-        }
-
-        byte[] finalDigest = null;
-        try {
-            MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1");
-            HMACDigest hmacDigest = new HMACDigest(SHA1Digest, key);
-            hmacDigest.update(text);
-            finalDigest = hmacDigest.digest();
-        } catch (NoSuchAlgorithmException ex) {
-            CMS.debug("EnrollProfile: No such algorithm for this message digest.");
-            return false;
-        }
-
-        if (finalDigest.length != bv.length) {
-            CMS.debug("EnrollProfile: The length of two HMAC digest are not the same.");
-            return false;
-        }
-
-        for (int j = 0; j < bv.length; j++) {
-            if (bv[j] != finalDigest[j]) {
-                CMS.debug("EnrollProfile: The content of two HMAC digest are not the same.");
-                return false;
-            }
-        }
-
-        CMS.debug("EnrollProfile: The content of two HMAC digest are the same.");
-        return true;
-    }
-
-    private SEQUENCE getRequestBpids(SEQUENCE reqSeq) {
-        SEQUENCE bpids = new SEQUENCE();
-        for (int i = 0; i < reqSeq.size(); i++) {
-            TaggedRequest req = (TaggedRequest) reqSeq.elementAt(i);
-            if (req.getType().equals(TaggedRequest.PKCS10)) {
-                TaggedCertificationRequest tcr = req.getTcr();
-                bpids.addElement(tcr.getBodyPartID());
-            } else if (req.getType().equals(TaggedRequest.CRMF)) {
-                CertReqMsg crm = req.getCrm();
-                CertRequest request = crm.getCertReq();
-                bpids.addElement(request.getCertReqId());
-            }
-        }
-
-        return bpids;
-    }
-
-    private boolean verifyIdentityProof(TaggedAttribute attr, SEQUENCE reqSeq) {
-        SET vals = attr.getValues();
-        if (vals.size() < 1)
-            return false;
-        String name = null;
-        try {
-            name = CMS.getConfigStore().getString("cmc.sharedSecret.class");
-        } catch (EPropertyNotFound e) {
-        } catch (EBaseException e) {
-        }
-
-        if (name == null)
-            return false;
-        else {
-            ISharedToken tokenClass = null;
-            try {
-                tokenClass = (ISharedToken) Class.forName(name).newInstance();
-            } catch (ClassNotFoundException e) {
-                CMS.debug("EnrollProfile: Failed to find class name: " + name);
-                return false;
-            } catch (InstantiationException e) {
-                CMS.debug("EnrollProfile: Failed to instantiate class: " + name);
-                return false;
-            } catch (IllegalAccessException e) {
-                CMS.debug("EnrollProfile: Illegal access: " + name);
-                return false;
-            }
-
-            String token = tokenClass.getSharedToken(mCMCData);
-            OCTET_STRING ostr = null;
-            try {
-                ostr = (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(),
-                        ASN1Util.encode(vals.elementAt(0))));
-            } catch (InvalidBERException e) {
-                CMS.debug("EnrollProfile: Failed to decode the byte value.");
-                return false;
-            }
-            byte[] b = ostr.toByteArray();
-            byte[] text = ASN1Util.encode(reqSeq);
-
-            return verifyDigest(token.getBytes(), text, b);
-        }
-    }
-
-    public void fillTaggedRequest(Locale locale, TaggedRequest tagreq, X509CertInfo info,
-            IRequest req)
-            throws EProfileException {
-        TaggedRequest.Type type = tagreq.getType();
-        if (type == null) {
-            CMS.debug("EnrollProfile: fillTaggedRequest: TaggedRequest type == null");
-            throw new EProfileException(
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")+
-                    "TaggedRequest type null");
-        }
-
-        if (type.equals(TaggedRequest.PKCS10)) {
-            CMS.debug("EnrollProfile: fillTaggedRequest: TaggedRequest type == pkcs10");
-            boolean sigver = true;
-            boolean tokenSwitched = false;
-            CryptoManager cm = null;
-            CryptoToken signToken = null;
-            CryptoToken savedToken = null;
-            try {
-                sigver = CMS.getConfigStore().getBoolean("ca.requestVerify.enabled", true);
-                cm = CryptoManager.getInstance();
-                if (sigver == true) {
-                    String tokenName =
-                        CMS.getConfigStore().getString("ca.requestVerify.token", "internal");   
-                    savedToken = cm.getThreadToken();
-                    if (tokenName.equals("internal")) {
-                        signToken = cm.getInternalCryptoToken();
-                    } else {
-                        signToken = cm.getTokenByName(tokenName);
-                    }
-                    if (!savedToken.getName().equals(signToken.getName())) {
-                        cm.setThreadToken(signToken);
-                        tokenSwitched = true;
-                    }
-                }
-
-                TaggedCertificationRequest tcr = tagreq.getTcr();
-                CertificationRequest p10 = tcr.getCertificationRequest();
-                ByteArrayOutputStream ostream = new ByteArrayOutputStream();
-
-                p10.encode(ostream);
-                PKCS10 pkcs10 = new PKCS10(ostream.toByteArray(), sigver);
-
-                req.setExtData("bodyPartId", tcr.getBodyPartID());
-                fillPKCS10(locale, pkcs10, info, req);
-            } catch (Exception e) {
-                CMS.debug("EnrollProfile: fillTaggedRequest " +
-                        e.toString());
-            }  finally {
-                if ((sigver == true) && (tokenSwitched == true)){
-                    cm.setThreadToken(savedToken);
-                }
-            }
-        } else if (type.equals(TaggedRequest.CRMF)) {
-            CMS.debug("EnrollProfile: fillTaggedRequest: TaggedRequest type == crmf");
-            CertReqMsg crm = tagreq.getCrm();
-            SessionContext context = SessionContext.getContext();
-            Integer nums = (Integer) (context.get("numOfControls"));
-
-            // check if the LRA POP Witness Control attribute exists
-            if (nums != null && nums.intValue() > 0) {
-                TaggedAttribute attr =
-                        (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness));
-                if (attr != null) {
-                    parseLRAPopWitness(locale, crm, attr);
-                } else {
-                    CMS.debug("EnrollProfile: verify POP in CMC because LRA POP Witness control attribute doesnt exist in the CMC request.");
-                    verifyPOP(locale, crm);
-                }
-            } else {
-                CMS.debug("EnrollProfile: verify POP in CMC because LRA POP Witness control attribute doesnt exist in the CMC request.");
-                verifyPOP(locale, crm);
-            }
-
-            fillCertReqMsg(locale, crm, info, req);
-        } else {
-            CMS.debug("EnrollProfile: fillTaggedRequest: unsupported type (not CRMF or PKCS10)");
-            throw new EProfileException(
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
-        }
-    }
-
-    private void parseLRAPopWitness(Locale locale, CertReqMsg crm,
-            TaggedAttribute attr) throws EProfileException {
-        SET vals = attr.getValues();
-        boolean donePOP = false;
-        INTEGER reqId = null;
-        if (vals.size() > 0) {
-            LraPopWitness lraPop = null;
-            try {
-                lraPop = (LraPopWitness) (ASN1Util.decode(LraPopWitness.getTemplate(),
-                        ASN1Util.encode(vals.elementAt(0))));
-            } catch (InvalidBERException e) {
-                throw new EProfileException(
-                        CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR"));
-            }
-
-            SEQUENCE bodyIds = lraPop.getBodyIds();
-            reqId = crm.getCertReq().getCertReqId();
-
-            for (int i = 0; i < bodyIds.size(); i++) {
-                INTEGER num = (INTEGER) (bodyIds.elementAt(i));
-                if (num.toString().equals(reqId.toString())) {
-                    donePOP = true;
-                    CMS.debug("EnrollProfile: skip POP for request: "
-                            + reqId.toString() + " because LRA POP Witness control is found.");
-                    break;
-                }
-            }
-        }
-
-        if (!donePOP) {
-            CMS.debug("EnrollProfile: not skip POP for request: "
-                    + reqId.toString()
-                    + " because this request id is not part of the body list in LRA Pop witness control.");
-            verifyPOP(locale, crm);
-        }
-    }
-
-    public CertReqMsg[] parseCRMF(Locale locale, String certreq)
-            throws EProfileException {
-
-        /* cert request must not be null */
-        if (certreq == null) {
-            CMS.debug("EnrollProfile: parseCRMF() certreq null");
-            throw new EProfileException(
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
-        }
-        CMS.debug("EnrollProfile: Start parseCRMF(): " + certreq);
-
-        CertReqMsg msgs[] = null;
-        String creq = normalizeCertReq(certreq);
-        try {
-            byte data[] = CMS.AtoB(creq);
-            ByteArrayInputStream crmfBlobIn =
-                    new ByteArrayInputStream(data);
-            SEQUENCE crmfMsgs = (SEQUENCE)
-                    new SEQUENCE.OF_Template(new
-                            CertReqMsg.Template()).decode(crmfBlobIn);
-            int nummsgs = crmfMsgs.size();
-
-            if (nummsgs <= 0)
-                return null;
-            msgs = new CertReqMsg[crmfMsgs.size()];
-            for (int i = 0; i < nummsgs; i++) {
-                msgs[i] = (CertReqMsg) crmfMsgs.elementAt(i);
-            }
-            return msgs;
-        } catch (Exception e) {
-            CMS.debug("EnrollProfile: parseCRMF " + e.toString());
-            throw new EProfileException(
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
-        }
-    }
-
-    private static final OBJECT_IDENTIFIER PKIARCHIVEOPTIONS_OID =
-            new OBJECT_IDENTIFIER(new long[] { 1, 3, 6, 1, 5, 5, 7, 5, 1, 4 }
-            );
-
-    protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) {
-        ASN1Value archVal = ava.getValue();
-        ByteArrayInputStream bis = new ByteArrayInputStream(
-                ASN1Util.encode(archVal));
-        PKIArchiveOptions archOpts = null;
-
-        try {
-            archOpts = (PKIArchiveOptions)
-                    (new PKIArchiveOptions.Template()).decode(bis);
-        } catch (Exception e) {
-            CMS.debug("EnrollProfile: getPKIArchiveOptions " + e.toString());
-        }
-        return archOpts;
-    }
-
-    public PKIArchiveOptions toPKIArchiveOptions(byte options[]) {
-        ByteArrayInputStream bis = new ByteArrayInputStream(options);
-        PKIArchiveOptions archOpts = null;
-
-        try {
-            archOpts = (PKIArchiveOptions)
-                    (new PKIArchiveOptions.Template()).decode(bis);
-        } catch (Exception e) {
-            CMS.debug("EnrollProfile: toPKIArchiveOptions " + e.toString());
-        }
-        return archOpts;
-    }
-
-    public byte[] toByteArray(PKIArchiveOptions options) {
-        return ASN1Util.encode(options);
-    }
-
-    public void fillCertReqMsg(Locale locale, CertReqMsg certReqMsg, X509CertInfo info,
-            IRequest req)
-            throws EProfileException {
-        try {
-            CMS.debug("Start parseCertReqMsg ");
-            CertRequest certReq = certReqMsg.getCertReq();
-            req.setExtData("bodyPartId", certReq.getCertReqId());
-            // handle PKIArchiveOption (key archival)
-            for (int i = 0; i < certReq.numControls(); i++) {
-                AVA ava = certReq.controlAt(i);
-
-                if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) {
-                    PKIArchiveOptions opt = getPKIArchiveOptions(ava);
-
-                    //req.set(REQUEST_ARCHIVE_OPTIONS, opt);
-                    req.setExtData(REQUEST_ARCHIVE_OPTIONS,
-                            toByteArray(opt));
-                    try {
-                        String transportCert = CMS.getConfigStore().getString("ca.connector.KRA.transportCert", "");
-                        req.setExtData(IEnrollProfile.REQUEST_TRANSPORT_CERT, transportCert);
-                    } catch (EBaseException ee) {
-                        CMS.debug("EnrollProfile: fillCertReqMsg - Exception reading transportCert: "+ ee);
-                    }
-                }
-            }
-
-            CertTemplate certTemplate = certReq.getCertTemplate();
-
-            // parse key
-            SubjectPublicKeyInfo spki = certTemplate.getPublicKey();
-            ByteArrayOutputStream keyout = new ByteArrayOutputStream();
-
-            spki.encode(keyout);
-            byte[] keybytes = keyout.toByteArray();
-            X509Key key = new X509Key();
-
-            key.decode(keybytes);
-
-            // XXX - kmccarth - this may simply undo the decoding above
-            //                  but for now it's unclear whether X509Key
-            //                  changest the format when decoding.
-            CertificateX509Key certKey = new CertificateX509Key(key);
-            ByteArrayOutputStream certKeyOut = new ByteArrayOutputStream();
-            certKey.encode(certKeyOut);
-            req.setExtData(REQUEST_KEY, certKeyOut.toByteArray());
-
-            // parse validity
-            if (certTemplate.getNotBefore() != null ||
-                    certTemplate.getNotAfter() != null) {
-                CMS.debug("EnrollProfile:  requested notBefore: " + certTemplate.getNotBefore());
-                CMS.debug("EnrollProfile:  requested notAfter:  " + certTemplate.getNotAfter());
-                CMS.debug("EnrollProfile:  current CA time:     " + new Date());
-                CertificateValidity certValidity = new CertificateValidity(
-                        certTemplate.getNotBefore(), certTemplate.getNotAfter());
-                ByteArrayOutputStream certValidityOut =
-                        new ByteArrayOutputStream();
-                certValidity.encode(certValidityOut);
-                req.setExtData(REQUEST_VALIDITY, certValidityOut.toByteArray());
-            } else {
-                CMS.debug("EnrollProfile:  validity not supplied");
-            }
-
-            // parse subject
-            if (certTemplate.hasSubject()) {
-                Name subjectdn = certTemplate.getSubject();
-                ByteArrayOutputStream subjectEncStream =
-                        new ByteArrayOutputStream();
-
-                subjectdn.encode(subjectEncStream);
-                byte[] subjectEnc = subjectEncStream.toByteArray();
-                X500Name subject = new X500Name(subjectEnc);
-
-                //info.set(X509CertInfo.SUBJECT,
-                //  new CertificateSubjectName(subject));
-
-                req.setExtData(REQUEST_SUBJECT_NAME,
-                        new CertificateSubjectName(subject));
-                try {
-                    String subjectCN = subject.getCommonName();
-                    if (subjectCN == null)
-                        subjectCN = "";
-                    req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN);
-                } catch (Exception ee) {
-                    req.setExtData(REQUEST_SUBJECT_NAME + ".cn", "");
-                }
-                try {
-                    String subjectUID = subject.getUserID();
-                    if (subjectUID == null)
-                        subjectUID = "";
-                    req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID);
-                } catch (Exception ee) {
-                    req.setExtData(REQUEST_SUBJECT_NAME + ".uid", "");
-                }
-            }
-
-            // parse extensions
-            CertificateExtensions extensions = null;
-
-            // try {
-            extensions = req.getExtDataInCertExts(REQUEST_EXTENSIONS);
-            //  } catch (CertificateException e) {
-            //     extensions = null;
-            // } catch (IOException e) {
-            //    extensions = null;
-            //  }
-            if (certTemplate.hasExtensions()) {
-                // put each extension from CRMF into CertInfo.
-                // index by extension name, consistent with
-                // CertificateExtensions.parseExtension() method.
-                if (extensions == null)
-                    extensions = new CertificateExtensions();
-                int numexts = certTemplate.numExtensions();
-
-                for (int j = 0; j < numexts; j++) {
-                    org.mozilla.jss.pkix.cert.Extension jssext =
-                            certTemplate.extensionAt(j);
-                    boolean isCritical = jssext.getCritical();
-                    org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid =
-                            jssext.getExtnId();
-                    long[] numbers = jssoid.getNumbers();
-                    int[] oidNumbers = new int[numbers.length];
-
-                    for (int k = numbers.length - 1; k >= 0; k--) {
-                        oidNumbers[k] = (int) numbers[k];
-                    }
-                    ObjectIdentifier oid =
-                            new ObjectIdentifier(oidNumbers);
-                    org.mozilla.jss.asn1.OCTET_STRING jssvalue =
-                            jssext.getExtnValue();
-                    ByteArrayOutputStream jssvalueout =
-                            new ByteArrayOutputStream();
-
-                    jssvalue.encode(jssvalueout);
-                    byte[] extValue = jssvalueout.toByteArray();
-
-                    Extension ext =
-                            new Extension(oid, isCritical, extValue);
-
-                    extensions.parseExtension(ext);
-                }
-                //                info.set(X509CertInfo.EXTENSIONS, extensions);
-                req.setExtData(REQUEST_EXTENSIONS, extensions);
-
-            }
-        } catch (IOException e) {
-            CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString());
-            throw new EProfileException(
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
-        } catch (InvalidKeyException e) {
-            CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString());
-            throw new EProfileException(
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
-            //  } catch (CertificateException e) {
-            //     CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString());
-            //    throw new EProfileException(e.toString());
-        }
-    }
-
-    public PKCS10 parsePKCS10(Locale locale, String certreq)
-            throws EProfileException {
-        /* cert request must not be null */
-        if (certreq == null) {
-            CMS.debug("EnrollProfile:parsePKCS10() certreq null");
-            throw new EProfileException(
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
-        }
-        CMS.debug("Start parsePKCS10(): " + certreq);
-
-        // trim header and footer
-        String creq = normalizeCertReq(certreq);
-
-        // parse certificate into object
-        byte data[] = CMS.AtoB(creq);
-        PKCS10 pkcs10 = null;
-        CryptoManager cm = null;
-        CryptoToken savedToken = null;
-        boolean sigver = true;
-
-        try {
-            cm = CryptoManager.getInstance();
-            sigver = CMS.getConfigStore().getBoolean("ca.requestVerify.enabled", true);
-            if (sigver) {
-                CMS.debug("EnrollProfile: parsePKCS10: signature verification enabled");
-                String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal");
-                savedToken = cm.getThreadToken();
-                CryptoToken signToken = null;
-                if (tokenName.equals("internal")) {
-                    CMS.debug("EnrollProfile: parsePKCS10: use internal token");
-                    signToken = cm.getInternalCryptoToken();
-                } else {
-                    CMS.debug("EnrollProfile: parsePKCS10: tokenName=" + tokenName);
-                    signToken = cm.getTokenByName(tokenName);
-                }
-                CMS.debug("EnrollProfile: parsePKCS10 setting thread token");
-                cm.setThreadToken(signToken);
-                pkcs10 = new PKCS10(data);
-            } else {
-                CMS.debug("EnrollProfile: parsePKCS10: signature verification disabled");
-                pkcs10 = new PKCS10(data, sigver);
-            }
-        } catch (Exception e) {
-            CMS.debug("EnrollProfile: parsePKCS10 " + e.toString());
-            throw new EProfileException(
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
-        } finally {
-            if (sigver) {
-                CMS.debug("EnrollProfile: parsePKCS10 restoring thread token");
-                cm.setThreadToken(savedToken);
-            }
-        }
-
-        return pkcs10;
-    }
-
-    public void fillPKCS10(Locale locale, PKCS10 pkcs10, X509CertInfo info, IRequest req)
-            throws EProfileException {
-        X509Key key = pkcs10.getSubjectPublicKeyInfo();
-
-        try {
-            CertificateX509Key certKey = new CertificateX509Key(key);
-            ByteArrayOutputStream certKeyOut = new ByteArrayOutputStream();
-            certKey.encode(certKeyOut);
-            req.setExtData(IEnrollProfile.REQUEST_KEY, certKeyOut.toByteArray());
-
-            req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME,
-                    new CertificateSubjectName(pkcs10.getSubjectName()));
-            try {
-                String subjectCN = pkcs10.getSubjectName().getCommonName();
-                if (subjectCN == null)
-                    subjectCN = "";
-                req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN);
-            } catch (Exception ee) {
-                req.setExtData(REQUEST_SUBJECT_NAME + ".cn", "");
-            }
-            try {
-                String subjectUID = pkcs10.getSubjectName().getUserID();
-                if (subjectUID == null)
-                    subjectUID = "";
-                req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID);
-            } catch (Exception ee) {
-                req.setExtData(REQUEST_SUBJECT_NAME + ".uid", "");
-            }
-
-            info.set(X509CertInfo.KEY, certKey);
-
-            PKCS10Attributes p10Attrs = pkcs10.getAttributes();
-            if (p10Attrs != null) {
-                PKCS10Attribute p10Attr = p10Attrs.getAttribute(CertificateExtensions.NAME);
-                if (p10Attr != null && p10Attr.getAttributeId().equals(
-                        PKCS9Attribute.EXTENSION_REQUEST_OID)) {
-                    CMS.debug("Found PKCS10 extension");
-                    Extensions exts0 = (Extensions)
-                            (p10Attr.getAttributeValue());
-                    DerOutputStream extOut = new DerOutputStream();
-
-                    exts0.encode(extOut);
-                    byte[] extB = extOut.toByteArray();
-                    DerInputStream extIn = new DerInputStream(extB);
-                    CertificateExtensions exts = new CertificateExtensions(extIn);
-                    if (exts != null) {
-                        CMS.debug("Set extensions " + exts);
-                        // info.set(X509CertInfo.EXTENSIONS, exts);
-                        req.setExtData(REQUEST_EXTENSIONS, exts);
-                    }
-                } else {
-                    CMS.debug("PKCS10 extension Not Found");
-                }
-            }
-
-            CMS.debug("Finish parsePKCS10 - " + pkcs10.getSubjectName());
-        } catch (IOException e) {
-            CMS.debug("EnrollProfile: fillPKCS10 " + e.toString());
-            throw new EProfileException(
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
-        } catch (CertificateException e) {
-            CMS.debug("EnrollProfile: fillPKCS10 " + e.toString());
-            throw new EProfileException(
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
-        }
-    }
-
-    // for netkey
-    public void fillNSNKEY(Locale locale, String sn, String skey, X509CertInfo info, IRequest req)
-            throws EProfileException {
-
-        try {
-            //cfu - is the algorithm going to be replaced by the policy?
-            X509Key key = new X509Key();
-            key.decode(CMS.AtoB(skey));
-
-            info.set(X509CertInfo.KEY, new CertificateX509Key(key));
-            //                      req.set(EnrollProfile.REQUEST_SUBJECT_NAME,
-            //                              new CertificateSubjectName(new
-            //                              X500Name("CN="+sn)));
-            req.setExtData("screenname", sn);
-            // keeping "aoluid" to be backward compatible
-            req.setExtData("aoluid", sn);
-            req.setExtData("uid", sn);
-            CMS.debug("EnrollPrifile: fillNSNKEY(): uid=" + sn);
-
-        } catch (Exception e) {
-            CMS.debug("EnrollProfile: fillNSNKEY(): " + e.toString());
-            throw new EProfileException(
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
-        }
-    }
-
-    // for house key
-    public void fillNSHKEY(Locale locale, String tcuid, String skey, X509CertInfo info, IRequest req)
-            throws EProfileException {
-
-        try {
-            //cfu - is the algorithm going to be replaced by the policy?
-            X509Key key = new X509Key();
-            key.decode(CMS.AtoB(skey));
-
-            info.set(X509CertInfo.KEY, new CertificateX509Key(key));
-            //                      req.set(EnrollProfile.REQUEST_SUBJECT_NAME,
-            //                              new CertificateSubjectName(new
-            //                              X500Name("CN="+sn)));
-            req.setExtData("tokencuid", tcuid);
-
-            CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid=" + tcuid);
-
-        } catch (Exception e) {
-            CMS.debug("EnrollProfile: fillNSHKEY(): " + e.toString());
-            throw new EProfileException(
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
-        }
-    }
-
-    public DerInputStream parseKeyGen(Locale locale, String certreq)
-            throws EProfileException {
-        byte data[] = CMS.AtoB(certreq);
-
-        DerInputStream derIn = new DerInputStream(data);
-
-        return derIn;
-    }
-
-    public void fillKeyGen(Locale locale, DerInputStream derIn, X509CertInfo info, IRequest req
-            )
-                    throws EProfileException {
-        try {
-
-            /* get SPKAC Algorithm & Signature */
-            DerValue derSPKACContent[] = derIn.getSequence(3);
-            @SuppressWarnings("unused")
-            AlgorithmId mAlgId = AlgorithmId.parse(derSPKACContent[1]);
-            @SuppressWarnings("unused")
-            byte mSignature[] = derSPKACContent[2].getBitString();
-
-            /* get PKAC SPKI & Challenge */
-            byte mPKAC[] = derSPKACContent[0].toByteArray();
-
-            derIn = new DerInputStream(mPKAC);
-            DerValue derPKACContent[] = derIn.getSequence(2);
-
-            @SuppressWarnings("unused")
-            DerValue mDerSPKI = derPKACContent[0];
-            X509Key mSPKI = X509Key.parse(derPKACContent[0]);
-
-            @SuppressWarnings("unused")
-            String mChallenge;
-            DerValue mDerChallenge = derPKACContent[1];
-
-            if (mDerChallenge.length() != 0)
-                mChallenge = derPKACContent[1].getIA5String();
-
-            CertificateX509Key certKey = new CertificateX509Key(mSPKI);
-            ByteArrayOutputStream certKeyOut = new ByteArrayOutputStream();
-            certKey.encode(certKeyOut);
-            req.setExtData(IEnrollProfile.REQUEST_KEY, certKeyOut.toByteArray());
-            info.set(X509CertInfo.KEY, certKey);
-        } catch (IOException e) {
-            CMS.debug("EnrollProfile: fillKeyGen " + e.toString());
-            throw new EProfileException(
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
-        } catch (CertificateException e) {
-            CMS.debug("EnrollProfile: fillKeyGen " + e.toString());
-            throw new EProfileException(
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
-        }
-    }
-
-    public String normalizeCertReq(String s) {
-        if (s == null) {
-            return s;
-        }
-        s = s.replaceAll("-----BEGIN CERTIFICATE REQUEST-----", "");
-        s = s.replaceAll("-----BEGIN NEW CERTIFICATE REQUEST-----", "");
-        s = s.replaceAll("-----END CERTIFICATE REQUEST-----", "");
-        s = s.replaceAll("-----END NEW CERTIFICATE REQUEST-----", "");
-
-        StringBuffer sb = new StringBuffer();
-        StringTokenizer st = new StringTokenizer(s, "\r\n ");
-
-        while (st.hasMoreTokens()) {
-            String nextLine = st.nextToken();
-
-            nextLine = nextLine.trim();
-            if (nextLine.equals("-----BEGIN CERTIFICATE REQUEST-----"))
-                continue;
-            if (nextLine.equals("-----BEGIN NEW CERTIFICATE REQUEST-----"))
-                continue;
-            if (nextLine.equals("-----END CERTIFICATE REQUEST-----"))
-                continue;
-            if (nextLine.equals("-----END NEW CERTIFICATE REQUEST-----"))
-                continue;
-            sb.append(nextLine);
-        }
-        return sb.toString();
-    }
-
-    public Locale getLocale(IRequest request) {
-        Locale locale = null;
-        String language = request.getExtDataInString(
-                EnrollProfile.REQUEST_LOCALE);
-        if (language != null) {
-            locale = new Locale(language);
-        }
-        return locale;
-    }
-
-    /**
-     * Populate input
-     * <P>
-     *
-     * (either all "agent" profile cert requests NOT made through a connector, or all "EE" profile cert requests NOT
-     * made through a connector)
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a profile cert request is made (before
-     * approval process)
-     * </ul>
-     *
-     * @param ctx profile context
-     * @param request the certificate request
-     * @exception EProfileException an error related to this profile has
-     *                occurred
-     */
-    public void populateInput(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-        super.populateInput(ctx, request);
-    }
-
-    public void populate(IRequest request)
-            throws EProfileException {
-        super.populate(request);
-
-    }
-
-    /**
-     * Passes the request to the set of constraint policies
-     * that validate the request against the profile.
-     */
-    public void validate(IRequest request)
-            throws ERejectException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditRequesterID = auditRequesterID(request);
-        String auditProfileID = auditProfileID();
-        String auditCertificateSubjectName = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        String subject = null;
-
-        // try {
-        X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO);
-
-        try {
-            CertificateSubjectName sn = (CertificateSubjectName)
-                    info.get(X509CertInfo.SUBJECT);
-
-            // if the cert subject name is NOT MISSING, retrieve the
-            // actual "auditCertificateSubjectName" and "normalize" it
-            if (sn != null) {
-                subject = sn.toString();
-                if (subject != null) {
-                    // NOTE:  This is ok even if the cert subject name
-                    //        is "" (empty)!
-                    auditCertificateSubjectName = subject.trim();
-                }
-            }
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditRequesterID,
-                        auditProfileID,
-                        auditCertificateSubjectName);
-
-            audit(auditMessage);
-        } catch (CertificateException e) {
-            CMS.debug("EnrollProfile: populate " + e.toString());
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequesterID,
-                        auditProfileID,
-                        auditCertificateSubjectName);
-
-            audit(auditMessage);
-        } catch (IOException e) {
-            CMS.debug("EnrollProfile: populate " + e.toString());
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequesterID,
-                        auditProfileID,
-                        auditCertificateSubjectName);
-
-            audit(auditMessage);
-        }
-
-        super.validate(request);
-        Object key = null;
-
-        try {
-            key = info.get(X509CertInfo.KEY);
-        } catch (CertificateException e) {
-        } catch (IOException e) {
-        }
-
-        if (key == null) {
-            Locale locale = getLocale(request);
-
-            throw new ERejectException(CMS.getUserMessage(
-                        locale, "CMS_PROFILE_EMPTY_KEY"));
-        }
-
-        try {
-            CMS.debug("EnrollProfile certInfo : " + info);
-        } catch (NullPointerException e) {
-            // do nothing
-        }
-    }
-
-    /**
-     * Signed Audit Log Requester ID
-     *
-     * This method is inherited by all extended "EnrollProfile"s,
-     * and is called to obtain the "RequesterID" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @param request the actual request
-     * @return id string containing the signed audit log message RequesterID
-     */
-    protected String auditRequesterID(IRequest request) {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        String requesterID = ILogger.UNIDENTIFIED;
-
-        if (request != null) {
-            // overwrite "requesterID" if and only if "id" != null
-            String id = request.getRequestId().toString();
-
-            if (id != null) {
-                requesterID = id.trim();
-            }
-        }
-
-        return requesterID;
-    }
-
-    /**
-     * Signed Audit Log Profile ID
-     *
-     * This method is inherited by all extended "EnrollProfile"s,
-     * and is called to obtain the "ProfileID" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @return id string containing the signed audit log message ProfileID
-     */
-    protected String auditProfileID() {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        String profileID = getId();
-
-        if (profileID != null) {
-            profileID = profileID.trim();
-        } else {
-            profileID = ILogger.UNIDENTIFIED;
-        }
-
-        return profileID;
-    }
-
-    public void verifyPOP(Locale locale, CertReqMsg certReqMsg)
-            throws EProfileException {
-        CMS.debug("EnrollProfile ::in verifyPOP");
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        if (!certReqMsg.hasPop()) {
-            return;
-        }
-        ProofOfPossession pop = certReqMsg.getPop();
-        ProofOfPossession.Type popType = pop.getType();
-
-        if (popType != ProofOfPossession.SIGNATURE) {
-            return;
-        }
-
-        try {
-            CryptoManager cm = CryptoManager.getInstance();
-            CryptoToken verifyToken = null;
-            String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal");
-            if (tokenName.equals("internal")) {
-                CMS.debug("POP verification using internal token");
-                certReqMsg.verify();
-            } else {
-                CMS.debug("POP verification using token:" + tokenName);
-                verifyToken = cm.getTokenByName(tokenName);
-                certReqMsg.verify(verifyToken);
-            }
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-                    auditSubjectID,
-                    ILogger.SUCCESS);
-            audit(auditMessage);
-        } catch (Exception e) {
-
-            CMS.debug("Failed POP verify! " + e.toString());
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-                    auditSubjectID,
-                    ILogger.FAILURE);
-
-            audit(auditMessage);
-
-            throw new EProfileException(CMS.getUserMessage(locale,
-                        "CMS_POP_VERIFICATION_ERROR"));
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java b/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java
deleted file mode 100644
index 444024b94..000000000
--- a/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java
+++ /dev/null
@@ -1,31 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.common;
-
-import com.netscape.certsrv.profile.IProfileContext;
-
-/**
- * This class implements an enrollment profile context
- * that carries information for request creation.
- *
- * @version $Revision$, $Date$
- */
-public class EnrollProfileContext extends ProfileContext
-        implements IProfileContext {
-
-}
diff --git a/base/common/src/com/netscape/cms/profile/common/ProfileContext.java b/base/common/src/com/netscape/cms/profile/common/ProfileContext.java
deleted file mode 100644
index d07cdfc27..000000000
--- a/base/common/src/com/netscape/cms/profile/common/ProfileContext.java
+++ /dev/null
@@ -1,39 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.common;
-
-import java.util.Hashtable;
-
-import com.netscape.certsrv.profile.IProfileContext;
-
-/**
- * This class implements the profile context.
- *
- * @version $Revision$, $Date$
- */
-public class ProfileContext implements IProfileContext {
-    private Hashtable<String, String> m_Attrs = new Hashtable<String, String>();
-
-    public void set(String name, String value) {
-        m_Attrs.put(name, value);
-    }
-
-    public String get(String name) {
-        return m_Attrs.get(name);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java b/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java
deleted file mode 100644
index 157914927..000000000
--- a/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java
+++ /dev/null
@@ -1,53 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.common;
-
-import com.netscape.certsrv.profile.IPolicyConstraint;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfilePolicy;
-
-/**
- * This class implements a profile policy that
- * contains a default policy and a constraint
- * policy.
- *
- * @version $Revision$, $Date$
- */
-public class ProfilePolicy implements IProfilePolicy {
-    private String mId = null;
-    private IPolicyDefault mDefault = null;
-    private IPolicyConstraint mConstraint = null;
-
-    public ProfilePolicy(String id, IPolicyDefault def, IPolicyConstraint constraint) {
-        mId = id;
-        mDefault = def;
-        mConstraint = constraint;
-    }
-
-    public String getId() {
-        return mId;
-    }
-
-    public IPolicyDefault getDefault() {
-        return mDefault;
-    }
-
-    public IPolicyConstraint getConstraint() {
-        return mConstraint;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java b/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java
deleted file mode 100644
index 1fe2fa514..000000000
--- a/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java
+++ /dev/null
@@ -1,128 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.common;
-
-import java.util.Enumeration;
-
-import netscape.security.x509.X500Name;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.connector.IConnector;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.ra.IRAService;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestListener;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestStatus;
-
-/**
- * This class implements a Registration Manager
- * enrollment profile.
- *
- * @version $Revision$, $Date$
- */
-public class RAEnrollProfile extends EnrollProfile {
-
-    public RAEnrollProfile() {
-        super();
-    }
-
-    public IAuthority getAuthority() {
-        IAuthority authority = (IAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_RA);
-
-        if (authority == null)
-            return null;
-        return authority;
-    }
-
-    public X500Name getIssuerName() {
-        IRegistrationAuthority ra = (IRegistrationAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_RA);
-        X500Name issuerName = ra.getX500Name();
-
-        return issuerName;
-    }
-
-    public void execute(IRequest request)
-            throws EProfileException {
-
-        if (!isEnable()) {
-            CMS.debug("CAEnrollProfile: Profile Not Enabled");
-            throw new EProfileException("Profile Not Enabled");
-        }
-
-        IRegistrationAuthority ra =
-                (IRegistrationAuthority) getAuthority();
-        IRAService raService = ra.getRAService();
-
-        if (raService == null) {
-            throw new EProfileException("No RA Service");
-        }
-
-        IRequestQueue queue = ra.getRequestQueue();
-
-        // send request to CA
-        try {
-            IConnector caConnector = raService.getCAConnector();
-
-            if (caConnector == null) {
-                CMS.debug("RAEnrollProfile: CA connector not configured");
-            } else {
-                caConnector.send(request);
-                // check response
-                if (!request.isSuccess()) {
-                    CMS.debug("RAEnrollProfile error talking to CA setting req status to SVC_PENDING");
-
-                    request.setRequestStatus(RequestStatus.SVC_PENDING);
-
-                    try {
-                        queue.updateRequest(request);
-                    } catch (EBaseException e) {
-                        CMS.debug("RAEnrollProfile: Update request " + e.toString());
-                    }
-                    throw new ERejectException(
-                            request.getError(getLocale(request)));
-                }
-            }
-        } catch (Exception e) {
-            CMS.debug("RAEnrollProfile: " + e.toString());
-            throw new EProfileException(e.toString());
-        }
-
-        // request handling
-        Enumeration<String> names = ra.getRequestListenerNames();
-
-        if (names != null) {
-            while (names.hasMoreElements()) {
-                String name = names.nextElement();
-
-                CMS.debug("CAEnrollProfile: listener " + name);
-                IRequestListener listener = ra.getRequestListener(name);
-
-                if (listener != null) {
-                    listener.accept(request);
-                }
-            }
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java b/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java
deleted file mode 100644
index a1a83a49f..000000000
--- a/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java
+++ /dev/null
@@ -1,100 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.common;
-
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfileEx;
-import com.netscape.certsrv.profile.IProfilePolicy;
-
-/**
- * This class implements a Certificate Manager enrollment
- * profile for Server Certificates.
- *
- * @version $Revision$, $Date$
- */
-public class ServerCertCAEnrollProfile extends CAEnrollProfile
-        implements IProfileEx {
-
-    /**
-     * Called after initialization. It populates default
-     * policies, inputs, and outputs.
-     */
-    public void populate() throws EBaseException {
-        // create inputs
-        NameValuePairs inputParams1 = new NameValuePairs();
-        createProfileInput("i1", "certReqInputImpl", inputParams1);
-        NameValuePairs inputParams2 = new NameValuePairs();
-        createProfileInput("i2", "submitterInfoInputImpl", inputParams2);
-
-        // create outputs
-        NameValuePairs outputParams1 = new NameValuePairs();
-        createProfileOutput("o1", "certOutputImpl", outputParams1);
-
-        createProfilePolicy("set1", "p1",
-                        "userSubjectNameDefaultImpl", "noConstraintImpl");
-
-        IProfilePolicy policy2 =
-                createProfilePolicy("set1", "p2",
-                        "validityDefaultImpl", "noConstraintImpl");
-        IPolicyDefault def2 = policy2.getDefault();
-        IConfigStore defConfig2 = def2.getConfigStore();
-        defConfig2.putString("params.range", "180");
-        defConfig2.putString("params.startTime", "0");
-
-        IProfilePolicy policy3 =
-                createProfilePolicy("set1", "p3",
-                        "userKeyDefaultImpl", "noConstraintImpl");
-        IPolicyDefault def3 = policy3.getDefault();
-        IConfigStore defConfig3 = def3.getConfigStore();
-        defConfig3.putString("params.keyType", "RSA");
-        defConfig3.putString("params.keyMinLength", "512");
-        defConfig3.putString("params.keyMaxLength", "4096");
-
-        IProfilePolicy policy4 =
-                createProfilePolicy("set1", "p4",
-                        "signingAlgDefaultImpl", "noConstraintImpl");
-        IPolicyDefault def4 = policy4.getDefault();
-        IConfigStore defConfig4 = def4.getConfigStore();
-        defConfig4.putString("params.signingAlg", "-");
-        defConfig4
-                .putString(
-                        "params.signingAlgsAllowed",
-                        "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC");
-
-        IProfilePolicy policy5 =
-                createProfilePolicy("set1", "p5",
-                        "keyUsageExtDefaultImpl", "noConstraintImpl");
-        IPolicyDefault def5 = policy5.getDefault();
-        IConfigStore defConfig5 = def5.getConfigStore();
-        defConfig5.putString("params.keyUsageCritical", "true");
-        defConfig5.putString("params.keyUsageCrlSign", "false");
-        defConfig5.putString("params.keyUsageDataEncipherment", "true");
-        defConfig5.putString("params.keyUsageDecipherOnly", "false");
-        defConfig5.putString("params.keyUsageDigitalSignature", "true");
-        defConfig5.putString("params.keyUsageEncipherOnly", "false");
-        defConfig5.putString("params.keyUsageKeyAgreement", "false");
-        defConfig5.putString("params.keyUsageKeyCertSign", "false");
-        defConfig5.putString("params.keyUsageKeyEncipherment", "true");
-        defConfig5.putString("params.keyUsageNonRepudiation", "true");
-
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java b/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java
deleted file mode 100644
index 710a4616d..000000000
--- a/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java
+++ /dev/null
@@ -1,100 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.common;
-
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfileEx;
-import com.netscape.certsrv.profile.IProfilePolicy;
-
-/**
- * This class implements a Certificate Manager enrollment
- * profile for User Certificates.
- *
- * @version $Revision$, $Date$
- */
-public class UserCertCAEnrollProfile extends CAEnrollProfile
-        implements IProfileEx {
-
-    /**
-     * Called after initialization. It populates default
-     * policies, inputs, and outputs.
-     */
-    public void populate() throws EBaseException {
-        // create inputs
-        NameValuePairs inputParams1 = new NameValuePairs();
-        createProfileInput("i1", "keyGenInputImpl", inputParams1);
-        NameValuePairs inputParams2 = new NameValuePairs();
-        createProfileInput("i2", "subjectNameInputImpl", inputParams2);
-        createProfileInput("i3", "submitterInfoInputImpl", inputParams2);
-
-        // create outputs
-        NameValuePairs outputParams1 = new NameValuePairs();
-        createProfileOutput("o1", "certOutputImpl", outputParams1);
-
-        // create policies
-        createProfilePolicy("set1", "p1",
-                        "userSubjectNameDefaultImpl", "noConstraintImpl");
-
-        IProfilePolicy policy2 =
-                createProfilePolicy("set1", "p2",
-                        "validityDefaultImpl", "noConstraintImpl");
-        IPolicyDefault def2 = policy2.getDefault();
-        IConfigStore defConfig2 = def2.getConfigStore();
-        defConfig2.putString("params.range", "180");
-        defConfig2.putString("params.startTime", "0");
-
-        IProfilePolicy policy3 =
-                createProfilePolicy("set1", "p3",
-                        "userKeyDefaultImpl", "noConstraintImpl");
-        IPolicyDefault def3 = policy3.getDefault();
-        IConfigStore defConfig3 = def3.getConfigStore();
-        defConfig3.putString("params.keyType", "RSA");
-        defConfig3.putString("params.keyMinLength", "512");
-        defConfig3.putString("params.keyMaxLength", "4096");
-
-        IProfilePolicy policy4 =
-                createProfilePolicy("set1", "p4",
-                        "signingAlgDefaultImpl", "noConstraintImpl");
-        IPolicyDefault def4 = policy4.getDefault();
-        IConfigStore defConfig4 = def4.getConfigStore();
-        defConfig4.putString("params.signingAlg", "-");
-        defConfig4
-                .putString(
-                        "params.signingAlgsAllowed",
-                        "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC");
-
-        IProfilePolicy policy5 =
-                createProfilePolicy("set1", "p5",
-                        "keyUsageExtDefaultImpl", "noConstraintImpl");
-        IPolicyDefault def5 = policy5.getDefault();
-        IConfigStore defConfig5 = def5.getConfigStore();
-        defConfig5.putString("params.keyUsageCritical", "true");
-        defConfig5.putString("params.keyUsageCrlSign", "false");
-        defConfig5.putString("params.keyUsageDataEncipherment", "false");
-        defConfig5.putString("params.keyUsageDecipherOnly", "false");
-        defConfig5.putString("params.keyUsageDigitalSignature", "true");
-        defConfig5.putString("params.keyUsageEncipherOnly", "false");
-        defConfig5.putString("params.keyUsageKeyAgreement", "false");
-        defConfig5.putString("params.keyUsageKeyCertSign", "false");
-        defConfig5.putString("params.keyUsageKeyEncipherment", "true");
-        defConfig5.putString("params.keyUsageNonRepudiation", "true");
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java b/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
deleted file mode 100644
index ca2668f7d..000000000
--- a/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
+++ /dev/null
@@ -1,224 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.constraint;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import netscape.security.x509.BasicConstraintsExtension;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.def.BasicConstraintsExtDefault;
-import com.netscape.cms.profile.def.NoDefault;
-import com.netscape.cms.profile.def.UserExtensionDefault;
-
-/**
- * This class implements the basic constraints extension constraint.
- * It checks if the basic constraint in the certificate
- * template satisfies the criteria.
- *
- * @version $Revision$, $Date$
- */
-public class BasicConstraintsExtConstraint extends EnrollConstraint {
-
-    public static final String CONFIG_CRITICAL =
-            "basicConstraintsCritical";
-    public static final String CONFIG_IS_CA =
-            "basicConstraintsIsCA";
-    public static final String CONFIG_MIN_PATH_LEN =
-            "basicConstraintsMinPathLen";
-    public static final String CONFIG_MAX_PATH_LEN =
-            "basicConstraintsMaxPathLen";
-
-    public BasicConstraintsExtConstraint() {
-        super();
-        addConfigName(CONFIG_CRITICAL);
-        addConfigName(CONFIG_IS_CA);
-        addConfigName(CONFIG_MIN_PATH_LEN);
-        addConfigName(CONFIG_MAX_PATH_LEN);
-    }
-
-    /**
-     * Initializes this constraint plugin.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(CONFIG_IS_CA)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA"));
-        } else if (name.equals(CONFIG_MIN_PATH_LEN)) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    "-1",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_MIN_PATH_LEN"));
-        } else if (name.equals(CONFIG_MAX_PATH_LEN)) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    "100",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_MAX_PATH_LEN"));
-        }
-        return null;
-    }
-
-    /**
-     * Validates the request. The request is not modified
-     * during the validation.
-     */
-    public void validate(IRequest request, X509CertInfo info)
-            throws ERejectException {
-
-        try {
-            BasicConstraintsExtension ext = (BasicConstraintsExtension)
-                    getExtension(PKIXExtensions.BasicConstraints_Id.toString(),
-                            info);
-
-            if (ext == null) {
-                throw new ERejectException(
-                        CMS.getUserMessage(
-                                getLocale(request),
-                                "CMS_PROFILE_EXTENSION_NOT_FOUND",
-                                PKIXExtensions.BasicConstraints_Id.toString()));
-            }
-
-            // check criticality
-            String value = getConfig(CONFIG_CRITICAL);
-
-            if (!isOptional(value)) {
-                boolean critical = getBoolean(value);
-
-                if (critical != ext.isCritical()) {
-                    throw new ERejectException(
-                            CMS.getUserMessage(getLocale(request),
-                                    "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
-                }
-            }
-            value = getConfig(CONFIG_IS_CA);
-            if (!isOptional(value)) {
-                boolean isCA = getBoolean(value);
-                Boolean extIsCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA);
-
-                if (isCA != extIsCA.booleanValue()) {
-                    throw new ERejectException(
-                            CMS.getUserMessage(getLocale(request),
-                                    "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_IS_CA"));
-                }
-            }
-            value = getConfig(CONFIG_MIN_PATH_LEN);
-            if (!isOptional(value)) {
-                int pathLen = getInt(value);
-                Integer extPathLen = (Integer) ext.get(BasicConstraintsExtension.PATH_LEN);
-
-                if (pathLen > extPathLen.intValue()) {
-                    CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " > extPathLen=" + extPathLen);
-                    throw new ERejectException(
-                            CMS.getUserMessage(getLocale(request),
-                                    "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MIN_PATH"));
-                }
-            }
-            value = getConfig(CONFIG_MAX_PATH_LEN);
-            if (!isOptional(value)) {
-                int pathLen = getInt(value);
-                Integer extPathLen = (Integer) ext.get(BasicConstraintsExtension.PATH_LEN);
-
-                if (pathLen < extPathLen.intValue()) {
-                    CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " < extPathLen=" + extPathLen);
-                    throw new ERejectException(
-                            CMS.getUserMessage(getLocale(request),
-                                    "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MAX_PATH"));
-                }
-            }
-        } catch (IOException e) {
-            CMS.debug("BasicConstraintsExt: validate " + e.toString());
-            throw new ERejectException(
-                    CMS.getUserMessage(
-                            getLocale(request),
-                            "CMS_PROFILE_EXTENSION_NOT_FOUND",
-                            PKIXExtensions.BasicConstraints_Id.toString()));
-        }
-    }
-
-    public String getText(Locale locale) {
-        String params[] = {
-                getConfig(CONFIG_CRITICAL),
-                getConfig(CONFIG_IS_CA),
-                getConfig(CONFIG_MIN_PATH_LEN),
-                getConfig(CONFIG_MAX_PATH_LEN)
-            };
-
-        return CMS.getUserMessage(locale,
-                "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_TEXT",
-                params);
-    }
-
-    public boolean isApplicable(IPolicyDefault def) {
-        if (def instanceof NoDefault)
-            return true;
-        if (def instanceof BasicConstraintsExtDefault)
-            return true;
-        if (def instanceof UserExtensionDefault)
-            return true;
-        return false;
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-
-        if (mConfig.getSubStore("params") == null) {
-            CMS.debug("BasicConstraintsExt: mConfig.getSubStore is null");
-            //
-        } else {
-
-            CMS.debug("BasicConstraintsExt: setConfig name " + name + " value " + value);
-
-            if (name.equals(CONFIG_MAX_PATH_LEN)) {
-
-                String minPathLen = getConfig(CONFIG_MIN_PATH_LEN);
-
-                int minLen = getInt(minPathLen);
-
-                int maxLen = getInt(value);
-
-                if (minLen >= maxLen) {
-                    CMS.debug("BasicConstraintExt:  minPathLen >= maxPathLen!");
-
-                    throw new EPropertyException("bad value");
-                }
-
-            }
-            mConfig.getSubStore("params").putString(name, value);
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java b/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java
deleted file mode 100644
index c0a9758da..000000000
--- a/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java
+++ /dev/null
@@ -1,48 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.constraint;
-
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-
-/**
- * This class represents an abstract class for CA enrollment
- * constraint.
- */
-public abstract class CAEnrollConstraint extends EnrollConstraint {
-
-    /**
-     * Constructs a CA enrollment constraint.
-     */
-    public CAEnrollConstraint() {
-        super();
-    }
-
-    /**
-     * Retrieves the CA certificate.
-     */
-    public X509CertImpl getCACert() {
-        ICertificateAuthority ca = (ICertificateAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-        X509CertImpl caCert = ca.getCACert();
-
-        return caCert;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java b/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java
deleted file mode 100644
index a7a159de3..000000000
--- a/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java
+++ /dev/null
@@ -1,139 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.constraint;
-
-import java.io.IOException;
-import java.util.Date;
-import java.util.Locale;
-
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.def.CAValidityDefault;
-import com.netscape.cms.profile.def.NoDefault;
-import com.netscape.cms.profile.def.UserValidityDefault;
-import com.netscape.cms.profile.def.ValidityDefault;
-
-/**
- * This class implements the validity constraint.
- * It checks if the validity in the certificate
- * template is within the CA's validity.
- *
- * @version $Revision$, $Date$
- */
-public class CAValidityConstraint extends CAEnrollConstraint {
-
-    private Date mDefNotBefore = null;
-    private Date mDefNotAfter = null;
-
-    public CAValidityConstraint() {
-        super();
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-        X509CertImpl caCert = getCACert();
-
-        mDefNotBefore = caCert.getNotBefore();
-        mDefNotAfter = caCert.getNotAfter();
-    }
-
-    /**
-     * Validates the request. The request is not modified
-     * during the validation.
-     */
-    public void validate(IRequest request, X509CertInfo info)
-            throws ERejectException {
-        CMS.debug("CAValidityConstraint: validate start");
-        CertificateValidity v = null;
-
-        try {
-            v = (CertificateValidity) info.get(X509CertInfo.VALIDITY);
-        } catch (Exception e) {
-            throw new ERejectException(CMS.getUserMessage(
-                        getLocale(request), "CMS_PROFILE_VALIDITY_NOT_FOUND"));
-        }
-        Date notBefore = null;
-
-        try {
-            notBefore = (Date) v.get(CertificateValidity.NOT_BEFORE);
-        } catch (IOException e) {
-            CMS.debug("CAValidity: not before " + e.toString());
-            throw new ERejectException(CMS.getUserMessage(
-                        getLocale(request), "CMS_PROFILE_INVALID_NOT_BEFORE"));
-        }
-        Date notAfter = null;
-
-        try {
-            notAfter = (Date) v.get(CertificateValidity.NOT_AFTER);
-        } catch (IOException e) {
-            CMS.debug("CAValidity: not after " + e.toString());
-            throw new ERejectException(CMS.getUserMessage(
-                        getLocale(request), "CMS_PROFILE_INVALID_NOT_AFTER"));
-        }
-
-        if (mDefNotBefore != null) {
-            CMS.debug("ValidtyConstraint: notBefore=" + notBefore +
-                    " defNotBefore=" + mDefNotBefore);
-            if (notBefore.before(mDefNotBefore)) {
-                throw new ERejectException(CMS.getUserMessage(
-                            getLocale(request), "CMS_PROFILE_INVALID_NOT_BEFORE"));
-            }
-        }
-        CMS.debug("ValidtyConstraint: notAfter=" + notAfter +
-                " defNotAfter=" + mDefNotAfter);
-        if (notAfter.after(mDefNotAfter)) {
-            throw new ERejectException(CMS.getUserMessage(
-                        getLocale(request), "CMS_PROFILE_INVALID_NOT_AFTER"));
-        }
-
-        CMS.debug("CAValidtyConstraint: validate end");
-    }
-
-    public String getText(Locale locale) {
-        String params[] = {
-                mDefNotBefore.toString(),
-                mDefNotAfter.toString()
-            };
-
-        return CMS.getUserMessage(locale,
-                "CMS_PROFILE_CONSTRAINT_CA_VALIDITY_CONSTRAINT_TEXT",
-                params);
-    }
-
-    public boolean isApplicable(IPolicyDefault def) {
-        if (def instanceof NoDefault)
-            return true;
-        if (def instanceof UserValidityDefault)
-            return true;
-        if (def instanceof ValidityDefault)
-            return true;
-        if (def instanceof CAValidityDefault)
-            return true;
-        return false;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java b/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java
deleted file mode 100644
index eb3eb14f6..000000000
--- a/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java
+++ /dev/null
@@ -1,214 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.constraint;
-
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.Extension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IPolicyConstraint;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.common.EnrollProfile;
-
-/**
- * This class implements the generic enrollment constraint.
- *
- * @version $Revision$, $Date$
- */
-public abstract class EnrollConstraint implements IPolicyConstraint {
-    public static final String CONFIG_NAME = "name";
-
-    protected IConfigStore mConfig = null;
-    protected Vector<String> mConfigNames = new Vector<String>();
-
-    public EnrollConstraint() {
-    }
-
-    public Enumeration<String> getConfigNames() {
-        return mConfigNames.elements();
-    }
-
-    public void addConfigName(String name) {
-        mConfigNames.addElement(name);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        return null;
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        return null;
-    }
-
-    public Locale getLocale(IRequest request) {
-        Locale locale = null;
-        String language = request.getExtDataInString(
-                EnrollProfile.REQUEST_LOCALE);
-        if (language != null) {
-            locale = new Locale(language);
-        }
-        return locale;
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        if (mConfig.getSubStore("params") == null) {
-            //
-        } else {
-            mConfig.getSubStore("params").putString(name, value);
-        }
-    }
-
-    public String getConfig(String name) {
-        try {
-            if (mConfig == null)
-                return null;
-            if (mConfig.getSubStore("params") != null) {
-                String val = mConfig.getSubStore("params").getString(name);
-
-                return val;
-            }
-        } catch (EBaseException e) {
-            CMS.debug(e.toString());
-        }
-        return "";
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        mConfig = config;
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    /**
-     * Validates the request. The request is not modified
-     * during the validation.
-     *
-     * @param request enrollment request
-     * @param info certificate template
-     * @exception ERejectException request is rejected due
-     *                to violation of constraint
-     */
-    public abstract void validate(IRequest request, X509CertInfo info)
-            throws ERejectException;
-
-    /**
-     * Validates the request. The request is not modified
-     * during the validation.
-     *
-     * The current implementation of this method calls
-     * into the subclass's validate(request, info)
-     * method for validation checking.
-     *
-     * @param request request
-     * @exception ERejectException request is rejected due
-     *                to violation of constraint
-     */
-    public void validate(IRequest request)
-            throws ERejectException {
-        String name = getClass().getName();
-
-        name = name.substring(name.lastIndexOf('.') + 1);
-        CMS.debug(name + ": validate start");
-        X509CertInfo info =
-                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
-
-        validate(request, info);
-
-        request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
-        CMS.debug(name + ": validate end");
-    }
-
-    public String getText(Locale locale) {
-        return "Enroll Constraint";
-    }
-
-    public String getName(Locale locale) {
-        try {
-            return mConfig.getString(CONFIG_NAME);
-        } catch (EBaseException e) {
-            return null;
-        }
-    }
-
-    protected Extension getExtension(String name, X509CertInfo info) {
-        CertificateExtensions exts = null;
-
-        try {
-            exts = (CertificateExtensions)
-                    info.get(X509CertInfo.EXTENSIONS);
-        } catch (Exception e) {
-            CMS.debug("EnrollConstraint: getExtension " + e.toString());
-        }
-        if (exts == null)
-            return null;
-        Enumeration<Extension> e = exts.getAttributes();
-
-        while (e.hasMoreElements()) {
-            Extension ext = e.nextElement();
-
-            if (ext.getExtensionId().toString().equals(name)) {
-                return ext;
-            }
-        }
-        return null;
-    }
-
-    protected boolean isOptional(String value) {
-        if (value.equals("") || value.equals("-"))
-            return true;
-        else
-            return false;
-    }
-
-    protected boolean getBoolean(String value) {
-        return Boolean.valueOf(value).booleanValue();
-    }
-
-    protected int getInt(String value) {
-        return Integer.valueOf(value).intValue();
-    }
-
-    protected boolean getConfigBoolean(String value) {
-        return getBoolean(getConfig(value));
-    }
-
-    protected int getConfigInt(String value) {
-        return getInt(getConfig(value));
-    }
-
-    public boolean isApplicable(IPolicyDefault def) {
-        return true;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java b/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java
deleted file mode 100644
index 7821964b9..000000000
--- a/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java
+++ /dev/null
@@ -1,156 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.constraint;
-
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import netscape.security.extensions.ExtendedKeyUsageExtension;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault;
-import com.netscape.cms.profile.def.NoDefault;
-import com.netscape.cms.profile.def.UserExtensionDefault;
-
-/**
- * This class implements the extended key usage extension constraint.
- * It checks if the extended key usage extension in the certificate
- * template satisfies the criteria.
- *
- * @version $Revision$, $Date$
- */
-public class ExtendedKeyUsageExtConstraint extends EnrollConstraint {
-
-    public static final String CONFIG_CRITICAL = "exKeyUsageCritical";
-    public static final String CONFIG_OIDS =
-            "exKeyUsageOIDs";
-
-    public ExtendedKeyUsageExtConstraint() {
-        super();
-        addConfigName(CONFIG_CRITICAL);
-        addConfigName(CONFIG_OIDS);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(CONFIG_OIDS)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_OIDS"));
-        }
-        return null;
-    }
-
-    /**
-     * Validates the request. The request is not modified
-     * during the validation.
-     */
-    public void validate(IRequest request, X509CertInfo info)
-            throws ERejectException {
-        ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension)
-                getExtension(ExtendedKeyUsageExtension.OID, info);
-
-        if (ext == null) {
-            throw new ERejectException(
-                    CMS.getUserMessage(
-                            getLocale(request),
-                            "CMS_PROFILE_EXTENSION_NOT_FOUND",
-                            ExtendedKeyUsageExtension.OID));
-        }
-
-        // check criticality
-        String value = getConfig(CONFIG_CRITICAL);
-
-        if (!isOptional(value)) {
-            boolean critical = getBoolean(value);
-
-            if (critical != ext.isCritical()) {
-                throw new ERejectException(
-                        CMS.getUserMessage(
-                                getLocale(request),
-                                "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
-            }
-        }
-
-        // Build local cache of configured OIDs
-        Vector<String> mCache = new Vector<String>();
-        StringTokenizer st = new StringTokenizer(getConfig(CONFIG_OIDS), ",");
-
-        while (st.hasMoreTokens()) {
-            String oid = st.nextToken();
-
-            mCache.addElement(oid);
-        }
-
-        // check OIDs
-        Enumeration<ObjectIdentifier> e = ext.getOIDs();
-
-        while (e.hasMoreElements()) {
-            ObjectIdentifier oid = e.nextElement();
-
-            if (!mCache.contains(oid.toString())) {
-                throw new ERejectException(
-                        CMS.getUserMessage(
-                                getLocale(request),
-                                "CMS_PROFILE_OID_NOT_MATCHED",
-                                oid.toString()));
-            }
-        }
-    }
-
-    public String getText(Locale locale) {
-        String params[] = {
-                getConfig(CONFIG_CRITICAL),
-                getConfig(CONFIG_OIDS)
-            };
-
-        return CMS.getUserMessage(locale,
-                "CMS_PROFILE_CONSTRAINT_EXTENDED_KEY_EXT_TEXT",
-                params);
-    }
-
-    public boolean isApplicable(IPolicyDefault def) {
-        if (def instanceof NoDefault)
-            return true;
-        if (def instanceof ExtendedKeyUsageExtDefault)
-            return true;
-        if (def instanceof UserExtensionDefault)
-            return true;
-        return false;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java b/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java
deleted file mode 100644
index 97dc358e3..000000000
--- a/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java
+++ /dev/null
@@ -1,146 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.constraint;
-
-import java.util.Locale;
-
-import netscape.security.x509.Extension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.def.EnrollExtDefault;
-import com.netscape.cms.profile.def.NoDefault;
-import com.netscape.cms.profile.def.UserExtensionDefault;
-
-/**
- * This class implements the general extension constraint.
- * It checks if the extension in the certificate
- * template satisfies the criteria.
- *
- * @version $Revision$, $Date$
- */
-public class ExtensionConstraint extends EnrollConstraint {
-
-    public static final String CONFIG_CRITICAL = "extCritical";
-    public static final String CONFIG_OID = "extOID";
-
-    public ExtensionConstraint() {
-        super();
-        addConfigName(CONFIG_CRITICAL);
-        addConfigName(CONFIG_OID);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-
-        if (mConfig.getSubStore("params") == null) {
-            CMS.debug("ExtensionConstraint: mConfig.getSubStore is null");
-        } else {
-            CMS.debug("ExtensionConstraint: setConfig name=" + name +
-                    " value=" + value);
-
-            if (name.equals(CONFIG_OID)) {
-                try {
-                    CMS.checkOID("", value);
-                } catch (Exception e) {
-                    throw new EPropertyException(
-                            CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", value));
-                }
-            }
-            mConfig.getSubStore("params").putString(name, value);
-        }
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(CONFIG_OID)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_OID"));
-        }
-        return null;
-    }
-
-    /**
-     * Validates the request. The request is not modified
-     * during the validation.
-     */
-    public void validate(IRequest request, X509CertInfo info)
-            throws ERejectException {
-
-        Extension ext = getExtension(getConfig(CONFIG_OID), info);
-
-        if (ext == null) {
-            throw new ERejectException(
-                    CMS.getUserMessage(
-                            getLocale(request),
-                            "CMS_PROFILE_EXTENSION_NOT_FOUND",
-                            getConfig(CONFIG_OID)));
-        }
-
-        // check criticality
-        String value = getConfig(CONFIG_CRITICAL);
-
-        if (!isOptional(value)) {
-            boolean critical = getBoolean(value);
-
-            if (critical != ext.isCritical()) {
-                throw new ERejectException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
-            }
-        }
-    }
-
-    public String getText(Locale locale) {
-        String params[] = {
-                getConfig(CONFIG_CRITICAL),
-                getConfig(CONFIG_OID)
-            };
-
-        return CMS.getUserMessage(locale,
-                "CMS_PROFILE_CONSTRAINT_EXTENSION_TEXT", params);
-    }
-
-    public boolean isApplicable(IPolicyDefault def) {
-        if (def instanceof NoDefault)
-            return true;
-        if (def instanceof UserExtensionDefault)
-            return true;
-        if (def instanceof EnrollExtDefault)
-            return true;
-        return false;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java b/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java
deleted file mode 100644
index 3a7d09d5f..000000000
--- a/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java
+++ /dev/null
@@ -1,328 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.constraint;
-
-import java.math.BigInteger;
-import java.security.interfaces.DSAParams;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.provider.DSAPublicKey;
-import netscape.security.provider.RSAPublicKey;
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.def.NoDefault;
-import com.netscape.cms.profile.def.UserKeyDefault;
-import com.netscape.cmsutil.crypto.CryptoUtil;
-
-/**
- * This constraint is to check the key type and
- * key length.
- *
- * @version $Revision$, $Date$
- */
-
-public class KeyConstraint extends EnrollConstraint {
-
-    public static final String CONFIG_KEY_TYPE = "keyType"; // (EC, RSA)
-    public static final String CONFIG_KEY_PARAMETERS = "keyParameters";
-
-    private static String[] cfgECCurves = null;
-    private static String keyType = "";
-    private static String keyParams = "";
-
-    public KeyConstraint() {
-        super();
-        addConfigName(CONFIG_KEY_TYPE);
-        addConfigName(CONFIG_KEY_PARAMETERS);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-
-        String ecNames = "";
-        try {
-            ecNames = CMS.getConfigStore().getString("keys.ecc.curve.list");
-        } catch (Exception e) {
-        }
-
-        CMS.debug("KeyConstraint.init ecNames: " + ecNames);
-        if (ecNames != null && ecNames.length() != 0) {
-            cfgECCurves = ecNames.split(",");
-        }
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_KEY_TYPE)) {
-            return new Descriptor(IDescriptor.CHOICE, "-,RSA,EC",
-                    "RSA",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE"));
-        } else if (name.equals(CONFIG_KEY_PARAMETERS)) {
-            return new Descriptor(IDescriptor.STRING, null, "",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_KEY_PARAMETERS"));
-        }
-
-        return null;
-    }
-
-    /**
-     * Validates the request. The request is not modified
-     * during the validation.
-     */
-    public void validate(IRequest request, X509CertInfo info)
-            throws ERejectException {
-        try {
-            CertificateX509Key infokey = (CertificateX509Key)
-                    info.get(X509CertInfo.KEY);
-            X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY);
-
-            String alg = key.getAlgorithmId().getName().toUpperCase();
-            String value = getConfig(CONFIG_KEY_TYPE);
-            String keyType = value;
-
-            if (!isOptional(value)) {
-                if (!alg.equals(value)) {
-                    throw new ERejectException(
-                            CMS.getUserMessage(
-                                    getLocale(request),
-                                    "CMS_PROFILE_KEY_TYPE_NOT_MATCHED",
-                                    value));
-                }
-            }
-
-            int keySize = 0;
-
-            if (alg.equals("RSA")) {
-                keySize = getRSAKeyLen(key);
-            } else if (alg.equals("DSA")) {
-                keySize = getDSAKeyLen(key);
-            } else if (alg.equals("EC")) {
-                //EC key case.
-            } else {
-                throw new ERejectException(
-                        CMS.getUserMessage(
-                                getLocale(request),
-                                "CMS_PROFILE_INVALID_KEY_TYPE",
-                                alg));
-            }
-
-            value = getConfig(CONFIG_KEY_PARAMETERS);
-
-            String[] keyParams = value.split(",");
-
-            if (alg.equals("EC")) {
-                if (!alg.equals(keyType) && !isOptional(keyType)) {
-                    throw new ERejectException(
-                            CMS.getUserMessage(
-                                    getLocale(request),
-                                    "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED",
-                                    value));
-                }
-
-                Vector<?> vect = CryptoUtil.getECKeyCurve(key);
-
-                boolean curveFound = false;
-
-                if (vect != null) {
-                    CMS.debug("vect: " + vect.toString());
-
-                    if (!isOptional(keyType)) {
-                        //Check the curve parameters only if explicit ECC or not optional
-                        for (int i = 0; i < keyParams.length; i++) {
-                            String ecParam = keyParams[i];
-                            CMS.debug("keyParams[i]: " + i + " param: " + ecParam);
-                            if (vect.contains(ecParam)) {
-                                curveFound = true;
-                                CMS.debug("KeyConstraint.validate: EC key constrainst passed.");
-                                break;
-                            }
-                        }
-                    } else {
-                        curveFound = true;
-                    }
-                }
-
-                if (!curveFound) {
-                    CMS.debug("KeyConstraint.validate: EC key constrainst failed.");
-                    throw new ERejectException(
-                            CMS.getUserMessage(
-                                    getLocale(request),
-                                    "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED",
-                                    value));
-                }
-
-            } else {
-                if (!arrayContainsString(keyParams, Integer.toString(keySize))) {
-                    throw new ERejectException(
-                            CMS.getUserMessage(
-                                    getLocale(request),
-                                    "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED",
-                                    value));
-                }
-                CMS.debug("KeyConstraint.validate: RSA key contraints passed.");
-            }
-        } catch (Exception e) {
-            if (e instanceof ERejectException) {
-                throw (ERejectException) e;
-            }
-            CMS.debug("KeyConstraint: " + e.toString());
-            throw new ERejectException(CMS.getUserMessage(
-                        getLocale(request), "CMS_PROFILE_KEY_NOT_FOUND"));
-        }
-    }
-
-    public int getRSAKeyLen(X509Key key) throws Exception {
-        X509Key newkey = null;
-
-        try {
-            newkey = new X509Key(AlgorithmId.get("RSA"),
-                        key.getKey());
-        } catch (Exception e) {
-            CMS.debug("KeyConstraint: getRSAKey Len " + e.toString());
-            return -1;
-        }
-        RSAPublicKey rsaKey = new RSAPublicKey(newkey.getEncoded());
-
-        return rsaKey.getKeySize();
-    }
-
-    public int getDSAKeyLen(X509Key key) throws Exception {
-        // Check DSAKey parameters.
-        // size refers to the p parameter.
-        DSAPublicKey dsaKey = new DSAPublicKey(key.getEncoded());
-        DSAParams keyParams = dsaKey.getParams();
-        BigInteger p = keyParams.getP();
-        int len = p.bitLength();
-
-        return len;
-    }
-
-    public String getText(Locale locale) {
-        String params[] = {
-                getConfig(CONFIG_KEY_TYPE),
-                getConfig(CONFIG_KEY_PARAMETERS)
-            };
-
-        return CMS.getUserMessage(locale,
-                "CMS_PROFILE_CONSTRAINT_KEY_TEXT", params);
-    }
-
-    public boolean isApplicable(IPolicyDefault def) {
-        if (def instanceof NoDefault)
-            return true;
-        if (def instanceof UserKeyDefault)
-            return true;
-        return false;
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-
-        CMS.debug("KeyConstraint.setConfig name: " + name + " value: " + value);
-        //establish keyType, we don't know which order these params will arrive
-        if (name.equals(CONFIG_KEY_TYPE)) {
-            keyType = value;
-            if (keyParams.equals(""))
-                return;
-        }
-
-        //establish keyParams
-        if (name.equals(CONFIG_KEY_PARAMETERS)) {
-            CMS.debug("establish keyParams: " + value);
-            keyParams = value;
-
-            if (keyType.equals(""))
-                return;
-        }
-        // All the params we need for validation have been collected,
-        // we don't know which order they will show up
-        if (keyType.length() > 0 && keyParams.length() > 0) {
-            String[] params = keyParams.split(",");
-            boolean isECCurve = false;
-            int keySize = 0;
-
-            for (int i = 0; i < params.length; i++) {
-                if (keyType.equals("EC")) {
-                    if (cfgECCurves == null) {
-                        //Use the static array as a backup if the config values are not present.
-                        isECCurve = arrayContainsString(CryptoUtil.getECcurves(), params[i]);
-                    } else {
-                        isECCurve = arrayContainsString(cfgECCurves, params[i]);
-                    }
-                    if (isECCurve == false) { //Not a valid EC curve throw exception.
-                        keyType = "";
-                        keyParams = "";
-                        throw new EPropertyException(CMS.getUserMessage(
-                                "CMS_INVALID_PROPERTY", name));
-                    }
-                } else {
-                    try {
-                        keySize = Integer.parseInt(params[i]);
-                    } catch (Exception e) {
-                        if (isOptional(keyType)) {
-                            isECCurve = arrayContainsString(CryptoUtil.getECcurves(), params[i]);
-                        }
-                        keySize = 0;
-                    }
-                    if ((keySize <= 0) && (isECCurve == false)) {
-                        keyType = "";
-                        keyParams = "";
-                        throw new EPropertyException(CMS.getUserMessage(
-                                "CMS_INVALID_PROPERTY", name));
-                    }
-                }
-            }
-        }
-        //Actually set the configuration in the profile
-        super.setConfig(CONFIG_KEY_TYPE, keyType);
-        super.setConfig(CONFIG_KEY_PARAMETERS, keyParams);
-
-        //Reset the vars for next round.
-        keyType = "";
-        keyParams = "";
-    }
-
-    private boolean arrayContainsString(String[] array, String value) {
-
-        if (array == null || value == null) {
-            return false;
-        }
-
-        for (int i = 0; i < array.length; i++) {
-            if (array[i].equals(value)) {
-                return true;
-            }
-        }
-
-        return false;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java b/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java
deleted file mode 100644
index f7ec42215..000000000
--- a/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java
+++ /dev/null
@@ -1,291 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.constraint;
-
-import java.util.Locale;
-
-import netscape.security.x509.KeyUsageExtension;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.def.KeyUsageExtDefault;
-import com.netscape.cms.profile.def.NoDefault;
-import com.netscape.cms.profile.def.UserExtensionDefault;
-
-/**
- * This class implements the key usage extension constraint.
- * It checks if the key usage constraint in the certificate
- * template satisfies the criteria.
- *
- * @version $Revision$, $Date$
- */
-public class KeyUsageExtConstraint extends EnrollConstraint {
-
-    public static final String CONFIG_CRITICAL = "keyUsageCritical";
-    public static final String CONFIG_DIGITAL_SIGNATURE =
-            "keyUsageDigitalSignature";
-    public static final String CONFIG_NON_REPUDIATION =
-            "keyUsageNonRepudiation";
-    public static final String CONFIG_KEY_ENCIPHERMENT =
-            "keyUsageKeyEncipherment";
-    public static final String CONFIG_DATA_ENCIPHERMENT =
-            "keyUsageDataEncipherment";
-    public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement";
-    public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign";
-    public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign";
-    public static final String CONFIG_ENCIPHER_ONLY = "keyUsageEncipherOnly";
-    public static final String CONFIG_DECIPHER_ONLY = "keyUsageDecipherOnly";
-
-    public KeyUsageExtConstraint() {
-        super();
-        addConfigName(CONFIG_CRITICAL);
-        addConfigName(CONFIG_DIGITAL_SIGNATURE);
-        addConfigName(CONFIG_NON_REPUDIATION);
-        addConfigName(CONFIG_KEY_ENCIPHERMENT);
-        addConfigName(CONFIG_DATA_ENCIPHERMENT);
-        addConfigName(CONFIG_KEY_AGREEMENT);
-        addConfigName(CONFIG_KEY_CERTSIGN);
-        addConfigName(CONFIG_CRL_SIGN);
-        addConfigName(CONFIG_ENCIPHER_ONLY);
-        addConfigName(CONFIG_DECIPHER_ONLY);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(CONFIG_DIGITAL_SIGNATURE)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE"));
-        } else if (name.equals(CONFIG_NON_REPUDIATION)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION"));
-        } else if (name.equals(CONFIG_KEY_ENCIPHERMENT)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT"));
-        } else if (name.equals(CONFIG_DATA_ENCIPHERMENT)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT"));
-        } else if (name.equals(CONFIG_KEY_AGREEMENT)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT"));
-        } else if (name.equals(CONFIG_KEY_CERTSIGN)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN"));
-        } else if (name.equals(CONFIG_CRL_SIGN)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN"));
-        } else if (name.equals(CONFIG_ENCIPHER_ONLY)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY"));
-        } else if (name.equals(CONFIG_DECIPHER_ONLY)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY"));
-        }
-        return null;
-    }
-
-    public boolean isSet(boolean bits[], int position) {
-        if (bits.length <= position)
-            return false;
-        return bits[position];
-    }
-
-    /**
-     * Validates the request. The request is not modified
-     * during the validation.
-     */
-    public void validate(IRequest request, X509CertInfo info)
-            throws ERejectException {
-        KeyUsageExtension ext = (KeyUsageExtension)
-                getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-
-        if (ext == null) {
-            throw new ERejectException(
-                    CMS.getUserMessage(
-                            getLocale(request),
-                            "CMS_PROFILE_EXTENSION_NOT_FOUND",
-                            PKIXExtensions.KeyUsage_Id.toString()));
-        }
-
-        boolean[] bits = ext.getBits();
-        String value = getConfig(CONFIG_CRITICAL);
-
-        if (!isOptional(value)) {
-            boolean critical = getBoolean(value);
-
-            if (critical != ext.isCritical()) {
-                throw new ERejectException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
-            }
-        }
-        value = getConfig(CONFIG_DIGITAL_SIGNATURE);
-        if (!isOptional(value)) {
-            boolean bit = getBoolean(value);
-
-            if (bit != isSet(bits, 0)) {
-                throw new ERejectException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED",
-                                value));
-            }
-        }
-        value = getConfig(CONFIG_NON_REPUDIATION);
-        if (!isOptional(value)) {
-            boolean bit = getBoolean(value);
-
-            if (bit != isSet(bits, 1)) {
-                throw new ERejectException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED",
-                                value));
-            }
-        }
-        value = getConfig(CONFIG_KEY_ENCIPHERMENT);
-        if (!isOptional(value)) {
-            boolean bit = getBoolean(value);
-
-            if (bit != isSet(bits, 2)) {
-                throw new ERejectException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED",
-                                value));
-            }
-        }
-        value = getConfig(CONFIG_DATA_ENCIPHERMENT);
-        if (!isOptional(value)) {
-            boolean bit = getBoolean(value);
-
-            if (bit != isSet(bits, 3)) {
-                throw new ERejectException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED",
-                                value));
-            }
-        }
-        value = getConfig(CONFIG_KEY_AGREEMENT);
-        if (!isOptional(value)) {
-            boolean bit = getBoolean(value);
-
-            if (bit != isSet(bits, 4)) {
-                throw new ERejectException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED",
-                                value));
-            }
-        }
-        value = getConfig(CONFIG_KEY_CERTSIGN);
-        if (!isOptional(value)) {
-            boolean bit = getBoolean(value);
-
-            if (bit != isSet(bits, 5)) {
-                throw new ERejectException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED",
-                                value));
-            }
-        }
-        value = getConfig(CONFIG_CRL_SIGN);
-        if (!isOptional(value)) {
-            boolean bit = getBoolean(value);
-
-            if (bit != isSet(bits, 6)) {
-                throw new ERejectException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_CRL_SIGN_NOT_MATCHED",
-                                value));
-            }
-        }
-        value = getConfig(CONFIG_ENCIPHER_ONLY);
-        if (!isOptional(value)) {
-            boolean bit = getBoolean(value);
-
-            if (bit != isSet(bits, 7)) {
-                throw new ERejectException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED",
-                                value));
-            }
-        }
-        value = getConfig(CONFIG_DECIPHER_ONLY);
-        if (!isOptional(value)) {
-            boolean bit = getBoolean(value);
-
-            if (bit != isSet(bits, 8)) {
-                throw new ERejectException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED",
-                                value));
-            }
-        }
-    }
-
-    public String getText(Locale locale) {
-        String params[] = {
-                getConfig(CONFIG_CRITICAL),
-                getConfig(CONFIG_DIGITAL_SIGNATURE),
-                getConfig(CONFIG_NON_REPUDIATION),
-                getConfig(CONFIG_KEY_ENCIPHERMENT),
-                getConfig(CONFIG_DATA_ENCIPHERMENT),
-                getConfig(CONFIG_KEY_AGREEMENT),
-                getConfig(CONFIG_KEY_CERTSIGN),
-                getConfig(CONFIG_CRL_SIGN),
-                getConfig(CONFIG_ENCIPHER_ONLY),
-                getConfig(CONFIG_DECIPHER_ONLY)
-            };
-
-        return CMS.getUserMessage(locale,
-                "CMS_PROFILE_CONSTRAINT_KEY_USAGE_EXT_TEXT", params);
-    }
-
-    public boolean isApplicable(IPolicyDefault def) {
-        if (def instanceof NoDefault)
-            return true;
-        if (def instanceof KeyUsageExtDefault)
-            return true;
-        if (def instanceof UserExtensionDefault)
-            return true;
-        return false;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java b/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java
deleted file mode 100644
index 066553275..000000000
--- a/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java
+++ /dev/null
@@ -1,243 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.constraint;
-
-import java.util.Locale;
-
-import netscape.security.extensions.NSCertTypeExtension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.def.NSCertTypeExtDefault;
-import com.netscape.cms.profile.def.NoDefault;
-import com.netscape.cms.profile.def.UserExtensionDefault;
-
-/**
- * This class implements the Netscape certificate type extension constraint.
- * It checks if the Netscape certificate type extension in the certificate
- * template satisfies the criteria.
- *
- * @version $Revision$, $Date$
- */
-public class NSCertTypeExtConstraint extends EnrollConstraint {
-
-    public static final String CONFIG_CRITICAL = "nsCertCritical";
-    public static final String CONFIG_SSL_CLIENT = "nsCertSSLClient";
-    public static final String CONFIG_SSL_SERVER = "nsCertSSLServer";
-    public static final String CONFIG_EMAIL = "nsCertEmail";
-    public static final String CONFIG_OBJECT_SIGNING = "nsCertObjectSigning";
-    public static final String CONFIG_SSL_CA = "nsCertSSLCA";
-    public static final String CONFIG_EMAIL_CA = "nsCertEmailCA";
-    public static final String CONFIG_OBJECT_SIGNING_CA = "nsCertObjectSigningCA";
-
-    public NSCertTypeExtConstraint() {
-        super();
-        addConfigName(CONFIG_CRITICAL);
-        addConfigName(CONFIG_SSL_CLIENT);
-        addConfigName(CONFIG_SSL_SERVER);
-        addConfigName(CONFIG_EMAIL);
-        addConfigName(CONFIG_OBJECT_SIGNING);
-        addConfigName(CONFIG_SSL_CA);
-        addConfigName(CONFIG_EMAIL_CA);
-        addConfigName(CONFIG_OBJECT_SIGNING_CA);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(CONFIG_SSL_CLIENT)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT"));
-        } else if (name.equals(CONFIG_SSL_SERVER)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER"));
-        } else if (name.equals(CONFIG_EMAIL)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL"));
-        } else if (name.equals(CONFIG_OBJECT_SIGNING)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING"));
-        } else if (name.equals(CONFIG_SSL_CA)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CA"));
-        } else if (name.equals(CONFIG_EMAIL_CA)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA"));
-        } else if (name.equals(CONFIG_OBJECT_SIGNING_CA)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
-                    "-",
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_OBJECT_SIGNING_CA"));
-        }
-        return null;
-    }
-
-    /**
-     * Validates the request. The request is not modified
-     * during the validation.
-     */
-    public void validate(IRequest request, X509CertInfo info)
-            throws ERejectException {
-        NSCertTypeExtension ext = (NSCertTypeExtension)
-                getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-
-        if (ext == null) {
-            throw new ERejectException(
-                    CMS.getUserMessage(
-                            getLocale(request),
-                            "CMS_PROFILE_EXTENSION_NOT_FOUND",
-                            NSCertTypeExtension.CertType_Id.toString()));
-        }
-
-        String value = getConfig(CONFIG_CRITICAL);
-
-        if (!isOptional(value)) {
-            boolean critical = getBoolean(value);
-
-            if (critical != ext.isCritical()) {
-                throw new ERejectException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
-            }
-        }
-        value = getConfig(CONFIG_SSL_CLIENT);
-        if (!isOptional(value)) {
-            boolean bit = getBoolean(value);
-
-            if (bit != ext.isSet(0)) {
-                throw new ERejectException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_SSL_CLIENT_NOT_MATCHED",
-                                value));
-            }
-        }
-        value = getConfig(CONFIG_SSL_SERVER);
-        if (!isOptional(value)) {
-            boolean bit = getBoolean(value);
-
-            if (bit != ext.isSet(1)) {
-                throw new ERejectException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_SSL_SERVER_NOT_MATCHED",
-                                value));
-            }
-        }
-        value = getConfig(CONFIG_EMAIL);
-        if (!isOptional(value)) {
-            boolean bit = getBoolean(value);
-
-            if (bit != ext.isSet(2)) {
-                throw new ERejectException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_EMAIL_NOT_MATCHED",
-                                value));
-            }
-        }
-        value = getConfig(CONFIG_OBJECT_SIGNING);
-        if (!isOptional(value)) {
-            boolean bit = getBoolean(value);
-
-            if (bit != ext.isSet(3)) {
-                throw new ERejectException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_OBJECT_SIGNING_NOT_MATCHED",
-                                value));
-            }
-        }
-        value = getConfig(CONFIG_SSL_CA);
-        if (!isOptional(value)) {
-            boolean bit = getBoolean(value);
-
-            if (bit != ext.isSet(4)) {
-                throw new ERejectException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_SSL_CA_NOT_MATCHED",
-                                value));
-            }
-        }
-        value = getConfig(CONFIG_EMAIL_CA);
-        if (!isOptional(value)) {
-            boolean bit = getBoolean(value);
-
-            if (bit != ext.isSet(5)) {
-                throw new ERejectException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_EMAIL_CA_NOT_MATCHED",
-                                value));
-            }
-        }
-        value = getConfig(CONFIG_OBJECT_SIGNING_CA);
-        if (!isOptional(value)) {
-            boolean bit = getBoolean(value);
-
-            if (bit != ext.isSet(6)) {
-                throw new ERejectException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_OBJECT_SIGNING_CA_NOT_MATCHED",
-                                value));
-            }
-        }
-    }
-
-    public String getText(Locale locale) {
-        String params[] = {
-                getConfig(CONFIG_CRITICAL),
-                getConfig(CONFIG_SSL_CLIENT),
-                getConfig(CONFIG_SSL_SERVER),
-                getConfig(CONFIG_EMAIL),
-                getConfig(CONFIG_OBJECT_SIGNING),
-                getConfig(CONFIG_SSL_CA),
-                getConfig(CONFIG_EMAIL_CA),
-                getConfig(CONFIG_OBJECT_SIGNING_CA)
-            };
-
-        return CMS.getUserMessage(locale,
-                "CMS_PROFILE_CONSTRAINT_NS_CERT_EXT_TEXT", params);
-    }
-
-    public boolean isApplicable(IPolicyDefault def) {
-        if (def instanceof NoDefault)
-            return true;
-        if (def instanceof NSCertTypeExtDefault)
-            return true;
-        if (def instanceof UserExtensionDefault)
-            return true;
-        return false;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java b/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java
deleted file mode 100644
index 17f6e0b37..000000000
--- a/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java
+++ /dev/null
@@ -1,101 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.constraint;
-
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IPolicyConstraint;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements no constraint.
- *
- * @version $Revision$, $Date$
- */
-public class NoConstraint implements IPolicyConstraint {
-
-    public static final String CONFIG_NAME = "name";
-
-    private IConfigStore mConfig = null;
-    private Vector<String> mNames = new Vector<String>();
-
-    public Enumeration<String> getConfigNames() {
-        return mNames.elements();
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        return null;
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-    }
-
-    public String getConfig(String name) {
-        return null;
-    }
-
-    public String getDefaultConfig(String name) {
-        return null;
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        mConfig = config;
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    /**
-     * Validates the request. The request is not modified
-     * during the validation.
-     */
-    public void validate(IRequest request)
-            throws ERejectException {
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale,
-                "CMS_PROFILE_CONSTRAINT_NO_CONSTRAINT_TEXT");
-    }
-
-    public String getName(Locale locale) {
-        try {
-            return mConfig.getString(CONFIG_NAME);
-        } catch (EBaseException e) {
-            return null;
-        }
-    }
-
-    public boolean isApplicable(IPolicyDefault def) {
-        return true;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java b/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java
deleted file mode 100644
index d1403962e..000000000
--- a/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java
+++ /dev/null
@@ -1,165 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.constraint;
-
-import java.math.BigInteger;
-import java.util.Date;
-import java.util.Locale;
-
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.def.NoDefault;
-
-/**
- * This class supports renewal grace period, which has two
- * parameters: graceBefore and graceAfter
- *
- * @author Christina Fu
- * @version $Revision$, $Date$
- */
-public class RenewGracePeriodConstraint extends EnrollConstraint {
-
-    // for renewal: # of days before the orig cert expiration date
-    public static final String CONFIG_RENEW_GRACE_BEFORE = "renewal.graceBefore";
-    // for renewal: # of days after the orig cert expiration date
-    public static final String CONFIG_RENEW_GRACE_AFTER = "renewal.graceAfter";
-
-    public RenewGracePeriodConstraint() {
-        super();
-        addConfigName(CONFIG_RENEW_GRACE_BEFORE);
-        addConfigName(CONFIG_RENEW_GRACE_AFTER);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        if (name.equals(CONFIG_RENEW_GRACE_BEFORE) ||
-                name.equals(CONFIG_RENEW_GRACE_AFTER)) {
-            try {
-                Integer.parseInt(value);
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_RENEW_GRACE_BEFORE + " or " + CONFIG_RENEW_GRACE_AFTER));
-            }
-        }
-        super.setConfig(name, value);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_RENEW_GRACE_BEFORE)) {
-            return new Descriptor(IDescriptor.INTEGER, null, "30",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_RENEW_GRACE_BEFORE"));
-        } else if (name.equals(CONFIG_RENEW_GRACE_AFTER)) {
-            return new Descriptor(IDescriptor.INTEGER, null, "30",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_RENEW_GRACE_AFTER"));
-        }
-        return null;
-    }
-
-    public void validate(IRequest req, X509CertInfo info)
-            throws ERejectException {
-        String origExpDate_s = req.getExtDataInString("origNotAfter");
-        // probably not for renewal
-        if (origExpDate_s == null) {
-            return;
-        } else {
-            CMS.debug("validate RenewGracePeriod: original cert expiration date found... renewing");
-        }
-        CMS.debug("ValidilityConstraint: validateRenewGraceperiod begins");
-        BigInteger origExpDate_BI = new BigInteger(origExpDate_s);
-        Date origExpDate = new Date(origExpDate_BI.longValue());
-        String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE);
-        String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER);
-        int renew_grace_before = 0;
-        int renew_grace_after = 0;
-        BigInteger renew_grace_before_BI = new BigInteger(renew_grace_before_s);
-        BigInteger renew_grace_after_BI = new BigInteger(renew_grace_after_s);
-
-        // -1 means no limit
-        if (renew_grace_before_s == "")
-            renew_grace_before = -1;
-        else
-            renew_grace_before = Integer.parseInt(renew_grace_before_s);
-
-        if (renew_grace_after_s == "")
-            renew_grace_after = -1;
-        else
-            renew_grace_after = Integer.parseInt(renew_grace_after_s);
-
-        if (renew_grace_before > 0)
-            renew_grace_before_BI = renew_grace_before_BI.multiply(BigInteger.valueOf(1000 * 86400));
-        if (renew_grace_after > 0)
-            renew_grace_after_BI = renew_grace_after_BI.multiply(BigInteger.valueOf(1000 * 86400));
-
-        Date current = CMS.getCurrentDate();
-        long millisDiff = origExpDate.getTime() - current.getTime();
-        CMS.debug("validateRenewGracePeriod: millisDiff="
-                + millisDiff + " origExpDate=" + origExpDate.getTime() + " current=" + current.getTime());
-
-        /*
-         * "days", if positive, has to be less than renew_grace_before
-         * "days", if negative, means already past expiration date,
-         *     (abs value) has to be less than renew_grace_after
-         * if renew_grace_before or renew_grace_after are negative
-         *    the one with negative value is ignored
-         */
-        if (millisDiff >= 0) {
-            if ((renew_grace_before > 0) && (millisDiff > renew_grace_before_BI.longValue())) {
-                throw new ERejectException(CMS.getUserMessage(getLocale(req),
-                        "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD",
-                        renew_grace_before + " days before and " +
-                                renew_grace_after + " days after original cert expiration date"));
-            }
-        } else {
-            if ((renew_grace_after > 0) && ((0 - millisDiff) > renew_grace_after_BI.longValue())) {
-                throw new ERejectException(CMS.getUserMessage(getLocale(req),
-                        "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD",
-                        renew_grace_before + " days before and " +
-                                renew_grace_after + " days after original cert expiration date"));
-            }
-        }
-    }
-
-    public String getText(Locale locale) {
-        String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE);
-        String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER);
-        return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT",
-                        renew_grace_before_s + " days before and " +
-                                renew_grace_after_s + " days after original cert expiration date");
-    }
-
-    public boolean isApplicable(IPolicyDefault def) {
-        if (def instanceof NoDefault)
-            return true;
-        return false;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java b/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java
deleted file mode 100644
index 4ccb9ad8f..000000000
--- a/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java
+++ /dev/null
@@ -1,160 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.constraint;
-
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.CertificateAlgorithmId;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.def.NoDefault;
-import com.netscape.cms.profile.def.SigningAlgDefault;
-import com.netscape.cms.profile.def.UserSigningAlgDefault;
-
-/**
- * This class implements the signing algorithm constraint.
- * It checks if the signing algorithm in the certificate
- * template satisfies the criteria.
- *
- * @version $Revision$, $Date$
- */
-public class SigningAlgConstraint extends EnrollConstraint {
-
-    public static final String CONFIG_ALGORITHMS_ALLOWED = "signingAlgsAllowed";
-
-    private static StringBuffer sb = new StringBuffer("");
-    static {
-        for (int i = 0; i < AlgorithmId.ALL_SIGNING_ALGORITHMS.length; i++) {
-            if (i > 0) {
-                sb.append(",");
-            }
-            sb.append(AlgorithmId.ALL_SIGNING_ALGORITHMS[i]);
-        }
-    }
-    public static final String DEF_CONFIG_ALGORITHMS = new String(sb);
-
-    public SigningAlgConstraint() {
-        super();
-        addConfigName(CONFIG_ALGORITHMS_ALLOWED);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-
-        if (mConfig.getSubStore("params") == null) {
-            CMS.debug("SigningAlgConstraint: mConfig.getSubStore is null");
-        } else {
-            CMS.debug("SigningAlgConstraint: setConfig name=" + name +
-                    " value=" + value);
-
-            if (name.equals(CONFIG_ALGORITHMS_ALLOWED)) {
-                StringTokenizer st = new StringTokenizer(value, ",");
-                while (st.hasMoreTokens()) {
-                    String v = st.nextToken();
-                    if (DEF_CONFIG_ALGORITHMS.indexOf(v) == -1) {
-                        throw new EPropertyException(
-                                CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", v));
-                    }
-                }
-            }
-            mConfig.getSubStore("params").putString(name, value);
-        }
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_ALGORITHMS_ALLOWED)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    DEF_CONFIG_ALGORITHMS,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_SIGNING_ALGORITHMS_ALLOWED"));
-        }
-        return null;
-    }
-
-    /**
-     * Validates the request. The request is not modified
-     * during the validation.
-     */
-    public void validate(IRequest request, X509CertInfo info)
-            throws ERejectException {
-        CertificateAlgorithmId algId = null;
-
-        try {
-            algId = (CertificateAlgorithmId) info.get(X509CertInfo.ALGORITHM_ID);
-            AlgorithmId id = (AlgorithmId)
-                    algId.get(CertificateAlgorithmId.ALGORITHM);
-
-            Vector<String> mCache = new Vector<String>();
-            StringTokenizer st = new StringTokenizer(
-                    getConfig(CONFIG_ALGORITHMS_ALLOWED), ",");
-
-            while (st.hasMoreTokens()) {
-                String token = st.nextToken();
-
-                mCache.addElement(token);
-            }
-
-            if (!mCache.contains(id.toString())) {
-                throw new ERejectException(CMS.getUserMessage(
-                            getLocale(request),
-                            "CMS_PROFILE_SIGNING_ALGORITHM_NOT_MATCHED", id.toString()));
-            }
-        } catch (Exception e) {
-            if (e instanceof ERejectException) {
-                throw (ERejectException) e;
-            }
-            CMS.debug("SigningAlgConstraint: " + e.toString());
-            throw new ERejectException(CMS.getUserMessage(
-                        getLocale(request), "CMS_PROFILE_SIGNING_ALGORITHM_NOT_FOUND"));
-        }
-
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_SIGNING_ALG_TEXT",
-                getConfig(CONFIG_ALGORITHMS_ALLOWED));
-    }
-
-    public boolean isApplicable(IPolicyDefault def) {
-        if (def instanceof NoDefault)
-            return true;
-        if (def instanceof UserSigningAlgDefault)
-            return true;
-        if (def instanceof SigningAlgDefault)
-            return true;
-        return false;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java b/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java
deleted file mode 100644
index 027f29b1c..000000000
--- a/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java
+++ /dev/null
@@ -1,244 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.constraint;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.def.NoDefault;
-import com.netscape.cms.profile.def.SubjectNameDefault;
-import com.netscape.cms.profile.def.UserSubjectNameDefault;
-
-/**
- * This class implements the subject name constraint.
- * It checks if the subject name in the certificate
- * template satisfies the criteria.
- *
- * @version $Revision$, $Date$
- */
-public class SubjectNameConstraint extends EnrollConstraint {
-
-    public static final String CONFIG_PATTERN = "pattern";
-
-
-    private static final int COMMON_NAME_MAX = 64;
-    private static final int LOCALITY_NAME_MAX = 128;
-    private static final int STATE_NAME_MAX = 128;
-    private static final int ORG_NAME_MAX = 64;
-    private static final int ORG_UNIT_NAME_MAX = 64;
-    private static final int EMAIL_NAME_MAX = 255;
-    private static final int COUNTRY_NAME_MAX = 3;
-    private static final int UID_NAME_MAX = 64;
-
-    public SubjectNameConstraint() {
-        // configuration names
-        addConfigName(CONFIG_PATTERN);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_PATTERN)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null, null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME_PATTERN"));
-        } else {
-            return null;
-        }
-    }
-
-    public String getDefaultConfig(String name) {
-        return null;
-    }
-
-    /**
-     * Validates the request. The request is not modified
-     * during the validation.
-     */
-    public void validate(IRequest request, X509CertInfo info)
-            throws ERejectException {
-        CMS.debug("SubjectNameConstraint: validate start");
-        CertificateSubjectName sn = null;
-
-        try {
-            sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
-            CMS.debug("SubjectNameConstraint: validate cert subject =" +
-                         sn.toString());
-        } catch (Exception e) {
-            throw new ERejectException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
-        }
-        X500Name sn500 = null;
-
-        try {
-            sn500 = (X500Name) sn.get(CertificateSubjectName.DN_NAME);
-        } catch (IOException e) {
-            throw new ERejectException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
-        }
-        if (sn500 == null) {
-            CMS.debug("SubjectNameConstraint: validate() - sn500 is null");
-            throw new ERejectException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
-        } else {
-            CMS.debug("SubjectNameConstraint: validate() - sn500 " +
-                    CertificateSubjectName.DN_NAME + " = " +
-                    sn500.toString());
-        }
-        if (!sn500.toString().matches(getConfig(CONFIG_PATTERN))) {
-            CMS.debug("SubjectNameConstraint: validate() - sn500 not matching pattern " + getConfig(CONFIG_PATTERN));
-            throw new ERejectException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_SUBJECT_NAME_NOT_MATCHED",
-                            sn500.toString()));
-        }
-
-        String incorrectFields = " [ Invalid fields: ";
-        String country = null;
-        boolean fieldError = false;
-
-        String commonName = null;
-        try {
-            commonName = sn500.getCommonName();
-        } catch (Exception e) {
-        }
-        if ( commonName != null && commonName.length() > COMMON_NAME_MAX ) {
-            fieldError = true;
-            incorrectFields += " Common Name "; 
-
-        }
-
-        try { 
-             country =  sn500.getCountry();
-        } catch (Exception e) {
-        }
-
-        if ( country != null && country.length() > COUNTRY_NAME_MAX ) {
-            fieldError = true;
-            incorrectFields += " , Country ";
-        }
-
-        String ou = null ;
-        try {
-            ou = sn500.getOrganizationalUnit();
-        } catch (Exception e) {
-        }
-
-        if ( ou != null && ou.length() > ORG_UNIT_NAME_MAX) {
-            fieldError = true;
-            incorrectFields += " , Org Unit ";
-        }
-
-        String o = null; 
-        try {
-            o = sn500.getOrganization();
-        } catch (Exception e) {
-        }
-
-        if ( o != null && o.length() > ORG_NAME_MAX) {
-            fieldError = true;
-            incorrectFields += " , Org ";
-        }
-
-        String locality = null;
-        try {
-            locality =  sn500.getLocality();
-        } catch (Exception e) {
-        }
-
-        if ( locality != null && locality.length() > LOCALITY_NAME_MAX ) {
-            fieldError = true;
-            incorrectFields += " , Locality ";
-        }
-
-        String state =  null; 
-        try {
-            state = sn500.getState();
-        } catch (Exception e) {
-        }
-
-        if ( state != null && state.length() > STATE_NAME_MAX ) {
-            fieldError = true;
-            incorrectFields += " , State "; 
-        }
-
-        String email =  null; 
-        try {
-            email = sn500.getEmail();
-        } catch (Exception e) {
-        }
-
-        if ( email != null && email.length() > EMAIL_NAME_MAX ) {
-            fieldError = true;
-            incorrectFields += " , Email ";
-        }
-
-        String UID =  null;
-        try {
-            UID = sn500.getUserID();
-        } catch (Exception e) {
-        }
-        
-        if ( UID != null && UID.length() > UID_NAME_MAX) {
-             fieldError = true;
-             incorrectFields += " , UID";
-        }   
-
-        if ( fieldError == true ) {
-            throw new ERejectException(
-                    CMS.getUserMessage(getLocale(request),
-                        "CMS_PROFILE_INVALID_SUBJECT_NAME",sn500.toString() + incorrectFields + " ] "));
-
-        }
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale,
-                "CMS_PROFILE_CONSTRAINT_SUBJECT_NAME_TEXT",
-                getConfig(CONFIG_PATTERN));
-    }
-
-    public boolean isApplicable(IPolicyDefault def) {
-        if (def instanceof NoDefault)
-            return true;
-        if (def instanceof SubjectNameDefault)
-            return true;
-        if (def instanceof UserSubjectNameDefault)
-            return true;
-        return false;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java b/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java
deleted file mode 100644
index 869f0e2cc..000000000
--- a/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java
+++ /dev/null
@@ -1,294 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.constraint;
-
-import java.util.Enumeration;
-import java.util.Locale;
-
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertRecordList;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.def.NoDefault;
-
-/**
- * This constraint is to check for publickey uniqueness.
- * The config param "allowSameKeyRenewal" enables the
- * situation where if the publickey is not unique, and if
- * the subject DN is the same, that is a "renewal".
- *
- * Another "feature" that is quoted out of this code is the
- * "revokeDupKeyCert" option, which enables the revocation
- * of certs that bear the same publickey as the enrolling
- * request. Since this can potentially be abused, it is taken
- * out and preserved in comments to allow future refinement.
- *
- * @version $Revision$, $Date$
- */
-public class UniqueKeyConstraint extends EnrollConstraint {
-    /*
-    public static final String CONFIG_REVOKE_DUPKEY_CERT =
-    	"revokeDupKeyCert";
-    boolean mRevokeDupKeyCert = false;
-    */
-    public static final String CONFIG_ALLOW_SAME_KEY_RENEWAL =
-            "allowSameKeyRenewal";
-    boolean mAllowSameKeyRenewal = false;
-    public ICertificateAuthority mCA = null;
-
-    public UniqueKeyConstraint() {
-        super();
-        /*
-        addConfigName(CONFIG_REVOKE_DUPKEY_CERT);
-        */
-        addConfigName(CONFIG_ALLOW_SAME_KEY_RENEWAL);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-        mCA = (ICertificateAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        /*
-        if (name.equals(CONFIG_REVOKE_DUPKEY_CERT)) {
-        	return new Descriptor(IDescriptor.BOOLEAN, null, "false",
-        		  CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_REVOKE_DUPKEY_CERT"));
-        }
-        */
-        if (name.equals(CONFIG_ALLOW_SAME_KEY_RENEWAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_ALLOW_SAME_KEY_RENEWAL"));
-        }
-        return null;
-    }
-
-    public String getDefaultConfig(String name) {
-        return null;
-    }
-
-    /**
-     * Validates the request. The request is not modified
-     * during the validation.
-     */
-    public void validate(IRequest request, X509CertInfo info)
-            throws ERejectException {
-        boolean rejected = false;
-        int size = 0;
-        ICertRecordList list;
-
-        /*
-        mRevokeDupKeyCert =
-        getConfigBoolean(CONFIG_REVOKE_DUPKEY_CERT);
-        */
-        mAllowSameKeyRenewal = getConfigBoolean(CONFIG_ALLOW_SAME_KEY_RENEWAL);
-
-        try {
-            CertificateX509Key infokey = (CertificateX509Key)
-                    info.get(X509CertInfo.KEY);
-            X509Key key = (X509Key)
-                    infokey.get(CertificateX509Key.KEY);
-
-            // check for key uniqueness
-            byte pub[] = key.getEncoded();
-            String pub_s = escapeBinaryData(pub);
-            String filter = "(" + ICertRecord.ATTR_X509CERT_PUBLIC_KEY_DATA + "=" + pub_s + ")";
-            list =
-                    mCA.getCertificateRepository().findCertRecordsInList(filter, null, 10);
-            size = list.getSize();
-
-        } catch (Exception e) {
-            throw new ERejectException(
-                        CMS.getUserMessage(
-                                getLocale(request),
-                                "CMS_PROFILE_INTERNAL_ERROR", e.toString()));
-        }
-
-        /*
-         * It does not matter if the corresponding cert's status
-         * is valid or not, we don't want a key that was once
-         * generated before
-         */
-        if (size > 0) {
-            CMS.debug("UniqueKeyConstraint: found existing cert with duplicate key.");
-
-            /*
-                The following code revokes the existing certs that have
-            	the same public key as the one submitted for enrollment
-            	request.  However, it is not a good idea due to possible
-            	abuse.  It is therefore commented out.  It is still
-            	however still maintained for possible utilization at later
-            	time
-
-            	// if configured to revoke duplicated key
-            	//    revoke cert
-            	if (mRevokeDupKeyCert) {
-            		try {
-            			Enumeration e = list.getCertRecords(0, size-1);
-            			while (e != null && e.hasMoreElements()) {
-            				ICertRecord rec = (ICertRecord) e.nextElement();
-            				X509CertImpl cert = rec.getCertificate();
-
-            				// revoke the cert
-            				BigInteger serialNum = cert.getSerialNumber();
-            				ICAService service = (ICAService) mCA.getCAService();
-
-					RevokedCertImpl crlEntry =
-            					formCRLEntry(serialNum, RevocationReason.KEY_COMPROMISE);
-            				service.revokeCert(crlEntry);
-            				CMS.debug("UniqueKeyConstraint: certificate with duplicate publickey revoked successfully");
-            			}
-            		} catch (Exception ex) {
-            			CMS.debug("UniqueKeyConstraint: error in revoke dupkey cert");
-            		}
-            	} // revoke dupkey cert turned on
-            */
-
-            if (mAllowSameKeyRenewal == true) {
-                X500Name sjname_in_db = null;
-                X500Name sjname_in_req = null;
-
-                try {
-                    // get subject of request
-                    CertificateSubjectName subName =
-                            (CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
-
-                    if (subName != null) {
-
-                        sjname_in_req =
-                                (X500Name) subName.get(CertificateSubjectName.DN_NAME);
-                        CMS.debug("UniqueKeyConstraint: cert request subject DN =" + sjname_in_req.toString());
-                        Enumeration<ICertRecord> e = list.getCertRecords(0, size - 1);
-                        while (e != null && e.hasMoreElements()) {
-                            ICertRecord rec = e.nextElement();
-                            X509CertImpl cert = rec.getCertificate();
-                            String certDN =
-                                    cert.getSubjectDN().toString();
-                            CMS.debug("UniqueKeyConstraint: cert retrieved from ldap has subject DN =" + certDN);
-
-                            sjname_in_db = new X500Name(certDN);
-
-                            if (sjname_in_db.equals(sjname_in_req) == false) {
-                                rejected = true;
-                                break;
-                            } else {
-                                rejected = false;
-                            }
-                        } // while
-                    } else { //subName is null
-                        rejected = true;
-                    }
-                } catch (Exception ex1) {
-                    CMS.debug("UniqueKeyConstraint: error in allowSameKeyRenewal: " + ex1.toString());
-                    rejected = true;
-                } // try
-
-            } else {
-                rejected = true;
-            }// allowSameKeyRenewal
-        } // (size > 0)
-
-        if (rejected == true) {
-            CMS.debug("UniqueKeyConstraint: rejected");
-            throw new ERejectException(
-                           CMS.getUserMessage(
-                                   getLocale(request),
-                                   "CMS_PROFILE_DUPLICATE_KEY"));
-        } else {
-            CMS.debug("UniqueKeyConstraint: approved");
-        }
-    }
-
-    /**
-     * make a CRL entry from a serial number and revocation reason.
-     *
-     * @return a RevokedCertImpl that can be entered in a CRL.
-     *
-     *         protected RevokedCertImpl formCRLEntry(
-     *         BigInteger serialNo, RevocationReason reason)
-     *         throws EBaseException {
-     *         CRLReasonExtension reasonExt = new CRLReasonExtension(reason);
-     *         CRLExtensions crlentryexts = new CRLExtensions();
-     *
-     *         try {
-     *         crlentryexts.set(CRLReasonExtension.NAME, reasonExt);
-     *         } catch (IOException e) {
-     *         CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString());
-     *
-     *         // throw new ECMSGWException(
-     *         // CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON"));
-     *
-     *         }
-     *         RevokedCertImpl crlentry =
-     *         new RevokedCertImpl(serialNo, CMS.getCurrentDate(),
-     *         crlentryexts);
-     *
-     *         return crlentry;
-     *         }
-     */
-
-    public String getText(Locale locale) {
-        String params[] = {
-        /*
-                        getConfig(CONFIG_REVOKE_DUPKEY_CERT),
-        */
-        };
-
-        return CMS.getUserMessage(locale,
-                "CMS_PROFILE_CONSTRAINT_ALLOW_SAME_KEY_RENEWAL_TEXT", params);
-    }
-
-    public static String escapeBinaryData(byte data[]) {
-        StringBuffer sb = new StringBuffer();
-
-        for (int i = 0; i < data.length; i++) {
-            int v = 0xff & data[i];
-            sb.append("\\");
-            sb.append((v < 16 ? "0" : ""));
-            sb.append(Integer.toHexString(v));
-        }
-        return sb.toString();
-    }
-
-    public boolean isApplicable(IPolicyDefault def) {
-        if (def instanceof NoDefault)
-            return true;
-        if (def instanceof UniqueKeyConstraint)
-            return true;
-
-        return false;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java b/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java
deleted file mode 100644
index 6545b81fd..000000000
--- a/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java
+++ /dev/null
@@ -1,251 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.constraint;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-
-import netscape.security.x509.CRLExtensions;
-import netscape.security.x509.CRLReasonExtension;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.Extension;
-import netscape.security.x509.KeyUsageExtension;
-import netscape.security.x509.RevocationReason;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.dbs.certdb.IRevocationInfo;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.def.NoDefault;
-import com.netscape.cms.profile.def.SubjectNameDefault;
-import com.netscape.cms.profile.def.UserSubjectNameDefault;
-
-/**
- * This class implements the unique subject name constraint.
- * It checks if the subject name in the certificate is
- * unique in the internal database, ie, no two certificates
- * have the same subject name.
- *
- * @version $Revision$, $Date$
- */
-public class UniqueSubjectNameConstraint extends EnrollConstraint {
-
-    public static final String CONFIG_KEY_USAGE_EXTENSION_CHECKING =
-            "enableKeyUsageExtensionChecking";
-    private boolean mKeyUsageExtensionChecking = true;
-
-    public UniqueSubjectNameConstraint() {
-        addConfigName(CONFIG_KEY_USAGE_EXTENSION_CHECKING);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_KEY_USAGE_EXTENSION_CHECKING)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, "true",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING"));
-        }
-        return null;
-    }
-
-    public String getDefaultConfig(String name) {
-        return null;
-    }
-
-    /**
-     * Checks if the key extension in the issued certificate
-     * is the same as the one in the certificate template.
-     */
-    private boolean sameKeyUsageExtension(ICertRecord rec,
-            X509CertInfo certInfo) {
-        X509CertImpl impl = rec.getCertificate();
-        boolean bits[] = impl.getKeyUsage();
-
-        CertificateExtensions extensions = null;
-
-        try {
-            extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
-        } catch (IOException e) {
-        } catch (java.security.cert.CertificateException e) {
-        }
-        KeyUsageExtension ext = null;
-
-        if (extensions == null) {
-            if (bits != null)
-                return false;
-        } else {
-            try {
-                ext = (KeyUsageExtension) extensions.get(
-                        KeyUsageExtension.NAME);
-            } catch (IOException e) {
-                // extension isn't there.
-            }
-
-            if (ext == null) {
-                if (bits != null)
-                    return false;
-            } else {
-                boolean[] InfoBits = ext.getBits();
-
-                if (InfoBits == null) {
-                    if (bits != null)
-                        return false;
-                } else {
-                    if (bits == null)
-                        return false;
-                    if (InfoBits.length != bits.length) {
-                        return false;
-                    }
-                    for (int i = 0; i < InfoBits.length; i++) {
-                        if (InfoBits[i] != bits[i])
-                            return false;
-                    }
-                }
-            }
-        }
-        return true;
-    }
-
-    /**
-     * Validates the request. The request is not modified
-     * during the validation.
-     *
-     * Rules are as follows:
-     * If the subject name is not unique, then the request will be rejected unless:
-     * 1. the certificate is expired or expired_revoked
-     * 2. the certificate is revoked and the revocation reason is not "on hold"
-     * 3. the keyUsageExtension bits are different and enableKeyUsageExtensionChecking=true (default)
-     */
-    public void validate(IRequest request, X509CertInfo info)
-            throws ERejectException {
-        CMS.debug("UniqueSubjectNameConstraint: validate start");
-        CertificateSubjectName sn = null;
-        IAuthority authority = (IAuthority) CMS.getSubsystem("ca");
-
-        mKeyUsageExtensionChecking = getConfigBoolean(CONFIG_KEY_USAGE_EXTENSION_CHECKING);
-        ICertificateRepository certdb = null;
-        if (authority != null && authority instanceof ICertificateAuthority) {
-            ICertificateAuthority ca = (ICertificateAuthority) authority;
-            certdb = ca.getCertificateRepository();
-        }
-
-        try {
-            sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
-        } catch (Exception e) {
-            throw new ERejectException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
-        }
-
-        String certsubjectname = null;
-        if (sn == null)
-            throw new ERejectException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
-        else {
-            certsubjectname = sn.toString();
-            String filter = "x509Cert.subject=" + certsubjectname;
-            Enumeration<ICertRecord> sameSubjRecords = null;
-            try {
-                sameSubjRecords = certdb.findCertRecords(filter);
-            } catch (EBaseException e) {
-                CMS.debug("UniqueSubjectNameConstraint exception: " + e.toString());
-            }
-            while (sameSubjRecords != null && sameSubjRecords.hasMoreElements()) {
-                ICertRecord rec = sameSubjRecords.nextElement();
-                String status = rec.getStatus();
-
-                IRevocationInfo revocationInfo = rec.getRevocationInfo();
-                RevocationReason reason = null;
-
-                if (revocationInfo != null) {
-                    CRLExtensions crlExts = revocationInfo.getCRLEntryExtensions();
-
-                    if (crlExts != null) {
-                        Enumeration<Extension> enumx = crlExts.getElements();
-
-                        while (enumx.hasMoreElements()) {
-                            Extension ext = enumx.nextElement();
-
-                            if (ext instanceof CRLReasonExtension) {
-                                reason = ((CRLReasonExtension) ext).getReason();
-                            }
-                        }
-                    }
-                }
-
-                if (status.equals(ICertRecord.STATUS_EXPIRED) || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
-                    continue;
-                }
-
-                if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null &&
-                        (!reason.equals(RevocationReason.CERTIFICATE_HOLD))) {
-                    continue;
-                }
-
-                if (mKeyUsageExtensionChecking && !sameKeyUsageExtension(rec, info)) {
-                    continue;
-                }
-
-                throw new ERejectException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE",
-                                certsubjectname));
-            }
-        }
-        CMS.debug("UniqueSubjectNameConstraint: validate end");
-    }
-
-    public String getText(Locale locale) {
-        String params[] = {
-                getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING)
-        };
-        return CMS.getUserMessage(locale,
-                "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT",
-                params);
-    }
-
-    public boolean isApplicable(IPolicyDefault def) {
-        if (def instanceof NoDefault)
-            return true;
-        if (def instanceof SubjectNameDefault)
-            return true;
-        if (def instanceof UserSubjectNameDefault)
-            return true;
-        return false;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/constraint/UserSubjectNameConstraint.java b/base/common/src/com/netscape/cms/profile/constraint/UserSubjectNameConstraint.java
deleted file mode 100644
index 30a034cb3..000000000
--- a/base/common/src/com/netscape/cms/profile/constraint/UserSubjectNameConstraint.java
+++ /dev/null
@@ -1,93 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2013 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.constraint;
-
-import java.util.Locale;
-
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.def.UserSubjectNameDefault;
-
-/**
- * This class implements the user subject name constraint.
- * It copies user encoded subject name into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class UserSubjectNameConstraint extends EnrollConstraint {
-
-    public UserSubjectNameConstraint() {
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        return null;
-    }
-
-    public String getDefaultConfig(String name) {
-        return null;
-    }
-
-    /**
-     * Validates the request. The request is not modified
-     * during the validation. User encoded subject name
-     * is copied into the certificate template.
-     */
-    public void validate(IRequest request, X509CertInfo info)
-            throws ERejectException {
-        CMS.debug("UserSubjectNameConstraint: validate start");
-        CertificateSubjectName requestSN = null;
-
-        try {
-            requestSN = request.getExtDataInCertSubjectName(
-                                IEnrollProfile.REQUEST_SUBJECT_NAME);
-            info.set(X509CertInfo.SUBJECT, requestSN);
-            CMS.debug("UserSubjectNameConstraint: validate user subject ="+
-                      requestSN.toString());
-        } catch (Exception e) {
-            throw new ERejectException(
-                    CMS.getUserMessage(getLocale(request),
-                        "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
-        }
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale,
-                   "CMS_PROFILE_CONSTRAINT_USER_SUBJECT_NAME_TEXT");
-    }
-
-    public boolean isApplicable(IPolicyDefault def) {
-        if (def instanceof UserSubjectNameDefault)
-            return true;
-        return false;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java b/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java
deleted file mode 100644
index accbd9d2d..000000000
--- a/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java
+++ /dev/null
@@ -1,218 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.constraint;
-
-import java.io.IOException;
-import java.util.Date;
-import java.util.Locale;
-
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.def.CAValidityDefault;
-import com.netscape.cms.profile.def.NoDefault;
-import com.netscape.cms.profile.def.RandomizedValidityDefault;
-import com.netscape.cms.profile.def.UserValidityDefault;
-import com.netscape.cms.profile.def.ValidityDefault;
-
-/**
- * This class implements the validity constraint.
- * It checks if the validity in the certificate
- * template satisfies the criteria.
- *
- * @version $Revision$, $Date$
- */
-public class ValidityConstraint extends EnrollConstraint {
-
-    public static final String CONFIG_RANGE = "range";
-    public static final String CONFIG_NOT_BEFORE_GRACE_PERIOD = "notBeforeGracePeriod";
-    public static final String CONFIG_CHECK_NOT_BEFORE = "notBeforeCheck";
-    public static final String CONFIG_CHECK_NOT_AFTER = "notAfterCheck";
-    public final static long SECS_IN_MS = 1000L;
-
-    public ValidityConstraint() {
-        super();
-        addConfigName(CONFIG_RANGE);
-        addConfigName(CONFIG_NOT_BEFORE_GRACE_PERIOD);
-        addConfigName(CONFIG_CHECK_NOT_BEFORE);
-        addConfigName(CONFIG_CHECK_NOT_AFTER);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        if (name.equals(CONFIG_RANGE) ||
-                name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) {
-            try {
-                Integer.parseInt(value);
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", name));
-            }
-        }
-        super.setConfig(name, value);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_RANGE)) {
-            return new Descriptor(IDescriptor.INTEGER, null, "365",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_RANGE"));
-        } else if (name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) {
-            return new Descriptor(IDescriptor.INTEGER, null, "0",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_NOT_BEFORE_GRACE_PERIOD"));
-        } else if (name.equals(CONFIG_CHECK_NOT_BEFORE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_CHECK_NOT_BEFORE"));
-        } else if (name.equals(CONFIG_CHECK_NOT_AFTER)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_CHECK_NOT_AFTER"));
-        }
-        return null;
-    }
-
-    /**
-     * Validates the request. The request is not modified
-     * during the validation.
-     */
-    public void validate(IRequest request, X509CertInfo info)
-            throws ERejectException {
-        CertificateValidity v = null;
-
-        try {
-            v = (CertificateValidity) info.get(X509CertInfo.VALIDITY);
-        } catch (Exception e) {
-            throw new ERejectException(CMS.getUserMessage(getLocale(request),
-                        "CMS_PROFILE_VALIDITY_NOT_FOUND"));
-        }
-        Date notBefore = null;
-
-        try {
-            notBefore = (Date) v.get(CertificateValidity.NOT_BEFORE);
-        } catch (IOException e) {
-            CMS.debug("ValidityConstraint: not before not found");
-            throw new ERejectException(CMS.getUserMessage(getLocale(request),
-                        "CMS_PROFILE_VALIDITY_NOT_FOUND"));
-        }
-        Date notAfter = null;
-
-        try {
-            notAfter = (Date) v.get(CertificateValidity.NOT_AFTER);
-        } catch (IOException e) {
-            CMS.debug("ValidityConstraint: not after not found");
-            throw new ERejectException(CMS.getUserMessage(getLocale(request),
-                        "CMS_PROFILE_VALIDITY_NOT_FOUND"));
-        }
-
-        if (notAfter.getTime() < notBefore.getTime()) {
-            CMS.debug("ValidityConstraint: notAfter (" + notAfter + ") < notBefore (" + notBefore + ")");
-            throw new ERejectException(CMS.getUserMessage(getLocale(request),
-                        "CMS_PROFILE_NOT_AFTER_BEFORE_NOT_BEFORE"));
-        }
-
-        long millisDiff = notAfter.getTime() - notBefore.getTime();
-        CMS.debug("ValidityConstraint: millisDiff="
-                + millisDiff + " notAfter=" + notAfter.getTime() + " notBefore=" + notBefore.getTime());
-        long long_days = (millisDiff / 1000) / 86400;
-        CMS.debug("ValidityConstraint: long_days: " + long_days);
-        int days = (int) long_days;
-        CMS.debug("ValidityConstraint: days: " + days);
-
-        if (days > Integer.parseInt(getConfig(CONFIG_RANGE))) {
-            throw new ERejectException(CMS.getUserMessage(getLocale(request),
-                        "CMS_PROFILE_VALIDITY_OUT_OF_RANGE",
-                        Integer.toString(days)));
-        }
-
-        // 613828
-        // The validity field shall specify a notBefore value
-        // that does not precede the current time and a notAfter
-        // value that does not precede the value specified in
-        // notBefore (test can be automated; try entering violating
-        // time values and check result).
-        String notBeforeCheckStr = getConfig(CONFIG_CHECK_NOT_BEFORE);
-        boolean notBeforeCheck;
-
-        if (notBeforeCheckStr == null || notBeforeCheckStr.equals("")) {
-            notBeforeCheckStr = "false";
-        }
-        notBeforeCheck = Boolean.valueOf(notBeforeCheckStr).booleanValue();
-
-        String notAfterCheckStr = getConfig(CONFIG_CHECK_NOT_AFTER);
-        boolean notAfterCheck;
-
-        if (notAfterCheckStr == null || notAfterCheckStr.equals("")) {
-            notAfterCheckStr = "false";
-        }
-        notAfterCheck = Boolean.valueOf(notAfterCheckStr).booleanValue();
-
-        String notBeforeGracePeriodStr = getConfig(CONFIG_NOT_BEFORE_GRACE_PERIOD);
-        if (notBeforeGracePeriodStr == null || notBeforeGracePeriodStr.equals("")) {
-            notBeforeGracePeriodStr = "0";
-        }
-        long notBeforeGracePeriod = Long.parseLong(notBeforeGracePeriodStr) * SECS_IN_MS;
-
-        Date current = CMS.getCurrentDate();
-        if (notBeforeCheck) {
-            if (notBefore.getTime() > (current.getTime() + notBeforeGracePeriod)) {
-                CMS.debug("ValidityConstraint: notBefore (" + notBefore + ") > current + " +
-                          "gracePeriod (" + new Date(current.getTime() + notBeforeGracePeriod) + ")");
-                throw new ERejectException(CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_NOT_BEFORE_AFTER_CURRENT"));
-            }
-        }
-        if (notAfterCheck) {
-            if (notAfter.getTime() < current.getTime()) {
-                CMS.debug("ValidityConstraint: notAfter (" + notAfter + ") <  current + (" + current + ")");
-                throw new ERejectException(CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_NOT_AFTER_BEFORE_CURRENT"));
-            }
-        }
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", getConfig(CONFIG_RANGE));
-    }
-
-    public boolean isApplicable(IPolicyDefault def) {
-        if (def instanceof NoDefault)
-            return true;
-        if (def instanceof UserValidityDefault)
-            return true;
-        if (def instanceof ValidityDefault)
-            return true;
-        if (def instanceof CAValidityDefault)
-            return true;
-        if (def instanceof RandomizedValidityDefault)
-            return true;
-        return false;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java b/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java
deleted file mode 100644
index 36818a907..000000000
--- a/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java
+++ /dev/null
@@ -1,454 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.extensions.AccessDescription;
-import netscape.security.extensions.AuthInfoAccessExtension;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.GeneralName;
-import netscape.security.x509.GeneralNameInterface;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates Authuority Info Access extension.
- *
- * @version $Revision$, $Date$
- */
-public class AuthInfoAccessExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "authInfoAccessCritical";
-    public static final String CONFIG_NUM_ADS = "authInfoAccessNumADs";
-    public static final String CONFIG_AD_ENABLE = "authInfoAccessADEnable_";
-    public static final String CONFIG_AD_METHOD = "authInfoAccessADMethod_";
-    public static final String CONFIG_AD_LOCATIONTYPE = "authInfoAccessADLocationType_";
-    public static final String CONFIG_AD_LOCATION = "authInfoAccessADLocation_";
-
-    public static final String VAL_CRITICAL = "authInfoAccessCritical";
-    public static final String VAL_GENERAL_NAMES = "authInfoAccessGeneralNames";
-
-    private static final String AD_METHOD = "Method";
-    private static final String AD_LOCATION_TYPE = "Location Type";
-    private static final String AD_LOCATION = "Location";
-    private static final String AD_ENABLE = "Enable";
-
-    private static final int DEF_NUM_AD = 1;
-    private static final int MAX_NUM_AD = 100;
-
-    public AuthInfoAccessExtDefault() {
-        super();
-    }
-
-    protected int getNumAds() {
-        int num = DEF_NUM_AD;
-        String numAds = getConfig(CONFIG_NUM_ADS);
-
-        if (numAds != null) {
-            try {
-                num = Integer.parseInt(numAds);
-            } catch (NumberFormatException e) {
-                // ignore
-            }
-        }
-
-        if (num > MAX_NUM_AD) {
-            num = DEF_NUM_AD;
-        }
-
-        return num;
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-        refreshConfigAndValueNames();
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        int num = 0;
-        if (name.equals(CONFIG_NUM_ADS)) {
-            try {
-                num = Integer.parseInt(value);
-
-                if (num >= MAX_NUM_AD || num < 0) {
-                    throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS));
-                }
-
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS));
-            }
-        }
-        super.setConfig(name, value);
-    }
-
-    public Enumeration<String> getConfigNames() {
-        refreshConfigAndValueNames();
-        return super.getConfigNames();
-    }
-
-    protected void refreshConfigAndValueNames() {
-        //refesh our config name list
-
-        super.refreshConfigAndValueNames();
-        mConfigNames.removeAllElements();
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_GENERAL_NAMES);
-
-        // register configuration names bases on num ads
-        addConfigName(CONFIG_CRITICAL);
-        int num = getNumAds();
-
-        addConfigName(CONFIG_NUM_ADS);
-        for (int i = 0; i < num; i++) {
-            addConfigName(CONFIG_AD_METHOD + i);
-            addConfigName(CONFIG_AD_LOCATIONTYPE + i);
-            addConfigName(CONFIG_AD_LOCATION + i);
-            addConfigName(CONFIG_AD_ENABLE + i);
-        }
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.startsWith(CONFIG_AD_METHOD)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD"));
-        } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) {
-            return new Descriptor(IDescriptor.CHOICE,
-                    "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName",
-                    "URIName",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE"));
-        } else if (name.startsWith(CONFIG_AD_LOCATION)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION"));
-        } else if (name.startsWith(CONFIG_AD_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE"));
-        } else if (name.startsWith(CONFIG_NUM_ADS)) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    "1",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS"));
-        }
-        return null;
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_GENERAL_NAMES)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        try {
-            AuthInfoAccessExtension ext = null;
-
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            AuthInfoAccessExtension a = new AuthInfoAccessExtension(false);
-            ObjectIdentifier oid = a.getExtensionId();
-
-            ext = (AuthInfoAccessExtension)
-                        getExtension(oid.toString(), info);
-
-            if (ext == null) {
-                populate(null, info);
-            }
-
-            if (name.equals(VAL_CRITICAL)) {
-
-                ext = (AuthInfoAccessExtension)
-                        getExtension(oid.toString(), info);
-                boolean val = Boolean.valueOf(value).booleanValue();
-
-                if (ext == null) {
-                    return;
-                }
-                ext.setCritical(val);
-            } else if (name.equals(VAL_GENERAL_NAMES)) {
-
-                ext = (AuthInfoAccessExtension)
-                        getExtension(oid.toString(), info);
-
-                if (ext == null) {
-                    return;
-                }
-                boolean critical = ext.isCritical();
-
-                Vector<NameValuePairs> v = parseRecords(value);
-                int size = v.size();
-
-                ext = new AuthInfoAccessExtension(critical);
-                String method = null;
-                String locationType = null;
-                String location = null;
-                String enable = null;
-
-                for (int i = 0; i < size; i++) {
-                    NameValuePairs nvps = v.elementAt(i);
-
-                    for (String name1 : nvps.keySet()) {
-
-                        if (name1.equals(AD_METHOD)) {
-                            method = nvps.get(name1);
-                        } else if (name1.equals(AD_LOCATION_TYPE)) {
-                            locationType = nvps.get(name1);
-                        } else if (name1.equals(AD_LOCATION)) {
-                            location = nvps.get(name1);
-                        } else if (name1.equals(AD_ENABLE)) {
-                            enable = nvps.get(name1);
-                        }
-                    }
-
-                    if (enable != null && enable.equals("true")) {
-                        GeneralName gn = null;
-
-                        if (locationType != null || location != null) {
-                            GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location);
-                            if (interface1 == null)
-                                throw new EPropertyException(CMS.getUserMessage(
-                                        locale, "CMS_INVALID_PROPERTY", locationType));
-                            gn = new GeneralName(interface1);
-                        }
-
-                        if (method != null) {
-                            try {
-                                ext.addAccessDescription(new ObjectIdentifier(method), gn);
-                            } catch (NumberFormatException ee) {
-                                CMS.debug("AuthInfoAccessExtDefault: " + ee.toString());
-                                throw new EPropertyException(CMS.getUserMessage(
-                                        locale, "CMS_PROFILE_DEF_AIA_OID", method));
-                            }
-                        }
-                    }
-                }
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            replaceExtension(ext.getExtensionId().toString(), ext, info);
-        } catch (IOException e) {
-            CMS.debug("AuthInfoAccessExtDefault: " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        } catch (EProfileException e) {
-            CMS.debug("AuthInfoAccessExtDefault: " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        AuthInfoAccessExtension ext = null;
-
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-        AuthInfoAccessExtension a = new AuthInfoAccessExtension(false);
-        ObjectIdentifier oid = a.getExtensionId();
-
-        ext = (AuthInfoAccessExtension)
-                    getExtension(oid.toString(), info);
-
-        if (ext == null) {
-            try {
-                populate(null, info);
-
-            } catch (EProfileException e) {
-                CMS.debug("AuthInfoAccessExtDefault: getValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-        }
-        if (name.equals(VAL_CRITICAL)) {
-
-            ext = (AuthInfoAccessExtension)
-                    getExtension(oid.toString(), info);
-
-            if (ext == null) {
-                return null;
-            }
-            if (ext.isCritical()) {
-                return "true";
-            } else {
-                return "false";
-            }
-        } else if (name.equals(VAL_GENERAL_NAMES)) {
-
-            ext = (AuthInfoAccessExtension)
-                    getExtension(oid.toString(), info);
-
-            if (ext == null)
-                return "";
-
-            int num = getNumAds();
-
-            CMS.debug("AuthInfoAccess num=" + num);
-            Vector<NameValuePairs> recs = new Vector<NameValuePairs>();
-
-            for (int i = 0; i < num; i++) {
-                NameValuePairs np = new NameValuePairs();
-                AccessDescription des = null;
-
-                if (i < ext.numberOfAccessDescription()) {
-                    des = ext.getAccessDescription(i);
-                }
-                if (des == null) {
-                    np.put(AD_METHOD, "");
-                    np.put(AD_LOCATION_TYPE, "");
-                    np.put(AD_LOCATION, "");
-                    np.put(AD_ENABLE, "false");
-                } else {
-                    ObjectIdentifier methodOid = des.getMethod();
-                    GeneralName gn = des.getLocation();
-
-                    np.put(AD_METHOD, methodOid.toString());
-                    np.put(AD_LOCATION_TYPE, getGeneralNameType(gn));
-                    np.put(AD_LOCATION, getGeneralNameValue(gn));
-                    np.put(AD_ENABLE, "true");
-                }
-                recs.addElement(np);
-            }
-
-            return buildRecords(recs);
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        StringBuffer ads = new StringBuffer();
-        int num = getNumAds();
-
-        for (int i = 0; i < num; i++) {
-            ads.append("Record #");
-            ads.append(i);
-            ads.append("{");
-            ads.append(AD_METHOD + ":");
-            ads.append(getConfig(CONFIG_AD_METHOD + i));
-            ads.append(",");
-            ads.append(AD_LOCATION_TYPE + ":");
-            ads.append(getConfig(CONFIG_AD_LOCATIONTYPE + i));
-            ads.append(",");
-            ads.append(AD_LOCATION + ":");
-            ads.append(getConfig(CONFIG_AD_LOCATION + i));
-            ads.append(",");
-            ads.append(AD_ENABLE + ":");
-            ads.append(getConfig(CONFIG_AD_ENABLE + i));
-            ads.append("}");
-        }
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AIA_TEXT",
-                getConfig(CONFIG_CRITICAL), ads.toString());
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        AuthInfoAccessExtension ext = createExtension();
-
-        addExtension(ext.getExtensionId().toString(), ext, info);
-    }
-
-    public AuthInfoAccessExtension createExtension() {
-        AuthInfoAccessExtension ext = null;
-        int num = getNumAds();
-
-        try {
-            boolean critical = getConfigBoolean(CONFIG_CRITICAL);
-
-            ext = new AuthInfoAccessExtension(critical);
-            for (int i = 0; i < num; i++) {
-                String enable = getConfig(CONFIG_AD_ENABLE + i);
-                if (enable != null && enable.equals("true")) {
-                    CMS.debug("AuthInfoAccess: createExtension i=" + i);
-                    String method = getConfig(CONFIG_AD_METHOD + i);
-                    String locationType = getConfig(CONFIG_AD_LOCATIONTYPE + i);
-                    if (locationType == null || locationType.length() == 0)
-                        locationType = "URIName";
-                    String location = getConfig(CONFIG_AD_LOCATION + i);
-
-                    if (location == null || location.equals("")) {
-                        if (method.equals("1.3.6.1.5.5.7.48.1")) {
-                            String hostname = CMS.getEENonSSLHost();
-                            String port = CMS.getEENonSSLPort();
-                            if (hostname != null && port != null)
-                                // location = "http://"+hostname+":"+port+"/ocsp/ee/ocsp";
-                                location = "http://" + hostname + ":" + port + "/ca/ocsp";
-                        }
-                    }
-
-                    String s = locationType + ":" + location;
-                    GeneralNameInterface gn = parseGeneralName(s);
-                    if (gn != null) {
-                        ext.addAccessDescription(new ObjectIdentifier(method),
-                                new GeneralName(gn));
-                    }
-                }
-            }
-        } catch (Exception e) {
-            CMS.debug("AuthInfoAccessExtDefault: createExtension " +
-                    e.toString());
-        }
-
-        return ext;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java b/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java
deleted file mode 100644
index e789625e4..000000000
--- a/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java
+++ /dev/null
@@ -1,152 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileAuthenticator;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy that
- * populates subject name based on the attribute values
- * in the authentication token (AuthToken) object.
- *
- * @version $Revision$, $Date$
- */
-public class AuthTokenSubjectNameDefault extends EnrollDefault {
-
-    public static final String VAL_NAME = "name";
-
-    public AuthTokenSubjectNameDefault() {
-        super();
-        addValueName(VAL_NAME);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null, null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        CMS.debug("AuthTokenSubjectNameDefault: begins");
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(locale,
-                        "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_NAME)) {
-            X500Name x500name = null;
-
-            try {
-                x500name = new X500Name(value);
-                CMS.debug("AuthTokenSubjectNameDefault: setValue x500name=" + x500name.toString());
-            } catch (IOException e) {
-                CMS.debug("AuthTokenSubjectNameDefault: setValue " +
-                        e.toString());
-                // failed to build x500 name
-            }
-            CMS.debug("AuthTokenSubjectNameDefault: setValue name=" + x500name.toString());
-            try {
-                info.set(X509CertInfo.SUBJECT,
-                        new CertificateSubjectName(x500name));
-            } catch (Exception e) {
-                // failed to insert subject name
-                CMS.debug("AuthTokenSubjectNameDefault: setValue " +
-                        e.toString());
-            }
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(locale,
-                        "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        if (name == null)
-            throw new EPropertyException("Invalid name " + name);
-        if (name.equals(VAL_NAME)) {
-            CertificateSubjectName sn = null;
-
-            try {
-                sn = (CertificateSubjectName)
-                        info.get(X509CertInfo.SUBJECT);
-                return sn.toString();
-            } catch (Exception e) {
-                // nothing
-                CMS.debug("AuthTokenSubjectNameDefault: getValue " +
-                        e.toString());
-            }
-            throw new EPropertyException(CMS.getUserMessage(locale,
-                        "CMS_INVALID_PROPERTY", name));
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(locale,
-                        "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale,
-                "CMS_PROFILE_DEF_AUTHTOKEN_SUBJECT_NAME");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-
-        // authenticate the subject name and populate it
-        // to the certinfo
-        try {
-            X500Name name = new X500Name(
-                    request.getExtDataInString(IProfileAuthenticator.AUTHENTICATED_NAME));
-
-            CMS.debug("AuthTokenSubjectNameDefault: X500Name=" + name.toString());
-            info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name));
-        } catch (Exception e) {
-            // failed to insert subject name
-            CMS.debug("AuthTokenSubjectNameDefault: " + e.toString());
-            throw new EProfileException(CMS.getUserMessage(getLocale(request),
-                        "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java b/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java
deleted file mode 100644
index 77fd0a5fd..000000000
--- a/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java
+++ /dev/null
@@ -1,190 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import netscape.security.x509.AuthorityKeyIdentifierExtension;
-import netscape.security.x509.KeyIdentifier;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates Authority Key Identifier extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
-
-    public static final String VAL_CRITICAL = "critical";
-    public static final String VAL_KEY_ID = "keyid";
-
-    public AuthorityKeyIdentifierExtDefault() {
-        super();
-
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_KEY_ID);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.STRING,
-                    IDescriptor.READONLY, null, CMS.getUserMessage(locale,
-                            "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_KEY_ID)) {
-            return new Descriptor(IDescriptor.STRING,
-                    IDescriptor.READONLY, null, CMS.getUserMessage(locale,
-                            "CMS_PROFILE_KEY_ID"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_CRITICAL)) {
-            // do nothing for read only value
-        } else if (name.equals(VAL_KEY_ID)) {
-            // do nothing for read only value
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-        AuthorityKeyIdentifierExtension ext =
-                (AuthorityKeyIdentifierExtension) getExtension(
-                        PKIXExtensions.AuthorityKey_Id.toString(), info);
-
-        if (ext == null) {
-            try {
-                populate(null, info);
-
-            } catch (EProfileException e) {
-                CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-        }
-        if (name.equals(VAL_CRITICAL)) {
-            ext =
-                    (AuthorityKeyIdentifierExtension) getExtension(
-                            PKIXExtensions.AuthorityKey_Id.toString(), info);
-
-            if (ext == null) {
-                return null;
-            }
-            if (ext.isCritical()) {
-                return "true";
-            } else {
-                return "false";
-            }
-        } else if (name.equals(VAL_KEY_ID)) {
-            ext =
-                    (AuthorityKeyIdentifierExtension) getExtension(
-                            PKIXExtensions.AuthorityKey_Id.toString(), info);
-
-            if (ext == null) {
-                // do something here
-                return "";
-            }
-            KeyIdentifier kid = null;
-
-            try {
-                kid = (KeyIdentifier)
-                        ext.get(AuthorityKeyIdentifierExtension.KEY_ID);
-            } catch (IOException e) {
-                //
-                CMS.debug(e.toString());
-            }
-            if (kid == null)
-                return "";
-            return toHexString(kid.getIdentifier());
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AKI_EXT");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        AuthorityKeyIdentifierExtension ext = createExtension(info);
-
-        addExtension(PKIXExtensions.AuthorityKey_Id.toString(), ext, info);
-    }
-
-    public AuthorityKeyIdentifierExtension createExtension(X509CertInfo info) {
-        KeyIdentifier kid = null;
-        String localKey = getConfig("localKey");
-        if (localKey != null && localKey.equals("true")) {
-            kid = getKeyIdentifier(info);
-        } else {
-            kid = getCAKeyIdentifier();
-        }
-
-        if (kid == null)
-            return null;
-        AuthorityKeyIdentifierExtension ext = null;
-
-        try {
-            ext = new AuthorityKeyIdentifierExtension(false, kid, null, null);
-        } catch (IOException e) {
-            CMS.debug("AuthorityKeyIdentifierExtDefault: createExtension " +
-                    e.toString());
-        }
-        return ext;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java b/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java
deleted file mode 100644
index f685a4f59..000000000
--- a/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java
+++ /dev/null
@@ -1,96 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.util.Locale;
-
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that automatically assign request to agent.
- *
- * @version $Revision$, $Date$
- */
-public class AutoAssignDefault extends EnrollDefault {
-
-    public static final String CONFIG_ASSIGN_TO = "assignTo";
-
-    public AutoAssignDefault() {
-        super();
-        addConfigName(CONFIG_ASSIGN_TO);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_ASSIGN_TO)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null, "admin", CMS.getUserMessage(locale,
-                            "CMS_PROFILE_AUTO_ASSIGN"));
-        } else {
-            return null;
-        }
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        return null;
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        return null;
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AUTO_ASSIGN",
-                getConfig(CONFIG_ASSIGN_TO));
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        try {
-            request.setRequestOwner(
-                    mapPattern(request, getConfig(CONFIG_ASSIGN_TO)));
-        } catch (Exception e) {
-            // failed to insert subject name
-            CMS.debug("AutoAssignDefault: populate " + e.toString());
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java b/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java
deleted file mode 100644
index a827b7eaf..000000000
--- a/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java
+++ /dev/null
@@ -1,297 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import netscape.security.x509.BasicConstraintsExtension;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates Basic Constraint extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class BasicConstraintsExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "basicConstraintsCritical";
-    public static final String CONFIG_IS_CA = "basicConstraintsIsCA";
-    public static final String CONFIG_PATH_LEN = "basicConstraintsPathLen";
-
-    public static final String VAL_CRITICAL = "basicConstraintsCritical";
-    public static final String VAL_IS_CA = "basicConstraintsIsCA";
-    public static final String VAL_PATH_LEN = "basicConstraintsPathLen";
-
-    public BasicConstraintsExtDefault() {
-        super();
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_IS_CA);
-        addValueName(VAL_PATH_LEN);
-
-        addConfigName(CONFIG_CRITICAL);
-        addConfigName(CONFIG_IS_CA);
-        addConfigName(CONFIG_PATH_LEN);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(CONFIG_IS_CA)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "true",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA"));
-        } else if (name.equals(CONFIG_PATH_LEN)) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    "-1",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN"));
-        }
-        return null;
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_IS_CA)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "true",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA"));
-        } else if (name.equals(VAL_PATH_LEN)) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    "-1",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        try {
-            BasicConstraintsExtension ext = null;
-
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            ext = (BasicConstraintsExtension)
-                        getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
-
-            if (ext == null) {
-                populate(null, info);
-            }
-
-            if (name.equals(VAL_CRITICAL)) {
-
-                ext = (BasicConstraintsExtension)
-                        getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
-                boolean val = Boolean.valueOf(value).booleanValue();
-
-                if (ext == null) {
-                    return;
-                }
-                ext.setCritical(val);
-            } else if (name.equals(VAL_IS_CA)) {
-                ext = (BasicConstraintsExtension)
-                        getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
-                if (ext == null) {
-                    return;
-                }
-                Boolean isCA = Boolean.valueOf(value);
-
-                ext.set(BasicConstraintsExtension.IS_CA, isCA);
-            } else if (name.equals(VAL_PATH_LEN)) {
-                ext = (BasicConstraintsExtension)
-                        getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
-
-                if (ext == null) {
-                    return;
-                }
-                Integer pathLen = Integer.valueOf(value);
-
-                ext.set(BasicConstraintsExtension.PATH_LEN, pathLen);
-            } else {
-                throw new EPropertyException("Invalid name " + name);
-            }
-            replaceExtension(PKIXExtensions.BasicConstraints_Id.toString(),
-                    ext, info);
-        } catch (IOException e) {
-            CMS.debug("BasicConstraintsExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        } catch (EProfileException e) {
-            CMS.debug("BasicConstraintsExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        try {
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            BasicConstraintsExtension ext = (BasicConstraintsExtension)
-                    getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
-
-            if (ext == null) {
-                CMS.debug("BasicConstraintsExtDefault: getValue ext is null, populating a new one ");
-
-                try {
-                    populate(null, info);
-
-                } catch (EProfileException e) {
-                    CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString());
-                    throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-                }
-
-            }
-
-            if (name.equals(VAL_CRITICAL)) {
-                ext = (BasicConstraintsExtension)
-                        getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
-
-                if (ext == null) {
-                    return null;
-                }
-                if (ext.isCritical()) {
-                    return "true";
-                } else {
-                    return "false";
-                }
-            } else if (name.equals(VAL_IS_CA)) {
-                ext = (BasicConstraintsExtension)
-                        getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
-
-                if (ext == null) {
-                    return null;
-                }
-                Boolean isCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA);
-
-                return isCA.toString();
-            } else if (name.equals(VAL_PATH_LEN)) {
-                ext = (BasicConstraintsExtension)
-                        getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
-
-                if (ext == null) {
-                    return null;
-                }
-                Integer pathLen = (Integer)
-                        ext.get(BasicConstraintsExtension.PATH_LEN);
-
-                String pLen = null;
-
-                pLen = pathLen.toString();
-                if (pLen.equals("-2")) {
-                    //This is done for bug 621700.  Profile constraints actually checks for -1
-                    //The low level security class for some reason sets this to -2
-                    //This will allow the request to be approved successfuly by the agent.
-
-                    pLen = "-1";
-
-                }
-
-                CMS.debug("BasicConstriantsExtDefault getValue(pLen) " + pLen);
-
-                return pLen;
-
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } catch (IOException e) {
-            CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        String params[] = {
-                getConfig(CONFIG_CRITICAL),
-                getConfig(CONFIG_IS_CA),
-                getConfig(CONFIG_PATH_LEN)
-            };
-
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_BASIC_CONSTRAINTS_EXT", params);
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        BasicConstraintsExtension ext = createExtension();
-
-        addExtension(PKIXExtensions.BasicConstraints_Id.toString(), ext,
-                info);
-    }
-
-    public BasicConstraintsExtension createExtension() {
-        BasicConstraintsExtension ext = null;
-
-        boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)).booleanValue();
-        boolean isCA = Boolean.valueOf(getConfig(CONFIG_IS_CA)).booleanValue();
-        String pathLenStr = getConfig(CONFIG_PATH_LEN);
-
-        int pathLen = -2;
-
-        if (!pathLenStr.equals("")) {
-
-            pathLen = Integer.valueOf(pathLenStr).intValue();
-        }
-
-        try {
-            ext = new BasicConstraintsExtension(isCA, critical, pathLen);
-        } catch (Exception e) {
-            CMS.debug("BasicConstraintsExtDefault: createExtension " +
-                    e.toString());
-            return null;
-        }
-        ext.setCritical(critical);
-        return ext;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java b/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java
deleted file mode 100644
index 1d1d05ed5..000000000
--- a/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java
+++ /dev/null
@@ -1,106 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.KeyIdentifier;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.SubjectKeyIdentifierExtension;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-
-/**
- * This class implements an abstract CA specific
- * Enrollment default. This policy can only be
- * used with CA subsystem.
- *
- * @version $Revision$, $Date$
- */
-public abstract class CAEnrollDefault extends EnrollDefault {
-    public CAEnrollDefault() {
-    }
-
-    public KeyIdentifier getKeyIdentifier(X509CertInfo info) {
-        try {
-            CertificateX509Key ckey = (CertificateX509Key)
-                    info.get(X509CertInfo.KEY);
-            X509Key key = (X509Key) ckey.get(CertificateX509Key.KEY);
-            MessageDigest md = MessageDigest.getInstance("SHA-1");
-
-            md.update(key.getKey());
-            byte[] hash = md.digest();
-
-            return new KeyIdentifier(hash);
-        } catch (IOException e) {
-            CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " +
-                    e.toString());
-        } catch (CertificateException e) {
-            CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " +
-                    e.toString());
-        } catch (NoSuchAlgorithmException e) {
-            CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " +
-                    e.toString());
-        }
-        return null;
-    }
-
-    public KeyIdentifier getCAKeyIdentifier() {
-        ICertificateAuthority ca = (ICertificateAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-        X509CertImpl caCert = ca.getCACert();
-        if (caCert == null) {
-            // during configuration, we dont have the CA certificate
-            return null;
-        }
-        X509Key key = (X509Key) caCert.getPublicKey();
-
-        SubjectKeyIdentifierExtension subjKeyIdExt =
-                (SubjectKeyIdentifierExtension)
-                caCert.getExtension(PKIXExtensions.SubjectKey_Id.toString());
-        if (subjKeyIdExt != null) {
-            try {
-                KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt.get(
-                        SubjectKeyIdentifierExtension.KEY_ID);
-                return keyId;
-            } catch (IOException e) {
-            }
-        }
-
-        try {
-            MessageDigest md = MessageDigest.getInstance("SHA-1");
-
-            md.update(key.getKey());
-            byte[] hash = md.digest();
-
-            return new KeyIdentifier(hash);
-        } catch (NoSuchAlgorithmException e) {
-            CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " +
-                    e.toString());
-        }
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java b/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java
deleted file mode 100644
index 44ffd474f..000000000
--- a/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java
+++ /dev/null
@@ -1,348 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.text.ParsePosition;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.Locale;
-
-import netscape.security.x509.BasicConstraintsExtension;
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements a CA signing cert enrollment default policy
- * that populates a server-side configurable validity
- * into the certificate template.
- * It allows an agent to bypass the CA's signing cert's expiration constraint
- */
-public class CAValidityDefault extends EnrollDefault {
-    public static final String CONFIG_RANGE = "range";
-    public static final String CONFIG_START_TIME = "startTime";
-    public static final String CONFIG_BYPASS_CA_NOTAFTER = "bypassCAnotafter";
-
-    public static final String VAL_NOT_BEFORE = "notBefore";
-    public static final String VAL_NOT_AFTER = "notAfter";
-    public static final String VAL_BYPASS_CA_NOTAFTER = "bypassCAnotafter";
-
-    public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss";
-
-    private long mDefault = 86400000; // 1 days
-    public ICertificateAuthority mCA = null;
-
-    public CAValidityDefault() {
-        super();
-        addConfigName(CONFIG_RANGE);
-        addConfigName(CONFIG_START_TIME);
-        addConfigName(CONFIG_BYPASS_CA_NOTAFTER);
-
-        addValueName(VAL_NOT_BEFORE);
-        addValueName(VAL_NOT_AFTER);
-        addValueName(VAL_BYPASS_CA_NOTAFTER);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-        mCA = (ICertificateAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        if (name.equals(CONFIG_RANGE)) {
-            try {
-                Integer.parseInt(value);
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_RANGE));
-            }
-        } else if (name.equals(CONFIG_START_TIME)) {
-            try {
-                Integer.parseInt(value);
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_START_TIME));
-            }
-        }
-        super.setConfig(name, value);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_RANGE)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null,
-                    "7305", /* 20 years */
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_VALIDITY_RANGE"));
-        } else if (name.equals(CONFIG_START_TIME)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null,
-                    "60", /* 1 minute */
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_VALIDITY_START_TIME"));
-        } else if (name.equals(CONFIG_BYPASS_CA_NOTAFTER)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_BYPASS_CA_NOTAFTER"));
-
-        } else {
-            return null;
-        }
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_NOT_BEFORE)) {
-            return new Descriptor(IDescriptor.STRING, null, null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE"));
-        } else if (name.equals(VAL_NOT_AFTER)) {
-            return new Descriptor(IDescriptor.STRING, null, null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER"));
-        } else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_BYPASS_CA_NOTAFTER"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (value == null || value.equals("")) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        CMS.debug("CAValidityDefault: setValue name= " + name);
-
-        if (name.equals(VAL_NOT_BEFORE)) {
-            SimpleDateFormat formatter =
-                    new SimpleDateFormat(DATE_FORMAT);
-            ParsePosition pos = new ParsePosition(0);
-            Date date = formatter.parse(value, pos);
-            CertificateValidity validity = null;
-
-            try {
-                validity = (CertificateValidity)
-                        info.get(X509CertInfo.VALIDITY);
-                validity.set(CertificateValidity.NOT_BEFORE,
-                        date);
-            } catch (Exception e) {
-                CMS.debug("CAValidityDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } else if (name.equals(VAL_NOT_AFTER)) {
-            SimpleDateFormat formatter =
-                    new SimpleDateFormat(DATE_FORMAT);
-            ParsePosition pos = new ParsePosition(0);
-            Date date = formatter.parse(value, pos);
-            CertificateValidity validity = null;
-
-            try {
-                validity = (CertificateValidity)
-                        info.get(X509CertInfo.VALIDITY);
-                validity.set(CertificateValidity.NOT_AFTER,
-                        date);
-            } catch (Exception e) {
-                CMS.debug("CAValidityDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) {
-            boolean bypassCAvalidity = Boolean.valueOf(value).booleanValue();
-            CMS.debug("CAValidityDefault: setValue: bypassCAvalidity=" + bypassCAvalidity);
-
-            BasicConstraintsExtension ext = (BasicConstraintsExtension)
-                    getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
-
-            if (ext == null) {
-                CMS.debug("CAValidityDefault: setValue: this default cannot be applied to non-CA cert.");
-                return;
-            }
-            try {
-                Boolean isCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA);
-                if (isCA.booleanValue() != true) {
-                    CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert.");
-                    return;
-                }
-            } catch (Exception e) {
-                CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert." + e.toString());
-                return;
-            }
-
-            CertificateValidity validity = null;
-            Date notAfter = null;
-            try {
-                validity = (CertificateValidity)
-                        info.get(X509CertInfo.VALIDITY);
-                notAfter = (Date) validity.get(CertificateValidity.NOT_AFTER);
-            } catch (Exception e) {
-                CMS.debug("CAValidityDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            // not to exceed CA's expiration
-            Date caNotAfter =
-                    mCA.getSigningUnit().getCertImpl().getNotAfter();
-
-            if (notAfter.after(caNotAfter)) {
-                if (bypassCAvalidity == false) {
-                    notAfter = caNotAfter;
-                    CMS.debug("CAValidityDefault: setValue: bypassCAvalidity off. reset notAfter to caNotAfter. reset ");
-                } else {
-                    CMS.debug("CAValidityDefault: setValue: bypassCAvalidity on.  notAfter is after caNotAfter. no reset");
-                }
-            }
-            try {
-                validity.set(CertificateValidity.NOT_AFTER,
-                        notAfter);
-            } catch (Exception e) {
-                CMS.debug("CAValidityDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-
-        if (name == null)
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-
-        CMS.debug("CAValidityDefault: getValue: name= " + name);
-        if (name.equals(VAL_NOT_BEFORE)) {
-            SimpleDateFormat formatter =
-                    new SimpleDateFormat(DATE_FORMAT);
-            CertificateValidity validity = null;
-
-            try {
-                validity = (CertificateValidity)
-                        info.get(X509CertInfo.VALIDITY);
-                return formatter.format((Date)
-                        validity.get(CertificateValidity.NOT_BEFORE));
-            } catch (Exception e) {
-                CMS.debug("CAValidityDefault: getValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } else if (name.equals(VAL_NOT_AFTER)) {
-            SimpleDateFormat formatter =
-                    new SimpleDateFormat(DATE_FORMAT);
-            CertificateValidity validity = null;
-
-            try {
-                validity = (CertificateValidity)
-                        info.get(X509CertInfo.VALIDITY);
-                return formatter.format((Date)
-                        validity.get(CertificateValidity.NOT_AFTER));
-            } catch (Exception e) {
-                CMS.debug("CAValidityDefault: getValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) {
-            return "false";
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-    }
-
-    public String getText(Locale locale) {
-        String params[] = {
-                getConfig(CONFIG_RANGE),
-                getConfig(CONFIG_BYPASS_CA_NOTAFTER)
-            };
-
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", params);
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-
-        // always + 60 seconds
-        String startTimeStr = getConfig(CONFIG_START_TIME);
-        try {
-            startTimeStr = mapPattern(request, startTimeStr);
-        } catch (IOException e) {
-            CMS.debug("CAValidityDefault: populate " + e.toString());
-        }
-
-        if (startTimeStr == null || startTimeStr.equals("")) {
-            startTimeStr = "60";
-        }
-        int startTime = Integer.parseInt(startTimeStr);
-        Date notBefore = new Date(CMS.getCurrentDate().getTime() + (1000 * startTime));
-        long notAfterVal = 0;
-
-        try {
-            String rangeStr = getConfig(CONFIG_RANGE);
-            rangeStr = mapPattern(request, rangeStr);
-            notAfterVal = notBefore.getTime() +
-                    (mDefault * Integer.parseInt(rangeStr));
-        } catch (Exception e) {
-            // configured value is not correct
-            CMS.debug("CAValidityDefault: populate " + e.toString());
-            throw new EProfileException(CMS.getUserMessage(
-                        getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE));
-        }
-        Date notAfter = new Date(notAfterVal);
-
-        CertificateValidity validity =
-                new CertificateValidity(notBefore, notAfter);
-
-        try {
-            info.set(X509CertInfo.VALIDITY, validity);
-        } catch (Exception e) {
-            // failed to insert subject name
-            CMS.debug("CAValidityDefault: populate " + e.toString());
-            throw new EProfileException(CMS.getUserMessage(
-                        getLocale(request), "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY));
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java b/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java
deleted file mode 100644
index 4bbd215a2..000000000
--- a/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java
+++ /dev/null
@@ -1,696 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import netscape.security.util.BitArray;
-import netscape.security.x509.CRLDistributionPoint;
-import netscape.security.x509.CRLDistributionPointsExtension;
-import netscape.security.x509.CRLDistributionPointsExtension.Reason;
-import netscape.security.x509.GeneralName;
-import netscape.security.x509.GeneralNames;
-import netscape.security.x509.GeneralNamesException;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.RDN;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a CRL Distribution points extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "crlDistPointsCritical";
-    public static final String CONFIG_NUM_POINTS = "crlDistPointsNum";
-    public static final String CONFIG_POINT_TYPE = "crlDistPointsPointType_";
-    public static final String CONFIG_POINT_NAME = "crlDistPointsPointName_";
-    public static final String CONFIG_REASONS = "crlDistPointsReasons_";
-    public static final String CONFIG_ISSUER_TYPE = "crlDistPointsIssuerType_";
-    public static final String CONFIG_ISSUER_NAME = "crlDistPointsIssuerName_";
-    public static final String CONFIG_ENABLE = "crlDistPointsEnable_";
-
-    public static final String VAL_CRITICAL = "crlDistPointsCritical";
-    public static final String VAL_CRL_DISTRIBUTION_POINTS = "crlDistPointsValue";
-
-    private static final String REASONS = "Reasons";
-    private static final String POINT_TYPE = "Point Type";
-    private static final String POINT_NAME = "Point Name";
-    private static final String ISSUER_TYPE = "Issuer Type";
-    private static final String ISSUER_NAME = "Issuer Name";
-    private static final String ENABLE = "Enable";
-
-    private static final String RELATIVETOISSUER = "RelativeToIssuer";
-
-    private static final int DEF_NUM_POINTS = 1;
-    private static final int MAX_NUM_POINTS = 100;
-
-    public CRLDistributionPointsExtDefault() {
-        super();
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-        refreshConfigAndValueNames();
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        int num = 0;
-        if (name.equals(CONFIG_NUM_POINTS)) {
-            try {
-                num = Integer.parseInt(value);
-
-                if (num >= MAX_NUM_POINTS || num < 0) {
-                    throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS));
-                }
-
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS));
-            }
-        }
-        super.setConfig(name, value);
-    }
-
-    public Enumeration<String> getConfigNames() {
-        refreshConfigAndValueNames();
-        return super.getConfigNames();
-    }
-
-    protected void refreshConfigAndValueNames() {
-        super.refreshConfigAndValueNames();
-
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_CRL_DISTRIBUTION_POINTS);
-
-        addConfigName(CONFIG_CRITICAL);
-        int num = getNumPoints();
-
-        addConfigName(CONFIG_NUM_POINTS);
-        for (int i = 0; i < num; i++) {
-            addConfigName(CONFIG_POINT_TYPE + i);
-            addConfigName(CONFIG_POINT_NAME + i);
-            addConfigName(CONFIG_REASONS + i);
-            addConfigName(CONFIG_ISSUER_TYPE + i);
-            addConfigName(CONFIG_ISSUER_NAME + i);
-            addConfigName(CONFIG_ENABLE + i);
-        }
-    }
-
-    protected int getNumPoints() {
-        int num = DEF_NUM_POINTS;
-        String val = getConfig(CONFIG_NUM_POINTS);
-
-        if (val != null) {
-            try {
-                num = Integer.parseInt(val);
-            } catch (NumberFormatException e) {
-                // ignore
-            }
-        }
-
-        if (num >= MAX_NUM_POINTS)
-            num = DEF_NUM_POINTS;
-
-        return num;
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.startsWith(CONFIG_POINT_TYPE)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE"));
-        } else if (name.startsWith(CONFIG_POINT_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME"));
-        } else if (name.startsWith(CONFIG_REASONS)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_REASONS"));
-        } else if (name.startsWith(CONFIG_ISSUER_TYPE)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE"));
-        } else if (name.startsWith(CONFIG_ISSUER_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME"));
-        } else if (name.startsWith(CONFIG_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
-        } else if (name.startsWith(CONFIG_NUM_POINTS)) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    "1",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS"));
-
-        } else {
-            return null;
-        }
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        try {
-            CRLDistributionPointsExtension ext = null;
-
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            ext = (CRLDistributionPointsExtension)
-                        getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
-                                info);
-
-            if (ext == null) {
-                populate(locale, info);
-            }
-
-            if (name.equals(VAL_CRITICAL)) {
-                ext = (CRLDistributionPointsExtension)
-                        getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
-                                info);
-                boolean val = Boolean.valueOf(value).booleanValue();
-
-                if (ext == null) {
-                    return;
-                }
-                ext.setCritical(val);
-            } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
-                ext = (CRLDistributionPointsExtension)
-                        getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
-                                info);
-
-                if (ext == null) {
-                    return;
-                }
-                Vector<NameValuePairs> v = parseRecords(value);
-                int size = v.size();
-
-                boolean critical = ext.isCritical();
-                int i = 0;
-
-                for (; i < size; i++) {
-                    NameValuePairs nvps = v.elementAt(i);
-                    String pointType = null;
-                    String pointValue = null;
-                    String issuerType = null;
-                    String issuerValue = null;
-                    String enable = null;
-                    CRLDistributionPoint cdp = new CRLDistributionPoint();
-
-                    for (String name1 : nvps.keySet()) {
-
-                        if (name1.equals(REASONS)) {
-                            addReasons(locale, cdp, REASONS, nvps.get(name1));
-                        } else if (name1.equals(POINT_TYPE)) {
-                            pointType = nvps.get(name1);
-                        } else if (name1.equals(POINT_NAME)) {
-                            pointValue = nvps.get(name1);
-                        } else if (name1.equals(ISSUER_TYPE)) {
-                            issuerType = nvps.get(name1);
-                        } else if (name1.equals(ISSUER_NAME)) {
-                            issuerValue = nvps.get(name1);
-                        } else if (name1.equals(ENABLE)) {
-                            enable = nvps.get(name1);
-                        }
-                    }
-
-                    if (enable != null && enable.equals("true")) {
-                        if (pointType != null)
-                            addCRLPoint(locale, cdp, pointType, pointValue);
-                        if (issuerType != null)
-                            addIssuer(locale, cdp, issuerType, issuerValue);
-
-                        // this is the first distribution point
-                        if (i == 0) {
-                            ext = new CRLDistributionPointsExtension(cdp);
-                            ext.setCritical(critical);
-                        } else {
-                            ext.addPoint(cdp);
-                        }
-                    }
-                }
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            replaceExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
-                    ext, info);
-        } catch (EProfileException e) {
-            CMS.debug("CRLDistributionPointsExtDefault: setValue " +
-                    e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type,
-            String value) throws EPropertyException {
-        try {
-            if (value == null || value.length() == 0)
-                return;
-
-            if (type.equals(RELATIVETOISSUER)) {
-                cdp.setRelativeName(new RDN(value));
-            } else if (isGeneralNameType(type)) {
-                GeneralNames gen = new GeneralNames();
-                gen.addElement(parseGeneralName(type, value));
-                cdp.setFullName(gen);
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", type));
-            }
-        } catch (IOException e) {
-            CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " +
-                    e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", type));
-        } catch (GeneralNamesException e) {
-            CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " +
-                    e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", type));
-        }
-    }
-
-    private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type,
-            String value) throws EPropertyException {
-        if (value == null || value.length() == 0)
-            return;
-        try {
-            if (isGeneralNameType(type)) {
-                GeneralNames gen = new GeneralNames();
-
-                gen.addElement(parseGeneralName(type, value));
-                cdp.setCRLIssuer(gen);
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", type));
-            }
-        } catch (IOException e) {
-            CMS.debug("CRLDistributionPointsExtDefault: addIssuer " +
-                    e.toString());
-        } catch (GeneralNamesException e) {
-            CMS.debug("CRLDistributionPointsExtDefault: addIssuer " +
-                    e.toString());
-        }
-    }
-
-    private void addReasons(Locale locale, CRLDistributionPoint cdp, String type,
-            String value) throws EPropertyException {
-        if (value == null || value.length() == 0)
-            return;
-        if (type.equals(REASONS)) {
-            if (value != null && !value.equals("")) {
-                StringTokenizer st = new StringTokenizer(value, ", \t");
-                byte reasonBits = 0;
-
-                while (st.hasMoreTokens()) {
-                    String s = st.nextToken();
-                    Reason r = Reason.fromString(s);
-
-                    if (r == null) {
-                        CMS.debug("CRLDistributeionPointsExtDefault: addReasons Unknown reason: " + s);
-                        throw new EPropertyException(CMS.getUserMessage(
-                                    locale, "CMS_INVALID_PROPERTY", s));
-                    } else {
-                        reasonBits |= r.getBitMask();
-                    }
-                }
-
-                if (reasonBits != 0) {
-                    BitArray ba = new BitArray(8, new byte[] { reasonBits }
-                            );
-
-                    cdp.setReasons(ba);
-                }
-            }
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", type));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        CRLDistributionPointsExtension ext = null;
-
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-        ext = (CRLDistributionPointsExtension)
-                    getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
-                            info);
-
-        if (ext == null) {
-            try {
-                populate(locale, info);
-
-            } catch (EProfileException e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-            }
-        }
-
-        if (name.equals(VAL_CRITICAL)) {
-            ext = (CRLDistributionPointsExtension)
-                    getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
-                            info);
-
-            if (ext == null) {
-                return null;
-            }
-            if (ext.isCritical()) {
-                return "true";
-            } else {
-                return "false";
-            }
-        } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
-            ext = (CRLDistributionPointsExtension)
-                    getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
-                            info);
-
-            if (ext == null)
-                return "";
-
-            Vector<NameValuePairs> recs = new Vector<NameValuePairs>();
-            int num = getNumPoints();
-
-            for (int i = 0; i < num; i++) {
-                NameValuePairs pairs = null;
-
-                if (i < ext.getNumPoints()) {
-                    CRLDistributionPoint p = ext.getPointAt(i);
-                    GeneralNames gns = p.getFullName();
-
-                    pairs = buildGeneralNames(gns, p);
-                    recs.addElement(pairs);
-                } else {
-                    pairs = buildEmptyGeneralNames();
-                    recs.addElement(pairs);
-                }
-            }
-
-            return buildRecords(recs);
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    protected NameValuePairs buildEmptyGeneralNames() {
-        NameValuePairs pairs = new NameValuePairs();
-
-        pairs.put(POINT_TYPE, "");
-        pairs.put(POINT_NAME, "");
-        pairs.put(REASONS, "");
-        pairs.put(ISSUER_TYPE, "");
-        pairs.put(ISSUER_NAME, "");
-        pairs.put(ENABLE, "false");
-        return pairs;
-    }
-
-    protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p)
-            throws EPropertyException {
-
-        NameValuePairs pairs = new NameValuePairs();
-
-        RDN rdn = null;
-        boolean hasFullName = false;
-
-        pairs.put(ENABLE, "true");
-        if (gns == null) {
-            rdn = p.getRelativeName();
-            if (rdn != null) {
-                hasFullName = true;
-                pairs.put(POINT_TYPE, RELATIVETOISSUER);
-                pairs.put(POINT_NAME, rdn.toString());
-            } else {
-                pairs.put(POINT_TYPE, "");
-                pairs.put(POINT_NAME, "");
-            }
-        } else {
-            GeneralName gn = (GeneralName) gns.elementAt(0);
-
-            if (gn != null) {
-                hasFullName = true;
-
-                pairs.put(POINT_TYPE, getGeneralNameType(gn));
-                pairs.put(POINT_NAME, getGeneralNameValue(gn));
-            }
-        }
-
-        if (!hasFullName) {
-            pairs.put(POINT_TYPE, GN_DIRECTORY_NAME);
-            pairs.put(POINT_NAME, "");
-        }
-
-        BitArray reasons = p.getReasons();
-        String s = convertBitArrayToReasonNames(reasons);
-
-        if (s.length() > 0) {
-            pairs.put(REASONS, s);
-        } else {
-            pairs.put(REASONS, "");
-        }
-
-        gns = p.getCRLIssuer();
-
-        if (gns == null) {
-            pairs.put(ISSUER_TYPE, GN_DIRECTORY_NAME);
-            pairs.put(ISSUER_NAME, "");
-        } else {
-            GeneralName gn = (GeneralName) gns.elementAt(0);
-
-            if (gn != null) {
-                hasFullName = true;
-
-                pairs.put(ISSUER_TYPE, getGeneralNameType(gn));
-                pairs.put(ISSUER_NAME, getGeneralNameValue(gn));
-            }
-        }
-        return pairs;
-    }
-
-    private String convertBitArrayToReasonNames(BitArray reasons) {
-        StringBuffer sb = new StringBuffer();
-
-        if (reasons != null) {
-            byte[] b = reasons.toByteArray();
-            Reason[] reasonArray = Reason.bitArrayToReasonArray(b);
-
-            for (int i = 0; i < reasonArray.length; i++) {
-                if (sb.length() > 0)
-                    sb.append(",");
-                sb.append(reasonArray[i].getName());
-            }
-        }
-
-        return sb.toString();
-    }
-
-    public String getText(Locale locale) {
-        StringBuffer sb = new StringBuffer();
-        int num = getNumPoints();
-
-        for (int i = 0; i < num; i++) {
-            sb.append("Record #");
-            sb.append(i);
-            sb.append("{");
-            sb.append(POINT_TYPE + ":");
-            sb.append(getConfig(CONFIG_POINT_TYPE + i));
-            sb.append(",");
-            sb.append(POINT_NAME + ":");
-            sb.append(getConfig(CONFIG_POINT_NAME + i));
-            sb.append(",");
-            sb.append(REASONS + ":");
-            sb.append(getConfig(CONFIG_REASONS + i));
-            sb.append(",");
-            sb.append(ISSUER_TYPE + ":");
-            sb.append(getConfig(CONFIG_ISSUER_TYPE + i));
-            sb.append(",");
-            sb.append(ISSUER_NAME + ":");
-            sb.append(getConfig(CONFIG_ISSUER_NAME + i));
-            sb.append(",");
-            sb.append(ENABLE + ":");
-            sb.append(getConfig(CONFIG_ENABLE + i));
-            sb.append("}");
-        }
-        return CMS.getUserMessage(locale,
-                "CMS_PROFILE_DEF_CRL_DIST_POINTS_EXT",
-                getConfig(CONFIG_CRITICAL),
-                sb.toString());
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    private void populate(Locale locale, X509CertInfo info)
-            throws EProfileException {
-        CRLDistributionPointsExtension ext = createExtension(locale);
-
-        if (ext == null)
-            return;
-        addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
-                ext, info);
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        CRLDistributionPointsExtension ext = createExtension(request);
-
-        if (ext == null)
-            return;
-        addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
-                ext, info);
-    }
-
-    public CRLDistributionPointsExtension createExtension(IRequest request) {
-        CRLDistributionPointsExtension ext = null;
-        int num = 0;
-
-        try {
-            boolean critical = getConfigBoolean(CONFIG_CRITICAL);
-
-            num = getNumPoints();
-            for (int i = 0; i < num; i++) {
-                CRLDistributionPoint cdp = new CRLDistributionPoint();
-
-                String enable = getConfig(CONFIG_ENABLE + i);
-                String pointType = getConfig(CONFIG_POINT_TYPE + i);
-                String pointName = getConfig(CONFIG_POINT_NAME + i);
-                String reasons = getConfig(CONFIG_REASONS + i);
-                String issuerType = getConfig(CONFIG_ISSUER_TYPE + i);
-                String issuerName = getConfig(CONFIG_ISSUER_NAME + i);
-
-                if (enable != null && enable.equals("true")) {
-                    if (pointType != null)
-                        addCRLPoint(getLocale(request), cdp, pointType, pointName);
-                    if (issuerType != null)
-                        addIssuer(getLocale(request), cdp, issuerType, issuerName);
-                    if (reasons != null)
-                        addReasons(getLocale(request), cdp, REASONS, reasons);
-
-                    if (i == 0) {
-                        ext = new CRLDistributionPointsExtension(cdp);
-                        ext.setCritical(critical);
-                    } else {
-                        ext.addPoint(cdp);
-                    }
-                }
-            }
-        } catch (Exception e) {
-            CMS.debug("CRLDistribtionPointsExtDefault: createExtension " +
-                    e.toString());
-            CMS.debug(e);
-        }
-
-        return ext;
-    }
-
-    private CRLDistributionPointsExtension createExtension(Locale locale) {
-        CRLDistributionPointsExtension ext = null;
-        int num = 0;
-
-        try {
-            boolean critical = getConfigBoolean(CONFIG_CRITICAL);
-
-            num = getNumPoints();
-            for (int i = 0; i < num; i++) {
-                CRLDistributionPoint cdp = new CRLDistributionPoint();
-
-                String enable = getConfig(CONFIG_ENABLE + i);
-                String pointType = getConfig(CONFIG_POINT_TYPE + i);
-                String pointName = getConfig(CONFIG_POINT_NAME + i);
-                String reasons = getConfig(CONFIG_REASONS + i);
-                String issuerType = getConfig(CONFIG_ISSUER_TYPE + i);
-                String issuerName = getConfig(CONFIG_ISSUER_NAME + i);
-
-                if (enable != null && enable.equals("true")) {
-                    if (pointType != null)
-                        addCRLPoint(locale, cdp, pointType, pointName);
-                    if (issuerType != null)
-                        addIssuer(locale, cdp, issuerType, issuerName);
-                    addReasons(locale, cdp, REASONS, reasons);
-
-                    if (i == 0) {
-                        ext = new CRLDistributionPointsExtension(cdp);
-                        ext.setCritical(critical);
-                    } else {
-                        ext.addPoint(cdp);
-                    }
-                }
-            }
-        } catch (Exception e) {
-            CMS.debug("CRLDistribtionPointsExtDefault: createExtension " +
-                    e.toString());
-            CMS.debug(e);
-        }
-
-        return ext;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java b/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java
deleted file mode 100644
index 9629e4990..000000000
--- a/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java
+++ /dev/null
@@ -1,793 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.CPSuri;
-import netscape.security.x509.CertificatePoliciesExtension;
-import netscape.security.x509.CertificatePolicyId;
-import netscape.security.x509.CertificatePolicyInfo;
-import netscape.security.x509.DisplayText;
-import netscape.security.x509.NoticeReference;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.PolicyQualifiers;
-import netscape.security.x509.Qualifier;
-import netscape.security.x509.UserNotice;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a policy mappings extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class CertificatePoliciesExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "Critical";
-    public static final String CONFIG_PREFIX = "PoliciesExt.certPolicy";
-    public static final String CONFIG_PREFIX1 = "PolicyQualifiers";
-    public static final String CONFIG_POLICY_ENABLE = "enable";
-    public static final String CONFIG_POLICY_NUM = "PoliciesExt.num";
-    public static final String CONFIG_POLICY_ID = "policyId";
-    public static final String CONFIG_POLICY_QUALIFIERS_NUM = "PolicyQualifiers.num";
-    public static final String CONFIG_CPSURI_ENABLE = "CPSURI.enable";
-    public static final String CONFIG_USERNOTICE_ENABLE = "usernotice.enable";
-    public static final String CONFIG_CPSURI_VALUE = "CPSURI.value";
-    public static final String CONFIG_USERNOTICE_ORG = "usernotice.noticeReference.organization";
-    public static final String CONFIG_USERNOTICE_NUMBERS = "usernotice.noticeReference.noticeNumbers";
-    public static final String CONFIG_USERNOTICE_TEXT = "usernotice.explicitText.value";
-
-    public static final String VAL_CRITICAL = "Critical";
-    public static final String VAL_POLICY_QUALIFIERS = "policyQualifiers";
-
-    private static final String SEPARATOR = ".";
-    private static final int DEF_NUM_POLICIES = 5;
-    private static final int DEF_NUM_QUALIFIERS = 1;
-    private static final int MAX_NUM_POLICIES = 20;
-    private static final String POLICY_ID_ENABLE = "Enable";
-    private static final String POLICY_ID = "Policy Id";
-    private static final String POLICY_QUALIFIER_CPSURI_ENABLE = "CPSuri Enable";
-    private static final String POLICY_QUALIFIER_USERNOTICE_ENABLE = "UserNotice Enable";
-    private static final String USERNOTICE_REF_ORG = "UserNoticeReference Organization";
-    private static final String USERNOTICE_REF_NUMBERS = "UserNoticeReference Numbers";
-    private static final String USERNOTICE_EXPLICIT_TEXT = "UserNoticeReference Explicit Text";
-    private static final String CPSURI = "CPS uri";
-
-    public CertificatePoliciesExtDefault() {
-        super();
-    }
-
-    protected int getNumPolicies() {
-        int num = DEF_NUM_POLICIES;
-        String numPolicies = getConfig(CONFIG_POLICY_NUM);
-
-        if (numPolicies != null) {
-            try {
-                num = Integer.parseInt(numPolicies);
-            } catch (NumberFormatException e) {
-                // ignore
-            }
-        }
-
-        if (num >= MAX_NUM_POLICIES)
-            num = DEF_NUM_POLICIES;
-        return num;
-    }
-
-    protected int getNumQualifiers() {
-        int num = DEF_NUM_QUALIFIERS;
-        String numQualifiers = getConfig(CONFIG_POLICY_QUALIFIERS_NUM);
-        if (numQualifiers != null) {
-            try {
-                num = Integer.parseInt(numQualifiers);
-            } catch (NumberFormatException e) {
-                // ignore
-            }
-        }
-        return num;
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-
-        refreshConfigAndValueNames();
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        int num = 0;
-        if (name.equals(CONFIG_POLICY_NUM)) {
-            try {
-                num = Integer.parseInt(value);
-
-                if (num >= MAX_NUM_POLICIES || num < 0) {
-                    throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM));
-                }
-
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM));
-            }
-        }
-        super.setConfig(name, value);
-    }
-
-    public Enumeration<String> getConfigNames() {
-        refreshConfigAndValueNames();
-        return super.getConfigNames();
-    }
-
-    protected void refreshConfigAndValueNames() {
-
-        super.refreshConfigAndValueNames();
-
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_POLICY_QUALIFIERS);
-
-        addConfigName(CONFIG_CRITICAL);
-        int num = getNumPolicies();
-        int numQualifiers = getNumQualifiers();
-
-        addConfigName(CONFIG_POLICY_NUM);
-
-        for (int i = 0; i < num; i++) {
-            addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID);
-            addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE);
-            for (int j = 0; j < numQualifiers; j++) {
-                addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE);
-                addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE);
-                addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE);
-                addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG);
-                addConfigName(CONFIG_PREFIX
-                        + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS);
-                addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT);
-            }
-        }
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.indexOf(CONFIG_POLICY_ID) >= 0) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_ID"));
-        } else if (name.indexOf(CONFIG_CPSURI_ENABLE) >= 0) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_CPSURI_ENABLE"));
-        } else if (name.indexOf(CONFIG_USERNOTICE_ENABLE) >= 0) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_USERNOTICE_ENABLE"));
-        } else if (name.indexOf(CONFIG_POLICY_ENABLE) >= 0) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CERTIFICATE_POLICY_ENABLE"));
-        } else if (name.indexOf(CONFIG_POLICY_QUALIFIERS_NUM) >= 0) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    "1",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_NUM"));
-        } else if (name.indexOf(CONFIG_USERNOTICE_ORG) >= 0) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_USERNOTICE_REF_ORG"));
-        } else if (name.indexOf(CONFIG_USERNOTICE_NUMBERS) >= 0) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_USERNOTICE_REF_NUMBERS"));
-        } else if (name.indexOf(CONFIG_USERNOTICE_TEXT) >= 0) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_USERNOTICE_EXPLICIT_TEXT"));
-        } else if (name.indexOf(CONFIG_CPSURI_VALUE) >= 0) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_CPSURI"));
-        } else if (name.indexOf(CONFIG_POLICY_NUM) >= 0) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    "5",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICIES"));
-        }
-        return null;
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_POLICY_QUALIFIERS)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIERS"));
-        }
-        return null;
-    }
-
-    private Hashtable<String, String> buildRecords(String value) throws EPropertyException {
-        StringTokenizer st = new StringTokenizer(value, "\r\n");
-        Hashtable<String, String> table = new Hashtable<String, String>();
-        while (st.hasMoreTokens()) {
-            String token = st.nextToken();
-            int index = token.indexOf(":");
-            if (index <= 0)
-                throw new EPropertyException(CMS.getUserMessage(
-                        "CMS_INVALID_PROPERTY", token));
-            String name = token.substring(0, index);
-            String val = "";
-            if ((token.length() - 1) > index) {
-                val = token.substring(index + 1);
-            }
-            table.put(name, val);
-        }
-
-        return table;
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        try {
-            CertificatePoliciesExtension ext = null;
-
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-            if (name.equals(VAL_CRITICAL)) {
-                ext = (CertificatePoliciesExtension)
-                        getExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
-                                info);
-                boolean val = Boolean.valueOf(value).booleanValue();
-
-                ext.setCritical(val);
-            } else if (name.equals(VAL_POLICY_QUALIFIERS)) {
-                ext = (CertificatePoliciesExtension)
-                        getExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
-                                info);
-
-                Hashtable<String, String> h = buildRecords(value);
-
-                String numStr = h.get(CONFIG_POLICY_NUM);
-                int size = Integer.parseInt(numStr);
-
-                Vector<CertificatePolicyInfo> certificatePolicies = new Vector<CertificatePolicyInfo>();
-                for (int i = 0; i < size; i++) {
-                    String enable = h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE);
-                    CertificatePolicyInfo cinfo = null;
-                    if (enable != null && enable.equals("true")) {
-                        String policyId = h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID);
-
-                        if (policyId == null || policyId.length() == 0)
-                            throw new EPropertyException(CMS.getUserMessage(
-                                        locale, "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID"));
-                        CertificatePolicyId cpolicyId = getPolicyId(policyId);
-
-                        String qualifersNum =
-                                h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM);
-                        PolicyQualifiers policyQualifiers = new PolicyQualifiers();
-                        int num = 0;
-                        if (qualifersNum != null && qualifersNum.length() > 0)
-                            num = Integer.parseInt(qualifersNum);
-                        for (int j = 0; j < num; j++) {
-                            String cpsuriEnable =
-                                    h.get(CONFIG_PREFIX
-                                    + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE);
-                            String usernoticeEnable =
-                                    h.get(CONFIG_PREFIX
-                                            + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR
-                                            + CONFIG_USERNOTICE_ENABLE);
-                            if (cpsuriEnable != null && cpsuriEnable.equals("true")) {
-                                String cpsuri =
-                                        h.get(CONFIG_PREFIX
-                                        + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE);
-                                netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri);
-                                if (qualifierInfo != null)
-                                    policyQualifiers.add(qualifierInfo);
-                            } else if (usernoticeEnable != null && enable.equals("true")) {
-                                String org =
-                                        h.get(CONFIG_PREFIX
-                                        + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR
-                                        + CONFIG_USERNOTICE_ORG);
-                                String noticenumbers =
-                                        h.get(CONFIG_PREFIX
-                                        + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR
-                                        + CONFIG_USERNOTICE_NUMBERS);
-                                String explicitText =
-                                        h.get(CONFIG_PREFIX
-                                        + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR
-                                        + CONFIG_USERNOTICE_TEXT);
-                                netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org,
-                                        noticenumbers, explicitText);
-                                if (qualifierInfo != null)
-                                    policyQualifiers.add(qualifierInfo);
-                            }
-                        }
-
-                        if (policyQualifiers.size() <= 0) {
-                            cinfo = new CertificatePolicyInfo(cpolicyId);
-                        } else {
-                            cinfo = new CertificatePolicyInfo(cpolicyId, policyQualifiers);
-                        }
-                        if (cinfo != null)
-                            certificatePolicies.addElement(cinfo);
-                    }
-                }
-
-                ext.set(CertificatePoliciesExtension.INFOS, certificatePolicies);
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            replaceExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
-                    ext, info);
-        } catch (EProfileException e) {
-            CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        } catch (IOException e) {
-            CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    @SuppressWarnings("unchecked")
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        CertificatePoliciesExtension ext = null;
-
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-        if (name.equals(VAL_CRITICAL)) {
-            ext = (CertificatePoliciesExtension)
-                    getExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
-                            info);
-
-            if (ext == null) {
-                return null;
-            }
-            if (ext.isCritical()) {
-                return "true";
-            } else {
-                return "false";
-            }
-        } else if (name.equals(VAL_POLICY_QUALIFIERS)) {
-            ext = (CertificatePoliciesExtension)
-                    getExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
-                            info);
-
-            if (ext == null)
-                return "";
-
-            StringBuffer sb = new StringBuffer();
-            int num_policies = getNumPolicies();
-            sb.append(CONFIG_POLICY_NUM);
-            sb.append(":");
-            sb.append(num_policies);
-            sb.append("\n");
-            Vector<CertificatePolicyInfo> infos;
-
-            try {
-                infos = (Vector<CertificatePolicyInfo>) ext.get(CertificatePoliciesExtension.INFOS);
-            } catch (IOException ee) {
-                infos = null;
-            }
-
-            for (int i = 0; i < num_policies; i++) {
-                int qSize = 0;
-                String policyId = "";
-                String policyEnable = "false";
-                PolicyQualifiers qualifiers = null;
-                if (infos.size() > 0) {
-                    CertificatePolicyInfo cinfo =
-                            infos.elementAt(0);
-
-                    CertificatePolicyId id1 = cinfo.getPolicyIdentifier();
-                    policyId = id1.getIdentifier().toString();
-                    policyEnable = "true";
-                    qualifiers = cinfo.getPolicyQualifiers();
-                    if (qualifiers != null)
-                        qSize = qualifiers.size();
-                    infos.removeElementAt(0);
-                }
-                sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE);
-                sb.append(":");
-                sb.append(policyEnable);
-                sb.append("\n");
-                sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID);
-                sb.append(":");
-                sb.append(policyId);
-                sb.append("\n");
-
-                if (qSize == 0) {
-                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM);
-                    sb.append(":");
-                    sb.append(DEF_NUM_QUALIFIERS);
-                    sb.append("\n");
-                } else {
-                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM);
-                    sb.append(":");
-                    sb.append(qSize);
-                    sb.append("\n");
-                }
-                if (qSize == 0) {
-                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_CPSURI_ENABLE);
-                    sb.append(":");
-                    sb.append("false");
-                    sb.append("\n");
-                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_CPSURI_VALUE);
-                    sb.append(":");
-                    sb.append("");
-                    sb.append("\n");
-                    sb.append(CONFIG_PREFIX
-                            + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_ENABLE);
-                    sb.append(":");
-                    sb.append("false");
-                    sb.append("\n");
-                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_ORG);
-                    sb.append(":");
-                    sb.append("");
-                    sb.append("\n");
-                    sb.append(CONFIG_PREFIX
-                            + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_NUMBERS);
-                    sb.append(":");
-                    sb.append("");
-                    sb.append("\n");
-                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_TEXT);
-                    sb.append(":");
-                    sb.append("");
-                    sb.append("\n");
-                }
-
-                for (int j = 0; j < qSize; j++) {
-                    netscape.security.x509.PolicyQualifierInfo qinfo = qualifiers.getInfoAt(j);
-                    ObjectIdentifier oid = qinfo.getId();
-                    Qualifier qualifier = qinfo.getQualifier();
-
-                    String cpsuriEnable = "false";
-                    String usernoticeEnable = "false";
-                    String cpsuri = "";
-                    String org = "";
-                    StringBuffer noticeNum = new StringBuffer();
-                    String explicitText = "";
-
-                    if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_CPS.toString())) {
-                        cpsuriEnable = "true";
-                        CPSuri content = (CPSuri) qualifier;
-                        cpsuri = content.getURI();
-                    } else if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE.toString())) {
-                        usernoticeEnable = "true";
-                        UserNotice content = (UserNotice) qualifier;
-                        NoticeReference ref = content.getNoticeReference();
-                        if (ref != null) {
-                            org = ref.getOrganization().getText();
-                            int[] nums = ref.getNumbers();
-                            for (int k = 0; k < nums.length; k++) {
-                                if (k != 0) {
-                                    noticeNum.append(",");
-                                    noticeNum.append(nums[k]);
-                                } else
-                                    noticeNum.append(nums[k]);
-                            }
-                        }
-                        DisplayText displayText = content.getDisplayText();
-                        if (displayText != null)
-                            explicitText = displayText.getText();
-                    }
-
-                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE);
-                    sb.append(":");
-                    sb.append(cpsuriEnable);
-                    sb.append("\n");
-                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE);
-                    sb.append(":");
-                    sb.append(cpsuri);
-                    sb.append("\n");
-                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE);
-                    sb.append(":");
-                    sb.append(usernoticeEnable);
-                    sb.append("\n");
-                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG);
-                    sb.append(":");
-                    sb.append(org);
-                    sb.append("\n");
-                    sb.append(CONFIG_PREFIX
-                            + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS);
-                    sb.append(":");
-                    sb.append(noticeNum.toString());
-                    sb.append("\n");
-                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT);
-                    sb.append(":");
-                    sb.append(explicitText);
-                    sb.append("\n");
-                }
-            } // end of for loop
-            return sb.toString();
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        StringBuffer sb = new StringBuffer();
-        int num = getNumPolicies();
-        int num1 = getNumQualifiers();
-
-        try {
-            IConfigStore basesubstore = getConfigStore().getSubStore("params");
-            sb.append("{");
-            sb.append(CONFIG_POLICY_NUM + ":");
-            sb.append(num);
-            sb.append(",");
-            for (int i = 0; i < num; i++) {
-                sb.append("{");
-                IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX + i);
-                String enable = substore.getString(CONFIG_POLICY_ENABLE, "");
-                sb.append(POLICY_ID_ENABLE + ":");
-                sb.append(enable);
-                sb.append(",");
-                String policyId = substore.getString(CONFIG_POLICY_ID, "");
-                sb.append(POLICY_ID + ":");
-                sb.append(policyId);
-                sb.append(",");
-                String qualifiersNum = substore.getString(CONFIG_POLICY_QUALIFIERS_NUM, "");
-                sb.append(CONFIG_POLICY_QUALIFIERS_NUM + ":");
-                sb.append(qualifiersNum);
-                sb.append(",");
-                for (int j = 0; j < num1; j++) {
-                    IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1 + j);
-                    sb.append("{");
-                    String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE, "");
-                    sb.append(POLICY_QUALIFIER_CPSURI_ENABLE + ":");
-                    sb.append(cpsuriEnable);
-                    sb.append(",");
-                    String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE, "");
-                    sb.append(POLICY_QUALIFIER_USERNOTICE_ENABLE + ":");
-                    sb.append(usernoticeEnable);
-                    sb.append(",");
-                    String org = substore1.getString(CONFIG_USERNOTICE_ORG, "");
-                    sb.append(USERNOTICE_REF_ORG + ":");
-                    sb.append(org);
-                    sb.append(",");
-                    String refNums = substore1.getString(CONFIG_USERNOTICE_NUMBERS, "");
-                    sb.append(USERNOTICE_REF_NUMBERS + ":");
-                    sb.append(refNums);
-                    sb.append(",");
-                    String explicitText = substore1.getString(CONFIG_USERNOTICE_TEXT, "");
-                    sb.append(USERNOTICE_EXPLICIT_TEXT + ":");
-                    sb.append(explicitText);
-                    sb.append(",");
-                    String cpsuri = substore1.getString(CONFIG_CPSURI_VALUE, "");
-                    sb.append(CPSURI + ":");
-                    sb.append(cpsuri);
-                    sb.append("}");
-                }
-                sb.append("}");
-            }
-            sb.append("}");
-            return CMS.getUserMessage(locale,
-                    "CMS_PROFILE_DEF_CERTIFICATE_POLICIES_EXT",
-                    getConfig(CONFIG_CRITICAL), sb.toString());
-        } catch (Exception e) {
-            return "";
-        }
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        CertificatePoliciesExtension ext = createExtension();
-
-        if (ext == null)
-            return;
-        addExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
-                ext, info);
-    }
-
-    public CertificatePoliciesExtension createExtension()
-            throws EProfileException {
-        CertificatePoliciesExtension ext = null;
-
-        try {
-            boolean critical = getConfigBoolean(CONFIG_CRITICAL);
-            Vector<CertificatePolicyInfo> certificatePolicies = new Vector<CertificatePolicyInfo>();
-            int num = getNumPolicies();
-            CMS.debug("CertificatePoliciesExtension: createExtension: number of policies=" + num);
-            IConfigStore config = getConfigStore();
-
-            for (int i = 0; i < num; i++) {
-                IConfigStore basesubstore = config.getSubStore("params");
-                IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX + i);
-                String enable = substore.getString(CONFIG_POLICY_ENABLE);
-
-                CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " + i + " enable=" + enable);
-                if (enable != null && enable.equals("true")) {
-                    String policyId = substore.getString(CONFIG_POLICY_ID);
-                    CertificatePolicyId cpolicyId = getPolicyId(policyId);
-                    CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy "
-                            + i + " policyId=" + policyId);
-                    int qualifierNum = getNumQualifiers();
-                    PolicyQualifiers policyQualifiers = new PolicyQualifiers();
-                    for (int j = 0; j < qualifierNum; j++) {
-                        IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1 + j);
-                        String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE);
-                        String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE);
-
-                        if (cpsuriEnable != null && cpsuriEnable.equals("true")) {
-                            String cpsuri = substore1.getString(CONFIG_CPSURI_VALUE, "");
-                            netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri);
-                            if (qualifierInfo != null)
-                                policyQualifiers.add(qualifierInfo);
-                        } else if (usernoticeEnable != null &&
-                                     usernoticeEnable.equals("true")) {
-
-                            String org = substore1.getString(CONFIG_USERNOTICE_ORG);
-                            String noticenumbers = substore1.getString(CONFIG_USERNOTICE_NUMBERS);
-                            String explicitText = substore1.getString(CONFIG_USERNOTICE_TEXT);
-                            netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org,
-                                    noticenumbers, explicitText);
-                            if (qualifierInfo != null)
-                                policyQualifiers.add(qualifierInfo);
-                        }
-                    }
-
-                    CertificatePolicyInfo info = null;
-                    if (policyQualifiers.size() <= 0) {
-                        info =
-                                new CertificatePolicyInfo(cpolicyId);
-                    } else {
-                        info =
-                                new CertificatePolicyInfo(cpolicyId, policyQualifiers);
-                    }
-
-                    if (info != null)
-                        certificatePolicies.addElement(info);
-                }
-            }
-
-            ext = new CertificatePoliciesExtension(critical, certificatePolicies);
-        } catch (EPropertyException e) {
-            throw new EProfileException(e.toString());
-        } catch (EProfileException e) {
-            throw e;
-        } catch (Exception e) {
-            CMS.debug("CertificatePoliciesExtDefault: createExtension " +
-                    e.toString());
-        }
-
-        return ext;
-    }
-
-    private CertificatePolicyId getPolicyId(String policyId) throws EPropertyException {
-        if (policyId == null || policyId.length() == 0)
-            throw new EPropertyException(CMS.getUserMessage(
-                    "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID"));
-
-        CertificatePolicyId cpolicyId = null;
-        try {
-            cpolicyId = new CertificatePolicyId(
-                    ObjectIdentifier.getObjectIdentifier(policyId));
-            return cpolicyId;
-        } catch (Exception e) {
-            throw new EPropertyException(CMS.getUserMessage(
-                    "CMS_PROFILE_CERTIFICATE_POLICIES_POLICYID_ERROR", policyId));
-        }
-    }
-
-    private netscape.security.x509.PolicyQualifierInfo createCPSuri(String uri) throws EPropertyException {
-        if (uri == null || uri.length() == 0)
-            throw new EPropertyException(CMS.getUserMessage(
-                    "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_CPSURI"));
-
-        CPSuri cpsURI = new CPSuri(uri);
-        netscape.security.x509.PolicyQualifierInfo policyQualifierInfo2 =
-                new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_CPS,
-                        cpsURI);
-
-        return policyQualifierInfo2;
-    }
-
-    private netscape.security.x509.PolicyQualifierInfo createUserNotice(String organization,
-            String noticeText, String noticeNums) throws EPropertyException {
-
-        if ((organization == null || organization.length() == 0) &&
-                (noticeNums == null || noticeNums.length() == 0) &&
-                (noticeText == null || noticeText.length() == 0))
-            return null;
-
-        DisplayText explicitText = null;
-        if (noticeText != null && noticeText.length() > 0)
-            explicitText = new DisplayText(DisplayText.tag_VisibleString, noticeText);
-
-        int nums[] = null;
-        if (noticeNums != null && noticeNums.length() > 0) {
-            Vector<String> numsVector = new Vector<String>();
-            StringTokenizer tokens = new StringTokenizer(noticeNums, ";");
-            while (tokens.hasMoreTokens()) {
-                String num = tokens.nextToken().trim();
-                numsVector.addElement(num);
-            }
-
-            nums = new int[numsVector.size()];
-            try {
-                for (int i = 0; i < numsVector.size(); i++) {
-                    Integer ii = new Integer(numsVector.elementAt(i));
-                    nums[i] = ii.intValue();
-                }
-            } catch (Exception e) {
-                throw new EPropertyException("Wrong notice numbers");
-            }
-        }
-
-        DisplayText orgName = null;
-        if (organization != null && organization.length() > 0) {
-            orgName =
-                    new DisplayText(DisplayText.tag_VisibleString, organization);
-        }
-
-        NoticeReference noticeReference = null;
-
-        if (orgName != null)
-            noticeReference = new NoticeReference(orgName, nums);
-
-        UserNotice userNotice = null;
-        if (explicitText != null || noticeReference != null) {
-            userNotice = new UserNotice(noticeReference, explicitText);
-
-            netscape.security.x509.PolicyQualifierInfo policyQualifierInfo1 =
-                    new netscape.security.x509.PolicyQualifierInfo(
-                            netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, userNotice);
-            return policyQualifierInfo1;
-        }
-
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java b/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java
deleted file mode 100644
index 752d99cbb..000000000
--- a/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java
+++ /dev/null
@@ -1,193 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Locale;
-
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a Netscape comment extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class CertificateVersionDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_VERSION = "certVersionNum";
-
-    public static final String VAL_VERSION = "certVersionNum";
-
-    public CertificateVersionDefault() {
-        super();
-        addValueName(VAL_VERSION);
-
-        addConfigName(CONFIG_VERSION);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_VERSION)) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    "3",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_VERSION"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        if (name.equals(CONFIG_VERSION)) {
-            try {
-                Integer.parseInt(value);
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_VERSION));
-            }
-        }
-        super.setConfig(name, value);
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_VERSION)) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    "3",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_VERSION"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        try {
-
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-            if (name.equals(VAL_VERSION)) {
-                if (value == null || value.equals(""))
-                    throw new EPropertyException(name + " cannot be empty");
-                else {
-                    int version = Integer.valueOf(value).intValue() - 1;
-
-                    if (version == CertificateVersion.V1)
-                        info.set(X509CertInfo.VERSION,
-                                new CertificateVersion(CertificateVersion.V1));
-                    else if (version == CertificateVersion.V2)
-                        info.set(X509CertInfo.VERSION,
-                                new CertificateVersion(CertificateVersion.V2));
-                    else if (version == CertificateVersion.V3)
-                        info.set(X509CertInfo.VERSION,
-                                new CertificateVersion(CertificateVersion.V3));
-                }
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } catch (IOException e) {
-            CMS.debug("CertificateVersionDefault: setValue " + e.toString());
-        } catch (CertificateException e) {
-            CMS.debug("CertificateVersionDefault: setValue " + e.toString());
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-        if (name.equals(VAL_VERSION)) {
-            CertificateVersion v = null;
-            try {
-                v = (CertificateVersion) info.get(
-                        X509CertInfo.VERSION);
-            } catch (Exception e) {
-            }
-
-            if (v == null)
-                throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-            int version = v.compare(0);
-
-            return "" + (version + 1);
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        String params[] = {
-                getConfig(CONFIG_VERSION)
-            };
-
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_CERT_VERSION", params);
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        String v = getConfig(CONFIG_VERSION);
-        int version = Integer.valueOf(v).intValue() - 1;
-
-        try {
-            if (version == CertificateVersion.V1)
-                info.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V1));
-            else if (version == CertificateVersion.V2)
-                info.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V2));
-            else if (version == CertificateVersion.V3)
-                info.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
-            else {
-                throw new EProfileException(CMS.getUserMessage(
-                        getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_VERSION));
-            }
-        } catch (IOException e) {
-        } catch (CertificateException e) {
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java b/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java
deleted file mode 100644
index 7b4c3c74d..000000000
--- a/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java
+++ /dev/null
@@ -1,774 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.NoSuchElementException;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import netscape.security.extensions.KerberosName;
-import netscape.security.util.DerInputStream;
-import netscape.security.util.DerOutputStream;
-import netscape.security.util.DerValue;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.DNSName;
-import netscape.security.x509.EDIPartyName;
-import netscape.security.x509.Extension;
-import netscape.security.x509.GeneralName;
-import netscape.security.x509.GeneralNameInterface;
-import netscape.security.x509.IPAddressName;
-import netscape.security.x509.OIDName;
-import netscape.security.x509.OtherName;
-import netscape.security.x509.RFC822Name;
-import netscape.security.x509.URIName;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IAttrSet;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IPrettyPrintFormat;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.pattern.Pattern;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ICertInfoPolicyDefault;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.common.EnrollProfile;
-
-/**
- * This class implements an enrollment default policy.
- *
- * @version $Revision$, $Date$
- */
-public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDefault {
-
-    public static final String PROP_NAME = "name";
-
-    public static final String GN_RFC822_NAME = "RFC822Name";
-    public static final String GN_DNS_NAME = "DNSName";
-    public static final String GN_URI_NAME = "URIName";
-    public static final String GN_IP_NAME = "IPAddressName";
-    public static final String GN_DIRECTORY_NAME = "DirectoryName";
-    public static final String GN_EDI_NAME = "EDIPartyName";
-    public static final String GN_ANY_NAME = "OtherName";
-    public static final String GN_OID_NAME = "OIDName";
-
-    protected IConfigStore mConfig = null;
-    protected Vector<String> mConfigNames = new Vector<String>();
-    protected Vector<String> mValueNames = new Vector<String>();
-
-    public EnrollDefault() {
-    }
-
-    public Enumeration<String> getConfigNames() {
-        return mConfigNames.elements();
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        return null;
-    }
-
-    public void addConfigName(String name) {
-        mConfigNames.addElement(name);
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        if (mConfig.getSubStore("params") == null) {
-            //
-        } else {
-            mConfig.getSubStore("params").putString(name, value);
-        }
-    }
-
-    public String getConfig(String name) {
-        try {
-            if (mConfig == null)
-                return null;
-            if (mConfig.getSubStore("params") != null) {
-                return mConfig.getSubStore("params").getString(name);
-            }
-        } catch (EBaseException e) {
-        }
-        return "";
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        mConfig = config;
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     *
-     * @param locale locale of the end user
-     * @return localized description of this default policy
-     */
-    public abstract String getText(Locale locale);
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    public String getName(Locale locale) {
-        try {
-            return mConfig.getString(PROP_NAME);
-        } catch (EBaseException e) {
-            return null;
-        }
-    }
-
-    /**
-     * Populates attributes into the certificate template.
-     *
-     * @param request enrollment request
-     * @param info certificate template
-     * @exception EProfileException failed to populate attributes
-     *                into request
-     */
-    public abstract void populate(IRequest request, X509CertInfo info)
-            throws EProfileException;
-
-    /**
-     * Sets values from the approval page into certificate template.
-     *
-     * @param name name of the attribute
-     * @param locale user locale
-     * @param info certificate template
-     * @param value attribute value
-     * @exception EProfileException failed to set attributes
-     *                into request
-     */
-    public abstract void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException;
-
-    /**
-     * Retrieves certificate template values and returns them to
-     * the approval page.
-     *
-     * @param name name of the attribute
-     * @param locale user locale
-     * @param info certificate template
-     * @exception EProfileException failed to get attributes
-     *                from request
-     */
-    public abstract String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException;
-
-    /**
-     * Populates the request with this policy default.
-     *
-     * The current implementation extracts enrollment specific attributes
-     * and calls the populate() method of the subclass.
-     *
-     * @param request request to be populated
-     * @exception EProfileException failed to populate
-     */
-    public void populate(IRequest request)
-            throws EProfileException {
-        String name = getClass().getName();
-
-        name = name.substring(name.lastIndexOf('.') + 1);
-        CMS.debug(name + ": populate start");
-        X509CertInfo info =
-                request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
-
-        populate(request, info);
-
-        request.setExtData(IEnrollProfile.REQUEST_CERTINFO, info);
-        CMS.debug(name + ": populate end");
-    }
-
-    public void addValueName(String name) {
-        mValueNames.addElement(name);
-    }
-
-    public Enumeration<String> getValueNames() {
-        return mValueNames.elements();
-    }
-
-    public IDescriptor getValueDescriptor(String name) {
-        return null;
-    }
-
-    /**
-     * Sets the value of the given value property by name.
-     *
-     * The current implementation extracts enrollment specific attributes
-     * and calls the setValue() method of the subclass.
-     *
-     * @param name name of property
-     * @param locale locale of the end user
-     * @param request request
-     * @param value value to be set in the given request
-     * @exception EPropertyException failed to set property
-     */
-    public void setValue(String name, Locale locale, IRequest request,
-            String value)
-            throws EPropertyException {
-        X509CertInfo info =
-                request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
-
-        setValue(name, locale, info, value);
-
-        request.setExtData(IEnrollProfile.REQUEST_CERTINFO, info);
-    }
-
-    /**
-     * Retrieves the value of the given value
-     * property by name.
-     *
-     * The current implementation extracts enrollment specific attributes
-     * and calls the getValue() method of the subclass.
-     *
-     * @param name name of property
-     * @param locale locale of the end user
-     * @param request request
-     * @exception EPropertyException failed to get property
-     */
-    public String getValue(String name, Locale locale, IRequest request)
-            throws EPropertyException {
-        X509CertInfo info =
-                request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
-
-        String value = getValue(name, locale, info);
-        request.setExtData(IEnrollProfile.REQUEST_CERTINFO, info);
-        return value;
-    }
-
-    public String toHexString(byte data[]) {
-        IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":");
-        String s = pp.toHexString(data, 0, 16);
-        StringTokenizer st = new StringTokenizer(s, "\n");
-        StringBuffer buffer = new StringBuffer();
-
-        while (st.hasMoreTokens()) {
-            buffer.append(st.nextToken());
-            buffer.append("\\n");
-        }
-        return buffer.toString();
-    }
-
-    protected void refreshConfigAndValueNames() {
-        mConfigNames.removeAllElements();
-        mValueNames.removeAllElements();
-    }
-
-    protected void deleteExtension(String name, X509CertInfo info) {
-        CertificateExtensions exts = null;
-
-        try {
-            exts = (CertificateExtensions)
-                    info.get(X509CertInfo.EXTENSIONS);
-            if (exts == null)
-                return;
-            Enumeration<String> e = exts.getNames();
-
-            while (e.hasMoreElements()) {
-                String n = e.nextElement();
-                Extension ext = (Extension) exts.get(n);
-
-                if (ext.getExtensionId().toString().equals(name)) {
-                    exts.delete(n);
-                }
-            }
-        } catch (Exception e) {
-            CMS.debug(e.toString());
-        }
-    }
-
-    protected Extension getExtension(String name, X509CertInfo info) {
-        CertificateExtensions exts = null;
-
-        try {
-            exts = (CertificateExtensions)
-                    info.get(X509CertInfo.EXTENSIONS);
-        } catch (Exception e) {
-            CMS.debug("EnrollDefault: getExtension " + e.toString());
-        }
-        if (exts == null)
-            return null;
-        return getExtension(name, exts);
-    }
-
-    protected Extension getExtension(String name, CertificateExtensions exts) {
-        if (exts == null)
-            return null;
-        Enumeration<Extension> e = exts.getAttributes();
-
-        while (e.hasMoreElements()) {
-            Extension ext = e.nextElement();
-
-            if (ext.getExtensionId().toString().equals(name)) {
-                return ext;
-            }
-        }
-        return null;
-    }
-
-    protected void addExtension(String name, Extension ext, X509CertInfo info)
-            throws EProfileException {
-        if (ext == null) {
-            throw new EProfileException("extension not found");
-        }
-        CertificateExtensions exts = null;
-
-        Extension alreadyPresentExtension = getExtension(name, info);
-
-        if (alreadyPresentExtension != null) {
-            String eName = ext.toString();
-            CMS.debug("EnrollDefault.addExtension: duplicate extension attempted! Name:  " + eName);
-            throw new EProfileException(CMS.getUserMessage("CMS_PROFILE_DUPLICATE_EXTENSION", eName));
-        }
-
-        try {
-            exts = (CertificateExtensions)
-                    info.get(X509CertInfo.EXTENSIONS);
-        } catch (Exception e) {
-            CMS.debug("EnrollDefault: " + e.toString());
-        }
-        if (exts == null) {
-            throw new EProfileException("extensions not found");
-        }
-        try {
-            exts.set(name, ext);
-        } catch (IOException e) {
-            CMS.debug("EnrollDefault: " + e.toString());
-        }
-    }
-
-    protected void replaceExtension(String name, Extension ext, X509CertInfo info)
-            throws EProfileException {
-        deleteExtension(name, info);
-        addExtension(name, ext, info);
-    }
-
-    protected boolean isOptional(String value) {
-        return value.equals("");
-    }
-
-    protected boolean getBoolean(String value) {
-        return Boolean.valueOf(value).booleanValue();
-    }
-
-    protected int getInt(String value) {
-        return Integer.valueOf(value).intValue();
-    }
-
-    protected boolean getConfigBoolean(String value) {
-        return getBoolean(getConfig(value));
-    }
-
-    protected int getConfigInt(String value) {
-        return getInt(getConfig(value));
-    }
-
-    protected boolean isGeneralNameValid(String name) {
-        if (name == null)
-            return false;
-        int pos = name.indexOf(':');
-        if (pos == -1)
-            return false;
-        String nameValue = name.substring(pos + 1).trim();
-        if (nameValue.equals(""))
-            return false;
-        return true;
-    }
-
-    protected GeneralNameInterface parseGeneralName(String name)
-            throws IOException {
-        int pos = name.indexOf(':');
-        if (pos == -1)
-            return null;
-        String nameType = name.substring(0, pos).trim();
-        String nameValue = name.substring(pos + 1).trim();
-        return parseGeneralName(nameType, nameValue);
-    }
-
-    protected boolean isGeneralNameType(String nameType) {
-        if (nameType.equalsIgnoreCase("RFC822Name")) {
-            return true;
-        }
-        if (nameType.equalsIgnoreCase("DNSName")) {
-            return true;
-        }
-        if (nameType.equalsIgnoreCase("x400")) {
-            return true;
-        }
-        if (nameType.equalsIgnoreCase("DirectoryName")) {
-            return true;
-        }
-        if (nameType.equalsIgnoreCase("EDIPartyName")) {
-            return true;
-        }
-        if (nameType.equalsIgnoreCase("URIName")) {
-            return true;
-        }
-        if (nameType.equalsIgnoreCase("IPAddress")) {
-            return true;
-        }
-        if (nameType.equalsIgnoreCase("OIDName")) {
-            return true;
-        }
-        if (nameType.equalsIgnoreCase("OtherName")) {
-            return true;
-        }
-        return false;
-    }
-
-    protected GeneralNameInterface parseGeneralName(String nameType, String nameValue)
-            throws IOException {
-        if (nameType.equalsIgnoreCase("RFC822Name")) {
-            return new RFC822Name(nameValue);
-        }
-        if (nameType.equalsIgnoreCase("DNSName")) {
-            return new DNSName(nameValue);
-        }
-        if (nameType.equalsIgnoreCase("x400")) {
-            // XXX
-        }
-        if (nameType.equalsIgnoreCase("DirectoryName")) {
-            return new X500Name(nameValue);
-        }
-        if (nameType.equalsIgnoreCase("EDIPartyName")) {
-            return new EDIPartyName(nameValue);
-        }
-        if (nameType.equalsIgnoreCase("URIName")) {
-            return new URIName(nameValue);
-        }
-        if (nameType.equalsIgnoreCase("IPAddress")) {
-            CMS.debug("IP Value:" + nameValue);
-            if (nameValue.indexOf('/') != -1) {
-                // CIDR support for NameConstraintsExt
-                StringTokenizer st = new StringTokenizer(nameValue, "/");
-                String addr = st.nextToken();
-                String netmask = st.nextToken();
-                CMS.debug("addr:" + addr + " netmask: " + netmask);
-                return new IPAddressName(addr, netmask);
-            } else {
-                return new IPAddressName(nameValue);
-            }
-        }
-        if (nameType.equalsIgnoreCase("OIDName")) {
-            try {
-                // check if OID
-                new ObjectIdentifier(nameValue);
-            } catch (Exception e) {
-                return null;
-            }
-            return new OIDName(nameValue);
-        }
-        if (nameType.equals("OtherName")) {
-            if (nameValue == null || nameValue.length() == 0)
-                nameValue = " ";
-            if (nameValue.startsWith("(PrintableString)")) {
-                // format: OtherName: (PrintableString)oid,value
-                int pos0 = nameValue.indexOf(')');
-                int pos1 = nameValue.indexOf(',');
-                if (pos1 == -1)
-                    return null;
-                String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
-                String on_value = nameValue.substring(pos1 + 1).trim();
-                if (isValidOID(on_oid)) {
-                    return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_PrintableString, on_value);
-                } else {
-                    return null;
-                }
-            } else if (nameValue.startsWith("(KerberosName)")) {
-                // Syntax: (KerberosName)Realm|NameType|NameString(s)
-                int pos0 = nameValue.indexOf(')');
-                int pos1 = nameValue.indexOf('|');
-                int pos2 = nameValue.lastIndexOf('|');
-                String realm = nameValue.substring(pos0 + 1, pos1).trim();
-                String name_type = nameValue.substring(pos1 + 1, pos2).trim();
-                String name_strings = nameValue.substring(pos2 + 1).trim();
-                Vector<String> strings = new Vector<String>();
-                StringTokenizer st = new StringTokenizer(name_strings, ",");
-                while (st.hasMoreTokens()) {
-                    strings.addElement(st.nextToken());
-                }
-                KerberosName name = new KerberosName(realm,
-                        Integer.parseInt(name_type), strings);
-                // krb5 OBJECT IDENTIFIER ::= { iso (1)
-                //                    org (3)
-                //                    dod (6)
-                //                    internet (1)
-                //                    security (5)
-                //                    kerberosv5 (2) }
-                // krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 }
-                return new OtherName(KerberosName.KRB5_PRINCIPAL_NAME,
-                        name.toByteArray());
-            } else if (nameValue.startsWith("(IA5String)")) {
-                int pos0 = nameValue.indexOf(')');
-                int pos1 = nameValue.indexOf(',');
-                if (pos1 == -1)
-                    return null;
-                String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
-                String on_value = nameValue.substring(pos1 + 1).trim();
-                if (isValidOID(on_oid)) {
-                    return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_IA5String, on_value);
-                } else {
-                    return null;
-                }
-            } else if (nameValue.startsWith("(UTF8String)")) {
-                int pos0 = nameValue.indexOf(')');
-                int pos1 = nameValue.indexOf(',');
-                if (pos1 == -1)
-                    return null;
-                String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
-                String on_value = nameValue.substring(pos1 + 1).trim();
-                if (isValidOID(on_oid)) {
-                    return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_UTF8String, on_value);
-                } else {
-                    return null;
-                }
-            } else if (nameValue.startsWith("(BMPString)")) {
-                int pos0 = nameValue.indexOf(')');
-                int pos1 = nameValue.indexOf(',');
-                if (pos1 == -1)
-                    return null;
-                String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
-                String on_value = nameValue.substring(pos1 + 1).trim();
-                if (isValidOID(on_oid)) {
-                    return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_BMPString, on_value);
-                } else {
-                    return null;
-                }
-            } else if (nameValue.startsWith("(Any)")) {
-                int pos0 = nameValue.indexOf(')');
-                int pos1 = nameValue.indexOf(',');
-                if (pos1 == -1)
-                    return null;
-                String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
-                String on_value = nameValue.substring(pos1 + 1).trim();
-                if (isValidOID(on_oid)) {
-                    CMS.debug("OID: " + on_oid + " Value:" + on_value);
-                    return new OtherName(new ObjectIdentifier(on_oid), getBytes(on_value));
-                } else {
-                    CMS.debug("Invalid OID " + on_oid);
-                    return null;
-                }
-            } else {
-                return null;
-            }
-        }
-        return null;
-    }
-
-    /**
-     * Converts string containing pairs of characters in the range of '0'
-     * to '9', 'a' to 'f' to an array of bytes such that each pair of
-     * characters in the string represents an individual byte
-     */
-    public byte[] getBytes(String string) {
-        if (string == null)
-            return null;
-        int stringLength = string.length();
-        if ((stringLength == 0) || ((stringLength % 2) != 0))
-            return null;
-        byte[] bytes = new byte[(stringLength / 2)];
-        for (int i = 0, b = 0; i < stringLength; i += 2, ++b) {
-            String nextByte = string.substring(i, (i + 2));
-            bytes[b] = (byte) Integer.parseInt(nextByte, 0x10);
-        }
-        return bytes;
-    }
-
-    /**
-     * Check if a object identifier in string form is valid,
-     * that is a string in the form n.n.n.n and der encode and decode-able.
-     *
-     * @param oid object identifier string.
-     * @return true if the oid is valid
-     */
-    public boolean isValidOID(String oid) {
-        ObjectIdentifier v = null;
-        try {
-            v = ObjectIdentifier.getObjectIdentifier(oid);
-        } catch (Exception e) {
-            return false;
-        }
-        if (v == null)
-            return false;
-
-        // if the OID isn't valid (ex. n.n) the error isn't caught til
-        // encoding time leaving a bad request in the request queue.
-        try (DerOutputStream derOut = new DerOutputStream()) {
-
-            derOut.putOID(v);
-            new ObjectIdentifier(new DerInputStream(derOut.toByteArray()));
-        } catch (Exception e) {
-            return false;
-        }
-        return true;
-    }
-
-    protected String buildRecords(Vector<NameValuePairs> recs) throws EPropertyException {
-        StringBuffer sb = new StringBuffer();
-
-        for (int i = 0; i < recs.size(); i++) {
-            NameValuePairs pairs = recs.elementAt(i);
-
-            sb.append("Record #");
-            sb.append(i);
-            sb.append("\r\n");
-
-            for (String key : pairs.keySet()) {
-                String val = pairs.get(key);
-
-                sb.append(key);
-                sb.append(":");
-                sb.append(val);
-                sb.append("\r\n");
-            }
-            sb.append("\r\n");
-
-        }
-        return sb.toString();
-    }
-
-    protected Vector<NameValuePairs> parseRecords(String value) throws EPropertyException {
-        StringTokenizer st = new StringTokenizer(value, "\r\n");
-        int num = 0;
-        Vector<NameValuePairs> v = new Vector<NameValuePairs>();
-        NameValuePairs nvps = null;
-
-        while (st.hasMoreTokens()) {
-            String token = st.nextToken();
-
-            if (token.equals("Record #" + num)) {
-                CMS.debug("parseRecords: Record" + num);
-                nvps = new NameValuePairs();
-                v.addElement(nvps);
-                try {
-                    token = st.nextToken();
-                } catch (NoSuchElementException e) {
-                    v.removeElementAt(num);
-                    CMS.debug(e.toString());
-                    return v;
-                }
-                num++;
-            }
-
-            if (nvps == null)
-                throw new EPropertyException("Bad Input Format");
-
-            int pos = token.indexOf(":");
-
-            if (pos <= 0) {
-                CMS.debug("parseRecords: No colon found in the input line");
-                throw new EPropertyException("Bad Input Format");
-            } else {
-                if (pos == (token.length() - 1)) {
-                    nvps.put(token.substring(0, pos), "");
-                } else {
-                    nvps.put(token.substring(0, pos), token.substring(pos + 1));
-                }
-            }
-        }
-
-        return v;
-    }
-
-    protected String getGeneralNameType(GeneralName gn)
-            throws EPropertyException {
-        int type = gn.getType();
-
-        if (type == GeneralNameInterface.NAME_RFC822)
-            return "RFC822Name";
-        else if (type == GeneralNameInterface.NAME_DNS)
-            return "DNSName";
-        else if (type == GeneralNameInterface.NAME_URI)
-            return "URIName";
-        else if (type == GeneralNameInterface.NAME_IP)
-            return "IPAddress";
-        else if (type == GeneralNameInterface.NAME_DIRECTORY)
-            return "DirectoryName";
-        else if (type == GeneralNameInterface.NAME_EDI)
-            return "EDIPartyName";
-        else if (type == GeneralNameInterface.NAME_ANY)
-            return "OtherName";
-        else if (type == GeneralNameInterface.NAME_OID)
-            return "OIDName";
-
-        throw new EPropertyException("Unsupported type: " + type);
-    }
-
-    protected String getGeneralNameValue(GeneralName gn) throws EPropertyException {
-        String s = gn.toString();
-        int type = gn.getType();
-
-        if (type == GeneralNameInterface.NAME_DIRECTORY)
-            return s;
-        else {
-            int pos = s.indexOf(":");
-
-            if (pos <= 0)
-                throw new EPropertyException("Badly formatted general name: " + s);
-            else {
-                return s.substring(pos + 1).trim();
-            }
-        }
-    }
-
-    public Locale getLocale(IRequest request) {
-        Locale locale = null;
-
-        if (request == null)
-            return null;
-
-        String language = request.getExtDataInString(
-                EnrollProfile.REQUEST_LOCALE);
-        if (language != null) {
-            locale = new Locale(language);
-        }
-        return locale;
-    }
-
-    public String toGeneralNameString(GeneralNameInterface gn) {
-        int type = gn.getType();
-        // Sun's General Name is not consistent, so we need
-        // to do a special case for directory string
-        if (type == GeneralNameInterface.NAME_DIRECTORY) {
-            return "DirectoryName: " + gn.toString();
-        }
-        return gn.toString();
-    }
-
-    protected String mapPattern(IRequest request, String pattern)
-            throws IOException {
-        Pattern p = new Pattern(pattern);
-        IAttrSet attrSet = null;
-        if (request != null) {
-            attrSet = request.asIAttrSet();
-        }
-        return p.substitute2("request", attrSet);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java b/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java
deleted file mode 100644
index da395871b..000000000
--- a/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java
+++ /dev/null
@@ -1,28 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-/**
- * This class implements an enrollment extension
- * default policy that extension into the certificate
- * template.
- *
- * @version $Revision$, $Date$
- */
-public abstract class EnrollExtDefault extends EnrollDefault {
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java b/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java
deleted file mode 100644
index 22f00eb94..000000000
--- a/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java
+++ /dev/null
@@ -1,250 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-
-import netscape.security.extensions.ExtendedKeyUsageExtension;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates Extended Key Usage extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "exKeyUsageCritical";
-    public static final String CONFIG_OIDS = "exKeyUsageOIDs";
-
-    public static final String VAL_CRITICAL = "exKeyUsageCritical";
-    public static final String VAL_OIDS = "exKeyUsageOIDs";
-
-    public ExtendedKeyUsageExtDefault() {
-        super();
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_OIDS);
-        addConfigName(CONFIG_CRITICAL);
-        addConfigName(CONFIG_OIDS);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(CONFIG_OIDS)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_OIDS"));
-        }
-        return null;
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_OIDS)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null, null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_OIDS"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        ExtendedKeyUsageExtension ext = null;
-
-        ext = (ExtendedKeyUsageExtension)
-                    getExtension(ExtendedKeyUsageExtension.OID, info);
-
-        if (ext == null) {
-            try {
-                populate(null, info);
-
-            } catch (EProfileException e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-        }
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_CRITICAL)) {
-            ext = (ExtendedKeyUsageExtension)
-                    getExtension(ExtendedKeyUsageExtension.OID, info);
-            boolean val = Boolean.valueOf(value).booleanValue();
-
-            if (ext == null) {
-                return;
-            }
-            ext.setCritical(val);
-        } else if (name.equals(VAL_OIDS)) {
-            ext = (ExtendedKeyUsageExtension)
-                    getExtension(ExtendedKeyUsageExtension.OID, info);
-            //		ext.deleteAllOIDs();
-            StringTokenizer st = new StringTokenizer(value, ",");
-
-            if (ext == null) {
-                return;
-            }
-            while (st.hasMoreTokens()) {
-                String oid = st.nextToken();
-
-                ext.addOID(new ObjectIdentifier(oid));
-            }
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        try {
-            replaceExtension(ExtendedKeyUsageExtension.OID, ext, info);
-        } catch (EProfileException e) {
-            CMS.debug("ExtendedKeyUsageExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-        ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension)
-                getExtension(ExtendedKeyUsageExtension.OID, info);
-
-        if (ext == null) {
-            try {
-                populate(null, info);
-
-            } catch (EProfileException e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-        }
-
-        if (name.equals(VAL_CRITICAL)) {
-            ext = (ExtendedKeyUsageExtension)
-                    getExtension(ExtendedKeyUsageExtension.OID, info);
-
-            if (ext == null) {
-                return null;
-            }
-            if (ext.isCritical()) {
-                return "true";
-            } else {
-                return "false";
-            }
-        } else if (name.equals(VAL_OIDS)) {
-            ext = (ExtendedKeyUsageExtension)
-                    getExtension(ExtendedKeyUsageExtension.OID, info);
-            StringBuffer sb = new StringBuffer();
-            if (ext == null) {
-                return "";
-            }
-            Enumeration<ObjectIdentifier> e = ext.getOIDs();
-
-            while (e.hasMoreElements()) {
-                ObjectIdentifier oid = e.nextElement();
-
-                if (!sb.toString().equals("")) {
-                    sb.append(",");
-                }
-                sb.append(oid.toString());
-            }
-            return sb.toString();
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        String params[] = {
-                getConfig(CONFIG_CRITICAL),
-                getConfig(CONFIG_OIDS)
-            };
-
-        return CMS.getUserMessage(locale,
-                "CMS_PROFILE_DEF_EXTENDED_KEY_EXT", params);
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        ExtendedKeyUsageExtension ext = createExtension();
-
-        addExtension(ExtendedKeyUsageExtension.OID, ext, info);
-    }
-
-    public ExtendedKeyUsageExtension createExtension() {
-        ExtendedKeyUsageExtension ext = null;
-
-        try {
-            ext = new ExtendedKeyUsageExtension();
-        } catch (Exception e) {
-            CMS.debug("ExtendedKeyUsageExtDefault: createExtension " +
-                    e.toString());
-        }
-        if (ext == null)
-            return null;
-        boolean critical = getBoolean(getConfig(CONFIG_CRITICAL));
-
-        ext.setCritical(critical);
-        StringTokenizer st = new StringTokenizer(getConfig(CONFIG_OIDS), ",");
-
-        while (st.hasMoreTokens()) {
-            String oid = st.nextToken();
-
-            ext.addOID(new ObjectIdentifier(oid));
-        }
-        return ext;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java b/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java
deleted file mode 100644
index b78f0e6cf..000000000
--- a/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java
+++ /dev/null
@@ -1,584 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.CRLDistributionPoint;
-import netscape.security.x509.FreshestCRLExtension;
-import netscape.security.x509.GeneralName;
-import netscape.security.x509.GeneralNames;
-import netscape.security.x509.GeneralNamesException;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates Freshest CRL extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class FreshestCRLExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "freshestCRLCritical";
-    public static final String CONFIG_NUM_POINTS = "freshestCRLPointNum";
-    public static final String CONFIG_POINT_TYPE = "freshestCRLPointType_";
-    public static final String CONFIG_POINT_NAME = "freshestCRLPointName_";
-    public static final String CONFIG_ISSUER_TYPE = "freshestCRLPointIssuerType_";
-    public static final String CONFIG_ISSUER_NAME = "freshestCRLPointIssuerName_";
-    public static final String CONFIG_ENABLE = "freshestCRLPointEnable_";
-
-    public static final String VAL_CRITICAL = "freshestCRLCritical";
-    public static final String VAL_CRL_DISTRIBUTION_POINTS =
-            "freshestCRLPointsValue";
-
-    private static final String POINT_TYPE = "Point Type";
-    private static final String POINT_NAME = "Point Name";
-    private static final String ISSUER_TYPE = "Issuer Type";
-    private static final String ISSUER_NAME = "Issuer Name";
-    private static final String ENABLE = "Enable";
-
-    private static final int DEF_NUM_POINTS = 1;
-    private static final int MAX_NUM_POINTS = 100;
-
-    public FreshestCRLExtDefault() {
-        super();
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-        refreshConfigAndValueNames();
-    }
-
-    protected int getNumPoints() {
-        int num = DEF_NUM_POINTS;
-        String val = getConfig(CONFIG_NUM_POINTS);
-
-        if (val != null) {
-            try {
-                num = Integer.parseInt(val);
-            } catch (NumberFormatException e) {
-                // ignore
-            }
-        }
-
-        if (num >= MAX_NUM_POINTS)
-            num = DEF_NUM_POINTS;
-
-        return num;
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        int num = 0;
-        if (name.equals(CONFIG_NUM_POINTS)) {
-            try {
-                num = Integer.parseInt(value);
-
-                if (num >= MAX_NUM_POINTS || num < 0) {
-                    throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS));
-                }
-
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS));
-            }
-        }
-        super.setConfig(name, value);
-    }
-
-    public Enumeration<String> getConfigNames() {
-        refreshConfigAndValueNames();
-        return super.getConfigNames();
-    }
-
-    protected void refreshConfigAndValueNames() {
-        //refesh our config name list
-
-        super.refreshConfigAndValueNames();
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_CRL_DISTRIBUTION_POINTS);
-
-        addConfigName(CONFIG_CRITICAL);
-        int num = getNumPoints();
-
-        addConfigName(CONFIG_NUM_POINTS);
-        for (int i = 0; i < num; i++) {
-            addConfigName(CONFIG_POINT_TYPE + i);
-            addConfigName(CONFIG_POINT_NAME + i);
-            addConfigName(CONFIG_ISSUER_TYPE + i);
-            addConfigName(CONFIG_ISSUER_NAME + i);
-            addConfigName(CONFIG_ENABLE + i);
-        }
-
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.startsWith(CONFIG_POINT_TYPE)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE"));
-        } else if (name.startsWith(CONFIG_POINT_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME"));
-        } else if (name.startsWith(CONFIG_ISSUER_TYPE)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE"));
-        } else if (name.startsWith(CONFIG_ISSUER_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME"));
-        } else if (name.startsWith(CONFIG_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
-        } else if (name.startsWith(CONFIG_NUM_POINTS)) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    "1",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS"));
-        } else {
-            return null;
-        }
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        try {
-            FreshestCRLExtension ext = null;
-
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            ext = (FreshestCRLExtension)
-                        getExtension(FreshestCRLExtension.OID,
-                                info);
-
-            if (ext == null) {
-                populate(locale, info);
-            }
-
-            if (name.equals(VAL_CRITICAL)) {
-                ext = (FreshestCRLExtension)
-                        getExtension(FreshestCRLExtension.OID,
-                                info);
-                boolean val = Boolean.valueOf(value).booleanValue();
-
-                ext.setCritical(val);
-            } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
-                ext = (FreshestCRLExtension)
-                        getExtension(FreshestCRLExtension.OID,
-                                info);
-
-                Vector<NameValuePairs> v = parseRecords(value);
-                int size = v.size();
-
-                boolean critical = ext.isCritical();
-                int i = 0;
-
-                for (; i < size; i++) {
-                    NameValuePairs nvps = v.elementAt(i);
-                    String pointType = null;
-                    String pointValue = null;
-                    String issuerType = null;
-                    String issuerValue = null;
-                    String enable = null;
-                    CRLDistributionPoint cdp = new CRLDistributionPoint();
-
-                    for (String name1 : nvps.keySet()) {
-
-                        if (name1.equals(POINT_TYPE)) {
-                            pointType = nvps.get(name1);
-                        } else if (name1.equals(POINT_NAME)) {
-                            pointValue = nvps.get(name1);
-                        } else if (name1.equals(ISSUER_TYPE)) {
-                            issuerType = nvps.get(name1);
-                        } else if (name1.equals(ISSUER_NAME)) {
-                            issuerValue = nvps.get(name1);
-                        } else if (name1.equals(ENABLE)) {
-                            enable = nvps.get(name1);
-                        }
-                    }
-
-                    if (enable != null && enable.equals("true")) {
-                        if (pointType != null)
-                            addCRLPoint(locale, cdp, pointType, pointValue);
-                        if (issuerType != null)
-                            addIssuer(locale, cdp, issuerType, issuerValue);
-
-                        // this is the first distribution point
-                        if (i == 0) {
-                            ext = new FreshestCRLExtension(cdp);
-                            ext.setCritical(critical);
-                        } else {
-                            ext.addPoint(cdp);
-                        }
-                    }
-                }
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            replaceExtension(PKIXExtensions.FreshestCRL_Id.toString(),
-                    ext, info);
-        } catch (EProfileException e) {
-            CMS.debug("FreshestCRLExtDefault: setValue " +
-                    e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type,
-            String value) throws EPropertyException {
-        try {
-            if (value == null || value.length() == 0)
-                return;
-
-            if (isGeneralNameType(type)) {
-                GeneralNames gen = new GeneralNames();
-
-                gen.addElement(parseGeneralName(type, value));
-                cdp.setFullName(gen);
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", type));
-            }
-        } catch (IOException e) {
-            CMS.debug("FreshestCRLExtDefault: addCRLPoint " +
-                    e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", type));
-        } catch (GeneralNamesException e) {
-            CMS.debug("FreshestCRLExtDefault: addCRLPoint " +
-                    e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", type));
-        }
-    }
-
-    private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type,
-            String value) throws EPropertyException {
-        if (value == null || value.length() == 0)
-            return;
-        try {
-            if (isGeneralNameType(type)) {
-                GeneralNames gen = new GeneralNames();
-
-                gen.addElement(parseGeneralName(type, value));
-                cdp.setCRLIssuer(gen);
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", type));
-            }
-        } catch (IOException e) {
-            CMS.debug("FreshestCRLExtDefault: addIssuer " +
-                    e.toString());
-        } catch (GeneralNamesException e) {
-            CMS.debug("FreshestCRLExtDefault: addIssuer " +
-                    e.toString());
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        FreshestCRLExtension ext = null;
-
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-        ext = (FreshestCRLExtension)
-                    getExtension(FreshestCRLExtension.OID,
-                            info);
-        if (ext == null) {
-            try {
-                populate(locale, info);
-
-            } catch (EProfileException e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-        }
-
-        if (name.equals(VAL_CRITICAL)) {
-            ext = (FreshestCRLExtension)
-                    getExtension(FreshestCRLExtension.OID,
-                            info);
-
-            if (ext == null) {
-                return null;
-            }
-            if (ext.isCritical()) {
-                return "true";
-            } else {
-                return "false";
-            }
-        } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
-            ext = (FreshestCRLExtension)
-                    getExtension(FreshestCRLExtension.OID,
-                            info);
-
-            if (ext == null)
-                return "";
-
-            Vector<NameValuePairs> recs = new Vector<NameValuePairs>();
-            int num = getNumPoints();
-            for (int i = 0; i < num; i++) {
-                NameValuePairs pairs = null;
-
-                if (i < ext.getNumPoints()) {
-                    CRLDistributionPoint p = ext.getPointAt(i);
-                    GeneralNames gns = p.getFullName();
-
-                    pairs = buildGeneralNames(gns, p);
-                } else {
-                    pairs = buildEmptyGeneralNames();
-                }
-                recs.addElement(pairs);
-            }
-
-            return buildRecords(recs);
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    protected NameValuePairs buildEmptyGeneralNames() {
-        NameValuePairs pairs = new NameValuePairs();
-
-        pairs.put(POINT_TYPE, "");
-        pairs.put(POINT_NAME, "");
-        pairs.put(ISSUER_TYPE, "");
-        pairs.put(ISSUER_NAME, "");
-        pairs.put(ENABLE, "false");
-        return pairs;
-    }
-
-    protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p)
-            throws EPropertyException {
-
-        NameValuePairs pairs = new NameValuePairs();
-
-        boolean hasFullName = false;
-
-        pairs.put(ENABLE, "true");
-        if (gns == null) {
-            pairs.put(POINT_TYPE, "");
-            pairs.put(POINT_NAME, "");
-        } else {
-            GeneralName gn = (GeneralName) gns.elementAt(0);
-
-            if (gn != null) {
-                hasFullName = true;
-
-                pairs.put(POINT_TYPE, getGeneralNameType(gn));
-                pairs.put(POINT_NAME, getGeneralNameValue(gn));
-            }
-        }
-
-        if (!hasFullName) {
-            pairs.put(POINT_TYPE, GN_DIRECTORY_NAME);
-            pairs.put(POINT_NAME, "");
-        }
-
-        gns = p.getCRLIssuer();
-
-        if (gns == null) {
-            pairs.put(ISSUER_TYPE, GN_DIRECTORY_NAME);
-            pairs.put(ISSUER_NAME, "");
-        } else {
-            GeneralName gn = (GeneralName) gns.elementAt(0);
-
-            if (gn != null) {
-                hasFullName = true;
-
-                pairs.put(ISSUER_TYPE, getGeneralNameType(gn));
-                pairs.put(ISSUER_NAME, getGeneralNameValue(gn));
-            }
-        }
-        return pairs;
-    }
-
-    public String getText(Locale locale) {
-        StringBuffer sb = new StringBuffer();
-        int num = getNumPoints();
-
-        for (int i = 0; i < num; i++) {
-            sb.append("Record #");
-            sb.append(i);
-            sb.append("{");
-            sb.append(POINT_TYPE + ":");
-            sb.append(getConfig(CONFIG_POINT_TYPE + i));
-            sb.append(",");
-            sb.append(POINT_NAME + ":");
-            sb.append(getConfig(CONFIG_POINT_NAME + i));
-            sb.append(",");
-            sb.append(ISSUER_TYPE + ":");
-            sb.append(getConfig(CONFIG_ISSUER_TYPE + i));
-            sb.append(",");
-            sb.append(ISSUER_NAME + ":");
-            sb.append(getConfig(CONFIG_ISSUER_NAME + i));
-            sb.append(",");
-            sb.append(ENABLE + ":");
-            sb.append(getConfig(CONFIG_ENABLE + i));
-            sb.append("}");
-        }
-        return CMS.getUserMessage(locale,
-                "CMS_PROFILE_DEF_FRESHEST_CRL_EXT",
-                getConfig(CONFIG_CRITICAL),
-                sb.toString());
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        FreshestCRLExtension ext = createExtension(request);
-
-        if (ext == null)
-            return;
-        addExtension(FreshestCRLExtension.OID, ext, info);
-    }
-
-    public FreshestCRLExtension createExtension(IRequest request) {
-        FreshestCRLExtension ext = new FreshestCRLExtension();
-        int num = 0;
-
-        try {
-            boolean critical = getConfigBoolean(CONFIG_CRITICAL);
-            ext.setCritical(critical);
-
-            num = getNumPoints();
-            for (int i = 0; i < num; i++) {
-                CRLDistributionPoint cdp = new CRLDistributionPoint();
-
-                String enable = getConfig(CONFIG_ENABLE + i);
-                String pointType = getConfig(CONFIG_POINT_TYPE + i);
-                String pointName = getConfig(CONFIG_POINT_NAME + i);
-                String issuerType = getConfig(CONFIG_ISSUER_TYPE + i);
-                String issuerName = getConfig(CONFIG_ISSUER_NAME + i);
-
-                if (enable != null && enable.equals("true")) {
-                    if (pointType != null)
-                        addCRLPoint(getLocale(request), cdp, pointType, pointName);
-                    if (issuerType != null)
-                        addIssuer(getLocale(request), cdp, issuerType, issuerName);
-
-                    ext.addPoint(cdp);
-                }
-            }
-        } catch (Exception e) {
-            CMS.debug("FreshestCRLExtDefault: createExtension " +
-                    e.toString());
-        }
-
-        return ext;
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    private void populate(Locale locale, X509CertInfo info)
-            throws EProfileException {
-        FreshestCRLExtension ext = createExtension(locale);
-
-        if (ext == null)
-            return;
-        addExtension(FreshestCRLExtension.OID, ext, info);
-    }
-
-    public FreshestCRLExtension createExtension(Locale locale) {
-        FreshestCRLExtension ext = new FreshestCRLExtension();
-        int num = 0;
-
-        try {
-            boolean critical = getConfigBoolean(CONFIG_CRITICAL);
-            ext.setCritical(critical);
-
-            num = getNumPoints();
-            for (int i = 0; i < num; i++) {
-                CRLDistributionPoint cdp = new CRLDistributionPoint();
-
-                String enable = getConfig(CONFIG_ENABLE + i);
-                String pointType = getConfig(CONFIG_POINT_TYPE + i);
-                String pointName = getConfig(CONFIG_POINT_NAME + i);
-                String issuerType = getConfig(CONFIG_ISSUER_TYPE + i);
-                String issuerName = getConfig(CONFIG_ISSUER_NAME + i);
-
-                if (enable != null && enable.equals("true")) {
-                    if (pointType != null)
-                        addCRLPoint(locale, cdp, pointType, pointName);
-                    if (issuerType != null)
-                        addIssuer(locale, cdp, issuerType, issuerName);
-
-                    ext.addPoint(cdp);
-                }
-            }
-        } catch (Exception e) {
-            CMS.debug("FreshestCRLExtDefault: createExtension " +
-                    e.toString());
-        }
-
-        return ext;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java b/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java
deleted file mode 100644
index f344648ab..000000000
--- a/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java
+++ /dev/null
@@ -1,253 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.util.Locale;
-
-import netscape.security.util.DerOutputStream;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.Extension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a Netscape comment extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class GenericExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "genericExtCritical";
-    public static final String CONFIG_OID = "genericExtOID";
-    public static final String CONFIG_DATA = "genericExtData";
-
-    public static final String VAL_CRITICAL = "genericExtCritical";
-    public static final String VAL_DATA = "genericExtData";
-
-    public GenericExtDefault() {
-        super();
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_DATA);
-
-        addConfigName(CONFIG_CRITICAL);
-        addConfigName(CONFIG_OID);
-        addConfigName(CONFIG_DATA);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(CONFIG_OID)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    "Comment Here...",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_OID"));
-        } else if (name.equals(CONFIG_DATA)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    "Comment Here...",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_EXT_VALUE"));
-        } else {
-            return null;
-        }
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_DATA)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_EXT_VALUE"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        try {
-            Extension ext = null;
-
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            ObjectIdentifier oid = new ObjectIdentifier(getConfig(CONFIG_OID));
-
-            ext = getExtension(oid.toString(), info);
-
-            if (ext == null) {
-                populate(null, info);
-            }
-
-            if (name.equals(VAL_CRITICAL)) {
-                ext = getExtension(oid.toString(), info);
-                if (ext == null) {
-                    return;
-                }
-                boolean val = Boolean.valueOf(value).booleanValue();
-                ext.setCritical(val);
-            } else if (name.equals(VAL_DATA)) {
-                ext = getExtension(oid.toString(), info);
-                if (ext == null) {
-                    return;
-                }
-                byte data[] = getBytes(value);
-                ext.setExtensionValue(data);
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            replaceExtension(ext.getExtensionId().toString(), ext, info);
-        } catch (EProfileException e) {
-            CMS.debug("GenericExtDefault: setValue " + e.toString());
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        Extension ext = null;
-
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-        ObjectIdentifier oid = new ObjectIdentifier(getConfig(CONFIG_OID));
-
-        ext = getExtension(oid.toString(), info);
-
-        if (ext == null) {
-            try {
-                populate(null, info);
-
-            } catch (EProfileException e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-        }
-
-        if (name.equals(VAL_CRITICAL)) {
-
-            ext = getExtension(oid.toString(), info);
-
-            if (ext == null) {
-                return null;
-            }
-            if (ext.isCritical()) {
-                return "true";
-            } else {
-                return "false";
-            }
-        } else if (name.equals(VAL_DATA)) {
-
-            ext = getExtension(oid.toString(), info);
-
-            if (ext == null)
-                return "";
-
-            byte data[] = ext.getExtensionValue();
-
-            if (data == null)
-                return "";
-
-            return toStr(data);
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        String params[] = {
-                getConfig(CONFIG_CRITICAL),
-                getConfig(CONFIG_OID),
-                getConfig(CONFIG_DATA)
-            };
-
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_GENERIC_EXT", params);
-    }
-
-    public String toStr(byte data[]) {
-        StringBuffer b = new StringBuffer();
-        for (int i = 0; i < data.length; i++) {
-            if ((data[i] & 0xff) < 16) {
-                b.append("0");
-            }
-            b.append(Integer.toString((data[i] & 0xff), 0x10));
-        }
-        return b.toString();
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        Extension ext = createExtension(request);
-
-        addExtension(ext.getExtensionId().toString(), ext, info);
-    }
-
-    public Extension createExtension(IRequest request) {
-        Extension ext = null;
-
-        try (DerOutputStream out = new DerOutputStream()) {
-            boolean critical = getConfigBoolean(CONFIG_CRITICAL);
-            ObjectIdentifier oid = new ObjectIdentifier(getConfig(CONFIG_OID));
-            byte data[] = null;
-
-            if (request == null) {
-                data = getBytes(getConfig(CONFIG_DATA));
-            } else {
-                data = getBytes(mapPattern(request, getConfig(CONFIG_DATA)));
-            }
-
-            out.putOctetString(data);
-
-            ext = new Extension(oid, critical, out.toByteArray());
-        } catch (Exception e) {
-            CMS.debug("GenericExtDefault: createExtension " +
-                    e.toString());
-        }
-        return ext;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/ImageDefault.java b/base/common/src/com/netscape/cms/profile/def/ImageDefault.java
deleted file mode 100644
index c1e69c9f4..000000000
--- a/base/common/src/com/netscape/cms/profile/def/ImageDefault.java
+++ /dev/null
@@ -1,105 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.util.Locale;
-
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that shows an image in the approval page.
- *
- * @version $Revision$, $Date$
- */
-public class ImageDefault extends EnrollDefault {
-
-    public static final String INPUT_IMAGE_URL = "image_url";
-
-    public static final String VAL_IMAGE_URL = "pd_image_url";
-
-    public ImageDefault() {
-        super();
-        addValueName(VAL_IMAGE_URL);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        return null;
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_IMAGE_URL)) {
-            return new Descriptor(IDescriptor.IMAGE_URL, null, null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_IMAGE"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-    }
-
-    public String getValue(String name, Locale locale, IRequest request)
-            throws EPropertyException {
-
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-        if (name.equals(VAL_IMAGE_URL)) {
-            return request.getExtDataInString(INPUT_IMAGE_URL);
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        return null;
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_IMAGE");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java b/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java
deleted file mode 100644
index 2c176593a..000000000
--- a/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java
+++ /dev/null
@@ -1,270 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.math.BigInteger;
-import java.util.Locale;
-
-import netscape.security.extensions.InhibitAnyPolicyExtension;
-import netscape.security.util.BigInt;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an inhibit Any-Policy extension
- *
- * @version $Revision$, $Date$
- */
-public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "critical";
-    public static final String CONFIG_SKIP_CERTS = "skipCerts";
-
-    public static final String VAL_CRITICAL = "critical";
-    public static final String VAL_SKIP_CERTS = "skipCerts";
-
-    private static final String SKIP_CERTS = "Skip Certs";
-
-    public InhibitAnyPolicyExtDefault() {
-        super();
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_SKIP_CERTS);
-
-        addConfigName(CONFIG_CRITICAL);
-        addConfigName(CONFIG_SKIP_CERTS);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, "true",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.startsWith(CONFIG_SKIP_CERTS)) {
-            return new Descriptor(IDescriptor.INTEGER, null, "0",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        if (name.equals(CONFIG_SKIP_CERTS)) {
-            try {
-                Integer.parseInt(value);
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_SKIP_CERTS));
-            }
-        }
-        super.setConfig(name, value);
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, "true",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_SKIP_CERTS)) {
-            return new Descriptor(IDescriptor.INTEGER, null, "0",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        try {
-            InhibitAnyPolicyExtension ext = null;
-
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            ext = (InhibitAnyPolicyExtension)
-                    getExtension(InhibitAnyPolicyExtension.OID, info);
-
-            if (ext == null) {
-                populate(null, info);
-            }
-
-            if (name.equals(VAL_CRITICAL)) {
-                ext = (InhibitAnyPolicyExtension)
-                        getExtension(InhibitAnyPolicyExtension.OID, info);
-
-                if (ext == null) {
-                    // it is ok, the extension is never populated or delted
-                    return;
-                }
-                boolean critical = Boolean.valueOf(value).booleanValue();
-
-                ext.setCritical(critical);
-            } else if (name.equals(VAL_SKIP_CERTS)) {
-                ext = (InhibitAnyPolicyExtension)
-                        getExtension(InhibitAnyPolicyExtension.OID, info);
-
-                if (ext == null) {
-                    // it is ok, the extension is never populated or delted
-                    return;
-                }
-                boolean critical = ext.isCritical();
-                if (value.equals("")) {
-                    // if value is empty, do not add this extension
-                    deleteExtension(InhibitAnyPolicyExtension.OID, info);
-                    return;
-                }
-                BigInt num = null;
-                try {
-                    BigInteger l = new BigInteger(value);
-                    num = new BigInt(l);
-                } catch (Exception e) {
-                    throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-                }
-                ext = new InhibitAnyPolicyExtension(critical,
-                        num);
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-            replaceExtension(InhibitAnyPolicyExtension.OID, ext, info);
-        } catch (EProfileException e) {
-            CMS.debug("InhibitAnyPolicyExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                    locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-        InhibitAnyPolicyExtension ext =
-                (InhibitAnyPolicyExtension)
-                getExtension(InhibitAnyPolicyExtension.OID, info);
-
-        if (ext == null) {
-            try {
-                populate(null, info);
-            } catch (EProfileException e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-            }
-        }
-
-        if (name.equals(VAL_CRITICAL)) {
-            ext = (InhibitAnyPolicyExtension)
-                    getExtension(InhibitAnyPolicyExtension.OID, info);
-
-            if (ext == null) {
-                return null;
-            }
-            if (ext.isCritical()) {
-                return "true";
-            } else {
-                return "false";
-            }
-        } else if (name.equals(VAL_SKIP_CERTS)) {
-            ext = (InhibitAnyPolicyExtension)
-                    getExtension(InhibitAnyPolicyExtension.OID, info);
-            if (ext == null) {
-                return null;
-            }
-
-            BigInt n = ext.getSkipCerts();
-            return "" + n.toInt();
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                    locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    /*
-     * returns text that goes into description for this extension on
-     * a profile
-     */
-    public String getText(Locale locale) {
-        StringBuffer sb = new StringBuffer();
-        sb.append(SKIP_CERTS + ":");
-        sb.append(getConfig(CONFIG_SKIP_CERTS));
-
-        return CMS.getUserMessage(locale,
-                "CMS_PROFILE_DEF_INHIBIT_ANY_POLICY_EXT",
-                getConfig(CONFIG_CRITICAL), sb.toString());
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        InhibitAnyPolicyExtension ext = null;
-
-        ext = createExtension(request);
-        addExtension(InhibitAnyPolicyExtension.OID, ext, info);
-    }
-
-    public InhibitAnyPolicyExtension createExtension(IRequest request)
-            throws EProfileException {
-        InhibitAnyPolicyExtension ext = null;
-
-        boolean critical = Boolean.valueOf(
-                getConfig(CONFIG_CRITICAL)).booleanValue();
-
-        String str = getConfig(CONFIG_SKIP_CERTS);
-        if (str == null || str.equals("")) {
-            ext = new InhibitAnyPolicyExtension();
-            ext.setCritical(critical);
-        } else {
-            BigInt val = null;
-            try {
-                BigInteger b = new BigInteger(str);
-                val = new BigInt(b);
-            } catch (NumberFormatException e) {
-                throw new EProfileException(
-                        CMS.getUserMessage("CMS_PROFILE_INHIBIT_ANY_POLICY_WRONG_SKIP_CERTS"));
-            }
-
-            try {
-                ext = new InhibitAnyPolicyExtension(critical, val);
-            } catch (Exception e) {
-                CMS.debug(e.toString());
-            }
-        }
-
-        return ext;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java b/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java
deleted file mode 100644
index ec203713b..000000000
--- a/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java
+++ /dev/null
@@ -1,317 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-
-import netscape.security.x509.GeneralName;
-import netscape.security.x509.GeneralNameInterface;
-import netscape.security.x509.GeneralNames;
-import netscape.security.x509.IssuerAlternativeNameExtension;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a issuer alternative name extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class IssuerAltNameExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "issuerAltNameExtCritical";
-    public static final String CONFIG_TYPE = "issuerAltExtType";
-    public static final String CONFIG_PATTERN = "issuerAltExtPattern";
-
-    public static final String VAL_CRITICAL = "issuerAltNameExtCritical";
-    public static final String VAL_GENERAL_NAMES = "issuerAltNames";
-
-    public IssuerAltNameExtDefault() {
-        super();
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_GENERAL_NAMES);
-
-        addConfigName(CONFIG_CRITICAL);
-        addConfigName(CONFIG_TYPE);
-        addConfigName(CONFIG_PATTERN);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(CONFIG_TYPE)) {
-            return new Descriptor(IDescriptor.CHOICE,
-                    "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName",
-                    "RFC822Name",
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_ISSUER_ALT_NAME_TYPE"));
-        } else if (name.equals(CONFIG_PATTERN)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_ISSUER_ALT_NAME_PATTERN"));
-        } else {
-            return null;
-        }
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_GENERAL_NAMES)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        try {
-            IssuerAlternativeNameExtension ext = null;
-
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            ext =
-                        (IssuerAlternativeNameExtension)
-                        getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
-
-            if (ext == null) {
-                try {
-                    populate(null, info);
-
-                } catch (EProfileException e) {
-                    throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-                }
-
-            }
-
-            if (name.equals(VAL_CRITICAL)) {
-                ext =
-                        (IssuerAlternativeNameExtension)
-                        getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
-
-                if (ext == null) {
-                    // it is ok, the extension is never populated or delted
-                    return;
-                }
-                boolean critical = Boolean.valueOf(value).booleanValue();
-
-                ext.setCritical(critical);
-            } else if (name.equals(VAL_GENERAL_NAMES)) {
-                ext =
-                        (IssuerAlternativeNameExtension)
-                        getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
-
-                if (ext == null) {
-                    // it is ok, the extension is never populated or delted
-                    return;
-                }
-                if (value.equals("")) {
-                    // if value is empty, do not add this extension
-                    deleteExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
-                    return;
-                }
-                GeneralNames gn = new GeneralNames();
-                StringTokenizer st = new StringTokenizer(value, "\r\n");
-
-                while (st.hasMoreTokens()) {
-                    String gname = st.nextToken();
-
-                    GeneralNameInterface n = parseGeneralName(gname);
-                    if (n != null) {
-                        gn.addElement(n);
-                    }
-                }
-                ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn);
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-            replaceExtension(
-                    PKIXExtensions.IssuerAlternativeName_Id.toString(),
-                    ext, info);
-        } catch (IOException e) {
-            CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        } catch (EProfileException e) {
-            CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        try {
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            IssuerAlternativeNameExtension ext =
-                    (IssuerAlternativeNameExtension)
-                    getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
-
-            if (ext == null) {
-
-                try {
-                    populate(null, info);
-
-                } catch (EProfileException e) {
-                    throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-                }
-
-            }
-
-            if (name.equals(VAL_CRITICAL)) {
-                ext =
-                        (IssuerAlternativeNameExtension)
-                        getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
-
-                if (ext == null) {
-                    return null;
-                }
-                if (ext.isCritical()) {
-                    return "true";
-                } else {
-                    return "false";
-                }
-            } else if (name.equals(VAL_GENERAL_NAMES)) {
-                ext =
-                        (IssuerAlternativeNameExtension)
-                        getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
-                if (ext == null) {
-                    return "";
-                }
-
-                GeneralNames names = (GeneralNames)
-                        ext.get(IssuerAlternativeNameExtension.ISSUER_NAME);
-                StringBuffer sb = new StringBuffer();
-                Enumeration<GeneralNameInterface> e = names.elements();
-
-                while (e.hasMoreElements()) {
-                    GeneralName gn = (GeneralName) e.nextElement();
-
-                    if (!sb.toString().equals("")) {
-                        sb.append("\r\n");
-                    }
-                    sb.append(toGeneralNameString(gn));
-                }
-                return sb.toString();
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } catch (IOException e) {
-            CMS.debug("IssuerAltNameExtDefault: getValue " +
-                    e.toString());
-        }
-        return null;
-    }
-
-    public String getText(Locale locale) {
-        String params[] = {
-                getConfig(CONFIG_CRITICAL),
-                getConfig(CONFIG_PATTERN),
-                getConfig(CONFIG_TYPE)
-            };
-
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_ISSUER_ALT_NAME_EXT", params);
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        IssuerAlternativeNameExtension ext = null;
-
-        try {
-            ext = createExtension(request);
-
-        } catch (IOException e) {
-            CMS.debug("IssuerAltNameExtDefault: populate " + e.toString());
-        }
-        addExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(),
-                ext, info);
-    }
-
-    public IssuerAlternativeNameExtension createExtension(IRequest request)
-            throws IOException {
-        IssuerAlternativeNameExtension ext = null;
-
-        try {
-            ext = new IssuerAlternativeNameExtension();
-        } catch (Exception e) {
-            CMS.debug(e.toString());
-            throw new IOException(e.toString());
-        }
-        boolean critical = Boolean.valueOf(
-                getConfig(CONFIG_CRITICAL)).booleanValue();
-        String pattern = getConfig(CONFIG_PATTERN);
-
-        if (!pattern.equals("")) {
-            GeneralNames gn = new GeneralNames();
-
-            String gname = "";
-
-            if (request != null) {
-                gname = mapPattern(request, pattern);
-            }
-
-            gn.addElement(parseGeneralName(
-                    getConfig(CONFIG_TYPE) + ":" + gname));
-            ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn);
-        }
-        ext.setCritical(critical);
-        return ext;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java b/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java
deleted file mode 100644
index bbc4f5227..000000000
--- a/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java
+++ /dev/null
@@ -1,511 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import netscape.security.x509.KeyUsageExtension;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a Key Usage extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class KeyUsageExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "keyUsageCritical";
-    public static final String CONFIG_DIGITAL_SIGNATURE =
-            "keyUsageDigitalSignature";
-    public static final String CONFIG_NON_REPUDIATION =
-            "keyUsageNonRepudiation";
-    public static final String CONFIG_KEY_ENCIPHERMENT =
-            "keyUsageKeyEncipherment";
-    public static final String CONFIG_DATA_ENCIPHERMENT =
-            "keyUsageDataEncipherment";
-    public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement";
-    public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign";
-    public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign";
-    public static final String CONFIG_ENCIPHER_ONLY = "keyUsageEncipherOnly";
-    public static final String CONFIG_DECIPHER_ONLY = "keyUsageDecipherOnly";
-
-    public static final String VAL_CRITICAL = "keyUsageCritical";
-    public static final String VAL_DIGITAL_SIGNATURE =
-            "keyUsageDigitalSignature";
-    public static final String VAL_NON_REPUDIATION =
-            "keyUsageNonRepudiation";
-    public static final String VAL_KEY_ENCIPHERMENT =
-            "keyUsageKeyEncipherment";
-    public static final String VAL_DATA_ENCIPHERMENT =
-            "keyUsageDataEncipherment";
-    public static final String VAL_KEY_AGREEMENT = "keyUsageKeyAgreement";
-    public static final String VAL_KEY_CERTSIGN = "keyUsageKeyCertSign";
-    public static final String VAL_CRL_SIGN = "keyUsageCrlSign";
-    public static final String VAL_ENCIPHER_ONLY = "keyUsageEncipherOnly";
-    public static final String VAL_DECIPHER_ONLY = "keyUsageDecipherOnly";
-
-    public KeyUsageExtDefault() {
-        super();
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_DIGITAL_SIGNATURE);
-        addValueName(VAL_NON_REPUDIATION);
-        addValueName(VAL_KEY_ENCIPHERMENT);
-        addValueName(VAL_DATA_ENCIPHERMENT);
-        addValueName(VAL_KEY_AGREEMENT);
-        addValueName(VAL_KEY_CERTSIGN);
-        addValueName(VAL_CRL_SIGN);
-        addValueName(VAL_ENCIPHER_ONLY);
-        addValueName(VAL_DECIPHER_ONLY);
-
-        addConfigName(CONFIG_CRITICAL);
-        addConfigName(CONFIG_DIGITAL_SIGNATURE);
-        addConfigName(CONFIG_NON_REPUDIATION);
-        addConfigName(CONFIG_KEY_ENCIPHERMENT);
-        addConfigName(CONFIG_DATA_ENCIPHERMENT);
-        addConfigName(CONFIG_KEY_AGREEMENT);
-        addConfigName(CONFIG_KEY_CERTSIGN);
-        addConfigName(CONFIG_CRL_SIGN);
-        addConfigName(CONFIG_ENCIPHER_ONLY);
-        addConfigName(CONFIG_DECIPHER_ONLY);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(CONFIG_DIGITAL_SIGNATURE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE"));
-        } else if (name.equals(CONFIG_NON_REPUDIATION)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION"));
-        } else if (name.equals(CONFIG_KEY_ENCIPHERMENT)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT"));
-        } else if (name.equals(CONFIG_DATA_ENCIPHERMENT)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT"));
-        } else if (name.equals(CONFIG_KEY_AGREEMENT)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT"));
-        } else if (name.equals(CONFIG_KEY_CERTSIGN)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN"));
-        } else if (name.equals(CONFIG_CRL_SIGN)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN"));
-        } else if (name.equals(CONFIG_ENCIPHER_ONLY)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY"));
-        } else if (name.equals(CONFIG_DECIPHER_ONLY)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY"));
-        } else {
-            return null;
-        }
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_DIGITAL_SIGNATURE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE"));
-        } else if (name.equals(VAL_NON_REPUDIATION)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION"));
-        } else if (name.equals(VAL_KEY_ENCIPHERMENT)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT"));
-        } else if (name.equals(VAL_DATA_ENCIPHERMENT)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT"));
-        } else if (name.equals(VAL_KEY_AGREEMENT)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT"));
-        } else if (name.equals(VAL_KEY_CERTSIGN)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN"));
-        } else if (name.equals(VAL_CRL_SIGN)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN"));
-        } else if (name.equals(VAL_ENCIPHER_ONLY)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY"));
-        } else if (name.equals(VAL_DECIPHER_ONLY)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        try {
-            KeyUsageExtension ext = null;
-
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-
-            if (ext == null) {
-                populate(null, info);
-
-            }
-
-            if (name.equals(VAL_CRITICAL)) {
-                ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                boolean val = Boolean.valueOf(value).booleanValue();
-
-                if (ext == null) {
-                    return;
-                }
-                ext.setCritical(val);
-            } else if (name.equals(VAL_DIGITAL_SIGNATURE)) {
-                ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if (ext == null) {
-                    return;
-                }
-                Boolean val = Boolean.valueOf(value);
-
-                ext.set(KeyUsageExtension.DIGITAL_SIGNATURE, val);
-            } else if (name.equals(VAL_NON_REPUDIATION)) {
-                ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if (ext == null) {
-                    return;
-                }
-                Boolean val = Boolean.valueOf(value);
-
-                ext.set(KeyUsageExtension.NON_REPUDIATION, val);
-            } else if (name.equals(VAL_KEY_ENCIPHERMENT)) {
-                ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if (ext == null) {
-                    return;
-                }
-                Boolean val = Boolean.valueOf(value);
-
-                ext.set(KeyUsageExtension.KEY_ENCIPHERMENT, val);
-            } else if (name.equals(VAL_DATA_ENCIPHERMENT)) {
-                ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if (ext == null) {
-                    return;
-                }
-                Boolean val = Boolean.valueOf(value);
-
-                ext.set(KeyUsageExtension.DATA_ENCIPHERMENT, val);
-            } else if (name.equals(VAL_KEY_AGREEMENT)) {
-                ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if (ext == null) {
-                    return;
-                }
-                Boolean val = Boolean.valueOf(value);
-
-                ext.set(KeyUsageExtension.KEY_AGREEMENT, val);
-            } else if (name.equals(VAL_KEY_CERTSIGN)) {
-                ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if (ext == null) {
-                    return;
-                }
-                Boolean val = Boolean.valueOf(value);
-
-                ext.set(KeyUsageExtension.KEY_CERTSIGN, val);
-            } else if (name.equals(VAL_CRL_SIGN)) {
-                ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if (ext == null) {
-                    return;
-                }
-                Boolean val = Boolean.valueOf(value);
-
-                ext.set(KeyUsageExtension.CRL_SIGN, val);
-            } else if (name.equals(VAL_ENCIPHER_ONLY)) {
-                ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if (ext == null) {
-                    return;
-                }
-                Boolean val = Boolean.valueOf(value);
-
-                ext.set(KeyUsageExtension.ENCIPHER_ONLY, val);
-            } else if (name.equals(VAL_DECIPHER_ONLY)) {
-                ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if (ext == null) {
-                    return;
-                }
-                Boolean val = Boolean.valueOf(value);
-
-                ext.set(KeyUsageExtension.DECIPHER_ONLY, val);
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            replaceExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info);
-        } catch (IOException e) {
-            CMS.debug("KeyUsageExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        } catch (EProfileException e) {
-            CMS.debug("KeyUsageExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        try {
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            KeyUsageExtension ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-
-            if (ext == null) {
-                try {
-                    populate(null, info);
-
-                } catch (EProfileException e) {
-                    throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-                }
-
-            }
-
-            if (name.equals(VAL_CRITICAL)) {
-                ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-
-                if (ext == null) {
-                    return null;
-                }
-                if (ext.isCritical()) {
-                    return "true";
-                } else {
-                    return "false";
-                }
-            } else if (name.equals(VAL_DIGITAL_SIGNATURE)) {
-                ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if (ext == null) {
-                    return null;
-                }
-
-                Boolean val = (Boolean)
-                        ext.get(KeyUsageExtension.DIGITAL_SIGNATURE);
-
-                return val.toString();
-            } else if (name.equals(VAL_NON_REPUDIATION)) {
-                ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if (ext == null) {
-                    return null;
-                }
-                Boolean val = (Boolean)
-                        ext.get(KeyUsageExtension.NON_REPUDIATION);
-
-                return val.toString();
-            } else if (name.equals(VAL_KEY_ENCIPHERMENT)) {
-                ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if (ext == null) {
-                    return null;
-                }
-                Boolean val = (Boolean)
-                        ext.get(KeyUsageExtension.KEY_ENCIPHERMENT);
-
-                return val.toString();
-            } else if (name.equals(VAL_DATA_ENCIPHERMENT)) {
-                ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if (ext == null) {
-                    return null;
-                }
-                Boolean val = (Boolean)
-                        ext.get(KeyUsageExtension.DATA_ENCIPHERMENT);
-
-                return val.toString();
-            } else if (name.equals(VAL_KEY_AGREEMENT)) {
-                ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if (ext == null) {
-                    return null;
-                }
-                Boolean val = (Boolean)
-                        ext.get(KeyUsageExtension.KEY_AGREEMENT);
-
-                return val.toString();
-            } else if (name.equals(VAL_KEY_CERTSIGN)) {
-                ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if (ext == null) {
-                    return null;
-                }
-                Boolean val = (Boolean)
-                        ext.get(KeyUsageExtension.KEY_CERTSIGN);
-
-                return val.toString();
-            } else if (name.equals(VAL_CRL_SIGN)) {
-                ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if (ext == null) {
-                    return null;
-                }
-                Boolean val = (Boolean)
-                        ext.get(KeyUsageExtension.CRL_SIGN);
-
-                return val.toString();
-            } else if (name.equals(VAL_ENCIPHER_ONLY)) {
-                ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if (ext == null) {
-                    return null;
-                }
-                Boolean val = (Boolean)
-                        ext.get(KeyUsageExtension.ENCIPHER_ONLY);
-
-                return val.toString();
-            } else if (name.equals(VAL_DECIPHER_ONLY)) {
-                ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if (ext == null) {
-                    return null;
-                }
-                Boolean val = (Boolean)
-                        ext.get(KeyUsageExtension.DECIPHER_ONLY);
-
-                return val.toString();
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } catch (IOException e) {
-            CMS.debug("KeyUsageExtDefault: getValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        String params[] = {
-                getConfig(CONFIG_CRITICAL),
-                getConfig(CONFIG_DIGITAL_SIGNATURE),
-                getConfig(CONFIG_NON_REPUDIATION),
-                getConfig(CONFIG_KEY_ENCIPHERMENT),
-                getConfig(CONFIG_DATA_ENCIPHERMENT),
-                getConfig(CONFIG_KEY_AGREEMENT),
-                getConfig(CONFIG_KEY_CERTSIGN),
-                getConfig(CONFIG_CRL_SIGN),
-                getConfig(CONFIG_ENCIPHER_ONLY),
-                getConfig(CONFIG_DECIPHER_ONLY)
-            };
-
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_KEY_USAGE_EXT", params);
-
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        KeyUsageExtension ext = createKeyUsageExtension();
-
-        addExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info);
-    }
-
-    public KeyUsageExtension createKeyUsageExtension() {
-        KeyUsageExtension ext = null;
-        boolean[] bits = new boolean[KeyUsageExtension.NBITS];
-
-        boolean critical = getConfigBoolean(CONFIG_CRITICAL);
-
-        bits[0] = getConfigBoolean(CONFIG_DIGITAL_SIGNATURE);
-        bits[1] = getConfigBoolean(CONFIG_NON_REPUDIATION);
-        bits[2] = getConfigBoolean(CONFIG_KEY_ENCIPHERMENT);
-        bits[3] = getConfigBoolean(CONFIG_DATA_ENCIPHERMENT);
-        bits[4] = getConfigBoolean(CONFIG_KEY_AGREEMENT);
-        bits[5] = getConfigBoolean(CONFIG_KEY_CERTSIGN);
-        bits[6] = getConfigBoolean(CONFIG_CRL_SIGN);
-        bits[7] = getConfigBoolean(CONFIG_ENCIPHER_ONLY);
-        bits[8] = getConfigBoolean(CONFIG_DECIPHER_ONLY);
-        try {
-            ext = new KeyUsageExtension(critical, bits);
-        } catch (Exception e) {
-            CMS.debug("KeyUsageExtDefault: createKeyUsageExtension " +
-                    e.toString());
-        }
-        return ext;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java b/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java
deleted file mode 100644
index f6da8aede..000000000
--- a/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java
+++ /dev/null
@@ -1,246 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.NSCCommentExtension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a Netscape comment extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class NSCCommentExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "nscCommentCritical";
-    public static final String CONFIG_COMMENT = "nscCommentContent";
-
-    public static final String VAL_CRITICAL = "nscCommentCritical";
-    public static final String VAL_COMMENT = "nscCommentContent";
-
-    public NSCCommentExtDefault() {
-        super();
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_COMMENT);
-
-        addConfigName(CONFIG_CRITICAL);
-        addConfigName(CONFIG_COMMENT);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(CONFIG_COMMENT)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    "Comment Here...",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_COMMENT"));
-        } else {
-            return null;
-        }
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_COMMENT)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_COMMENT"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        try {
-            NSCCommentExtension ext = null;
-
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            ObjectIdentifier oid = NSCCommentExtension.OID;
-
-            ext = (NSCCommentExtension)
-                        getExtension(oid.toString(), info);
-
-            if (ext == null) {
-                populate(null, info);
-            }
-
-            if (name.equals(VAL_CRITICAL)) {
-
-                ext = (NSCCommentExtension)
-                        getExtension(oid.toString(), info);
-                boolean val = Boolean.valueOf(value).booleanValue();
-
-                if (ext == null) {
-                    return;
-                }
-                ext.setCritical(val);
-            } else if (name.equals(VAL_COMMENT)) {
-
-                ext = (NSCCommentExtension)
-                        getExtension(oid.toString(), info);
-
-                if (ext == null) {
-                    return;
-                }
-                boolean critical = ext.isCritical();
-
-                if (value == null || value.equals(""))
-                    ext = new NSCCommentExtension(critical, "");
-                //                    throw new EPropertyException(name+" cannot be empty");
-                else
-                    ext = new NSCCommentExtension(critical, value);
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            replaceExtension(ext.getExtensionId().toString(), ext, info);
-        } catch (IOException e) {
-            CMS.debug("NSCCommentExtDefault: setValue " + e.toString());
-        } catch (EProfileException e) {
-            CMS.debug("NSCCommentExtDefault: setValue " + e.toString());
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        NSCCommentExtension ext = null;
-
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-        ObjectIdentifier oid = NSCCommentExtension.OID;
-
-        ext = (NSCCommentExtension)
-                    getExtension(oid.toString(), info);
-
-        if (ext == null) {
-            try {
-                populate(null, info);
-
-            } catch (EProfileException e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-        }
-
-        if (name.equals(VAL_CRITICAL)) {
-
-            ext = (NSCCommentExtension)
-                    getExtension(oid.toString(), info);
-
-            if (ext == null) {
-                return null;
-            }
-            if (ext.isCritical()) {
-                return "true";
-            } else {
-                return "false";
-            }
-        } else if (name.equals(VAL_COMMENT)) {
-
-            ext = (NSCCommentExtension)
-                    getExtension(oid.toString(), info);
-
-            if (ext == null)
-                return "";
-
-            String comment = ext.getComment();
-
-            if (comment == null)
-                comment = "";
-
-            return comment;
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        String params[] = {
-                getConfig(CONFIG_CRITICAL),
-                getConfig(CONFIG_COMMENT)
-            };
-
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NS_COMMENT_EXT", params);
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        NSCCommentExtension ext = createExtension();
-
-        addExtension(ext.getExtensionId().toString(), ext, info);
-    }
-
-    public NSCCommentExtension createExtension() {
-        NSCCommentExtension ext = null;
-
-        try {
-            boolean critical = getConfigBoolean(CONFIG_CRITICAL);
-            String comment = getConfig(CONFIG_COMMENT);
-
-            if (comment == null || comment.equals(""))
-                ext = new NSCCommentExtension(critical, "");
-            else
-                ext = new NSCCommentExtension(critical, comment);
-        } catch (Exception e) {
-            CMS.debug("NSCCommentExtension: createExtension " +
-                    e.toString());
-        }
-        return ext;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java b/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java
deleted file mode 100644
index 731581945..000000000
--- a/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java
+++ /dev/null
@@ -1,420 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.security.cert.CertificateException;
-import java.util.Locale;
-
-import netscape.security.extensions.NSCertTypeExtension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a Netscape Certificate Type extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class NSCertTypeExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "nsCertCritical";
-    public static final String CONFIG_SSL_CLIENT = "nsCertSSLClient";
-    public static final String CONFIG_SSL_SERVER = "nsCertSSLServer";
-    public static final String CONFIG_EMAIL = "nsCertEmail";
-    public static final String CONFIG_OBJECT_SIGNING = "nsCertObjectSigning";
-    public static final String CONFIG_SSL_CA = "nsCertSSLCA";
-    public static final String CONFIG_EMAIL_CA = "nsCertEmailCA";
-    public static final String CONFIG_OBJECT_SIGNING_CA = "nsCertObjectSigningCA";
-
-    public static final String VAL_CRITICAL = "nsCertCritical";
-    public static final String VAL_SSL_CLIENT = "nsCertSSLClient";
-    public static final String VAL_SSL_SERVER = "nsCertSSLServer";
-    public static final String VAL_EMAIL = "nsCertEmail";
-    public static final String VAL_OBJECT_SIGNING = "nsCertObjectSigning";
-    public static final String VAL_SSL_CA = "nsCertSSLCA";
-    public static final String VAL_EMAIL_CA = "nsCertEmailCA";
-    public static final String VAL_OBJECT_SIGNING_CA = "nsCertObjectSigningCA";
-
-    public NSCertTypeExtDefault() {
-        super();
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_SSL_CLIENT);
-        addValueName(VAL_SSL_SERVER);
-        addValueName(VAL_EMAIL);
-        addValueName(VAL_OBJECT_SIGNING);
-        addValueName(VAL_SSL_CA);
-        addValueName(VAL_EMAIL_CA);
-        addValueName(VAL_OBJECT_SIGNING_CA);
-
-        addConfigName(CONFIG_CRITICAL);
-        addConfigName(CONFIG_SSL_CLIENT);
-        addConfigName(CONFIG_SSL_SERVER);
-        addConfigName(CONFIG_EMAIL);
-        addConfigName(CONFIG_OBJECT_SIGNING);
-        addConfigName(CONFIG_SSL_CA);
-        addConfigName(CONFIG_EMAIL_CA);
-        addConfigName(CONFIG_OBJECT_SIGNING_CA);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(CONFIG_SSL_CLIENT)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT"));
-        } else if (name.equals(CONFIG_SSL_SERVER)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER"));
-        } else if (name.equals(CONFIG_EMAIL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL"));
-        } else if (name.equals(CONFIG_OBJECT_SIGNING)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING"));
-        } else if (name.equals(CONFIG_SSL_CA)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CA"));
-        } else if (name.equals(CONFIG_EMAIL_CA)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA"));
-        } else if (name.equals(CONFIG_OBJECT_SIGNING_CA)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING_CA"));
-        } else {
-            return null;
-        }
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_SSL_CLIENT)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT"));
-        } else if (name.equals(VAL_SSL_SERVER)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER"));
-        } else if (name.equals(VAL_EMAIL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL"));
-        } else if (name.equals(VAL_OBJECT_SIGNING)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING"));
-        } else if (name.equals(VAL_SSL_CA)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CA"));
-        } else if (name.equals(VAL_EMAIL_CA)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA"));
-        } else if (name.equals(VAL_OBJECT_SIGNING_CA)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING_CA"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        try {
-            NSCertTypeExtension ext = null;
-
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            ext = (NSCertTypeExtension)
-                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-
-            if (ext == null) {
-                populate(null, info);
-
-            }
-            if (name.equals(VAL_CRITICAL)) {
-                ext = (NSCertTypeExtension)
-                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                boolean val = Boolean.valueOf(value).booleanValue();
-
-                if (ext == null) {
-                    return;
-                }
-                ext.setCritical(val);
-            } else if (name.equals(VAL_SSL_CLIENT)) {
-                ext = (NSCertTypeExtension)
-                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if (ext == null) {
-                    return;
-                }
-                Boolean val = Boolean.valueOf(value);
-
-                ext.set(NSCertTypeExtension.SSL_CLIENT, val);
-            } else if (name.equals(VAL_SSL_SERVER)) {
-                ext = (NSCertTypeExtension)
-                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if (ext == null) {
-                    return;
-                }
-                Boolean val = Boolean.valueOf(value);
-
-                ext.set(NSCertTypeExtension.SSL_SERVER, val);
-            } else if (name.equals(VAL_EMAIL)) {
-                ext = (NSCertTypeExtension)
-                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if (ext == null) {
-                    return;
-                }
-                Boolean val = Boolean.valueOf(value);
-
-                ext.set(NSCertTypeExtension.EMAIL, val);
-            } else if (name.equals(VAL_OBJECT_SIGNING)) {
-                ext = (NSCertTypeExtension)
-                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if (ext == null) {
-                    return;
-                }
-                Boolean val = Boolean.valueOf(value);
-
-                ext.set(NSCertTypeExtension.OBJECT_SIGNING, val);
-            } else if (name.equals(VAL_SSL_CA)) {
-                ext = (NSCertTypeExtension)
-                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if (ext == null) {
-                    return;
-                }
-                Boolean val = Boolean.valueOf(value);
-
-                ext.set(NSCertTypeExtension.SSL_CA, val);
-            } else if (name.equals(VAL_EMAIL_CA)) {
-                ext = (NSCertTypeExtension)
-                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if (ext == null) {
-                    return;
-                }
-                Boolean val = Boolean.valueOf(value);
-
-                ext.set(NSCertTypeExtension.EMAIL_CA, val);
-            } else if (name.equals(VAL_OBJECT_SIGNING_CA)) {
-                ext = (NSCertTypeExtension)
-                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if (ext == null) {
-                    return;
-                }
-                Boolean val = Boolean.valueOf(value);
-
-                ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA, val);
-            } else {
-                throw new EPropertyException("Invalid name " + name);
-            }
-            replaceExtension(NSCertTypeExtension.CertType_Id.toString(), ext, info);
-        } catch (CertificateException e) {
-            CMS.debug("NSCertTypeExtDefault: setValue " + e.toString());
-        } catch (EProfileException e) {
-            CMS.debug("NSCertTypeExtDefault: setValue " + e.toString());
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        try {
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            NSCertTypeExtension ext = (NSCertTypeExtension)
-                    getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-
-            if (ext == null) {
-                try {
-                    populate(null, info);
-
-                } catch (EProfileException e) {
-                    throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-                }
-
-            }
-            if (name.equals(VAL_CRITICAL)) {
-                ext = (NSCertTypeExtension)
-                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-
-                if (ext == null) {
-                    return null;
-                }
-                if (ext.isCritical()) {
-                    return "true";
-                } else {
-                    return "false";
-                }
-            } else if (name.equals(VAL_SSL_CLIENT)) {
-                ext = (NSCertTypeExtension)
-                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if (ext == null) {
-                    return null;
-                }
-                Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CLIENT);
-
-                return val.toString();
-            } else if (name.equals(VAL_SSL_SERVER)) {
-                ext = (NSCertTypeExtension)
-                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if (ext == null) {
-                    return null;
-                }
-                Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_SERVER);
-
-                return val.toString();
-            } else if (name.equals(VAL_EMAIL)) {
-                ext = (NSCertTypeExtension)
-                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if (ext == null) {
-                    return null;
-                }
-                Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL);
-
-                return val.toString();
-            } else if (name.equals(VAL_OBJECT_SIGNING)) {
-                ext = (NSCertTypeExtension)
-                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if (ext == null) {
-                    return null;
-                }
-                Boolean val = (Boolean) ext.get(NSCertTypeExtension.OBJECT_SIGNING);
-
-                return val.toString();
-            } else if (name.equals(VAL_SSL_CA)) {
-                ext = (NSCertTypeExtension)
-                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if (ext == null) {
-                    return null;
-                }
-                Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CA);
-
-                return val.toString();
-            } else if (name.equals(VAL_EMAIL_CA)) {
-                ext = (NSCertTypeExtension)
-                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if (ext == null) {
-                    return null;
-                }
-                Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL_CA);
-
-                return val.toString();
-            } else if (name.equals(VAL_OBJECT_SIGNING_CA)) {
-                ext = (NSCertTypeExtension)
-                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if (ext == null) {
-                    return null;
-                }
-                Boolean val = (Boolean) ext.get(NSCertTypeExtension.OBJECT_SIGNING_CA);
-
-                return val.toString();
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } catch (CertificateException e) {
-            CMS.debug("NSCertTypeExtDefault: setValue " + e.toString());
-        }
-        return null;
-    }
-
-    public String getText(Locale locale) {
-        String params[] = {
-                getConfig(CONFIG_CRITICAL),
-                getConfig(CONFIG_SSL_CLIENT),
-                getConfig(CONFIG_SSL_SERVER),
-                getConfig(CONFIG_EMAIL),
-                getConfig(CONFIG_OBJECT_SIGNING),
-                getConfig(CONFIG_SSL_CA),
-                getConfig(CONFIG_EMAIL_CA),
-                getConfig(CONFIG_OBJECT_SIGNING_CA)
-            };
-
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NS_CERT_TYPE_EXT", params);
-
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        NSCertTypeExtension ext = createExtension();
-
-        addExtension(NSCertTypeExtension.CertType_Id.toString(), ext, info);
-    }
-
-    public NSCertTypeExtension createExtension() {
-        NSCertTypeExtension ext = null;
-        boolean[] bits = new boolean[NSCertTypeExtension.NBITS];
-
-        boolean critical = getConfigBoolean(CONFIG_CRITICAL);
-
-        bits[0] = getConfigBoolean(CONFIG_SSL_CLIENT);
-        bits[1] = getConfigBoolean(CONFIG_SSL_SERVER);
-        bits[2] = getConfigBoolean(CONFIG_EMAIL);
-        bits[3] = getConfigBoolean(CONFIG_OBJECT_SIGNING);
-        bits[4] = false;
-        bits[5] = getConfigBoolean(CONFIG_SSL_CA);
-        bits[6] = getConfigBoolean(CONFIG_EMAIL_CA);
-        bits[7] = getConfigBoolean(CONFIG_OBJECT_SIGNING_CA);
-        try {
-            ext = new NSCertTypeExtension(critical, bits);
-        } catch (Exception e) {
-            CMS.debug("NSCertTypeExtDefault: createExtension " +
-                    e.toString());
-        }
-        return ext;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java b/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java
deleted file mode 100644
index f010b6134..000000000
--- a/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java
+++ /dev/null
@@ -1,670 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.GeneralName;
-import netscape.security.x509.GeneralNameInterface;
-import netscape.security.x509.GeneralSubtree;
-import netscape.security.x509.GeneralSubtrees;
-import netscape.security.x509.NameConstraintsExtension;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a name constraint extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class NameConstraintsExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "nameConstraintsCritical";
-    public static final String CONFIG_NUM_PERMITTED_SUBTREES =
-            "nameConstraintsNumPermittedSubtrees";
-    public static final String CONFIG_PERMITTED_MIN_VAL = "nameConstraintsPermittedSubtreeMinValue_";
-    public static final String CONFIG_PERMITTED_MAX_VAL = "nameConstraintsPermittedSubtreeMaxValue_";
-    public static final String CONFIG_PERMITTED_NAME_CHOICE = "nameConstraintsPermittedSubtreeNameChoice_";
-    public static final String CONFIG_PERMITTED_NAME_VAL = "nameConstraintsPermittedSubtreeNameValue_";
-    public static final String CONFIG_PERMITTED_ENABLE = "nameConstraintsPermittedSubtreeEnable_";
-
-    public static final String CONFIG_NUM_EXCLUDED_SUBTREES = "nameConstraintsNumExcludedSubtrees";
-    public static final String CONFIG_EXCLUDED_MIN_VAL = "nameConstraintsExcludedSubtreeMinValue_";
-    public static final String CONFIG_EXCLUDED_MAX_VAL = "nameConstraintsExcludedSubtreeMaxValue_";
-    public static final String CONFIG_EXCLUDED_NAME_CHOICE = "nameConstraintsExcludedSubtreeNameChoice_";
-    public static final String CONFIG_EXCLUDED_NAME_VAL = "nameConstraintsExcludedSubtreeNameValue_";
-    public static final String CONFIG_EXCLUDED_ENABLE = "nameConstraintsExcludedSubtreeEnable_";
-
-    public static final String VAL_CRITICAL = "nameConstraintsCritical";
-    public static final String VAL_PERMITTED_SUBTREES = "nameConstraintsPermittedSubtreesValue";
-    public static final String VAL_EXCLUDED_SUBTREES = "nameConstraintsExcludedSubtreesValue";
-
-    private static final String GENERAL_NAME_CHOICE = "GeneralNameChoice";
-    private static final String GENERAL_NAME_VALUE = "GeneralNameValue";
-    private static final String MIN_VALUE = "Min Value";
-    private static final String MAX_VALUE = "Max Value";
-    private static final String ENABLE = "Enable";
-
-    protected static final int DEF_NUM_PERMITTED_SUBTREES = 1;
-    protected static final int DEF_NUM_EXCLUDED_SUBTREES = 1;
-    protected static final int MAX_NUM_EXCLUDED_SUBTREES = 100;
-    protected static final int MAX_NUM_PERMITTED_SUBTREES = 100;
-
-    public NameConstraintsExtDefault() {
-        super();
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-        refreshConfigAndValueNames();
-
-    }
-
-    protected int getNumPermitted() {
-        int num = DEF_NUM_PERMITTED_SUBTREES;
-        String val = getConfig(CONFIG_NUM_PERMITTED_SUBTREES);
-
-        if (val != null) {
-            try {
-                num = Integer.parseInt(val);
-            } catch (NumberFormatException e) {
-                // ignore
-            }
-        }
-
-        if (num >= MAX_NUM_PERMITTED_SUBTREES)
-            num = DEF_NUM_PERMITTED_SUBTREES;
-        return num;
-    }
-
-    protected int getNumExcluded() {
-        int num = DEF_NUM_EXCLUDED_SUBTREES;
-        String val = getConfig(CONFIG_NUM_EXCLUDED_SUBTREES);
-
-        if (val != null) {
-            try {
-                num = Integer.parseInt(val);
-            } catch (NumberFormatException e) {
-                // ignore
-            }
-        }
-
-        if (num >= MAX_NUM_EXCLUDED_SUBTREES)
-            num = DEF_NUM_EXCLUDED_SUBTREES;
-
-        return num;
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        int num = 0;
-        if (name.equals(CONFIG_NUM_PERMITTED_SUBTREES)) {
-            try {
-                num = Integer.parseInt(value);
-
-                if (num >= MAX_NUM_PERMITTED_SUBTREES || num < 0) {
-                    throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES));
-                }
-
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES));
-            }
-        } else if (name.equals(CONFIG_NUM_EXCLUDED_SUBTREES)) {
-
-            try {
-                num = Integer.parseInt(value);
-
-                if (num >= MAX_NUM_EXCLUDED_SUBTREES || num < 0) {
-                    throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES));
-                }
-
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES));
-            }
-        }
-        super.setConfig(name, value);
-    }
-
-    public Enumeration<String> getConfigNames() {
-        refreshConfigAndValueNames();
-        return super.getConfigNames();
-    }
-
-    protected void refreshConfigAndValueNames() {
-        //refesh our config name list
-
-        super.refreshConfigAndValueNames();
-
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_PERMITTED_SUBTREES);
-        addValueName(VAL_EXCLUDED_SUBTREES);
-
-        addConfigName(CONFIG_CRITICAL);
-        int num = getNumPermitted();
-
-        addConfigName(CONFIG_NUM_PERMITTED_SUBTREES);
-
-        for (int i = 0; i < num; i++) {
-            addConfigName(CONFIG_PERMITTED_MIN_VAL + i);
-            addConfigName(CONFIG_PERMITTED_MAX_VAL + i);
-            addConfigName(CONFIG_PERMITTED_NAME_CHOICE + i);
-            addConfigName(CONFIG_PERMITTED_NAME_VAL + i);
-            addConfigName(CONFIG_PERMITTED_ENABLE + i);
-        }
-
-        num = getNumExcluded();
-
-        addConfigName(CONFIG_NUM_EXCLUDED_SUBTREES);
-        for (int i = 0; i < num; i++) {
-            addConfigName(CONFIG_EXCLUDED_MIN_VAL + i);
-            addConfigName(CONFIG_EXCLUDED_MAX_VAL + i);
-            addConfigName(CONFIG_EXCLUDED_NAME_CHOICE + i);
-            addConfigName(CONFIG_EXCLUDED_NAME_VAL + i);
-            addConfigName(CONFIG_EXCLUDED_ENABLE + i);
-        }
-
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.startsWith(CONFIG_PERMITTED_MIN_VAL)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MIN_VAL"));
-        } else if (name.startsWith(CONFIG_PERMITTED_MAX_VAL)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MAX_VAL"));
-        } else if (name.startsWith(CONFIG_PERMITTED_NAME_CHOICE)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_CHOICE"));
-        } else if (name.startsWith(CONFIG_PERMITTED_NAME_VAL)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_VAL"));
-        } else if (name.startsWith(CONFIG_PERMITTED_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
-        } else if (name.startsWith(CONFIG_EXCLUDED_MIN_VAL)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MIN_VAL"));
-        } else if (name.startsWith(CONFIG_EXCLUDED_MAX_VAL)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MAX_VAL"));
-        } else if (name.startsWith(CONFIG_EXCLUDED_NAME_CHOICE)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_CHOICE"));
-        } else if (name.startsWith(CONFIG_EXCLUDED_NAME_VAL)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_VAL"));
-        } else if (name.startsWith(CONFIG_EXCLUDED_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
-        } else if (name.startsWith(CONFIG_NUM_EXCLUDED_SUBTREES)) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    "1",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_EXCLUDED_SUBTREES"));
-        } else if (name.startsWith(CONFIG_NUM_PERMITTED_SUBTREES)) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    "1",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_PERMITTED_SUBTREES"));
-        }
-        return null;
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_PERMITTED_SUBTREES)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_SUBTREES"));
-        } else if (name.equals(VAL_EXCLUDED_SUBTREES)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_SUBTREES"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        try {
-            NameConstraintsExtension ext = null;
-
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            ext = (NameConstraintsExtension)
-                        getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
-
-            if (ext == null) {
-                populate(null, info);
-            }
-
-            if (name.equals(VAL_CRITICAL)) {
-                ext = (NameConstraintsExtension)
-                        getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
-                boolean val = Boolean.valueOf(value).booleanValue();
-
-                if (ext == null) {
-                    return;
-                }
-                ext.setCritical(val);
-            } else if (name.equals(VAL_PERMITTED_SUBTREES)) {
-                ext = (NameConstraintsExtension)
-                        getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
-
-                if (ext == null) {
-                    return;
-                }
-                if ((value == null) || (value.equals("null")) || (value.equals(""))) {
-                    CMS.debug("NameConstraintsExtDefault:setValue : " +
-                              "blank value for permitted subtrees ... returning");
-                    return;
-                }
-
-                Vector<NameValuePairs> v = parseRecords(value);
-
-                Vector<GeneralSubtree> permittedSubtrees = createSubtrees(locale, v);
-
-                ext.set(NameConstraintsExtension.PERMITTED_SUBTREES,
-                        new GeneralSubtrees(permittedSubtrees));
-            } else if (name.equals(VAL_EXCLUDED_SUBTREES)) {
-                ext = (NameConstraintsExtension)
-                        getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
-
-                if (ext == null) {
-                    return;
-                }
-                if ((value == null) || (value.equals("null")) || (value.equals(""))) {
-                    CMS.debug("NameConstraintsExtDefault:setValue : " +
-                              "blank value for excluded subtrees ... returning");
-                    return;
-                }
-                Vector<NameValuePairs> v = parseRecords(value);
-
-                Vector<GeneralSubtree> excludedSubtrees = createSubtrees(locale, v);
-
-                ext.set(NameConstraintsExtension.EXCLUDED_SUBTREES,
-                        new GeneralSubtrees(excludedSubtrees));
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            replaceExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info);
-        } catch (IOException e) {
-            CMS.debug("NameConstraintsExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        } catch (EProfileException e) {
-            CMS.debug("NameConstraintsExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    private Vector<GeneralSubtree> createSubtrees(Locale locale, Vector<NameValuePairs> v) throws EPropertyException {
-        int size = v.size();
-        String choice = null;
-        String val = "";
-        String minS = null;
-        String maxS = null;
-
-        Vector<GeneralSubtree> subtrees = new Vector<GeneralSubtree>();
-
-        for (int i = 0; i < size; i++) {
-            NameValuePairs nvps = v.elementAt(i);
-
-            for (String name1 : nvps.keySet()) {
-
-                if (name1.equals(GENERAL_NAME_CHOICE)) {
-                    choice = nvps.get(name1);
-                } else if (name1.equals(GENERAL_NAME_VALUE)) {
-                    val = nvps.get(name1);
-                } else if (name1.equals(MIN_VALUE)) {
-                    minS = nvps.get(name1);
-                } else if (name1.equals(MAX_VALUE)) {
-                    maxS = nvps.get(name1);
-                }
-            }
-
-            if (choice == null || choice.length() == 0) {
-                throw new EPropertyException(CMS.getUserMessage(locale,
-                            "CMS_PROFILE_GENERAL_NAME_NOT_FOUND"));
-            }
-
-            if (val == null)
-                val = "";
-
-            int min = 0;
-            int max = -1;
-
-            if (minS != null && minS.length() > 0)
-                min = Integer.parseInt(minS);
-            if (maxS != null && maxS.length() > 0)
-                max = Integer.parseInt(maxS);
-
-            GeneralName gn = null;
-            GeneralNameInterface gnI = null;
-
-            try {
-                gnI = parseGeneralName(choice + ":" + val);
-            } catch (IOException e) {
-                CMS.debug("NameConstraintsExtDefault: createSubtress " +
-                        e.toString());
-            }
-
-            if (gnI != null) {
-                gn = new GeneralName(gnI);
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(locale,
-                            "CMS_PROFILE_GENERAL_NAME_NOT_FOUND"));
-            }
-            GeneralSubtree subtree = new GeneralSubtree(
-                    gn, min, max);
-
-            subtrees.addElement(subtree);
-        }
-
-        return subtrees;
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        NameConstraintsExtension ext = null;
-
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-        ext = (NameConstraintsExtension)
-                    getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
-
-        if (ext == null) {
-            try {
-                populate(null, info);
-
-            } catch (EProfileException e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-        }
-
-        if (name.equals(VAL_CRITICAL)) {
-            ext = (NameConstraintsExtension)
-                    getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
-
-            if (ext == null) {
-                return null;
-            }
-            if (ext.isCritical()) {
-                return "true";
-            } else {
-                return "false";
-            }
-        } else if (name.equals(VAL_PERMITTED_SUBTREES)) {
-            ext = (NameConstraintsExtension)
-                    getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
-
-            if (ext == null)
-                return "";
-
-            GeneralSubtrees subtrees = null;
-
-            try {
-                subtrees = (GeneralSubtrees)
-                        ext.get(NameConstraintsExtension.PERMITTED_SUBTREES);
-            } catch (IOException e) {
-                CMS.debug("NameConstraintExtDefault: getValue " + e.toString());
-            }
-
-            if (subtrees == null) {
-                CMS.debug("NameConstraintsExtDefault::getValue() VAL_PERMITTED_SUBTREES is null!");
-                throw new EPropertyException("subtrees is null");
-            }
-
-            return getSubtreesInfo(ext, subtrees);
-        } else if (name.equals(VAL_EXCLUDED_SUBTREES)) {
-            ext = (NameConstraintsExtension)
-                    getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
-
-            if (ext == null)
-                return "";
-
-            GeneralSubtrees subtrees = null;
-
-            try {
-                subtrees = (GeneralSubtrees)
-                        ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
-            } catch (IOException e) {
-                CMS.debug("NameConstraintExtDefault: getValue " + e.toString());
-            }
-
-            if (subtrees == null) {
-                CMS.debug("NameConstraintsExtDefault::getValue() VAL_EXCLUDED_SUBTREES is null!");
-                throw new EPropertyException("subtrees is null");
-            }
-
-            return getSubtreesInfo(ext, subtrees);
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    private String getSubtreesInfo(NameConstraintsExtension ext,
-            GeneralSubtrees subtrees) throws EPropertyException {
-        Vector<GeneralSubtree> trees = subtrees.getSubtrees();
-        int size = trees.size();
-
-        Vector<NameValuePairs> recs = new Vector<NameValuePairs>();
-
-        for (int i = 0; i < size; i++) {
-            GeneralSubtree tree = trees.elementAt(i);
-
-            GeneralName gn = tree.getGeneralName();
-            String type = getGeneralNameType(gn);
-            int max = tree.getMaxValue();
-            int min = tree.getMinValue();
-
-            NameValuePairs pairs = new NameValuePairs();
-
-            pairs.put(GENERAL_NAME_CHOICE, type);
-            pairs.put(GENERAL_NAME_VALUE, getGeneralNameValue(gn));
-            pairs.put(MIN_VALUE, Integer.toString(min));
-            pairs.put(MAX_VALUE, Integer.toString(max));
-            pairs.put(ENABLE, "true");
-
-            recs.addElement(pairs);
-        }
-
-        return buildRecords(recs);
-    }
-
-    public String getText(Locale locale) {
-        StringBuffer sb = new StringBuffer();
-        int num = getNumPermitted();
-
-        for (int i = 0; i < num; i++) {
-            sb.append("Permitted #");
-            sb.append(i);
-            sb.append("{");
-            sb.append(GENERAL_NAME_CHOICE + ":");
-            sb.append(getConfig(CONFIG_PERMITTED_NAME_CHOICE + i));
-            sb.append(",");
-            sb.append(GENERAL_NAME_VALUE + ":");
-            sb.append(getConfig(CONFIG_PERMITTED_NAME_VAL + i));
-            sb.append(",");
-            sb.append(MIN_VALUE + ":");
-            sb.append(getConfig(CONFIG_PERMITTED_MIN_VAL + i));
-            sb.append(",");
-            sb.append(MAX_VALUE + ":");
-            sb.append(getConfig(CONFIG_PERMITTED_MAX_VAL + i));
-            sb.append("}");
-        }
-        num = getNumExcluded();
-        for (int i = 0; i < num; i++) {
-            sb.append("Exluded #");
-            sb.append(i);
-            sb.append("{");
-            sb.append(GENERAL_NAME_CHOICE + ":");
-            sb.append(getConfig(CONFIG_EXCLUDED_NAME_CHOICE + i));
-            sb.append(",");
-            sb.append(GENERAL_NAME_VALUE + ":");
-            sb.append(getConfig(CONFIG_EXCLUDED_NAME_VAL + i));
-            sb.append(",");
-            sb.append(MIN_VALUE + ":");
-            sb.append(getConfig(CONFIG_EXCLUDED_MIN_VAL + i));
-            sb.append(",");
-            sb.append(MAX_VALUE + ":");
-            sb.append(getConfig(CONFIG_EXCLUDED_MAX_VAL + i));
-            sb.append("}");
-        }
-        return CMS.getUserMessage(locale,
-                "CMS_PROFILE_DEF_NAME_CONSTRAINTS_EXT",
-                getConfig(CONFIG_CRITICAL), sb.toString());
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        NameConstraintsExtension ext = createExtension();
-
-        addExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info);
-    }
-
-    public NameConstraintsExtension createExtension() {
-        NameConstraintsExtension ext = null;
-
-        try {
-            int num = getNumPermitted();
-
-            boolean critical = getConfigBoolean(CONFIG_CRITICAL);
-
-            Vector<GeneralSubtree> v = new Vector<GeneralSubtree>();
-
-            for (int i = 0; i < num; i++) {
-                String enable = getConfig(CONFIG_PERMITTED_ENABLE + i);
-
-                if (enable != null && enable.equals("true")) {
-                    String choice = getConfig(CONFIG_PERMITTED_NAME_CHOICE + i);
-                    String value = getConfig(CONFIG_PERMITTED_NAME_VAL + i);
-                    String minS = getConfig(CONFIG_PERMITTED_MIN_VAL + i);
-                    String maxS = getConfig(CONFIG_PERMITTED_MAX_VAL + i);
-
-                    v.addElement(createSubtree(choice, value, minS, maxS));
-                }
-            }
-
-            Vector<GeneralSubtree> v1 = new Vector<GeneralSubtree>();
-
-            num = getNumExcluded();
-            for (int i = 0; i < num; i++) {
-                String enable = getConfig(CONFIG_EXCLUDED_ENABLE + i);
-
-                if (enable != null && enable.equals("true")) {
-                    String choice = getConfig(CONFIG_EXCLUDED_NAME_CHOICE + i);
-                    String value = getConfig(CONFIG_EXCLUDED_NAME_VAL + i);
-                    String minS = getConfig(CONFIG_EXCLUDED_MIN_VAL + i);
-                    String maxS = getConfig(CONFIG_EXCLUDED_MAX_VAL + i);
-
-                    v1.addElement(createSubtree(choice, value, minS, maxS));
-                }
-            }
-
-            ext = new NameConstraintsExtension(critical,
-                        new GeneralSubtrees(v), new GeneralSubtrees(v1));
-        } catch (Exception e) {
-            CMS.debug("NameConstraintsExtDefault: createExtension " +
-                    e.toString());
-        }
-
-        return ext;
-    }
-
-    private GeneralSubtree createSubtree(String choice, String value,
-            String minS, String maxS) {
-        GeneralName gn = null;
-        GeneralNameInterface gnI = null;
-
-        try {
-            gnI = parseGeneralName(choice + ":" + value);
-        } catch (IOException e) {
-            CMS.debug(e.toString());
-        }
-        if (gnI != null)
-            gn = new GeneralName(gnI);
-        else
-            //throw new EPropertyException("GeneralName must not be null");
-            return null;
-
-        int min = 0;
-
-        if (minS != null && minS.length() > 0)
-            min = Integer.parseInt(minS);
-        int max = -1;
-
-        if (maxS != null && maxS.length() > 0)
-            max = Integer.parseInt(maxS);
-
-        return (new GeneralSubtree(gn, min, max));
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/NoDefault.java b/base/common/src/com/netscape/cms/profile/def/NoDefault.java
deleted file mode 100644
index 2e80aee2f..000000000
--- a/base/common/src/com/netscape/cms/profile/def/NoDefault.java
+++ /dev/null
@@ -1,111 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements no default policy.
- *
- * @version $Revision$, $Date$
- */
-public class NoDefault implements IPolicyDefault {
-
-    public static final String PROP_NAME = "name";
-
-    protected Vector<String> mValues = new Vector<String>();
-    protected Vector<String> mNames = new Vector<String>();
-    protected IConfigStore mConfig = null;
-
-    public Enumeration<String> getConfigNames() {
-        return mNames.elements();
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        return null;
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-    }
-
-    public String getDefaultConfig(String name) {
-        return null;
-    }
-
-    public String getConfig(String name) {
-        return null;
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        mConfig = config;
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request)
-            throws EProfileException {
-    }
-
-    public Enumeration<String> getValueNames() {
-        return mValues.elements();
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        return null;
-    }
-
-    public void setValue(String name, Locale locale, IRequest request,
-            String value)
-            throws EPropertyException {
-    }
-
-    public String getValue(String name, Locale locale, IRequest request) {
-        return null;
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NO_DEFAULT");
-    }
-
-    public String getName(Locale locale) {
-        try {
-            return mConfig.getString(PROP_NAME);
-        } catch (EBaseException e) {
-            return null;
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java b/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java
deleted file mode 100644
index ab5b8c62b..000000000
--- a/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java
+++ /dev/null
@@ -1,185 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.util.Locale;
-
-import netscape.security.extensions.OCSPNoCheckExtension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates an OCSP No Check extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class OCSPNoCheckExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "ocspNoCheckCritical";
-
-    public static final String VAL_CRITICAL = "ocspNoCheckCritical";
-
-    public OCSPNoCheckExtDefault() {
-        super();
-        addValueName(VAL_CRITICAL);
-        addConfigName(CONFIG_CRITICAL);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else {
-            return null;
-        }
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-        OCSPNoCheckExtension ext = (OCSPNoCheckExtension)
-                getExtension(OCSPNoCheckExtension.OID, info);
-
-        if (ext == null) {
-            try {
-                populate(null, info);
-
-            } catch (EProfileException e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-        }
-
-        if (name.equals(VAL_CRITICAL)) {
-            ext = (OCSPNoCheckExtension)
-                    getExtension(OCSPNoCheckExtension.OID, info);
-            boolean val = Boolean.valueOf(value).booleanValue();
-
-            if (ext == null) {
-                return;
-            }
-            ext.setCritical(val);
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-        OCSPNoCheckExtension ext = (OCSPNoCheckExtension)
-                getExtension(OCSPNoCheckExtension.OID, info);
-
-        if (ext == null) {
-            try {
-                populate(null, info);
-
-            } catch (EProfileException e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-        }
-
-        if (name.equals(VAL_CRITICAL)) {
-            ext = (OCSPNoCheckExtension)
-                    getExtension(OCSPNoCheckExtension.OID, info);
-
-            if (ext == null) {
-                return null;
-            }
-            if (ext.isCritical()) {
-                return "true";
-            } else {
-                return "false";
-            }
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_OCSP_NO_CHECK_EXT",
-                getConfig(CONFIG_CRITICAL));
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        OCSPNoCheckExtension ext = createExtension();
-
-        addExtension(OCSPNoCheckExtension.OID, ext, info);
-    }
-
-    public OCSPNoCheckExtension createExtension() {
-        OCSPNoCheckExtension ext = null;
-
-        try {
-            ext = new OCSPNoCheckExtension();
-        } catch (Exception e) {
-            CMS.debug("OCSPNoCheckExtDefault:  createExtension " +
-                    e.toString());
-            return null;
-        }
-        boolean critical = getConfigBoolean(CONFIG_CRITICAL);
-
-        ext.setCritical(critical);
-        return ext;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java b/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java
deleted file mode 100644
index ced6096a3..000000000
--- a/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java
+++ /dev/null
@@ -1,287 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.PolicyConstraintsExtension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a policy constraints extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class PolicyConstraintsExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "policyConstraintsCritical";
-    public static final String CONFIG_REQ_EXPLICIT_POLICY = "policyConstraintsReqExplicitPolicy";
-    public static final String CONFIG_INHIBIT_POLICY_MAPPING = "policyConstraintsInhibitPolicyMapping";
-
-    public static final String VAL_CRITICAL = "policyConstraintsCritical";
-    public static final String VAL_REQ_EXPLICIT_POLICY = "policyConstraintsReqExplicitPolicy";
-    public static final String VAL_INHIBIT_POLICY_MAPPING = "policyConstraintsInhibitPolicyMapping";
-
-    public PolicyConstraintsExtDefault() {
-        super();
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_REQ_EXPLICIT_POLICY);
-        addValueName(VAL_INHIBIT_POLICY_MAPPING);
-
-        addConfigName(CONFIG_CRITICAL);
-        addConfigName(CONFIG_REQ_EXPLICIT_POLICY);
-        addConfigName(CONFIG_INHIBIT_POLICY_MAPPING);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(CONFIG_REQ_EXPLICIT_POLICY)) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY"));
-        } else if (name.equals(CONFIG_INHIBIT_POLICY_MAPPING)) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INHIBIT_POLICY_MAPPING"));
-        }
-        return null;
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY"));
-        } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INHIBIT_POLICY_MAPPING"));
-        }
-        return null;
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        try {
-            PolicyConstraintsExtension ext = null;
-
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            ext = (PolicyConstraintsExtension)
-                        getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
-                                info);
-
-            if (ext == null) {
-                populate(null, info);
-            }
-
-            if (name.equals(VAL_CRITICAL)) {
-                ext = (PolicyConstraintsExtension)
-                        getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
-                                info);
-                boolean val = Boolean.valueOf(value).booleanValue();
-
-                if (ext == null) {
-                    return;
-                }
-                ext.setCritical(val);
-            } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) {
-                ext = (PolicyConstraintsExtension)
-                        getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
-                                info);
-
-                if (ext == null) {
-                    return;
-                }
-                Integer num = new Integer(value);
-
-                ext.set(PolicyConstraintsExtension.REQUIRE, num);
-            } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) {
-                ext = (PolicyConstraintsExtension)
-                        getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
-                                info);
-
-                if (ext == null) {
-                    return;
-                }
-                Integer num = new Integer(value);
-
-                ext.set(PolicyConstraintsExtension.INHIBIT, num);
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            replaceExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
-                    ext, info);
-        } catch (EProfileException e) {
-            CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        } catch (IOException e) {
-            CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        PolicyConstraintsExtension ext = null;
-
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-        ext = (PolicyConstraintsExtension)
-                    getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
-                            info);
-        if (ext == null) {
-
-            try {
-                populate(null, info);
-
-            } catch (EProfileException e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-        }
-
-        if (name.equals(VAL_CRITICAL)) {
-            ext = (PolicyConstraintsExtension)
-                    getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
-                            info);
-
-            if (ext == null) {
-                return null;
-            }
-            if (ext.isCritical()) {
-                return "true";
-            } else {
-                return "false";
-            }
-        } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) {
-            ext = (PolicyConstraintsExtension)
-                    getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
-                            info);
-
-            if (ext == null)
-                return "";
-
-            int num = ext.getRequireExplicitMapping();
-
-            return "" + num;
-        } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) {
-            ext = (PolicyConstraintsExtension)
-                    getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
-                            info);
-
-            if (ext == null)
-                return "";
-
-            int num = ext.getInhibitPolicyMapping();
-
-            return "" + num;
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        String params[] = {
-                getConfig(CONFIG_CRITICAL),
-                getConfig(CONFIG_REQ_EXPLICIT_POLICY),
-                getConfig(CONFIG_INHIBIT_POLICY_MAPPING)
-            };
-
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_POLICY_CONSTRAINTS_EXT", params);
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        PolicyConstraintsExtension ext = createExtension();
-
-        if (ext == null)
-            return;
-        addExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
-                ext, info);
-    }
-
-    public PolicyConstraintsExtension createExtension() {
-        PolicyConstraintsExtension ext = null;
-
-        try {
-            boolean critical = getConfigBoolean(CONFIG_CRITICAL);
-
-            int reqNum = -1;
-            int inhibitNum = -1;
-            String req = getConfig(CONFIG_REQ_EXPLICIT_POLICY);
-
-            if (req != null && req.length() > 0) {
-                reqNum = Integer.parseInt(req);
-            }
-            String inhibit = getConfig(CONFIG_INHIBIT_POLICY_MAPPING);
-
-            if (inhibit != null && inhibit.length() > 0) {
-                inhibitNum = Integer.parseInt(inhibit);
-            }
-            ext = new PolicyConstraintsExtension(critical, reqNum, inhibitNum);
-        } catch (Exception e) {
-            CMS.debug("PolicyConstraintsExtDefault: createExtension " +
-                    e.toString());
-        }
-
-        return ext;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java b/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java
deleted file mode 100644
index 56d67a93e..000000000
--- a/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java
+++ /dev/null
@@ -1,419 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.CertificatePolicyId;
-import netscape.security.x509.CertificatePolicyMap;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.PolicyMappingsExtension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a policy mappings extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class PolicyMappingsExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "policyMappingsCritical";
-    public static final String CONFIG_NUM_POLICY_MAPPINGS = "policyMappingsNum";
-    public static final String CONFIG_ISSUER_DOMAIN_POLICY = "policyMappingsIssuerDomainPolicy_";
-    public static final String CONFIG_SUBJECT_DOMAIN_POLICY = "policyMappingsSubjectDomainPolicy_";
-    public static final String CONFIG_ENABLE = "policyMappingsEnable_";
-
-    public static final String VAL_CRITICAL = "policyMappingsCritical";
-    public static final String VAL_DOMAINS = "policyMappingsDomains";
-
-    private static final String ISSUER_POLICY_ID = "Issuer Policy Id";
-    private static final String SUBJECT_POLICY_ID = "Subject Policy Id";
-    private static final String POLICY_ID_ENABLE = "Enable";
-
-    private static final int DEF_NUM_MAPPINGS = 1;
-    private static final int MAX_NUM_MAPPINGS = 100;
-
-    public PolicyMappingsExtDefault() {
-        super();
-    }
-
-    protected int getNumMappings() {
-        int num = DEF_NUM_MAPPINGS;
-        String numMappings = getConfig(CONFIG_NUM_POLICY_MAPPINGS);
-
-        if (numMappings != null) {
-            try {
-                num = Integer.parseInt(numMappings);
-            } catch (NumberFormatException e) {
-                // ignore
-            }
-        }
-        return num;
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-        refreshConfigAndValueNames();
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        int num = 0;
-        if (name.equals(CONFIG_NUM_POLICY_MAPPINGS)) {
-            try {
-                num = Integer.parseInt(value);
-
-                if (num >= MAX_NUM_MAPPINGS || num < 0) {
-                    throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS));
-                }
-
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS));
-            }
-        }
-        super.setConfig(name, value);
-    }
-
-    public Enumeration<String> getConfigNames() {
-        refreshConfigAndValueNames();
-        return super.getConfigNames();
-    }
-
-    protected void refreshConfigAndValueNames() {
-        super.refreshConfigAndValueNames();
-
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_DOMAINS);
-
-        addConfigName(CONFIG_CRITICAL);
-        int num = getNumMappings();
-
-        addConfigName(CONFIG_NUM_POLICY_MAPPINGS);
-        for (int i = 0; i < num; i++) {
-            addConfigName(CONFIG_ISSUER_DOMAIN_POLICY + i);
-            addConfigName(CONFIG_SUBJECT_DOMAIN_POLICY + i);
-            addConfigName(CONFIG_ENABLE + i);
-        }
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.startsWith(CONFIG_ISSUER_DOMAIN_POLICY)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_DOMAIN_POLICY"));
-        } else if (name.startsWith(CONFIG_SUBJECT_DOMAIN_POLICY)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_DOMAIN_POLICY"));
-        } else if (name.startsWith(CONFIG_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
-        } else if (name.startsWith(CONFIG_NUM_POLICY_MAPPINGS)) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    "1",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICY_MAPPINGS"));
-        }
-
-        return null;
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_DOMAINS)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_DOMAINS"));
-        }
-        return null;
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        try {
-            PolicyMappingsExtension ext = null;
-
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            ext = (PolicyMappingsExtension)
-                        getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
-                                info);
-
-            if (ext == null) {
-                populate(null, info);
-
-            }
-
-            if (name.equals(VAL_CRITICAL)) {
-                ext = (PolicyMappingsExtension)
-                        getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
-                                info);
-                boolean val = Boolean.valueOf(value).booleanValue();
-
-                if (ext == null) {
-                    return;
-                }
-                ext.setCritical(val);
-            } else if (name.equals(VAL_DOMAINS)) {
-                ext = (PolicyMappingsExtension)
-                        getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
-                                info);
-
-                if (ext == null) {
-                    return;
-                }
-                Vector<NameValuePairs> v = parseRecords(value);
-                int size = v.size();
-
-                String issuerPolicyId = null;
-                String subjectPolicyId = null;
-                String enable = null;
-                Vector<CertificatePolicyMap> policyMaps = new Vector<CertificatePolicyMap>();
-
-                for (int i = 0; i < size; i++) {
-                    NameValuePairs nvps = v.elementAt(i);
-
-                    for (String name1 : nvps.keySet()) {
-
-                        if (name1.equals(ISSUER_POLICY_ID)) {
-                            issuerPolicyId = nvps.get(name1);
-                        } else if (name1.equals(SUBJECT_POLICY_ID)) {
-                            subjectPolicyId = nvps.get(name1);
-                        } else if (name1.equals(POLICY_ID_ENABLE)) {
-                            enable = nvps.get(name1);
-                        }
-                    }
-
-                    if (enable != null && enable.equals("true")) {
-                        if (issuerPolicyId == null ||
-                                issuerPolicyId.length() == 0 || subjectPolicyId == null ||
-                                subjectPolicyId.length() == 0)
-                            throw new EPropertyException(CMS.getUserMessage(
-                                        locale, "CMS_PROFILE_POLICY_ID_NOT_FOUND"));
-                        CertificatePolicyMap map = new CertificatePolicyMap(
-                                new CertificatePolicyId(new ObjectIdentifier(issuerPolicyId)),
-                                new CertificatePolicyId(new ObjectIdentifier(subjectPolicyId)));
-
-                        policyMaps.addElement(map);
-                    }
-                }
-                ext.set(PolicyMappingsExtension.MAP, policyMaps);
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            replaceExtension(PKIXExtensions.PolicyMappings_Id.toString(),
-                    ext, info);
-        } catch (EProfileException e) {
-            CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        } catch (IOException e) {
-            CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        PolicyMappingsExtension ext = null;
-
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-        ext = (PolicyMappingsExtension)
-                    getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
-                            info);
-        if (ext == null) {
-            try {
-                populate(null, info);
-
-            } catch (EProfileException e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-        }
-
-        if (name.equals(VAL_CRITICAL)) {
-            ext = (PolicyMappingsExtension)
-                    getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
-                            info);
-
-            if (ext == null) {
-                return null;
-            }
-            if (ext.isCritical()) {
-                return "true";
-            } else {
-                return "false";
-            }
-        } else if (name.equals(VAL_DOMAINS)) {
-            ext = (PolicyMappingsExtension)
-                    getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
-                            info);
-
-            if (ext == null)
-                return "";
-
-            int num_mappings = getNumMappings();
-
-            Enumeration<CertificatePolicyMap> maps = ext.getMappings();
-
-            Vector<NameValuePairs> recs = new Vector<NameValuePairs>();
-
-            for (int i = 0; i < num_mappings; i++) {
-                NameValuePairs pairs = new NameValuePairs();
-
-                if (maps.hasMoreElements()) {
-                    CertificatePolicyMap map = maps.nextElement();
-
-                    CertificatePolicyId i1 = map.getIssuerIdentifier();
-                    CertificatePolicyId s1 = map.getSubjectIdentifier();
-
-                    pairs.put(ISSUER_POLICY_ID, i1.getIdentifier().toString());
-                    pairs.put(SUBJECT_POLICY_ID, s1.getIdentifier().toString());
-                    pairs.put(POLICY_ID_ENABLE, "true");
-                } else {
-                    pairs.put(ISSUER_POLICY_ID, "");
-                    pairs.put(SUBJECT_POLICY_ID, "");
-                    pairs.put(POLICY_ID_ENABLE, "false");
-
-                }
-                recs.addElement(pairs);
-            }
-
-            return buildRecords(recs);
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        StringBuffer sb = new StringBuffer();
-        int num = getNumMappings();
-
-        for (int i = 0; i < num; i++) {
-            sb.append("Record #");
-            sb.append(i);
-            sb.append("{");
-            sb.append(ISSUER_POLICY_ID + ":");
-            sb.append(getConfig(CONFIG_ISSUER_DOMAIN_POLICY + i));
-            sb.append(",");
-            sb.append(SUBJECT_POLICY_ID + ":");
-            sb.append(getConfig(CONFIG_SUBJECT_DOMAIN_POLICY + i));
-            sb.append(",");
-            sb.append(POLICY_ID_ENABLE + ":");
-            sb.append(getConfig(CONFIG_ENABLE + i));
-            sb.append("}");
-        }
-        return CMS.getUserMessage(locale,
-                "CMS_PROFILE_DEF_POLICY_MAPPINGS_EXT",
-                getConfig(CONFIG_CRITICAL), sb.toString());
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        PolicyMappingsExtension ext = createExtension();
-
-        if (ext == null)
-            return;
-        addExtension(PKIXExtensions.PolicyMappings_Id.toString(),
-                ext, info);
-    }
-
-    public PolicyMappingsExtension createExtension() {
-        PolicyMappingsExtension ext = null;
-
-        try {
-            boolean critical = getConfigBoolean(CONFIG_CRITICAL);
-            Vector<CertificatePolicyMap> policyMaps = new Vector<CertificatePolicyMap>();
-            int num = getNumMappings();
-
-            for (int i = 0; i < num; i++) {
-                String enable = getConfig(CONFIG_ENABLE + i);
-
-                if (enable != null && enable.equals("true")) {
-                    String issuerID = getConfig(CONFIG_ISSUER_DOMAIN_POLICY + i);
-
-                    if (issuerID == null || issuerID.length() == 0) {
-                        return null;
-                    }
-
-                    String subjectID = getConfig(CONFIG_SUBJECT_DOMAIN_POLICY + i);
-
-                    if (subjectID == null || subjectID.length() == 0) {
-                        return null;
-                    }
-
-                    CertificatePolicyMap map = new CertificatePolicyMap(
-                            new CertificatePolicyId(new ObjectIdentifier(issuerID)),
-                            new CertificatePolicyId(new ObjectIdentifier(subjectID)));
-
-                    policyMaps.addElement(map);
-                }
-            }
-
-            ext = new PolicyMappingsExtension(critical, policyMaps);
-        } catch (Exception e) {
-            CMS.debug("PolicyMappingsExtDefault: createExtension " +
-                    e.toString());
-        }
-
-        return ext;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java b/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java
deleted file mode 100644
index 6532a13f0..000000000
--- a/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java
+++ /dev/null
@@ -1,316 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.text.ParsePosition;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.Locale;
-
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.PrivateKeyUsageExtension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a Private Key Usage Period extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "puCritical";
-    public static final String CONFIG_START_TIME = "puStartTime";
-    public static final String CONFIG_DURATION = "puDurationInDays"; // in days
-
-    public static final String VAL_CRITICAL = "puCritical";
-    public static final String VAL_NOT_BEFORE = "puNotBefore";
-    public static final String VAL_NOT_AFTER = "puNotAfter";
-
-    public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss";
-    private long mDefault = 86400000; // 1 days
-
-    public PrivateKeyUsagePeriodExtDefault() {
-        super();
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_NOT_BEFORE);
-        addValueName(VAL_NOT_AFTER);
-
-        addConfigName(CONFIG_CRITICAL);
-        addConfigName(CONFIG_START_TIME);
-        addConfigName(CONFIG_DURATION);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(CONFIG_START_TIME)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    "0",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_START_TIME"));
-        } else if (name.equals(CONFIG_DURATION)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    "365",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_RANGE"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        if (name.equals(CONFIG_START_TIME)) {
-            try {
-                Integer.parseInt(value);
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_START_TIME));
-            }
-        } else if (name.equals(CONFIG_DURATION)) {
-            try {
-                Integer.parseInt(value);
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_DURATION));
-            }
-        }
-        super.setConfig(name, value);
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_NOT_BEFORE)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    "0",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE"));
-        } else if (name.equals(VAL_NOT_AFTER)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    "30",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        try {
-            PrivateKeyUsageExtension ext = null;
-
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            ObjectIdentifier oid = PKIXExtensions.PrivateKeyUsage_Id;
-
-            ext = (PrivateKeyUsageExtension)
-                        getExtension(oid.toString(), info);
-
-            if (ext == null) {
-                populate(null, info);
-            }
-
-            if (name.equals(VAL_CRITICAL)) {
-
-                ext = (PrivateKeyUsageExtension)
-                        getExtension(oid.toString(), info);
-                boolean val = Boolean.valueOf(value).booleanValue();
-
-                if (ext == null) {
-                    return;
-                }
-                ext.setCritical(val);
-            } else if (name.equals(VAL_NOT_BEFORE)) {
-                SimpleDateFormat formatter =
-                        new SimpleDateFormat(DATE_FORMAT);
-                ParsePosition pos = new ParsePosition(0);
-                Date date = formatter.parse(value, pos);
-
-                ext = (PrivateKeyUsageExtension)
-                        getExtension(oid.toString(), info);
-
-                if (ext == null) {
-                    return;
-                }
-                ext.set(PrivateKeyUsageExtension.NOT_BEFORE, date);
-            } else if (name.equals(VAL_NOT_AFTER)) {
-                SimpleDateFormat formatter =
-                        new SimpleDateFormat(DATE_FORMAT);
-                ParsePosition pos = new ParsePosition(0);
-                Date date = formatter.parse(value, pos);
-
-                ext = (PrivateKeyUsageExtension)
-                        getExtension(oid.toString(), info);
-
-                if (ext == null) {
-                    return;
-                }
-                ext.set(PrivateKeyUsageExtension.NOT_AFTER, date);
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            replaceExtension(ext.getExtensionId().toString(), ext, info);
-        } catch (EProfileException e) {
-            CMS.debug("PrivateKeyUsageExtension: setValue " + e.toString());
-        } catch (Exception e) {
-            CMS.debug("PrivateKeyUsageExtension: setValue " + e.toString());
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        PrivateKeyUsageExtension ext = null;
-
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-        ObjectIdentifier oid = PKIXExtensions.PrivateKeyUsage_Id;
-
-        ext = (PrivateKeyUsageExtension)
-                    getExtension(oid.toString(), info);
-
-        if (ext == null) {
-            try {
-                populate(null, info);
-
-            } catch (EProfileException e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-        }
-
-        if (name.equals(VAL_CRITICAL)) {
-
-            ext = (PrivateKeyUsageExtension)
-                    getExtension(oid.toString(), info);
-
-            if (ext == null) {
-                return null;
-            }
-            if (ext.isCritical()) {
-                return "true";
-            } else {
-                return "false";
-            }
-        } else if (name.equals(VAL_NOT_BEFORE)) {
-            SimpleDateFormat formatter =
-                    new SimpleDateFormat(DATE_FORMAT);
-
-            ext = (PrivateKeyUsageExtension)
-                    getExtension(oid.toString(), info);
-
-            if (ext == null)
-                return "";
-
-            return formatter.format(ext.getNotBefore());
-        } else if (name.equals(VAL_NOT_AFTER)) {
-            SimpleDateFormat formatter =
-                    new SimpleDateFormat(DATE_FORMAT);
-
-            ext = (PrivateKeyUsageExtension)
-                    getExtension(oid.toString(), info);
-
-            if (ext == null)
-                return "";
-
-            return formatter.format(ext.getNotAfter());
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        String params[] = {
-                getConfig(CONFIG_CRITICAL),
-                getConfig(CONFIG_START_TIME),
-                getConfig(CONFIG_DURATION)
-            };
-
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_PRIVATE_KEY_EXT", params);
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        PrivateKeyUsageExtension ext = createExtension();
-
-        addExtension(ext.getExtensionId().toString(), ext, info);
-    }
-
-    public PrivateKeyUsageExtension createExtension() {
-        PrivateKeyUsageExtension ext = null;
-
-        try {
-            boolean critical = getConfigBoolean(CONFIG_CRITICAL);
-
-            // always + 60 seconds
-            String startTimeStr = getConfig(CONFIG_START_TIME);
-
-            if (startTimeStr == null || startTimeStr.equals("")) {
-                startTimeStr = "60";
-            }
-            int startTime = Integer.parseInt(startTimeStr);
-            Date notBefore = new Date(CMS.getCurrentDate().getTime() +
-                    (1000 * startTime));
-            long notAfterVal = 0;
-
-            notAfterVal = notBefore.getTime() +
-                    (mDefault * Integer.parseInt(getConfig(CONFIG_DURATION)));
-            Date notAfter = new Date(notAfterVal);
-
-            ext = new PrivateKeyUsageExtension(notBefore, notAfter);
-            ext.setCritical(critical);
-        } catch (Exception e) {
-            CMS.debug("PrivateKeyUsagePeriodExt: createExtension " +
-                    e.toString());
-        }
-        return ext;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/RandomizedValidityDefault.java b/base/common/src/com/netscape/cms/profile/def/RandomizedValidityDefault.java
deleted file mode 100644
index b3b16448d..000000000
--- a/base/common/src/com/netscape/cms/profile/def/RandomizedValidityDefault.java
+++ /dev/null
@@ -1,354 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2013 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.text.ParsePosition;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.Locale;
-import java.util.Random;
-
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a server-side configurable validity
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class RandomizedValidityDefault extends EnrollDefault {
-    public static final String CONFIG_RANGE = "range";
-    public static final String CONFIG_START_TIME = "startTime";
-    public static final String CONFIG_NOT_BEFORE_RANDOM_BITS = "notBeforeRandomBits";
-    public static final String CONFIG_NOT_AFTER_RANDOM_BITS = "startTimeRandomBits";
-
-    public static final String VAL_NOT_BEFORE = "notBefore";
-    public static final String VAL_NOT_AFTER = "notAfter";
-
-    public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss";
-
-    private long mDayInMS = 86400000; // 1 days
-    private Random mRandom = null;
-
-    public RandomizedValidityDefault() {
-        super();
-        addConfigName(CONFIG_RANGE);
-        addConfigName(CONFIG_START_TIME);
-        addConfigName(CONFIG_NOT_BEFORE_RANDOM_BITS);
-        addConfigName(CONFIG_NOT_AFTER_RANDOM_BITS);
-        addValueName(VAL_NOT_BEFORE);
-        addValueName(VAL_NOT_AFTER);
-        mRandom = new Random();
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        if (name.equals(CONFIG_RANGE)) {
-            try {
-                Integer.parseInt(value);
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_RANGE));
-            }
-        } else if (name.equals(CONFIG_START_TIME)) {
-            try {
-                Integer.parseInt(value);
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_START_TIME));
-            }
-        } else if (name.equals(CONFIG_NOT_BEFORE_RANDOM_BITS)) {
-            try {
-                Integer.parseInt(value);
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_NOT_BEFORE_RANDOM_BITS));
-            }
-        } else if (name.equals(CONFIG_NOT_AFTER_RANDOM_BITS)) {
-            try {
-                Integer.parseInt(value);
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_NOT_AFTER_RANDOM_BITS));
-            }
-        }
-        super.setConfig(name, value);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_RANGE)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null,
-                    "365", /* 365 days */
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_VALIDITY_RANGE"));
-        } else if (name.equals(CONFIG_START_TIME)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null,
-                    "0", /* 0 seconds */
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_VALIDITY_START_TIME"));
-        } else if (name.equals(CONFIG_NOT_BEFORE_RANDOM_BITS)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null, 
-                    "10", /* 10 bits */
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_NOT_BEFORE_RANDOM_BITS"));
-        } else if (name.equals(CONFIG_NOT_AFTER_RANDOM_BITS)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null, 
-                    "10", /* 10 bits */
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_NOT_AFTER_RANDOM_BITS"));
-        } else {
-            return null;
-        }
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_NOT_BEFORE)) {
-            return new Descriptor(IDescriptor.STRING, null, null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE"));
-        } else if (name.equals(VAL_NOT_AFTER)) {
-            return new Descriptor(IDescriptor.STRING, null, null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (value == null || value.equals("")) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_NOT_BEFORE)) {
-            SimpleDateFormat formatter =
-                    new SimpleDateFormat(DATE_FORMAT);
-            ParsePosition pos = new ParsePosition(0);
-            Date date = formatter.parse(value, pos);
-            CertificateValidity validity = null;
-
-            try {
-                validity = (CertificateValidity)
-                        info.get(X509CertInfo.VALIDITY);
-                validity.set(CertificateValidity.NOT_BEFORE,
-                        date);
-            } catch (Exception e) {
-                CMS.debug("RandomizedValidityDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } else if (name.equals(VAL_NOT_AFTER)) {
-            SimpleDateFormat formatter =
-                    new SimpleDateFormat(DATE_FORMAT);
-            ParsePosition pos = new ParsePosition(0);
-            Date date = formatter.parse(value, pos);
-            CertificateValidity validity = null;
-
-            try {
-                validity = (CertificateValidity)
-                        info.get(X509CertInfo.VALIDITY);
-                validity.set(CertificateValidity.NOT_AFTER,
-                        date);
-            } catch (Exception e) {
-                CMS.debug("RandomizedValidityDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-
-        if (name == null)
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-
-        if (name.equals(VAL_NOT_BEFORE)) {
-            SimpleDateFormat formatter =
-                    new SimpleDateFormat(DATE_FORMAT);
-            CertificateValidity validity = null;
-
-            try {
-                validity = (CertificateValidity)
-                        info.get(X509CertInfo.VALIDITY);
-                return formatter.format((Date)
-                        validity.get(CertificateValidity.NOT_BEFORE));
-            } catch (Exception e) {
-                CMS.debug("RandomizedValidityDefault: getValue " + e.toString());
-            }
-            throw new EPropertyException("Invalid valie");
-        } else if (name.equals(VAL_NOT_AFTER)) {
-            SimpleDateFormat formatter =
-                    new SimpleDateFormat(DATE_FORMAT);
-            CertificateValidity validity = null;
-
-            try {
-                validity = (CertificateValidity)
-                        info.get(X509CertInfo.VALIDITY);
-                return formatter.format((Date)
-                        validity.get(CertificateValidity.NOT_AFTER));
-            } catch (Exception e) {
-                CMS.debug("RandomizedValidityDefault: getValue " + e.toString());
-            }
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY",
-                getConfig(CONFIG_RANGE));
-    }
-
-    private int randomSecs(int numBits) {
-        int maxSecs = 0;
-        int secs = 0;
-
-        if (numBits > Integer.SIZE) {
-            numBits = Integer.SIZE;
-            CMS.debug("RandomizedValidityDefault randomSecs "+
-                      "- number of bits limited to "+numBits);
-        }
-        if (numBits > 0) {
-            maxSecs = (1 << numBits) - 1;
-            int numBytes = (numBits+7)/8;
-            int byteSecs = (1 << (numBytes * 8)) - 1;
-            byte[] randomBits = new byte[numBytes];
-            mRandom.nextBytes(randomBits);
-            for (int i = 0; i < numBytes; i++) {
-                secs <<= 8;
-                secs |= (int)(randomBits[i]) & 0xFF;
-            }
-            secs &= maxSecs;
-        }
-        CMS.debug("RandomizedValidityDefault randomSecs  numBits="+numBits+
-                  "  secs="+secs+"  maxSecs="+maxSecs);
-        return secs;
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        // always + 60 seconds
-        String startTimeStr = getConfig(CONFIG_START_TIME);
-        try {
-            startTimeStr = mapPattern(request, startTimeStr);
-        } catch (IOException e) {
-            CMS.debug("RandomizedValidityDefault: populate " + e.toString());
-        }
-
-        if (startTimeStr == null || startTimeStr.equals("")) {
-            startTimeStr = "60";
-        }
-        int startTime = Integer.parseInt(startTimeStr);
-
-        String notBeforeRandomBitsStr = getConfig(CONFIG_NOT_BEFORE_RANDOM_BITS);
-        if (notBeforeRandomBitsStr == null || notBeforeRandomBitsStr.length() == 0) {
-            notBeforeRandomBitsStr = "0";
-        }
-        int notBeforeRandomBits = Integer.parseInt(notBeforeRandomBitsStr);
-
-        String notAfterRandomBitsStr = getConfig(CONFIG_NOT_AFTER_RANDOM_BITS);
-        if (notAfterRandomBitsStr == null || notAfterRandomBitsStr.length() == 0) {
-            notAfterRandomBitsStr = "0";
-        }
-        int notAfterRandomBits = Integer.parseInt(notAfterRandomBitsStr);
-        int randomSeconds = randomSecs(notBeforeRandomBits);
-        long currentTime = CMS.getCurrentDate().getTime();
-        Date notBefore = new Date(currentTime + (1000 * startTime));
-        CMS.debug("RandomizedValidityDefault populate  notBefore           = "+notBefore);
-        Date notBeforeRandomized = new Date(currentTime + (1000 * (startTime - randomSeconds)));
-        CMS.debug("RandomizedValidityDefault populate  notBeforeRandomized = "+notBeforeRandomized);
-        int maxNotBeforeSecs = (1 << notBeforeRandomBits) - 1;
-        Date notBeforeMax = new Date(currentTime + (1000 * (startTime - maxNotBeforeSecs)));
-        CMS.debug("RandomizedValidityDefault populate  notBeforeMax        = "+notBeforeMax);
-
-        long notAfterValue = 0;
-        long notAfterValueRandomized = 0;
-        long notAfterValueMax = 0;
-
-        try {
-            String rangeStr = getConfig(CONFIG_RANGE);
-            rangeStr = mapPattern(request, rangeStr);
-            notAfterValue = notBefore.getTime() + (mDayInMS * Integer.parseInt(rangeStr));
-            notAfterValueRandomized = notBefore.getTime() + (mDayInMS * Integer.parseInt(rangeStr)) +
-                                      (1000 * randomSecs(notAfterRandomBits));
-            int maxNotAfterSecs = (1 << notAfterRandomBits) - 1;
-            notAfterValueMax = notBefore.getTime() + (mDayInMS * Integer.parseInt(rangeStr)) +
-                               (1000 * maxNotAfterSecs);
-        } catch (Exception e) {
-            // configured value is not correct
-            CMS.debug("RandomizedValidityDefault: populate " + e.toString());
-            throw new EProfileException(CMS.getUserMessage(
-                        getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE));
-        }
-        Date notAfter = new Date(notAfterValue);
-        CMS.debug("RandomizedValidityDefault populate  notAfter            = "+notAfter);
-        Date notAfterRandomized = new Date(notAfterValueRandomized);
-        CMS.debug("RandomizedValidityDefault populate  notAfterRandomized  = "+notAfterRandomized);
-        Date notAfterMax = new Date(notAfterValueMax);
-        CMS.debug("RandomizedValidityDefault populate  notAfterMax         = "+notAfterMax);
-        CertificateValidity validity = 
-                new CertificateValidity(notBeforeRandomized, notAfterRandomized);
-
-        try {
-            info.set(X509CertInfo.VALIDITY, validity);
-        } catch (Exception e) {
-            // failed to insert subject name
-            CMS.debug("RandomizedValidityDefault: populate " + e.toString());
-            throw new EProfileException(CMS.getUserMessage(
-                        getLocale(request), "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY));
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java b/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java
deleted file mode 100644
index 81ad58c73..000000000
--- a/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java
+++ /dev/null
@@ -1,182 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.util.Locale;
-
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.CertificateAlgorithmId;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a signing algorithm
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class SigningAlgDefault extends EnrollDefault {
-
-    public static final String CONFIG_ALGORITHM = "signingAlg";
-
-    public static final String VAL_ALGORITHM = "signingAlg";
-    public static final String DEF_CONFIG_ALGORITHMS =
-            "-,MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA";
-
-    public SigningAlgDefault() {
-        super();
-        addConfigName(CONFIG_ALGORITHM);
-        addValueName(VAL_ALGORITHM);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_ALGORITHM)) {
-            return new Descriptor(IDescriptor.CHOICE, DEF_CONFIG_ALGORITHMS,
-                    "SHA256withRSA",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SIGNING_ALGORITHM"));
-        } else {
-            return null;
-        }
-    }
-
-    public String getSigningAlg() {
-        String signingAlg = getConfig(CONFIG_ALGORITHM);
-        // if specified, use the specified one. Otherwise, pick
-        // the best selection for the user
-        if (signingAlg == null || signingAlg.equals("") ||
-                signingAlg.equals("-")) {
-            // best pick for the user
-            ICertificateAuthority ca = (ICertificateAuthority)
-                    CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-            return ca.getDefaultAlgorithm();
-        } else {
-            return signingAlg;
-        }
-    }
-
-    public String getDefSigningAlgorithms() {
-        StringBuffer allowed = new StringBuffer();
-        ICertificateAuthority ca = (ICertificateAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-        String algos[] = ca.getCASigningAlgorithms();
-        for (int i = 0; i < algos.length; i++) {
-            if (allowed.length() == 0) {
-                allowed.append(algos[i]);
-            } else {
-                allowed.append(",");
-                allowed.append(algos[i]);
-            }
-        }
-        return allowed.toString();
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_ALGORITHM)) {
-            String allowed = getDefSigningAlgorithms();
-            return new Descriptor(IDescriptor.CHOICE,
-                    allowed, null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SIGNING_ALGORITHM"));
-        }
-        return null;
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_ALGORITHM)) {
-            try {
-                info.set(X509CertInfo.ALGORITHM_ID,
-                        new CertificateAlgorithmId(
-                                AlgorithmId.get(value)));
-            } catch (Exception e) {
-                CMS.debug("SigningAlgDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-
-        if (name == null)
-            throw new EPropertyException("Invalid name " + name);
-
-        if (name.equals(VAL_ALGORITHM)) {
-            CertificateAlgorithmId algId = null;
-
-            try {
-                algId = (CertificateAlgorithmId)
-                        info.get(X509CertInfo.ALGORITHM_ID);
-                AlgorithmId id = (AlgorithmId)
-                        algId.get(CertificateAlgorithmId.ALGORITHM);
-
-                return id.toString();
-            } catch (Exception e) {
-                CMS.debug("SigningAlgDefault: getValue " + e.toString());
-            }
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIGNING_ALGORITHM",
-                getSigningAlg());
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        try {
-            info.set(X509CertInfo.ALGORITHM_ID,
-                    new CertificateAlgorithmId(AlgorithmId.get(getSigningAlg())));
-        } catch (Exception e) {
-            CMS.debug("SigningAlgDefault: populate " + e.toString());
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java b/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java
deleted file mode 100644
index 61c200a96..000000000
--- a/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java
+++ /dev/null
@@ -1,544 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.UUID;
-
-import netscape.security.x509.GeneralNameInterface;
-import netscape.security.x509.GeneralNames;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.SubjectAlternativeNameExtension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IAttrSet;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.pattern.Pattern;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a subject alternative name extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class SubjectAltNameExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "subjAltNameExtCritical";
-    public static final String CONFIG_NUM_GNS = "subjAltNameNumGNs";
-    public static final String CONFIG_GN_ENABLE = "subjAltExtGNEnable_";
-    public static final String CONFIG_TYPE = "subjAltExtType_";
-    public static final String CONFIG_PATTERN = "subjAltExtPattern_";
-    public static final String CONFIG_SOURCE = "subjAltExtSource_";
-    public static final String CONFIG_SOURCE_UUID4 = "UUID4";
-
-    public static final String CONFIG_OLD_TYPE = "subjAltExtType";
-    public static final String CONFIG_OLD_PATTERN = "subjAltExtPattern";
-
-    public static final String VAL_CRITICAL = "subjAltNameExtCritical";
-    public static final String VAL_GENERAL_NAMES = "subjAltNames";
-
-    private static final String GN_ENABLE = "Enable";
-    private static final String GN_TYPE = "Pattern Type";
-    private static final String GN_PATTERN = "Pattern";
-
-    private static final int DEF_NUM_GN = 1;
-    private static final int MAX_NUM_GN = 100;
-
-    public SubjectAltNameExtDefault() {
-        super();
-    }
-
-    protected int getNumGNs() {
-        int num = DEF_NUM_GN;
-        String numGNs = getConfig(CONFIG_NUM_GNS);
-
-        if (numGNs != null) {
-            try {
-                num = Integer.parseInt(numGNs);
-            } catch (NumberFormatException e) {
-                // ignore
-            }
-        }
-
-        if (num >= MAX_NUM_GN)
-            num = DEF_NUM_GN;
-        return num;
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-
-        super.init(profile, config);
-        refreshConfigAndValueNames();
-        // migrate old parameters to new parameters
-        String old_type = null;
-        String old_pattern = null;
-        IConfigStore paramConfig = config.getSubStore("params");
-        try {
-            if (paramConfig != null) {
-                old_type = paramConfig.getString(CONFIG_OLD_TYPE);
-            }
-        } catch (EBaseException e) {
-            // nothing to do here
-        }
-        CMS.debug("SubjectAltNameExtDefault: Upgrading old_type=" +
-                old_type);
-        try {
-            if (paramConfig != null) {
-                old_pattern = paramConfig.getString(CONFIG_OLD_PATTERN);
-            }
-        } catch (EBaseException e) {
-            // nothing to do here
-        }
-        CMS.debug("SubjectAltNameExtDefault: Upgrading old_pattern=" +
-                old_pattern);
-        if (old_type != null && old_pattern != null) {
-            CMS.debug("SubjectAltNameExtDefault: Upgrading");
-            try {
-                paramConfig.putString(CONFIG_NUM_GNS, "1");
-                paramConfig.putString(CONFIG_GN_ENABLE + "0", "true");
-                paramConfig.putString(CONFIG_TYPE + "0", old_type);
-                paramConfig.putString(CONFIG_PATTERN + "0", old_pattern);
-                paramConfig.remove(CONFIG_OLD_TYPE);
-                paramConfig.remove(CONFIG_OLD_PATTERN);
-                profile.getConfigStore().commit(true);
-            } catch (Exception e) {
-                CMS.debug("SubjectAltNameExtDefault: Failed to upgrade " + e);
-            }
-        }
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        int num = 0;
-        if (name.equals(CONFIG_NUM_GNS)) {
-            try {
-                num = Integer.parseInt(value);
-
-                if (num >= MAX_NUM_GN || num < 0) {
-                    throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS));
-                }
-
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS));
-            }
-        }
-        super.setConfig(name, value);
-    }
-
-    public Enumeration<String> getConfigNames() {
-        refreshConfigAndValueNames();
-        return super.getConfigNames();
-    }
-
-    protected void refreshConfigAndValueNames() {
-        super.refreshConfigAndValueNames();
-
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_GENERAL_NAMES);
-
-        addConfigName(CONFIG_CRITICAL);
-        int num = getNumGNs();
-        addConfigName(CONFIG_NUM_GNS);
-        for (int i = 0; i < num; i++) {
-            addConfigName(CONFIG_TYPE + i);
-            addConfigName(CONFIG_PATTERN + i);
-            addConfigName(CONFIG_GN_ENABLE + i);
-        }
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.startsWith(CONFIG_TYPE)) {
-            return new Descriptor(IDescriptor.CHOICE,
-                    "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName,OtherName",
-                    "RFC822Name",
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE"));
-        } else if (name.startsWith(CONFIG_PATTERN)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_SUBJECT_ALT_NAME_PATTERN"));
-        } else if (name.startsWith(CONFIG_GN_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_GN_ENABLE"));
-        } else if (name.startsWith(CONFIG_NUM_GNS)) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    "1",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_GNS"));
-        }
-
-        return null;
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_GENERAL_NAMES)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        try {
-            SubjectAlternativeNameExtension ext = null;
-
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            ext =
-                        (SubjectAlternativeNameExtension)
-                        getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
-
-            if (ext == null) {
-                populate(null, info);
-            }
-
-            if (name.equals(VAL_CRITICAL)) {
-                ext =
-                        (SubjectAlternativeNameExtension)
-                        getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
-
-                if (ext == null) {
-                    // it is ok, the extension is never populated or delted
-                    return;
-                }
-                boolean critical = Boolean.valueOf(value).booleanValue();
-
-                ext.setCritical(critical);
-            } else if (name.equals(VAL_GENERAL_NAMES)) {
-                ext =
-                        (SubjectAlternativeNameExtension)
-                        getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
-
-                if (ext == null) {
-                    // it is ok, the extension is never populated or delted
-                    return;
-                }
-                if (value.equals("")) {
-                    // if value is empty, do not add this extension
-                    deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
-                    return;
-                }
-                GeneralNames gn = new GeneralNames();
-                StringTokenizer st = new StringTokenizer(value, "\r\n");
-
-                while (st.hasMoreTokens()) {
-                    String gname = st.nextToken();
-                    CMS.debug("SubjectAltNameExtDefault: setValue GN:" + gname);
-
-                    if (!isGeneralNameValid(gname)) {
-                        continue;
-                    }
-                    GeneralNameInterface n = parseGeneralName(gname);
-                    if (n != null) {
-                        gn.addElement(n);
-                    }
-                }
-                if (gn.size() == 0) {
-                    CMS.debug("GN size is zero");
-                    deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
-                    return;
-                } else {
-                    CMS.debug("GN size is non zero (" + gn.size() + ")");
-                    ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn);
-                }
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-            replaceExtension(
-                    PKIXExtensions.SubjectAlternativeName_Id.toString(),
-                    ext, info);
-        } catch (IOException e) {
-            CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        } catch (EProfileException e) {
-            CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        try {
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            SubjectAlternativeNameExtension ext =
-                    (SubjectAlternativeNameExtension)
-                    getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
-
-            if (ext == null) {
-                try {
-                    populate(null, info);
-
-                } catch (EProfileException e) {
-                    throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-                }
-
-            }
-
-            if (name.equals(VAL_CRITICAL)) {
-                ext =
-                        (SubjectAlternativeNameExtension)
-                        getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
-
-                if (ext == null) {
-                    return null;
-                }
-                if (ext.isCritical()) {
-                    return "true";
-                } else {
-                    return "false";
-                }
-            } else if (name.equals(VAL_GENERAL_NAMES)) {
-                ext =
-                        (SubjectAlternativeNameExtension)
-                        getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
-                if (ext == null) {
-                    return null;
-                }
-
-                GeneralNames names = (GeneralNames)
-                        ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
-                StringBuffer sb = new StringBuffer();
-                Enumeration<GeneralNameInterface> e = names.elements();
-
-                while (e.hasMoreElements()) {
-                    GeneralNameInterface gn = e.nextElement();
-
-                    if (!sb.toString().equals("")) {
-                        sb.append("\r\n");
-                    }
-                    sb.append(toGeneralNameString(gn));
-                    CMS.debug("SubjectAltNameExtDefault: getValue append GN:" + toGeneralNameString(gn));
-                }
-                return sb.toString();
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } catch (IOException e) {
-            CMS.debug("SubjectAltNameExtDefault: getValue " +
-                    e.toString());
-        }
-        return null;
-    }
-
-    /*
-     * returns text that goes into description for this extension on
-     * a profile
-     */
-    public String getText(Locale locale) {
-        StringBuffer sb = new StringBuffer();
-        int num = getNumGNs();
-
-        for (int i = 0; i < num; i++) {
-            sb.append("Record #");
-            sb.append(i);
-            sb.append("{");
-            sb.append(GN_PATTERN + ":");
-            sb.append(getConfig(CONFIG_PATTERN + i));
-            sb.append(",");
-            sb.append(GN_TYPE + ":");
-            sb.append(getConfig(CONFIG_TYPE + i));
-            sb.append(",");
-            sb.append(GN_ENABLE + ":");
-            sb.append(getConfig(CONFIG_GN_ENABLE + i));
-            sb.append("}");
-        }
-        ;
-
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_ALT_NAME_EXT", getConfig(CONFIG_CRITICAL),
-                sb.toString());
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        SubjectAlternativeNameExtension ext = null;
-
-        try {
-            /* read from config file*/
-            ext = createExtension(request);
-
-        } catch (IOException e) {
-            CMS.debug("SubjectAltNameExtDefault: populate " + e.toString());
-        }
-        if (ext != null) {
-            addExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(),
-                    ext, info);
-        } else {
-            CMS.debug("SubjectAltNameExtDefault: populate sees no extension.  get out");
-        }
-    }
-
-    public SubjectAlternativeNameExtension createExtension(IRequest request)
-            throws IOException {
-        SubjectAlternativeNameExtension ext = null;
-        int num = getNumGNs();
-
-        boolean critical = Boolean.valueOf(
-                getConfig(CONFIG_CRITICAL)).booleanValue();
-
-        GeneralNames gn = new GeneralNames();
-        int count = 0; // # of actual gnames
-        for (int i = 0; i < num; i++) {
-            String enable = getConfig(CONFIG_GN_ENABLE + i);
-            if (enable != null && enable.equals("true")) {
-                CMS.debug("SubjectAltNameExtDefault: createExtension i=" + i);
-
-                String pattern = getConfig(CONFIG_PATTERN + i);
-                if (pattern == null || pattern.equals("")) {
-                    pattern = " ";
-                }
-
-                if (!pattern.equals("")) {
-                    String gname = "";
-
-                    // cfu - see if this is server-generated (e.g. UUID4)
-                    // to use this feature, use $server.source$ in pattern
-                    String source = getConfig(CONFIG_SOURCE + i);
-                    String type = getConfig(CONFIG_TYPE + i);
-                    if ((source != null) && (!source.equals(""))) {
-                        if (type.equalsIgnoreCase("OtherName")) {
-                            CMS.debug("SubjectAlternativeNameExtension: using " +
-                                    source + " as gn");
-                            if (source.equals(CONFIG_SOURCE_UUID4)) {
-                                UUID randUUID = UUID.randomUUID();
-                                // call the mapPattern that does server-side gen
-                                // request is not used, but needed for the substitute
-                                // function
-                                if (request != null) {
-                                    gname = mapPattern(randUUID.toString(), request, pattern);
-                                }
-                            } else { //expand more server-gen types here
-                                CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: "
-                                        + source + ". Supported: UUID4");
-                                continue;
-                            }
-                        } else {
-                            CMS.debug("SubjectAltNameExtDefault: createExtension - source is only supported for subjAltExtType OtherName");
-                            continue;
-                        }
-                    } else {
-                        if (request != null) {
-                            gname = mapPattern(request, pattern);
-                        }
-                    }
-
-                    if (gname.equals("")) {
-                        CMS.debug("gname is empty, not added");
-                        continue;
-                    }
-                    CMS.debug("SubjectAltNameExtDefault: createExtension got gname=" + gname);
-
-                    GeneralNameInterface n = parseGeneralName(type + ":" + gname);
-
-                    CMS.debug("adding gname: " + gname);
-                    if (n != null) {
-                        CMS.debug("SubjectAlternativeNameExtension: n not null");
-                        gn.addElement(n);
-                        count++;
-                    } else {
-                        CMS.debug("SubjectAlternativeNameExtension: n null");
-                    }
-                }
-            }
-        } //for
-
-        if (count != 0) {
-            try {
-                ext = new SubjectAlternativeNameExtension();
-            } catch (Exception e) {
-                CMS.debug(e.toString());
-                throw new IOException(e.toString());
-            }
-            ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn);
-            ext.setCritical(critical);
-        } else {
-            CMS.debug("count is 0");
-        }
-        return ext;
-    }
-
-    public String mapPattern(IRequest request, String pattern)
-            throws IOException {
-        Pattern p = new Pattern(pattern);
-        IAttrSet attrSet = null;
-        if (request != null) {
-            attrSet = request.asIAttrSet();
-        }
-        return p.substitute("request", attrSet);
-    }
-
-    // for server-side generated values
-    public String mapPattern(String val, IRequest request, String pattern)
-            throws IOException {
-        Pattern p = new Pattern(pattern);
-        IAttrSet attrSet = null;
-        if (request != null) {
-            attrSet = request.asIAttrSet();
-        }
-        try {
-            attrSet.set("source", val);
-        } catch (Exception e) {
-            CMS.debug("SubjectAlternativeNameExtension: mapPattern source " + e.toString());
-        }
-
-        return p.substitute("server", attrSet);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java b/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java
deleted file mode 100644
index a60721733..000000000
--- a/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java
+++ /dev/null
@@ -1,527 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import netscape.security.util.DerValue;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.AVAValueConverter;
-import netscape.security.x509.Attribute;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.SubjectDirAttributesExtension;
-import netscape.security.x509.X500NameAttrMap;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a subject directory attributes extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "subjDirAttrsCritical";
-    public static final String CONFIG_NUM_ATTRS = "subjDirAttrsNum";
-    public static final String CONFIG_ATTR_NAME = "subjDirAttrName_";
-    public static final String CONFIG_PATTERN = "subjDirAttrPattern_";
-    public static final String CONFIG_ENABLE = "subjDirAttrEnable_";
-
-    public static final String VAL_CRITICAL = "subjDirAttrCritical";
-    public static final String VAL_ATTR = "subjDirAttrValue";
-
-    private static final int DEF_NUM_ATTRS = 1;
-    private static final int MAX_NUM_ATTRS = 100;
-    private static final String ENABLE = "Enable";
-    private static final String ATTR_NAME = "Attribute Name";
-    private static final String ATTR_VALUE = "Attribute Value";
-
-    public SubjectDirAttributesExtDefault() {
-        super();
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-        refreshConfigAndValueNames();
-    }
-
-    protected int getNumAttrs() {
-        int num = DEF_NUM_ATTRS;
-        String val = getConfig(CONFIG_NUM_ATTRS);
-
-        if (val != null) {
-            try {
-                num = Integer.parseInt(val);
-            } catch (NumberFormatException e) {
-                // ignore
-            }
-        }
-
-        if (num >= MAX_NUM_ATTRS)
-            num = DEF_NUM_ATTRS;
-
-        return num;
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        int num = 0;
-        if (name.equals(DEF_NUM_ATTRS)) {
-            try {
-                num = Integer.parseInt(value);
-
-                if (num >= MAX_NUM_ATTRS || num < 0) {
-                    throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS));
-                }
-
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS));
-            }
-        }
-        super.setConfig(name, value);
-    }
-
-    public Enumeration<String> getConfigNames() {
-        refreshConfigAndValueNames();
-        return super.getConfigNames();
-    }
-
-    protected void refreshConfigAndValueNames() {
-        super.refreshConfigAndValueNames();
-
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_ATTR);
-
-        addConfigName(CONFIG_CRITICAL);
-        int num = getNumAttrs();
-        addConfigName(CONFIG_NUM_ATTRS);
-        for (int i = 0; i < num; i++) {
-            addConfigName(CONFIG_ATTR_NAME + i);
-            addConfigName(CONFIG_PATTERN + i);
-            addConfigName(CONFIG_ENABLE + i);
-        }
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.startsWith(CONFIG_ATTR_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS"));
-        } else if (name.startsWith(CONFIG_ATTR_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_NAME"));
-        } else if (name.startsWith(CONFIG_PATTERN)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_VALUE"));
-        } else if (name.startsWith(CONFIG_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
-        } else if (name.startsWith(CONFIG_NUM_ATTRS)) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    "1",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS"));
-        }
-
-        return null;
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_ATTR)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SUBJDIR_ATTRS"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        try {
-            SubjectDirAttributesExtension ext = null;
-
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            ext = (SubjectDirAttributesExtension)
-                    getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
-                            info);
-
-            if (name.equals(VAL_CRITICAL)) {
-                ext = (SubjectDirAttributesExtension)
-                        getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
-                                info);
-                boolean val = Boolean.valueOf(value).booleanValue();
-
-                if (ext == null) {
-                    return;
-                }
-                ext.setCritical(val);
-            } else if (name.equals(VAL_ATTR)) {
-                ext = (SubjectDirAttributesExtension)
-                        getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
-                                info);
-
-                if (ext == null) {
-                    return;
-                }
-                Vector<NameValuePairs> v = parseRecords(value);
-                int size = v.size();
-
-                boolean critical = ext.isCritical();
-
-                Vector<Attribute> attrV = new Vector<Attribute>();
-                for (int i = 0; i < size; i++) {
-                    NameValuePairs nvps = v.elementAt(i);
-                    String attrName = null;
-                    String attrValue = null;
-                    String enable = "false";
-
-                    for (String name1 : nvps.keySet()) {
-
-                        if (name1.equals(ATTR_NAME)) {
-                            attrName = nvps.get(name1);
-                        } else if (name1.equals(ATTR_VALUE)) {
-                            attrValue = nvps.get(name1);
-                        } else if (name1.equals(ENABLE)) {
-                            enable = nvps.get(name1);
-                        }
-                    }
-
-                    if (enable.equals("true")) {
-                        AttributeConfig attributeConfig =
-                                new AttributeConfig(attrName, attrValue);
-                        Attribute attr = attributeConfig.mAttribute;
-                        if (attr != null)
-                            attrV.addElement(attr);
-                    }
-                }
-
-                if (attrV.size() > 0) {
-                    Attribute[] attrList = new Attribute[attrV.size()];
-                    attrV.copyInto(attrList);
-                    ext = new SubjectDirAttributesExtension(attrList, critical);
-                } else
-                    return;
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            replaceExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
-                    ext, info);
-        } catch (EProfileException e) {
-            CMS.debug("SubjectDirAttributesExtDefault: setValue " +
-                    e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        } catch (IOException e) {
-            CMS.debug("SubjectDirAttributesExtDefault: setValue " +
-                    e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        SubjectDirAttributesExtension ext = null;
-
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-        ext = (SubjectDirAttributesExtension)
-                getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
-                        info);
-
-        if (name.equals(VAL_CRITICAL)) {
-            ext = (SubjectDirAttributesExtension)
-                    getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
-                            info);
-
-            if (ext == null) {
-                return null;
-            }
-            if (ext.isCritical()) {
-                return "true";
-            } else {
-                return "false";
-            }
-        } else if (name.equals(VAL_ATTR)) {
-            ext = (SubjectDirAttributesExtension)
-                    getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
-                            info);
-
-            if (ext == null)
-                return "";
-
-            X500NameAttrMap map = X500NameAttrMap.getDefault();
-
-            Vector<NameValuePairs> recs = new Vector<NameValuePairs>();
-            int num = getNumAttrs();
-            Enumeration<Attribute> e = ext.getAttributesList();
-            CMS.debug("SubjectDirAttributesExtDefault: getValue: attributesList=" + e);
-            int i = 0;
-
-            while (e.hasMoreElements()) {
-                NameValuePairs pairs = new NameValuePairs();
-                pairs.put(ENABLE, "true");
-                Attribute attr = e.nextElement();
-                CMS.debug("SubjectDirAttributesExtDefault: getValue: attribute=" + attr);
-                ObjectIdentifier oid = attr.getOid();
-                CMS.debug("SubjectDirAttributesExtDefault: getValue: oid=" + oid);
-
-                String vv = map.getName(oid);
-
-                if (vv != null)
-                    pairs.put(ATTR_NAME, vv);
-                else
-                    pairs.put(ATTR_NAME, oid.toString());
-                Enumeration<String> v = attr.getValues();
-
-                // just support single value for now
-                StringBuffer ss = new StringBuffer();
-                while (v.hasMoreElements()) {
-                    if (ss.length() == 0)
-                        ss.append(v.nextElement());
-                    else {
-                        ss.append(",");
-                        ss.append(v.nextElement());
-                    }
-                }
-
-                pairs.put(ATTR_VALUE, ss.toString());
-                recs.addElement(pairs);
-                i++;
-            }
-
-            for (; i < num; i++) {
-                NameValuePairs pairs = new NameValuePairs();
-                pairs.put(ENABLE, "false");
-                pairs.put(ATTR_NAME, "GENERATIONQUALIFIER");
-                pairs.put(ATTR_VALUE, "");
-                recs.addElement(pairs);
-            }
-
-            return buildRecords(recs);
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        StringBuffer sb = new StringBuffer();
-        int num = getNumAttrs();
-
-        for (int i = 0; i < num; i++) {
-            sb.append("Record #");
-            sb.append(i);
-            sb.append("{");
-            sb.append(ATTR_NAME + ":");
-            sb.append(getConfig(CONFIG_ATTR_NAME + i));
-            sb.append(",");
-            sb.append(ATTR_VALUE + ":");
-            sb.append(getConfig(CONFIG_PATTERN + i));
-            sb.append(",");
-            sb.append(ENABLE + ":");
-            sb.append(getConfig(CONFIG_ENABLE + i));
-            sb.append("}");
-        }
-        return CMS.getUserMessage(locale,
-                "CMS_PROFILE_DEF_SUBJECT_DIR_ATTR_EXT",
-                getConfig(CONFIG_CRITICAL),
-                sb.toString());
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        SubjectDirAttributesExtension ext = createExtension(request);
-
-        if (ext == null)
-            return;
-
-        addExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
-                ext, info);
-    }
-
-    public SubjectDirAttributesExtension createExtension(IRequest request)
-            throws EProfileException {
-        SubjectDirAttributesExtension ext = null;
-        int num = 0;
-
-        boolean critical = getConfigBoolean(CONFIG_CRITICAL);
-
-        num = getNumAttrs();
-
-        AttributeConfig attributeConfig = null;
-        Vector<Attribute> attrs = new Vector<Attribute>();
-        for (int i = 0; i < num; i++) {
-            String enable = getConfig(CONFIG_ENABLE + i);
-            if (enable != null && enable.equals("true")) {
-                String attrName = getConfig(CONFIG_ATTR_NAME + i);
-                String pattern = getConfig(CONFIG_PATTERN + i);
-                if (pattern == null || pattern.equals(""))
-                    pattern = " ";
-
-                //check pattern syntax
-                int startpos = pattern.indexOf("$");
-                int lastpos = pattern.lastIndexOf("$");
-                String attrValue = pattern;
-                if (!pattern.equals("") && startpos != -1 &&
-                        startpos == 0 && lastpos != -1 &&
-                        lastpos == (pattern.length() - 1)) {
-                    if (request != null) {
-                        try {
-                            attrValue = mapPattern(request, pattern);
-                        } catch (IOException e) {
-                            throw new EProfileException(e.toString());
-                        }
-                    }
-                }
-                try {
-                    attributeConfig = new AttributeConfig(attrName, attrValue);
-                } catch (EPropertyException e) {
-                    throw new EProfileException(e.toString());
-                }
-                Attribute attr = attributeConfig.mAttribute;
-                if (attr != null) {
-                    attrs.addElement(attr);
-                }
-            }
-        }
-
-        if (attrs.size() > 0) {
-            Attribute[] attrList = new Attribute[attrs.size()];
-            attrs.copyInto(attrList);
-            try {
-                ext =
-                        new SubjectDirAttributesExtension(attrList, critical);
-            } catch (IOException e) {
-                throw new EProfileException(e.toString());
-            }
-        }
-
-        return ext;
-    }
-}
-
-class AttributeConfig {
-
-    protected ObjectIdentifier mAttributeOID = null;
-    protected Attribute mAttribute = null;
-
-    public AttributeConfig(String attrName, String attrValue)
-            throws EPropertyException {
-        X500NameAttrMap map = X500NameAttrMap.getDefault();
-
-        if (attrName == null || attrName.length() == 0) {
-            throw new EPropertyException(
-                    CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRNAME", attrName));
-        }
-
-        if (attrValue == null || attrValue.length() == 0) {
-            throw new EPropertyException(
-                    CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRVAL", attrValue));
-        }
-
-        try {
-            mAttributeOID = new ObjectIdentifier(attrName);
-        } catch (Exception e) {
-            CMS.debug("SubjectDirAttributesExtDefault: invalid OID syntax: " + attrName);
-        }
-
-        if (mAttributeOID == null) {
-            mAttributeOID = map.getOid(attrName);
-            if (mAttributeOID == null)
-                throw new EPropertyException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", attrName));
-            try {
-                checkValue(mAttributeOID, attrValue);
-            } catch (IOException e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                        "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage()));
-            }
-        }
-
-        try {
-            mAttribute = new Attribute(mAttributeOID,
-                    str2MultiValues(attrValue));
-        } catch (IOException e) {
-            throw new EPropertyException(CMS.getUserMessage(
-                    "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage()));
-        }
-    }
-
-    private static void checkValue(ObjectIdentifier oid, String val)
-            throws IOException {
-        AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter(oid);
-
-        @SuppressWarnings("unused")
-        DerValue derval = c.getValue(val); // check for errors
-        return;
-    }
-
-    private Vector<String> str2MultiValues(String attrValue) {
-        StringTokenizer tokenizer = new StringTokenizer(attrValue, ",");
-        Vector<String> v = new Vector<String>();
-        while (tokenizer.hasMoreTokens()) {
-            v.addElement(tokenizer.nextToken());
-        }
-
-        return v;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java b/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java
deleted file mode 100644
index d850147a4..000000000
--- a/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java
+++ /dev/null
@@ -1,448 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.extensions.AccessDescription;
-import netscape.security.extensions.SubjectInfoAccessExtension;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.GeneralName;
-import netscape.security.x509.GeneralNameInterface;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates Subject Info Access extension.
- *
- * @version $Revision$, $Date$
- */
-public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "subjInfoAccessCritical";
-    public static final String CONFIG_NUM_ADS = "subjInfoAccessNumADs";
-    public static final String CONFIG_AD_ENABLE = "subjInfoAccessADEnable_";
-    public static final String CONFIG_AD_METHOD = "subjInfoAccessADMethod_";
-    public static final String CONFIG_AD_LOCATIONTYPE = "subjInfoAccessADLocationType_";
-    public static final String CONFIG_AD_LOCATION = "subjInfoAccessADLocation_";
-
-    public static final String VAL_CRITICAL = "subjInfoAccessCritical";
-    public static final String VAL_GENERAL_NAMES = "subjInfoAccessGeneralNames";
-
-    private static final String AD_METHOD = "Method";
-    private static final String AD_LOCATION_TYPE = "Location Type";
-    private static final String AD_LOCATION = "Location";
-    private static final String AD_ENABLE = "Enable";
-
-    private static final int DEF_NUM_AD = 1;
-    private static final int MAX_NUM_AD = 100;
-
-    public SubjectInfoAccessExtDefault() {
-        super();
-    }
-
-    protected int getNumAds() {
-        int num = DEF_NUM_AD;
-        String numAds = getConfig(CONFIG_NUM_ADS);
-
-        if (numAds != null) {
-            try {
-                num = Integer.parseInt(numAds);
-            } catch (NumberFormatException e) {
-                // ignore
-            }
-        }
-        if (num >= MAX_NUM_AD)
-            num = DEF_NUM_AD;
-
-        return num;
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-        refreshConfigAndValueNames();
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        int num = 0;
-        if (name.equals(CONFIG_NUM_ADS)) {
-            try {
-                num = Integer.parseInt(value);
-
-                if (num >= MAX_NUM_AD || num < 0) {
-                    throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS));
-                }
-
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS));
-            }
-        }
-        super.setConfig(name, value);
-    }
-
-    public Enumeration<String> getConfigNames() {
-        refreshConfigAndValueNames();
-        return super.getConfigNames();
-    }
-
-    protected void refreshConfigAndValueNames() {
-        super.refreshConfigAndValueNames();
-
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_GENERAL_NAMES);
-
-        // register configuration names bases on num ads
-        addConfigName(CONFIG_CRITICAL);
-        int num = getNumAds();
-        addConfigName(CONFIG_NUM_ADS);
-        for (int i = 0; i < num; i++) {
-            addConfigName(CONFIG_AD_METHOD + i);
-            addConfigName(CONFIG_AD_LOCATIONTYPE + i);
-            addConfigName(CONFIG_AD_LOCATION + i);
-            addConfigName(CONFIG_AD_ENABLE + i);
-        }
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.startsWith(CONFIG_AD_METHOD)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD"));
-        } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) {
-            return new Descriptor(IDescriptor.CHOICE,
-                    "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName",
-                    "URIName",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE"));
-        } else if (name.startsWith(CONFIG_AD_LOCATION)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION"));
-        } else if (name.startsWith(CONFIG_AD_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE"));
-        } else if (name.startsWith(CONFIG_NUM_ADS)) {
-            return new Descriptor(IDescriptor.INTEGER, null,
-                    "1",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS"));
-        }
-        return null;
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_GENERAL_NAMES)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        try {
-            SubjectInfoAccessExtension ext = null;
-
-            if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false);
-            ObjectIdentifier oid = a.getExtensionId();
-
-            ext = (SubjectInfoAccessExtension)
-                        getExtension(oid.toString(), info);
-
-            if (ext == null) {
-                populate(null, info);
-            }
-
-            if (name.equals(VAL_CRITICAL)) {
-
-                ext = (SubjectInfoAccessExtension)
-                        getExtension(oid.toString(), info);
-                boolean val = Boolean.valueOf(value).booleanValue();
-
-                if (ext == null) {
-                    return;
-                }
-                ext.setCritical(val);
-            } else if (name.equals(VAL_GENERAL_NAMES)) {
-
-                ext = (SubjectInfoAccessExtension)
-                        getExtension(oid.toString(), info);
-
-                if (ext == null) {
-                    return;
-                }
-                boolean critical = ext.isCritical();
-
-                Vector<NameValuePairs> v = parseRecords(value);
-                int size = v.size();
-
-                ext = new SubjectInfoAccessExtension(critical);
-                String method = null;
-                String locationType = null;
-                String location = null;
-                String enable = null;
-
-                for (int i = 0; i < size; i++) {
-                    NameValuePairs nvps = v.elementAt(i);
-
-                    for (String name1 : nvps.keySet()) {
-
-                        if (name1.equals(AD_METHOD)) {
-                            method = nvps.get(name1);
-                        } else if (name1.equals(AD_LOCATION_TYPE)) {
-                            locationType = nvps.get(name1);
-                        } else if (name1.equals(AD_LOCATION)) {
-                            location = nvps.get(name1);
-                        } else if (name1.equals(AD_ENABLE)) {
-                            enable = nvps.get(name1);
-                        }
-                    }
-
-                    if (enable != null && enable.equals("true")) {
-                        GeneralName gn = null;
-
-                        if (locationType != null || location != null) {
-                            GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location);
-                            if (interface1 == null)
-                                throw new EPropertyException(CMS.getUserMessage(
-                                        locale, "CMS_INVALID_PROPERTY", locationType));
-                            gn = new GeneralName(interface1);
-                        }
-
-                        if (method != null) {
-                            try {
-                                ext.addAccessDescription(new ObjectIdentifier(method), gn);
-                            } catch (NumberFormatException ee) {
-                                CMS.debug("SubjectInfoAccessExtDefault: " + ee.toString());
-                                throw new EPropertyException(CMS.getUserMessage(
-                                        locale, "CMS_PROFILE_DEF_SIA_OID", method));
-                            }
-                        }
-                    }
-                }
-            } else {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-            replaceExtension(ext.getExtensionId().toString(), ext, info);
-        } catch (IOException e) {
-            CMS.debug("SubjectInfoAccessExtDefault: " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        } catch (EProfileException e) {
-            CMS.debug("SubjectInfoAccessExtDefault: " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        SubjectInfoAccessExtension ext = null;
-
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-        SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false);
-        ObjectIdentifier oid = a.getExtensionId();
-
-        ext = (SubjectInfoAccessExtension)
-                    getExtension(oid.toString(), info);
-
-        if (ext == null) {
-            try {
-                populate(null, info);
-
-            } catch (EProfileException e) {
-                CMS.debug("SubjectInfoAccessExtDefault: getValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-        }
-        if (name.equals(VAL_CRITICAL)) {
-
-            ext = (SubjectInfoAccessExtension)
-                    getExtension(oid.toString(), info);
-
-            if (ext == null) {
-                return null;
-            }
-            if (ext.isCritical()) {
-                return "true";
-            } else {
-                return "false";
-            }
-        } else if (name.equals(VAL_GENERAL_NAMES)) {
-
-            ext = (SubjectInfoAccessExtension)
-                    getExtension(oid.toString(), info);
-
-            if (ext == null)
-                return "";
-
-            int num = getNumAds();
-
-            CMS.debug("SubjectInfoAccess num=" + num);
-            Vector<NameValuePairs> recs = new Vector<NameValuePairs>();
-
-            for (int i = 0; i < num; i++) {
-                NameValuePairs np = new NameValuePairs();
-                AccessDescription des = null;
-
-                if (i < ext.numberOfAccessDescription()) {
-                    des = ext.getAccessDescription(i);
-                }
-                if (des == null) {
-                    np.put(AD_METHOD, "");
-                    np.put(AD_LOCATION_TYPE, "");
-                    np.put(AD_LOCATION, "");
-                    np.put(AD_ENABLE, "false");
-                } else {
-                    ObjectIdentifier methodOid = des.getMethod();
-                    GeneralName gn = des.getLocation();
-
-                    np.put(AD_METHOD, methodOid.toString());
-                    np.put(AD_LOCATION_TYPE, getGeneralNameType(gn));
-                    np.put(AD_LOCATION, getGeneralNameValue(gn));
-                    np.put(AD_ENABLE, "true");
-                }
-                recs.addElement(np);
-            }
-
-            return buildRecords(recs);
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        StringBuffer ads = new StringBuffer();
-        int num = getNumAds();
-
-        for (int i = 0; i < num; i++) {
-            ads.append("Record #");
-            ads.append(i);
-            ads.append("{");
-            ads.append(AD_METHOD + ":");
-            ads.append(getConfig(CONFIG_AD_METHOD + i));
-            ads.append(",");
-            ads.append(AD_LOCATION_TYPE + ":");
-            ads.append(getConfig(CONFIG_AD_LOCATIONTYPE + i));
-            ads.append(",");
-            ads.append(AD_LOCATION + ":");
-            ads.append(getConfig(CONFIG_AD_LOCATION + i));
-            ads.append(",");
-            ads.append(AD_ENABLE + ":");
-            ads.append(getConfig(CONFIG_AD_ENABLE + i));
-            ads.append("}");
-        }
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIA_TEXT",
-                getConfig(CONFIG_CRITICAL), ads.toString());
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        SubjectInfoAccessExtension ext = createExtension();
-
-        addExtension(ext.getExtensionId().toString(), ext, info);
-    }
-
-    public SubjectInfoAccessExtension createExtension() {
-        SubjectInfoAccessExtension ext = null;
-        int num = getNumAds();
-
-        try {
-            boolean critical = getConfigBoolean(CONFIG_CRITICAL);
-
-            ext = new SubjectInfoAccessExtension(critical);
-            for (int i = 0; i < num; i++) {
-                String enable = getConfig(CONFIG_AD_ENABLE + i);
-                if (enable != null && enable.equals("true")) {
-                    CMS.debug("SubjectInfoAccess: createExtension i=" + i);
-                    String method = getConfig(CONFIG_AD_METHOD + i);
-                    String locationType = getConfig(CONFIG_AD_LOCATIONTYPE + i);
-                    if (locationType == null || locationType.length() == 0)
-                        locationType = "URIName";
-                    String location = getConfig(CONFIG_AD_LOCATION + i);
-
-                    if (location == null || location.equals("")) {
-                        if (method.equals("1.3.6.1.5.5.7.48.1")) {
-                            String hostname = CMS.getEENonSSLHost();
-                            String port = CMS.getEENonSSLPort();
-                            if (hostname != null && port != null)
-                                location = "http://" + hostname + ":" + port + "/ocsp";
-                        }
-                    }
-
-                    String s = locationType + ":" + location;
-                    GeneralNameInterface gn = parseGeneralName(s);
-                    if (gn != null) {
-                        ext.addAccessDescription(new ObjectIdentifier(method),
-                                new GeneralName(gn));
-                    }
-                }
-            }
-        } catch (Exception e) {
-            CMS.debug("SubjectInfoAccessExtDefault: createExtension " +
-                    e.toString());
-        }
-
-        return ext;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java b/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java
deleted file mode 100644
index a8f6a7415..000000000
--- a/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java
+++ /dev/null
@@ -1,217 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.Locale;
-
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.KeyIdentifier;
-import netscape.security.x509.PKIXExtensions;
-import netscape.security.x509.SubjectKeyIdentifierExtension;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a subject key identifier extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "critical";
-
-    public static final String VAL_CRITICAL = "critical";
-    public static final String VAL_KEY_ID = "keyid";
-
-    public SubjectKeyIdentifierExtDefault() {
-        super();
-        addValueName(VAL_CRITICAL);
-        addValueName(VAL_KEY_ID);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.STRING,
-                    IDescriptor.READONLY,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
-        } else if (name.equals(VAL_KEY_ID)) {
-            return new Descriptor(IDescriptor.STRING,
-                    IDescriptor.READONLY,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ID"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_CRITICAL)) {
-            // read-only; do nothing
-        } else if (name.equals(VAL_KEY_ID)) {
-            // read-only; do nothing
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-        SubjectKeyIdentifierExtension ext =
-                (SubjectKeyIdentifierExtension) getExtension(
-                        PKIXExtensions.SubjectKey_Id.toString(), info);
-
-        if (ext == null) {
-            try {
-                populate(null, info);
-
-            } catch (EProfileException e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-            }
-
-        }
-
-        if (name.equals(VAL_CRITICAL)) {
-            ext =
-                    (SubjectKeyIdentifierExtension) getExtension(
-                            PKIXExtensions.SubjectKey_Id.toString(), info);
-
-            if (ext == null) {
-                return null;
-            }
-            if (ext.isCritical()) {
-                return "true";
-            } else {
-                return "false";
-            }
-        } else if (name.equals(VAL_KEY_ID)) {
-            ext =
-                    (SubjectKeyIdentifierExtension) getExtension(
-                            PKIXExtensions.SubjectKey_Id.toString(), info);
-
-            if (ext == null) {
-                return null;
-            }
-            KeyIdentifier kid = null;
-
-            try {
-                kid = (KeyIdentifier)
-                        ext.get(SubjectKeyIdentifierExtension.KEY_ID);
-            } catch (IOException e) {
-                CMS.debug("SubjectKeyIdentifierExtDefault::getValue() - " +
-                           "kid is null!");
-                throw new EPropertyException(CMS.getUserMessage(locale,
-                                                                  "CMS_INVALID_PROPERTY",
-                                                                  name));
-            }
-            return toHexString(kid.getIdentifier());
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_KEY_ID_EXT");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        SubjectKeyIdentifierExtension ext = createExtension(info);
-
-        addExtension(PKIXExtensions.SubjectKey_Id.toString(), ext, info);
-    }
-
-    public SubjectKeyIdentifierExtension createExtension(X509CertInfo info) {
-        KeyIdentifier kid = getKeyIdentifier(info);
-
-        if (kid == null) {
-            CMS.debug("SubjectKeyIdentifierExtDefault: KeyIdentifier not found");
-            return null;
-        }
-        SubjectKeyIdentifierExtension ext = null;
-
-        boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)).booleanValue();
-
-        try {
-            ext = new SubjectKeyIdentifierExtension(critical, kid.getIdentifier());
-        } catch (IOException e) {
-            CMS.debug("SubjectKeyIdentifierExtDefault: createExtension " +
-                    e.toString());
-            //
-        }
-        return ext;
-    }
-
-    public KeyIdentifier getKeyIdentifier(X509CertInfo info) {
-        try {
-            CertificateX509Key infokey = (CertificateX509Key)
-                    info.get(X509CertInfo.KEY);
-            X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY);
-            MessageDigest md = MessageDigest.getInstance("SHA-1");
-
-            md.update(key.getKey());
-            byte[] hash = md.digest();
-
-            return new KeyIdentifier(hash);
-        } catch (NoSuchAlgorithmException e) {
-            CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " +
-                    e.toString());
-        } catch (Exception e) {
-            CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " +
-                    e.toString());
-        }
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java b/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java
deleted file mode 100644
index 31aee6dd6..000000000
--- a/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java
+++ /dev/null
@@ -1,184 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates server-side configurable subject name
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class SubjectNameDefault extends EnrollDefault {
-
-    public static final String CONFIG_NAME = "name";
-
-    public static final String VAL_NAME = "name";
-
-    public SubjectNameDefault() {
-        super();
-        addValueName(VAL_NAME);
-        addConfigName(CONFIG_NAME);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_NAME)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null, "CN=TEST", CMS.getUserMessage(locale,
-                            "CMS_PROFILE_SUBJECT_NAME"));
-        } else {
-            return null;
-        }
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null, null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_SUBJECT_NAME"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_NAME)) {
-            X500Name x500name = null;
-
-            try {
-                x500name = new X500Name(value);
-                if (x500name != null) {
-                    CMS.debug("SubjectNameDefault: setValue x500name=" + x500name.toString());
-                }
-            } catch (IOException e) {
-                CMS.debug("SubjectNameDefault: setValue " + e.toString());
-                // failed to build x500 name
-            }
-            CMS.debug("SubjectNameDefault: setValue name=" + x500name.toString());
-            try {
-                info.set(X509CertInfo.SUBJECT,
-                        new CertificateSubjectName(x500name));
-            } catch (Exception e) {
-                // failed to insert subject name
-                CMS.debug("SubjectNameDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_NAME)) {
-            CertificateSubjectName sn = null;
-
-            try {
-                CMS.debug("SubjectNameDefault: getValue info=" + info);
-                sn = (CertificateSubjectName)
-                        info.get(X509CertInfo.SUBJECT);
-                CMS.debug("SubjectNameDefault: getValue name=" + sn);
-                return sn.toString();
-            } catch (Exception e) {
-                // nothing
-                CMS.debug("SubjectNameDefault: getValue " + e.toString());
-
-            }
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_NAME",
-                getConfig(CONFIG_NAME));
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        X500Name name = null;
-
-        String subjectName = null;
-
-        try {
-            subjectName = mapPattern(request, getConfig(CONFIG_NAME));
-        } catch (IOException e) {
-            CMS.debug("SubjectNameDefault: mapPattern " + e.toString());
-        }
-
-        CMS.debug("subjectName=" + subjectName);
-        if (subjectName == null || subjectName.equals(""))
-            return;
-        try {
-            name = new X500Name(subjectName);
-        } catch (IOException e) {
-            // failed to build x500 name
-            CMS.debug("SubjectNameDefault: populate " + e.toString());
-        }
-        if (name == null) {
-            // failed to build x500 name
-        }
-        try {
-            info.set(X509CertInfo.SUBJECT,
-                    new CertificateSubjectName(name));
-        } catch (Exception e) {
-            // failed to insert subject name
-            CMS.debug("SubjectNameDefault: populate " + e.toString());
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java b/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java
deleted file mode 100644
index a78992a74..000000000
--- a/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java
+++ /dev/null
@@ -1,136 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.util.Locale;
-
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.Extension;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a user-supplied extension
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class UserExtensionDefault extends EnrollExtDefault {
-
-    public static final String CONFIG_CRITICAL = "userExtCritical";
-    public static final String CONFIG_OID = "userExtOID";
-
-    public static final String VAL_CRITICAL = "userExtCritical";
-    public static final String VAL_OID = "userExtOID";
-
-    public UserExtensionDefault() {
-        super();
-        addValueName(VAL_OID);
-        addConfigName(CONFIG_OID);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_OID)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    "Comment Here...",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_OID"));
-        } else {
-            return null;
-        }
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_OID)) {
-            return new Descriptor(IDescriptor.STRING,
-                    IDescriptor.READONLY,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_OID"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        // Nothing to do for read-only values
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_OID)) {
-            Extension ext = getExtension(getConfig(CONFIG_OID), info);
-
-            if (ext == null) {
-                // do something here
-                return "";
-            }
-            return ext.getExtensionId().toString();
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_EXT", getConfig(CONFIG_OID));
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        CertificateExtensions inExts = null;
-        String oid = getConfig(CONFIG_OID);
-
-        inExts = request.getExtDataInCertExts(IEnrollProfile.REQUEST_EXTENSIONS);
-        if (inExts == null)
-            return;
-        Extension ext = getExtension(getConfig(CONFIG_OID), inExts);
-        if (ext == null) {
-            CMS.debug("UserExtensionDefault: no user ext supplied for " + oid);
-            return;
-        }
-
-        // user supplied the ext that's allowed, replace the def set by system
-        deleteExtension(oid, info);
-        CMS.debug("UserExtensionDefault: using user supplied ext for " + oid);
-        addExtension(oid, ext, info);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java b/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java
deleted file mode 100644
index 4531e0fe5..000000000
--- a/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java
+++ /dev/null
@@ -1,241 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.ByteArrayInputStream;
-import java.math.BigInteger;
-import java.security.interfaces.DSAParams;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.provider.DSAPublicKey;
-import netscape.security.provider.RSAPublicKey;
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cmsutil.crypto.CryptoUtil;
-
-/**
- * This class implements an enrollment default policy
- * that populates a user supplied key
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class UserKeyDefault extends EnrollDefault {
-
-    public static final String VAL_KEY = "KEY";
-    public static final String VAL_LEN = "LEN";
-    public static final String VAL_TYPE = "TYPE";
-
-    public UserKeyDefault() {
-        super();
-        addValueName(VAL_TYPE);
-        addValueName(VAL_LEN);
-        addValueName(VAL_KEY);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_KEY)) {
-            return new Descriptor(IDescriptor.STRING,
-                    IDescriptor.READONLY,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_KEY"));
-        } else if (name.equals(VAL_LEN)) {
-            return new Descriptor(IDescriptor.STRING,
-                    IDescriptor.READONLY,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_KEY_LEN"));
-        } else if (name.equals(VAL_TYPE)) {
-            return new Descriptor(IDescriptor.STRING,
-                    IDescriptor.READONLY,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        // this default rule is readonly
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_KEY)) {
-            CertificateX509Key ck = null;
-
-            try {
-                ck = (CertificateX509Key)
-                        info.get(X509CertInfo.KEY);
-            } catch (Exception e) {
-                // nothing
-            }
-            X509Key k = null;
-
-            try {
-                k = (X509Key)
-                        ck.get(CertificateX509Key.KEY);
-            } catch (Exception e) {
-                // nothing
-            }
-            if (k == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_PROFILE_KEY_NOT_FOUND"));
-            }
-            return toHexString(k.getKey());
-        } else if (name.equals(VAL_LEN)) {
-            CertificateX509Key ck = null;
-
-            try {
-                ck = (CertificateX509Key)
-                        info.get(X509CertInfo.KEY);
-            } catch (Exception e) {
-                // nothing
-            }
-            X509Key k = null;
-
-            try {
-                k = (X509Key)
-                        ck.get(CertificateX509Key.KEY);
-            } catch (Exception e) {
-                // nothing
-            }
-            if (k == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_PROFILE_KEY_NOT_FOUND"));
-            }
-            try {
-                if (k.getAlgorithm().equals("RSA")) {
-                    return Integer.toString(getRSAKeyLen(k));
-                } else if (k.getAlgorithm().equals("EC")) {
-                    Vector<String> vect = CryptoUtil.getECKeyCurve(k);
-                    if (vect != null)
-                        return vect.toString();
-                    else
-                        return null;
-                } else {
-                    return Integer.toString(getDSAKeyLen(k));
-                }
-            } catch (Exception e) {
-                CMS.debug("UserKeyDefault: getValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } else if (name.equals(VAL_TYPE)) {
-            CertificateX509Key ck = null;
-
-            try {
-                ck = (CertificateX509Key)
-                        info.get(X509CertInfo.KEY);
-            } catch (Exception e) {
-                // nothing
-            }
-            X509Key k = null;
-
-            try {
-                k = (X509Key)
-                        ck.get(CertificateX509Key.KEY);
-            } catch (Exception e) {
-                // nothing
-            }
-            if (k == null) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_PROFILE_KEY_NOT_FOUND"));
-            }
-            return k.getAlgorithm() + " - " +
-                    k.getAlgorithmId().getOID().toString();
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_KEY");
-    }
-
-    public int getRSAKeyLen(X509Key key) throws Exception {
-        X509Key newkey = null;
-
-        try {
-            newkey = new X509Key(AlgorithmId.get("RSA"),
-                        key.getKey());
-        } catch (Exception e) {
-            CMS.debug("UserKeyDefault: getRSAKey " + e.toString());
-            throw e;
-        }
-        RSAPublicKey rsaKey = new RSAPublicKey(newkey.getEncoded());
-
-        return rsaKey.getKeySize();
-    }
-
-    public int getDSAKeyLen(X509Key key) throws Exception {
-        // Check DSAKey parameters.
-        // size refers to the p parameter.
-        DSAPublicKey dsaKey = new DSAPublicKey(key.getEncoded());
-        DSAParams keyParams = dsaKey.getParams();
-        BigInteger p = keyParams.getP();
-        int len = p.bitLength();
-
-        return len;
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        CertificateX509Key certKey = null;
-        // authenticate the certificate key, and move
-        // the key from request into x509 certinfo
-        try {
-            byte[] certKeyData = request.getExtDataInByteArray(IEnrollProfile.REQUEST_KEY);
-            if (certKeyData != null) {
-                certKey = new CertificateX509Key(
-                        new ByteArrayInputStream(certKeyData));
-            }
-            info.set(X509CertInfo.KEY, certKey);
-        } catch (Exception e) {
-            CMS.debug("UserKeyDefault: populate " + e.toString());
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java b/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java
deleted file mode 100644
index 7625f9a34..000000000
--- a/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java
+++ /dev/null
@@ -1,126 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.ByteArrayInputStream;
-import java.util.Locale;
-
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.CertificateAlgorithmId;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a user-supplied signing algorithm
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class UserSigningAlgDefault extends EnrollDefault {
-
-    public static final String VAL_ALG_ID = "userSigningAlgID";
-
-    public UserSigningAlgDefault() {
-        super();
-        addValueName(VAL_ALG_ID);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_ALG_ID)) {
-            return new Descriptor(IDescriptor.STRING,
-                    IDescriptor.READONLY, null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_SIGNING_ALGORITHM"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        // this default rule is readonly
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_ALG_ID)) {
-            CertificateAlgorithmId algID = null;
-
-            try {
-                algID = (CertificateAlgorithmId)
-                        info.get(X509CertInfo.ALGORITHM_ID);
-                AlgorithmId id = (AlgorithmId)
-                        algID.get(CertificateAlgorithmId.ALGORITHM);
-
-                return id.toString();
-            } catch (Exception e) {
-                CMS.debug("UserSigningAlgDefault: setValue " + e.toString());
-                return ""; //XXX
-            }
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_SIGNING_ALGORITHM");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        CertificateAlgorithmId certAlg = null;
-        // authenticate the certificate key, and move
-        // the key from request into x509 certinfo
-        try {
-            byte[] certAlgData = request.getExtDataInByteArray(
-                    IEnrollProfile.REQUEST_SIGNING_ALGORITHM);
-            if (certAlgData != null) {
-                certAlg = new CertificateAlgorithmId(
-                        new ByteArrayInputStream(certAlgData));
-            }
-            info.set(X509CertInfo.ALGORITHM_ID, certAlg);
-        } catch (Exception e) {
-            CMS.debug("UserSigningAlgDefault: populate " + e.toString());
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java b/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java
deleted file mode 100644
index 77d743334..000000000
--- a/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java
+++ /dev/null
@@ -1,143 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a user-supplied subject name
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class UserSubjectNameDefault extends EnrollDefault {
-
-    public static final String VAL_NAME = "name";
-
-    public UserSubjectNameDefault() {
-        super();
-        addValueName(VAL_NAME);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null, null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_NAME)) {
-            X500Name x500name = null;
-
-            try {
-                x500name = new X500Name(value);
-            } catch (IOException e) {
-                CMS.debug(e.toString());
-                // failed to build x500 name
-            }
-            CMS.debug("SubjectNameDefault: setValue name=" + x500name);
-            try {
-                info.set(X509CertInfo.SUBJECT,
-                        new CertificateSubjectName(x500name));
-            } catch (Exception e) {
-                // failed to insert subject name
-                CMS.debug("UserSubjectNameDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_NAME)) {
-            CertificateSubjectName sn = null;
-
-            try {
-                sn = (CertificateSubjectName)
-                        info.get(X509CertInfo.SUBJECT);
-                return sn.toString();
-            } catch (Exception e) {
-                // nothing
-            }
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_SUBJECT_NAME");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        // authenticate the subject name and populate it
-        // to the certinfo
-        try {
-            info.set(X509CertInfo.SUBJECT, request.getExtDataInCertSubjectName(
-                    IEnrollProfile.REQUEST_SUBJECT_NAME));
-        } catch (Exception e) {
-            // failed to insert subject name
-            CMS.debug("UserSubjectNameDefault: populate " + e.toString());
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java b/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java
deleted file mode 100644
index 8d5ca7d55..000000000
--- a/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java
+++ /dev/null
@@ -1,149 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.ByteArrayInputStream;
-import java.util.Date;
-import java.util.Locale;
-
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a user-supplied validity
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class UserValidityDefault extends EnrollDefault {
-
-    public static final String VAL_NOT_BEFORE = "userValdityNotBefore";
-    public static final String VAL_NOT_AFTER = "userValdityNotAfter";
-
-    public UserValidityDefault() {
-        super();
-        addValueName(VAL_NOT_BEFORE);
-        addValueName(VAL_NOT_AFTER);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_NOT_BEFORE)) {
-            return new Descriptor(IDescriptor.STRING,
-                    IDescriptor.READONLY,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE"));
-        } else if (name.equals(VAL_NOT_AFTER)) {
-            return new Descriptor(IDescriptor.STRING,
-                    IDescriptor.READONLY,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        // this default rule is readonly
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_NOT_BEFORE)) {
-            CertificateValidity validity = null;
-
-            try {
-                validity = (CertificateValidity)
-                        info.get(X509CertInfo.VALIDITY);
-                Date notBefore = (Date)
-                        validity.get(CertificateValidity.NOT_BEFORE);
-
-                return notBefore.toString();
-            } catch (Exception e) {
-                CMS.debug("UserValidityDefault: getValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } else if (name.equals(VAL_NOT_AFTER)) {
-            try {
-                CertificateValidity validity = null;
-                validity = (CertificateValidity)
-                        info.get(X509CertInfo.VALIDITY);
-                Date notAfter = (Date)
-                        validity.get(CertificateValidity.NOT_AFTER);
-
-                return notAfter.toString();
-            } catch (Exception e) {
-                CMS.debug("UserValidityDefault: getValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_VALIDITY");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        CertificateValidity certValidity = null;
-        // authenticate the certificate key, and move
-        // the key from request into x509 certinfo
-        try {
-            byte[] certValidityData = request.getExtDataInByteArray(
-                    IEnrollProfile.REQUEST_VALIDITY);
-            if (certValidityData != null) {
-                certValidity = new CertificateValidity();
-                certValidity.decode(
-                        new ByteArrayInputStream(certValidityData));
-            }
-            info.set(X509CertInfo.VALIDITY, certValidity);
-        } catch (Exception e) {
-            CMS.debug("UserValidityDefault: populate " + e.toString());
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java b/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java
deleted file mode 100644
index b649c7076..000000000
--- a/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java
+++ /dev/null
@@ -1,263 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.text.ParsePosition;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.Locale;
-
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates a server-side configurable validity
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class ValidityDefault extends EnrollDefault {
-    public static final String CONFIG_RANGE = "range";
-    public static final String CONFIG_START_TIME = "startTime";
-
-    public static final String VAL_NOT_BEFORE = "notBefore";
-    public static final String VAL_NOT_AFTER = "notAfter";
-
-    public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss";
-
-    private long mDefault = 86400000; // 1 days
-
-    public ValidityDefault() {
-        super();
-        addConfigName(CONFIG_RANGE);
-        addConfigName(CONFIG_START_TIME);
-        addValueName(VAL_NOT_BEFORE);
-        addValueName(VAL_NOT_AFTER);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        if (name.equals(CONFIG_RANGE)) {
-            try {
-                Integer.parseInt(value);
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_RANGE));
-            }
-        } else if (name.equals(CONFIG_START_TIME)) {
-            try {
-                Integer.parseInt(value);
-            } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_START_TIME));
-            }
-        }
-        super.setConfig(name, value);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_RANGE)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null,
-                    "7305",
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_VALIDITY_RANGE"));
-        } else if (name.equals(CONFIG_START_TIME)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null,
-                    "60", /* 1 minute */
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_VALIDITY_START_TIME"));
-        } else {
-            return null;
-        }
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_NOT_BEFORE)) {
-            return new Descriptor(IDescriptor.STRING, null, null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE"));
-        } else if (name.equals(VAL_NOT_AFTER)) {
-            return new Descriptor(IDescriptor.STRING, null, null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (value == null || value.equals("")) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_NOT_BEFORE)) {
-            SimpleDateFormat formatter =
-                    new SimpleDateFormat(DATE_FORMAT);
-            ParsePosition pos = new ParsePosition(0);
-            Date date = formatter.parse(value, pos);
-            CertificateValidity validity = null;
-
-            try {
-                validity = (CertificateValidity)
-                        info.get(X509CertInfo.VALIDITY);
-                validity.set(CertificateValidity.NOT_BEFORE,
-                        date);
-            } catch (Exception e) {
-                CMS.debug("ValidityDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } else if (name.equals(VAL_NOT_AFTER)) {
-            SimpleDateFormat formatter =
-                    new SimpleDateFormat(DATE_FORMAT);
-            ParsePosition pos = new ParsePosition(0);
-            Date date = formatter.parse(value, pos);
-            CertificateValidity validity = null;
-
-            try {
-                validity = (CertificateValidity)
-                        info.get(X509CertInfo.VALIDITY);
-                validity.set(CertificateValidity.NOT_AFTER,
-                        date);
-            } catch (Exception e) {
-                CMS.debug("ValidityDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-
-        if (name == null)
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-
-        if (name.equals(VAL_NOT_BEFORE)) {
-            SimpleDateFormat formatter =
-                    new SimpleDateFormat(DATE_FORMAT);
-            CertificateValidity validity = null;
-
-            try {
-                validity = (CertificateValidity)
-                        info.get(X509CertInfo.VALIDITY);
-                return formatter.format((Date)
-                        validity.get(CertificateValidity.NOT_BEFORE));
-            } catch (Exception e) {
-                CMS.debug("ValidityDefault: getValue " + e.toString());
-            }
-            throw new EPropertyException("Invalid valie");
-        } else if (name.equals(VAL_NOT_AFTER)) {
-            SimpleDateFormat formatter =
-                    new SimpleDateFormat(DATE_FORMAT);
-            CertificateValidity validity = null;
-
-            try {
-                validity = (CertificateValidity)
-                        info.get(X509CertInfo.VALIDITY);
-                return formatter.format((Date)
-                        validity.get(CertificateValidity.NOT_AFTER));
-            } catch (Exception e) {
-                CMS.debug("ValidityDefault: getValue " + e.toString());
-            }
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY",
-                getConfig(CONFIG_RANGE));
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        // always + 60 seconds
-        String startTimeStr = getConfig(CONFIG_START_TIME);
-        try {
-            startTimeStr = mapPattern(request, startTimeStr);
-        } catch (IOException e) {
-            CMS.debug("ValidityDefault: populate " + e.toString());
-        }
-
-        if (startTimeStr == null || startTimeStr.equals("")) {
-            startTimeStr = "60";
-        }
-        int startTime = Integer.parseInt(startTimeStr);
-        Date notBefore = new Date(CMS.getCurrentDate().getTime() + (1000 * startTime));
-        long notAfterVal = 0;
-
-        try {
-            String rangeStr = getConfig(CONFIG_RANGE);
-            rangeStr = mapPattern(request, rangeStr);
-            notAfterVal = notBefore.getTime() +
-                    (mDefault * Integer.parseInt(rangeStr));
-        } catch (Exception e) {
-            // configured value is not correct
-            CMS.debug("ValidityDefault: populate " + e.toString());
-            throw new EProfileException(CMS.getUserMessage(
-                        getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE));
-        }
-        Date notAfter = new Date(notAfterVal);
-        CertificateValidity validity =
-                new CertificateValidity(notBefore, notAfter);
-
-        try {
-            info.set(X509CertInfo.VALIDITY, validity);
-        } catch (Exception e) {
-            // failed to insert subject name
-            CMS.debug("ValidityDefault: populate " + e.toString());
-            throw new EProfileException(CMS.getUserMessage(
-                        getLocale(request), "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY));
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java b/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java
deleted file mode 100644
index bd935fb53..000000000
--- a/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java
+++ /dev/null
@@ -1,215 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates server-side configurable subject name
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class nsHKeySubjectNameDefault extends EnrollDefault {
-
-    public static final String PROP_PARAMS = "params";
-    public static final String CONFIG_DNPATTERN = "dnpattern";
-
-    public static final String VAL_NAME = "name";
-
-    /* default dn pattern if left blank or not set in the config */
-    protected static String DEFAULT_DNPATTERN =
-            "CN=SecureMember - $request.tokencuid$, OU=Subscriber, O=Red Hat, C=US";
-
-    protected IConfigStore mParamsConfig;
-
-    public nsHKeySubjectNameDefault() {
-        super();
-        addConfigName(CONFIG_DNPATTERN);
-
-        addValueName(CONFIG_DNPATTERN);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        CMS.debug("nsHKeySubjectNameDefault: in getConfigDescriptor, name=" + name);
-        if (name.equals(CONFIG_DNPATTERN)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null, null, CMS.getUserMessage(locale,
-                            "CMS_PROFILE_SUBJECT_NAME"));
-        } else {
-            return null;
-        }
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        CMS.debug("nsHKeySubjectNameDefault: in getValueDescriptor name=" + name);
-
-        if (name.equals(VAL_NAME)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null,
-                    null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_SUBJECT_NAME"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-
-        CMS.debug("nsHKeySubjectNameDefault: in setValue, value=" + value);
-
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_NAME)) {
-            X500Name x500name = null;
-
-            try {
-                x500name = new X500Name(value);
-            } catch (IOException e) {
-                CMS.debug("nsHKeySubjectNameDefault: setValue " + e.toString());
-                // failed to build x500 name
-            }
-            CMS.debug("nsHKeySubjectNameDefault: setValue name=" + x500name);
-            try {
-                info.set(X509CertInfo.SUBJECT,
-                        new CertificateSubjectName(x500name));
-            } catch (Exception e) {
-                // failed to insert subject name
-                CMS.debug("nsHKeySubjectNameDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        CMS.debug("nsHKeySubjectNameDefault: in getValue, name=" + name);
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_NAME)) {
-            CertificateSubjectName sn = null;
-
-            try {
-                CMS.debug("nsHKeySubjectNameDefault: getValue info=" + info);
-                sn = (CertificateSubjectName)
-                        info.get(X509CertInfo.SUBJECT);
-                CMS.debug("nsHKeySubjectNameDefault: getValue name=" + sn);
-                return sn.toString();
-            } catch (Exception e) {
-                // nothing
-                CMS.debug("nsHKeySubjectNameDefault: getValue " + e.toString());
-
-            }
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        CMS.debug("nsHKeySubjectNameDefault: in getText");
-        return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME",
-                getConfig(CONFIG_DNPATTERN));
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        X500Name name = null;
-        CMS.debug("nsHKeySubjectNameDefault: in populate");
-
-        try {
-            String subjectName = getSubjectName(request);
-            CMS.debug("subjectName=" + subjectName);
-            if (subjectName == null || subjectName.equals(""))
-                return;
-
-            name = new X500Name(subjectName);
-        } catch (IOException e) {
-            // failed to build x500 name
-            CMS.debug("nsHKeySubjectNameDefault: populate " + e.toString());
-        }
-        if (name == null) {
-            // failed to build x500 name
-        }
-        try {
-            info.set(X509CertInfo.SUBJECT,
-                    new CertificateSubjectName(name));
-        } catch (Exception e) {
-            // failed to insert subject name
-            CMS.debug("nsHKeySubjectNameDefault: populate " + e.toString());
-        }
-    }
-
-    private String getSubjectName(IRequest request)
-            throws EProfileException, IOException {
-
-        CMS.debug("nsHKeySubjectNameDefault: in getSubjectName");
-
-        String pattern = getConfig(CONFIG_DNPATTERN);
-        if (pattern == null || pattern.equals("")) {
-            pattern = " ";
-        }
-
-        String sbjname = "";
-
-        if (request != null) {
-            CMS.debug("pattern = " + pattern);
-            sbjname = mapPattern(request, pattern);
-            CMS.debug("nsHKeySubjectNameDefault: getSubjectName(): subject name mapping done");
-        }
-
-        return sbjname;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java b/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java
deleted file mode 100644
index c90b76c5d..000000000
--- a/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java
+++ /dev/null
@@ -1,423 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-//ldap java sdk
-import java.io.IOException;
-import java.util.Locale;
-import java.util.StringTokenizer;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.ldap.ILdapConnFactory;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates server-side configurable subject name
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class nsNKeySubjectNameDefault extends EnrollDefault {
-
-    public static final String PROP_LDAP = "ldap";
-    public static final String PROP_PARAMS = "params";
-    public static final String CONFIG_DNPATTERN = "dnpattern";
-    public static final String CONFIG_LDAP_STRING_ATTRS = "ldapStringAttributes";
-    public static final String CONFIG_LDAP_HOST = "ldap.ldapconn.host";
-    public static final String CONFIG_LDAP_PORT = "ldap.ldapconn.port";
-    public static final String CONFIG_LDAP_SEC_CONN = "ldap.ldapconn.secureConn";
-    public static final String CONFIG_LDAP_VER = "ldap.ldapconn.Version";
-    public static final String CONFIG_LDAP_BASEDN = "ldap.basedn";
-    public static final String CONFIG_LDAP_MIN_CONN = "ldap.minConns";
-    public static final String CONFIG_LDAP_MAX_CONN = "ldap.maxConns";
-
-    public static final String VAL_NAME = "name";
-
-    public static final String CONFIG_LDAP_VERS =
-            "2,3";
-
-    /* default dn pattern if left blank or not set in the config */
-    protected static String DEFAULT_DNPATTERN =
-            "CN=$request.aoluid$, E=$request.mail$";
-
-    /* ldap configuration sub-store */
-    boolean mInitialized = false;
-    protected IConfigStore mInstConfig;
-    protected IConfigStore mLdapConfig;
-    protected IConfigStore mParamsConfig;
-
-    /* ldap base dn */
-    protected String mBaseDN = null;
-
-    /* factory of anonymous ldap connections */
-    protected ILdapConnFactory mConnFactory = null;
-
-    /* the list of LDAP attributes with string values to retrieve to
-     * form the subject dn. */
-    protected String[] mLdapStringAttrs = null;
-
-    public nsNKeySubjectNameDefault() {
-        super();
-        addConfigName(CONFIG_DNPATTERN);
-        addConfigName(CONFIG_LDAP_STRING_ATTRS);
-        addConfigName(CONFIG_LDAP_HOST);
-        addConfigName(CONFIG_LDAP_PORT);
-        addConfigName(CONFIG_LDAP_SEC_CONN);
-        addConfigName(CONFIG_LDAP_VER);
-        addConfigName(CONFIG_LDAP_BASEDN);
-        addConfigName(CONFIG_LDAP_MIN_CONN);
-        addConfigName(CONFIG_LDAP_MAX_CONN);
-
-        addValueName(CONFIG_DNPATTERN);
-        addValueName(CONFIG_LDAP_STRING_ATTRS);
-        addValueName(CONFIG_LDAP_HOST);
-        addValueName(CONFIG_LDAP_PORT);
-        addValueName(CONFIG_LDAP_SEC_CONN);
-        addValueName(CONFIG_LDAP_VER);
-        addValueName(CONFIG_LDAP_BASEDN);
-        addValueName(CONFIG_LDAP_MIN_CONN);
-        addValueName(CONFIG_LDAP_MAX_CONN);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        mInstConfig = config;
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        CMS.debug("nsNKeySubjectNameDefault: in getConfigDescriptor, name=" + name);
-        if (name.equals(CONFIG_DNPATTERN)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null, null, CMS.getUserMessage(locale,
-                            "CMS_PROFILE_SUBJECT_NAME"));
-        } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) {
-            return new Descriptor(IDescriptor.STRING,
-                                  null,
-                                  null,
-                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_STRING_ATTRS"));
-        } else if (name.equals(CONFIG_LDAP_HOST)) {
-            return new Descriptor(IDescriptor.STRING,
-                                  null,
-                                  null,
-                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_HOST_NAME"));
-        } else if (name.equals(CONFIG_LDAP_PORT)) {
-            return new Descriptor(IDescriptor.STRING,
-                                  null,
-                                  null,
-                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_PORT_NUMBER"));
-        } else if (name.equals(CONFIG_LDAP_SEC_CONN)) {
-            return new Descriptor(IDescriptor.BOOLEAN,
-                                  null,
-                                  "false",
-                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_SECURE_CONN"));
-        } else if (name.equals(CONFIG_LDAP_VER)) {
-            return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS,
-                    "3",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_VERSION"));
-        } else if (name.equals(CONFIG_LDAP_BASEDN)) {
-            return new Descriptor(IDescriptor.STRING,
-                                  null,
-                                  null,
-                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_BASEDN"));
-        } else if (name.equals(CONFIG_LDAP_MIN_CONN)) {
-            return new Descriptor(IDescriptor.STRING,
-                                  null,
-                                  null,
-                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_MIN_CONN"));
-        } else if (name.equals(CONFIG_LDAP_MAX_CONN)) {
-            return new Descriptor(IDescriptor.STRING,
-                                  null,
-                                  null,
-                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_MAX_CONN"));
-        } else {
-            return null;
-        }
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        CMS.debug("nsNKeySubjectNameDefault: in getValueDescriptor name=" + name);
-
-        if (name.equals(VAL_NAME)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null,
-                    null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_SUBJECT_NAME"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-
-        CMS.debug("nsNKeySubjectNameDefault: in setValue, value=" + value);
-
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_NAME)) {
-            X500Name x500name = null;
-
-            try {
-                x500name = new X500Name(value);
-            } catch (IOException e) {
-                CMS.debug("nsNKeySubjectNameDefault: setValue " + e.toString());
-                // failed to build x500 name
-            }
-            CMS.debug("nsNKeySubjectNameDefault: setValue name=" + x500name);
-            try {
-                info.set(X509CertInfo.SUBJECT,
-                        new CertificateSubjectName(x500name));
-            } catch (Exception e) {
-                // failed to insert subject name
-                CMS.debug("nsNKeySubjectNameDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        CMS.debug("nsNKeySubjectNameDefault: in getValue, name=" + name);
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_NAME)) {
-            CertificateSubjectName sn = null;
-
-            try {
-                CMS.debug("nsNKeySubjectNameDefault: getValue info=" + info);
-                sn = (CertificateSubjectName)
-                        info.get(X509CertInfo.SUBJECT);
-                CMS.debug("nsNKeySubjectNameDefault: getValue name=" + sn);
-                return sn.toString();
-            } catch (Exception e) {
-                // nothing
-                CMS.debug("nsNKeySubjectNameDefault: getValue " + e.toString());
-
-            }
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        CMS.debug("nsNKeySubjectNameDefault: in getText");
-        return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME",
-                getConfig(CONFIG_DNPATTERN));
-    }
-
-    public void ldapInit()
-            throws EProfileException {
-        if (mInitialized == true)
-            return;
-
-        CMS.debug("nsNKeySubjectNameDefault: ldapInit(): begin");
-
-        try {
-            // cfu - XXX do more error handling here later
-            /* initialize ldap server configuration */
-            mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS);
-            mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP);
-            mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null);
-            mConnFactory = CMS.getLdapAnonConnFactory();
-            mConnFactory.init(mLdapConfig);
-
-            /* initialize dn pattern */
-            String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null);
-
-            if (pattern == null || pattern.length() == 0)
-                pattern = DEFAULT_DNPATTERN;
-
-            /* initialize ldap string attribute list */
-            String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null);
-
-            if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) {
-                StringTokenizer pAttrs =
-                        new StringTokenizer(ldapStringAttrs, ",", false);
-
-                mLdapStringAttrs = new String[pAttrs.countTokens()];
-
-                for (int i = 0; i < mLdapStringAttrs.length; i++) {
-                    mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim();
-                }
-            }
-            CMS.debug("nsNKeySubjectNameDefault: ldapInit(): done");
-            mInitialized = true;
-        } catch (Exception e) {
-            CMS.debug("nsNKeySubjectNameDefault: ldapInit(): " + e.toString());
-            // throw EProfileException...
-            throw new EProfileException("ldap init failure: " + e.toString());
-        }
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        X500Name name = null;
-        CMS.debug("nsNKeySubjectNameDefault: in populate");
-        ldapInit();
-        try {
-            // cfu - this goes to ldap
-            String subjectName = getSubjectName(request);
-            CMS.debug("subjectName=" + subjectName);
-            if (subjectName == null || subjectName.equals(""))
-                return;
-
-            name = new X500Name(subjectName);
-        } catch (IOException e) {
-            // failed to build x500 name
-            CMS.debug("nsNKeySubjectNameDefault: populate " + e.toString());
-        }
-        if (name == null) {
-            // failed to build x500 name
-        }
-        try {
-            info.set(X509CertInfo.SUBJECT,
-                    new CertificateSubjectName(name));
-        } catch (Exception e) {
-            // failed to insert subject name
-            CMS.debug("nsNKeySubjectNameDefault: populate " + e.toString());
-        }
-    }
-
-    private String getSubjectName(IRequest request)
-            throws EProfileException, IOException {
-
-        CMS.debug("nsNKeySubjectNameDefault: in getSubjectName");
-
-        String pattern = getConfig(CONFIG_DNPATTERN);
-        if (pattern == null || pattern.equals("")) {
-            pattern = " ";
-        }
-
-        LDAPConnection conn = null;
-        String userdn = null;
-        String sbjname = "";
-        // get DN from ldap to fill request
-        try {
-            if (mConnFactory == null) {
-                conn = null;
-                CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no LDAP connection");
-                throw new EProfileException("no LDAP connection");
-            } else {
-                conn = mConnFactory.getConn();
-                if (conn == null) {
-                    CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - " +
-                               "no LDAP connection");
-                    throw new EProfileException("no LDAP connection");
-                }
-                CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got LDAP connection");
-            }
-
-            if (request != null) {
-                CMS.debug("pattern = " + pattern);
-                sbjname = mapPattern(request, pattern);
-                CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): subject name mapping done");
-            } else {
-                CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - " +
-                           "request is null!");
-                throw new EProfileException("request is null");
-            }
-            // retrieve the attributes
-            // get user dn.
-            CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with basedn = " + mBaseDN);
-            LDAPSearchResults res = conn.search(mBaseDN,
-                    LDAPv2.SCOPE_SUB, "(aoluid=" + request.getExtDataInString("aoluid") + ")", null, false);
-
-            if (res.hasMoreElements()) {
-                LDAPEntry entry = res.next();
-
-                userdn = entry.getDN();
-            } else {// put into property file later - cfu
-                CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): screen name does not exist");
-                throw new EProfileException("screenname does not exist");
-            }
-            CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = "
-                    + request.getExtDataInString("aoluid"));
-            ;
-
-            LDAPEntry entry = null;
-            CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with "
-                    + mLdapStringAttrs.length + " attributes");
-            LDAPSearchResults results =
-                    conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*",
-                            mLdapStringAttrs, false);
-
-            if (!results.hasMoreElements()) {
-                CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no attributes");
-                throw new EProfileException("no ldap attributes found");
-            }
-            entry = results.next();
-            // set attrs into request
-            for (int i = 0; i < mLdapStringAttrs.length; i++) {
-                LDAPAttribute la =
-                        entry.getAttribute(mLdapStringAttrs[i]);
-                if (la != null) {
-                    String[] sla = la.getStringValueArray();
-                    CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got attribute: " + sla[0]);
-                    request.setExtData(mLdapStringAttrs[i], sla[0]);
-                }
-            }
-            CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): attributes set in request");
-        } catch (Exception e) {
-            CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): " + e.toString());
-            throw new EProfileException("getSubjectName() failure: " + e.toString());
-        } finally {
-            try {
-                if (conn != null)
-                    mConnFactory.returnConn(conn);
-            } catch (Exception e) {
-                throw new EProfileException("nsNKeySubjectNameDefault: getSubjectName(): connection return failure");
-            }
-        }
-        return sbjname;
-
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java b/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java
deleted file mode 100644
index 9dfda47b5..000000000
--- a/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java
+++ /dev/null
@@ -1,215 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements an enrollment default policy
- * that populates server-side configurable subject name
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
-
-    public static final String PROP_PARAMS = "params";
-    public static final String CONFIG_DNPATTERN = "dnpattern";
-
-    public static final String VAL_NAME = "name";
-
-    /* default dn pattern if left blank or not set in the config */
-    protected static String DEFAULT_DNPATTERN =
-            "Token Key Device - $request.tokencuid$";
-
-    protected IConfigStore mParamsConfig;
-
-    public nsTokenDeviceKeySubjectNameDefault() {
-        super();
-        addConfigName(CONFIG_DNPATTERN);
-
-        addValueName(CONFIG_DNPATTERN);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getConfigDescriptor, name=" + name);
-        if (name.equals(CONFIG_DNPATTERN)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null, null, CMS.getUserMessage(locale,
-                            "CMS_PROFILE_SUBJECT_NAME"));
-        } else {
-            return null;
-        }
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValueDescriptor name=" + name);
-
-        if (name.equals(VAL_NAME)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null,
-                    null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_SUBJECT_NAME"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-
-        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in setValue, value=" + value);
-
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_NAME)) {
-            X500Name x500name = null;
-
-            try {
-                x500name = new X500Name(value);
-            } catch (IOException e) {
-                CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " + e.toString());
-                // failed to build x500 name
-            }
-            CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue name=" + x500name);
-            try {
-                info.set(X509CertInfo.SUBJECT,
-                        new CertificateSubjectName(x500name));
-            } catch (Exception e) {
-                // failed to insert subject name
-                CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValue, name=" + name);
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_NAME)) {
-            CertificateSubjectName sn = null;
-
-            try {
-                CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue info=" + info);
-                sn = (CertificateSubjectName)
-                        info.get(X509CertInfo.SUBJECT);
-                CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue name=" + sn);
-                return sn.toString();
-            } catch (Exception e) {
-                // nothing
-                CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue " + e.toString());
-
-            }
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getText");
-        return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME",
-                getConfig(CONFIG_DNPATTERN));
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        X500Name name = null;
-        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in populate");
-
-        try {
-            String subjectName = getSubjectName(request);
-            CMS.debug("subjectName=" + subjectName);
-            if (subjectName == null || subjectName.equals(""))
-                return;
-
-            name = new X500Name(subjectName);
-        } catch (IOException e) {
-            // failed to build x500 name
-            CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " + e.toString());
-        }
-        if (name == null) {
-            // failed to build x500 name
-        }
-        try {
-            info.set(X509CertInfo.SUBJECT,
-                    new CertificateSubjectName(name));
-        } catch (Exception e) {
-            // failed to insert subject name
-            CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " + e.toString());
-        }
-    }
-
-    private String getSubjectName(IRequest request)
-            throws EProfileException, IOException {
-
-        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getSubjectName");
-
-        String pattern = getConfig(CONFIG_DNPATTERN);
-        if (pattern == null || pattern.equals("")) {
-            pattern = " ";
-        }
-
-        String sbjname = "";
-
-        if (request != null) {
-            CMS.debug("pattern = " + pattern);
-            sbjname = mapPattern(request, pattern);
-            CMS.debug("nsTokenDeviceKeySubjectNameDefault: getSubjectName(): subject name mapping done");
-        }
-
-        return sbjname;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java b/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java
deleted file mode 100644
index 86a2a6961..000000000
--- a/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java
+++ /dev/null
@@ -1,457 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.def;
-
-//ldap java sdk
-import java.io.IOException;
-import java.util.Locale;
-import java.util.StringTokenizer;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.ldap.ILdapConnFactory;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cmsutil.ldap.LDAPUtil;
-
-/**
- * This class implements an enrollment default policy
- * that populates server-side configurable subject name
- * into the certificate template.
- *
- * @version $Revision$, $Date$
- */
-public class nsTokenUserKeySubjectNameDefault extends EnrollDefault {
-
-    public static final String PROP_LDAP = "ldap";
-    public static final String PROP_PARAMS = "params";
-    public static final String CONFIG_DNPATTERN = "dnpattern";
-    public static final String CONFIG_LDAP_ENABLE = "ldap.enable";
-    public static final String CONFIG_LDAP_SEARCH_NAME = "ldap.searchName";
-    public static final String CONFIG_LDAP_STRING_ATTRS = "ldapStringAttributes";
-    public static final String CONFIG_LDAP_HOST = "ldap.ldapconn.host";
-    public static final String CONFIG_LDAP_PORT = "ldap.ldapconn.port";
-    public static final String CONFIG_LDAP_SEC_CONN = "ldap.ldapconn.secureConn";
-    public static final String CONFIG_LDAP_VER = "ldap.ldapconn.Version";
-    public static final String CONFIG_LDAP_BASEDN = "ldap.basedn";
-    public static final String CONFIG_LDAP_MIN_CONN = "ldap.minConns";
-    public static final String CONFIG_LDAP_MAX_CONN = "ldap.maxConns";
-
-    public static final String VAL_NAME = "name";
-
-    public static final String CONFIG_LDAP_VERS =
-            "2,3";
-
-    /* default dn pattern if left blank or not set in the config */
-    protected static String DEFAULT_DNPATTERN =
-            "CN=$request.uid$, E=$request.mail$";
-
-    /* ldap configuration sub-store */
-    boolean mldapInitialized = false;
-    boolean mldapEnabled = false;
-    protected IConfigStore mInstConfig;
-    protected IConfigStore mLdapConfig;
-    protected IConfigStore mParamsConfig;
-
-    /* ldap base dn */
-    protected String mBaseDN = null;
-
-    /* factory of anonymous ldap connections */
-    protected ILdapConnFactory mConnFactory = null;
-
-    /* the list of LDAP attributes with string values to retrieve to
-     * form the subject dn. */
-    protected String[] mLdapStringAttrs = null;
-
-    public nsTokenUserKeySubjectNameDefault() {
-        super();
-        addConfigName(CONFIG_DNPATTERN);
-        addConfigName(CONFIG_LDAP_ENABLE);
-        addConfigName(CONFIG_LDAP_SEARCH_NAME);
-        addConfigName(CONFIG_LDAP_STRING_ATTRS);
-        addConfigName(CONFIG_LDAP_HOST);
-        addConfigName(CONFIG_LDAP_PORT);
-        addConfigName(CONFIG_LDAP_SEC_CONN);
-        addConfigName(CONFIG_LDAP_VER);
-        addConfigName(CONFIG_LDAP_BASEDN);
-        addConfigName(CONFIG_LDAP_MIN_CONN);
-        addConfigName(CONFIG_LDAP_MAX_CONN);
-
-        addValueName(CONFIG_DNPATTERN);
-        addValueName(CONFIG_LDAP_ENABLE);
-        addValueName(CONFIG_LDAP_SEARCH_NAME);
-        addValueName(CONFIG_LDAP_STRING_ATTRS);
-        addValueName(CONFIG_LDAP_HOST);
-        addValueName(CONFIG_LDAP_PORT);
-        addValueName(CONFIG_LDAP_SEC_CONN);
-        addValueName(CONFIG_LDAP_VER);
-        addValueName(CONFIG_LDAP_BASEDN);
-        addValueName(CONFIG_LDAP_MIN_CONN);
-        addValueName(CONFIG_LDAP_MAX_CONN);
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        mInstConfig = config;
-        super.init(profile, config);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        CMS.debug("nsTokenUserKeySubjectNameDefault: in getConfigDescriptor, name=" + name);
-        if (name.equals(CONFIG_DNPATTERN)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null, null, CMS.getUserMessage(locale,
-                            "CMS_PROFILE_SUBJECT_NAME"));
-        } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_STRING_ATTRS"));
-        } else if (name.equals(CONFIG_LDAP_ENABLE)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_ENABLE"));
-        } else if (name.equals(CONFIG_LDAP_SEARCH_NAME)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SEARCH_NAME"));
-        } else if (name.equals(CONFIG_LDAP_HOST)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_HOST_NAME"));
-        } else if (name.equals(CONFIG_LDAP_PORT)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_PORT_NUMBER"));
-        } else if (name.equals(CONFIG_LDAP_SEC_CONN)) {
-            return new Descriptor(IDescriptor.BOOLEAN,
-                    null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SECURE_CONN"));
-        } else if (name.equals(CONFIG_LDAP_VER)) {
-            return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS,
-                    "3",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_VERSION"));
-        } else if (name.equals(CONFIG_LDAP_BASEDN)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_BASEDN"));
-        } else if (name.equals(CONFIG_LDAP_MIN_CONN)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_MIN_CONN"));
-        } else if (name.equals(CONFIG_LDAP_MAX_CONN)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_MAX_CONN"));
-        } else {
-            return null;
-        }
-    }
-
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        CMS.debug("nsTokenUserKeySubjectNameDefault: in getValueDescriptor name=" + name);
-
-        if (name.equals(VAL_NAME)) {
-            return new Descriptor(IDescriptor.STRING,
-                    null,
-                    null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_SUBJECT_NAME"));
-        } else {
-            return null;
-        }
-    }
-
-    public void setValue(String name, Locale locale,
-            X509CertInfo info, String value)
-            throws EPropertyException {
-
-        CMS.debug("nsTokenUserKeySubjectNameDefault: in setValue, value=" + value);
-
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_NAME)) {
-            X500Name x500name = null;
-
-            try {
-                x500name = new X500Name(value);
-            } catch (IOException e) {
-                CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " + e.toString());
-                // failed to build x500 name
-            }
-            CMS.debug("nsTokenUserKeySubjectNameDefault: setValue name=" + x500name);
-            try {
-                info.set(X509CertInfo.SUBJECT,
-                        new CertificateSubjectName(x500name));
-            } catch (Exception e) {
-                // failed to insert subject name
-                CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage(
-                            locale, "CMS_INVALID_PROPERTY", name));
-            }
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getValue(String name, Locale locale,
-            X509CertInfo info)
-            throws EPropertyException {
-        CMS.debug("nsTokenUserKeySubjectNameDefault: in getValue, name=" + name);
-        if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-        if (name.equals(VAL_NAME)) {
-            CertificateSubjectName sn = null;
-
-            try {
-                CMS.debug("nsTokenUserKeySubjectNameDefault: getValue info=" + info);
-                sn = (CertificateSubjectName)
-                        info.get(X509CertInfo.SUBJECT);
-                CMS.debug("nsTokenUserKeySubjectNameDefault: getValue name=" + sn);
-                return sn.toString();
-            } catch (Exception e) {
-                // nothing
-                CMS.debug("nsTokenUserKeySubjectNameDefault: getValue " + e.toString());
-
-            }
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        } else {
-            throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
-        }
-    }
-
-    public String getText(Locale locale) {
-        CMS.debug("nsTokenUserKeySubjectNameDefault: in getText");
-        return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME",
-                getConfig(CONFIG_DNPATTERN));
-    }
-
-    public void ldapInit()
-            throws EProfileException {
-        if (mldapInitialized == true)
-            return;
-
-        CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): begin");
-
-        try {
-            // cfu - XXX do more error handling here later
-            /* initialize ldap server configuration */
-            mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS);
-            mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP);
-            mldapEnabled = mParamsConfig.getBoolean(CONFIG_LDAP_ENABLE,
-                    false);
-            if (mldapEnabled == false)
-                return;
-
-            mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null);
-            mConnFactory = CMS.getLdapAnonConnFactory();
-            mConnFactory.init(mLdapConfig);
-
-            /* initialize dn pattern */
-            String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null);
-
-            if (pattern == null || pattern.length() == 0)
-                pattern = DEFAULT_DNPATTERN;
-
-            /* initialize ldap string attribute list */
-            String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null);
-
-            if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) {
-                StringTokenizer pAttrs =
-                        new StringTokenizer(ldapStringAttrs, ",", false);
-
-                mLdapStringAttrs = new String[pAttrs.countTokens()];
-
-                for (int i = 0; i < mLdapStringAttrs.length; i++) {
-                    mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim();
-                }
-            }
-            CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): done");
-            mldapInitialized = true;
-        } catch (Exception e) {
-            CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): " + e.toString());
-            // throw EProfileException...
-            throw new EProfileException("ldap init failure: " + e.toString());
-        }
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IRequest request, X509CertInfo info)
-            throws EProfileException {
-        X500Name name = null;
-        CMS.debug("nsTokenUserKeySubjectNameDefault: in populate");
-        ldapInit();
-        try {
-            // cfu - this goes to ldap
-            String subjectName = getSubjectName(request);
-            CMS.debug("subjectName=" + subjectName);
-            if (subjectName == null || subjectName.equals(""))
-                return;
-
-            name = new X500Name(subjectName);
-        } catch (IOException e) {
-            // failed to build x500 name
-            CMS.debug("nsTokenUserKeySubjectNameDefault: populate " + e.toString());
-        }
-        if (name == null) {
-            // failed to build x500 name
-        }
-        try {
-            info.set(X509CertInfo.SUBJECT,
-                    new CertificateSubjectName(name));
-        } catch (Exception e) {
-            // failed to insert subject name
-            CMS.debug("nsTokenUserKeySubjectNameDefault: populate " + e.toString());
-        }
-    }
-
-    private String getSubjectName(IRequest request)
-            throws EProfileException, IOException {
-
-        CMS.debug("nsTokenUserKeySubjectNameDefault: in getSubjectName");
-
-        String pattern = getConfig(CONFIG_DNPATTERN);
-        if (pattern == null || pattern.equals("")) {
-            pattern = " ";
-        }
-        String sbjname = "";
-
-        if (mldapInitialized == false) {
-            if (request != null) {
-                CMS.debug("pattern = " + pattern);
-                sbjname = mapPattern(request, pattern);
-                CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done");
-            }
-            return sbjname;
-        }
-
-        // ldap is initialized, do more substitution
-        String searchName = getConfig(CONFIG_LDAP_SEARCH_NAME);
-        if (searchName == null || searchName.equals("")) {
-            searchName = "uid";
-        }
-
-        LDAPConnection conn = null;
-        String userdn = null;
-        // get DN from ldap to fill request
-        try {
-            if (mConnFactory == null) {
-                conn = null;
-                CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): no LDAP connection");
-                throw new EProfileException("no LDAP connection");
-            } else {
-                conn = mConnFactory.getConn();
-                if (conn == null) {
-                    CMS.debug("nsTokenUserKeySubjectNameDefault::getSubjectName() - " +
-                               "no LDAP connection");
-                    throw new EProfileException("no LDAP connection");
-                }
-                CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got LDAP connection");
-            }
-            // retrieve the attributes
-            // get user dn.
-            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with basedn = " + mBaseDN);
-            LDAPSearchResults res = conn.search(mBaseDN,
-                    LDAPv2.SCOPE_SUB, "(" + searchName + "=" + request.getExtDataInString("uid") + ")", null, false);
-
-            if (res.hasMoreElements()) {
-                LDAPEntry entry = res.next();
-
-                userdn = entry.getDN();
-            } else {// put into property file later - cfu
-                CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " + searchName + " does not exist");
-                throw new EProfileException("id does not exist");
-            }
-            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for "
-                    + searchName + " = " + request.getExtDataInString("uid"));
-
-            LDAPEntry entry = null;
-            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with "
-                    + mLdapStringAttrs.length + " attributes");
-            LDAPSearchResults results =
-                    conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*",
-                            mLdapStringAttrs, false);
-
-            if (!results.hasMoreElements()) {
-                CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): no attributes");
-                throw new EProfileException("no ldap attributes found");
-            }
-            entry = results.next();
-            // set attrs into request
-            for (int i = 0; i < mLdapStringAttrs.length; i++) {
-                LDAPAttribute la =
-                        entry.getAttribute(mLdapStringAttrs[i]);
-                if (la != null) {
-                    String[] sla = la.getStringValueArray();
-                    CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: "
-                            + mLdapStringAttrs[i] +
-                            "=" + LDAPUtil.escapeRDNValue(sla[0]));
-                    request.setExtData(mLdapStringAttrs[i], LDAPUtil.escapeRDNValue(sla[0]));
-                }
-            }
-            CMS.debug("pattern = " + pattern);
-            sbjname = mapPattern(request, pattern);
-            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done");
-            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): attributes set in request");
-
-        } catch (Exception e) {
-            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " + e.toString());
-            throw new EProfileException("getSubjectName() failure: " + e.toString());
-        } finally {
-            try {
-                if (conn != null)
-                    mConnFactory.returnConn(conn);
-            } catch (Exception e) {
-                throw new EProfileException(
-                        "nsTokenUserKeySubjectNameDefault: getSubjectName(): connection return failure");
-            }
-        }
-        return sbjname;
-
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java b/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java
deleted file mode 100644
index a62d6e9f7..000000000
--- a/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java
+++ /dev/null
@@ -1,128 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.input;
-
-import java.util.Locale;
-
-import netscape.security.x509.X509CertInfo;
-
-import org.mozilla.jss.pkix.cmc.TaggedRequest;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.common.EnrollProfile;
-
-/**
- * This class implements the certificate request input.
- * This input populates 2 main fields to the enrollment page:
- * 1/ Certificate Request Type, 2/ Certificate Request
- * <p>
- *
- * This input usually is used by an enrollment profile for certificate requests.
- *
- * @version $Revision$, $Date$
- */
-public class CMCCertReqInput extends EnrollInput implements IProfileInput {
-    public static final String VAL_CERT_REQUEST_TYPE =
-            EnrollProfile.CTX_CERT_REQUEST_TYPE;
-    public static final String VAL_CERT_REQUEST =
-            EnrollProfile.CTX_CERT_REQUEST;
-
-    public EnrollProfile mEnrollProfile = null;
-
-    public CMCCertReqInput() {
-        addValueName(VAL_CERT_REQUEST);
-    }
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-
-        mEnrollProfile = (EnrollProfile) profile;
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_CERT_REQ_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_CERT_REQ_TEXT");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-        String cert_request = ctx.get(VAL_CERT_REQUEST);
-        X509CertInfo info =
-                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
-
-        if (cert_request == null) {
-            CMS.debug("CMCCertReqInput: populate - invalid certificate request");
-            throw new EProfileException(CMS.getUserMessage(
-                        getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-        }
-        TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request);
-
-        if (msgs == null) {
-            CMS.debug("CMCCertReqInput: populate - parseCMC returns null TaggedRequest msgs");
-            return;
-        }
-        // This profile only handle the first request in CRMF
-        Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
-        if (seqNum == null) {
-            throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
-        }
-
-        mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request);
-        request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CERT_REQUEST)) {
-            return new Descriptor(IDescriptor.CERT_REQUEST, null,
-                    null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_INPUT_CERT_REQ"));
-        }
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/input/CertReqInput.java b/base/common/src/com/netscape/cms/profile/input/CertReqInput.java
deleted file mode 100644
index e67f5b501..000000000
--- a/base/common/src/com/netscape/cms/profile/input/CertReqInput.java
+++ /dev/null
@@ -1,190 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.input;
-
-import java.util.Locale;
-
-import netscape.security.pkcs.PKCS10;
-import netscape.security.util.DerInputStream;
-import netscape.security.x509.X509CertInfo;
-
-import org.mozilla.jss.pkix.cmc.TaggedRequest;
-import org.mozilla.jss.pkix.crmf.CertReqMsg;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.common.EnrollProfile;
-
-/**
- * This class implements the certificate request input.
- * This input populates 2 main fields to the enrollment page:
- * 1/ Certificate Request Type, 2/ Certificate Request
- * <p>
- *
- * This input usually is used by an enrollment profile for certificate requests.
- *
- * @version $Revision$, $Date$
- */
-public class CertReqInput extends EnrollInput implements IProfileInput {
-    public static final String VAL_CERT_REQUEST_TYPE =
-            EnrollProfile.CTX_CERT_REQUEST_TYPE;
-    public static final String VAL_CERT_REQUEST =
-            EnrollProfile.CTX_CERT_REQUEST;
-
-    public EnrollProfile mEnrollProfile = null;
-
-    public CertReqInput() {
-        addValueName(VAL_CERT_REQUEST_TYPE);
-        addValueName(VAL_CERT_REQUEST);
-    }
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-
-        mEnrollProfile = (EnrollProfile) profile;
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_CERT_REQ_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_CERT_REQ_TEXT");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-        String cert_request_type = ctx.get(VAL_CERT_REQUEST_TYPE);
-        String cert_request = ctx.get(VAL_CERT_REQUEST);
-        X509CertInfo info =
-                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
-
-        if (cert_request_type == null) {
-            CMS.debug("CertReqInput: populate - invalid cert request type " +
-                    "");
-            throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
-                            ""));
-        }
-        if (cert_request == null) {
-            CMS.debug("CertReqInput: populate - invalid certificate request");
-            throw new EProfileException(CMS.getUserMessage(
-                        getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-        }
-
-        if (cert_request_type.equals(EnrollProfile.REQ_TYPE_PKCS10)) {
-            PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), cert_request);
-
-            if (pkcs10 == null) {
-                throw new EProfileException(CMS.getUserMessage(
-                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-            }
-
-            mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);
-        } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) {
-            DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), cert_request);
-
-            if (keygen == null) {
-                throw new EProfileException(CMS.getUserMessage(
-                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-            }
-
-            mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request);
-        } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) {
-            CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), cert_request);
-
-            if (msgs == null) {
-                throw new EProfileException(CMS.getUserMessage(
-                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-            }
-            for (int x = 0; x < msgs.length; x++) {
-                verifyPOP(getLocale(request), msgs[x]);
-            }
-            // This profile only handle the first request in CRMF
-            Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
-
-            mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request
-                    );
-        } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) {
-            TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request);
-
-            if (msgs == null) {
-                throw new EProfileException(CMS.getUserMessage(
-                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-            }
-            // This profile only handle the first request in CRMF
-            Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
-            if (seqNum == null) {
-                throw new EProfileException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
-            }
-
-            mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request);
-        } else {
-            // error
-            CMS.debug("CertReqInput: populate - invalid cert request type " +
-                    cert_request_type);
-            throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
-                            cert_request_type));
-        }
-        request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CERT_REQUEST_TYPE)) {
-            return new Descriptor(IDescriptor.CERT_REQUEST_TYPE, null,
-                    null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_INPUT_CERT_REQ_TYPE"));
-        } else if (name.equals(VAL_CERT_REQUEST)) {
-            return new Descriptor(IDescriptor.CERT_REQUEST, null,
-                    null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_INPUT_CERT_REQ"));
-        }
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java b/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java
deleted file mode 100644
index 8a2629667..000000000
--- a/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java
+++ /dev/null
@@ -1,168 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.input;
-
-import java.util.Locale;
-
-import netscape.security.pkcs.PKCS10;
-import netscape.security.util.DerInputStream;
-import netscape.security.x509.X509CertInfo;
-
-import org.mozilla.jss.pkix.crmf.CertReqMsg;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.common.EnrollProfile;
-
-/**
- * This class implements the dual key generation input.
- * This input populates parameters to the enrollment
- * pages so that a CRMF request containing 2 certificate
- * requests will be generated.
- * <p>
- *
- * This input can only be used with Netscape 7.x or later clients.
- * <p>
- *
- * @version $Revision$, $Date$
- */
-public class DualKeyGenInput extends EnrollInput implements IProfileInput {
-
-    public static final String VAL_KEYGEN_REQUEST_TYPE =
-            EnrollProfile.CTX_CERT_REQUEST_TYPE;
-    public static final String VAL_KEYGEN_REQUEST =
-            EnrollProfile.CTX_CERT_REQUEST;
-
-    public EnrollProfile mEnrollProfile = null;
-
-    public DualKeyGenInput() {
-        addValueName(VAL_KEYGEN_REQUEST_TYPE);
-        addValueName(VAL_KEYGEN_REQUEST);
-    }
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-        mEnrollProfile = (EnrollProfile) profile;
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_DUAL_KEY_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_DUAL_KEY_TEXT");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-        String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE);
-        String keygen_request = ctx.get(VAL_KEYGEN_REQUEST);
-
-        X509CertInfo info =
-                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
-
-        if (keygen_request_type == null) {
-            CMS.debug("DualKeyGenInput: populate - invalid cert request type " +
-                    "");
-            throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
-                            ""));
-        }
-        if (keygen_request == null) {
-            CMS.debug("DualKeyGenInput: populate - invalid certificate request");
-            throw new EProfileException(CMS.getUserMessage(
-                        getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-        }
-        if (keygen_request_type.startsWith("pkcs10")) {
-            PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request);
-
-            mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);
-        } else if (keygen_request_type.startsWith("keygen")) {
-            DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request);
-
-            mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request);
-        } else if (keygen_request_type.startsWith("crmf")) {
-            CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request);
-
-            if (msgs == null) {
-                throw new EProfileException(CMS.getUserMessage(
-                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-            }
-            for (int x = 0; x < msgs.length; x++) {
-                verifyPOP(getLocale(request), msgs[x]);
-            }
-            // This profile only handle the first request in CRMF
-            Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
-
-            if (seqNum == null) {
-                throw new EProfileException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
-            }
-
-            mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request);
-        } else {
-            // error
-            CMS.debug("DualKeyGenInput: populate - " +
-                    "invalid cert request type " + keygen_request_type);
-            throw new EProfileException(CMS.getUserMessage(
-                        getLocale(request),
-                        "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
-                        keygen_request_type));
-        }
-        request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) {
-            return new Descriptor(IDescriptor.DUAL_KEYGEN_REQUEST_TYPE, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE"));
-        } else if (name.equals(VAL_KEYGEN_REQUEST)) {
-            return new Descriptor(IDescriptor.DUAL_KEYGEN_REQUEST, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ"));
-        }
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/input/EncryptionKeyGenInput.java b/base/common/src/com/netscape/cms/profile/input/EncryptionKeyGenInput.java
deleted file mode 100644
index dae8143ee..000000000
--- a/base/common/src/com/netscape/cms/profile/input/EncryptionKeyGenInput.java
+++ /dev/null
@@ -1,189 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.input;
-
-import java.util.Locale;
-
-import netscape.security.pkcs.PKCS10;
-import netscape.security.util.DerInputStream;
-import netscape.security.x509.X509CertInfo;
-
-import org.mozilla.jss.pkix.cmc.TaggedRequest;
-import org.mozilla.jss.pkix.crmf.CertReqMsg;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.common.EnrollProfile;
-
-/**
- * This class implements the key generation input that
- * populates parameters to the enrollment page for
- * key generation.
- * <p>
- *
- * This input normally is used with user-based or non certificate request profile.
- * <p>
- *
- * @version $Revision$, $Date$
- */
-public class EncryptionKeyGenInput extends EnrollInput implements IProfileInput {
-
-    public static final String VAL_KEYGEN_REQUEST_TYPE =
-            EnrollProfile.CTX_CERT_REQUEST_TYPE;
-    public static final String VAL_KEYGEN_REQUEST =
-            EnrollProfile.CTX_CERT_REQUEST;
-
-    public EnrollProfile mEnrollProfile = null;
-
-    public EncryptionKeyGenInput() {
-        addValueName(VAL_KEYGEN_REQUEST_TYPE);
-        addValueName(VAL_KEYGEN_REQUEST);
-    }
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-        mEnrollProfile = (EnrollProfile) profile;
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_ENC_KEY_GEN_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_ENC_KEY_GEN_TEXT");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-        String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE);
-        String keygen_request = ctx.get(VAL_KEYGEN_REQUEST);
-
-        X509CertInfo info =
-                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
-
-        if (keygen_request_type == null) {
-            CMS.debug("EncryptionKeyGenInput: populate - invalid cert request type " +
-                    "");
-            throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
-                            ""));
-        }
-        if (keygen_request == null) {
-            CMS.debug("EncryptionKeyGenInput: populate - invalid certificate request");
-            throw new EProfileException(CMS.getUserMessage(
-                        getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-        }
-        if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) {
-            PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request);
-
-            if (pkcs10 == null) {
-                throw new EProfileException(CMS.getUserMessage(
-                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-            }
-
-            mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);
-        } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) {
-            DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request);
-
-            if (keygen == null) {
-                throw new EProfileException(CMS.getUserMessage(
-                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-            }
-
-            mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request);
-        } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) {
-            CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request);
-
-            if (msgs == null) {
-                throw new EProfileException(CMS.getUserMessage(
-                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-            }
-            for (int x = 0; x < msgs.length; x++) {
-                verifyPOP(getLocale(request), msgs[x]);
-            }
-            // This profile only handle the first request in CRMF
-            Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
-
-            mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request);
-        } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) {
-            TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), keygen_request);
-
-            if (msgs == null) {
-                throw new EProfileException(CMS.getUserMessage(
-                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-            }
-            // This profile only handle the first request in CRMF
-            Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
-
-            if (seqNum == null) {
-                throw new EProfileException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
-            }
-
-            mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request);
-        } else {
-            // error
-            CMS.debug("EncryptionKeyGenInput: populate - " +
-                    "invalid cert request type " + keygen_request_type);
-            throw new EProfileException(CMS.getUserMessage(
-                        getLocale(request),
-                        "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
-                        keygen_request_type));
-        }
-        request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) {
-            return new Descriptor(IDescriptor.ENC_KEYGEN_REQUEST_TYPE, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE"));
-        } else if (name.equals(VAL_KEYGEN_REQUEST)) {
-            return new Descriptor(IDescriptor.ENC_KEYGEN_REQUEST, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ"));
-        }
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/input/EnrollInput.java b/base/common/src/com/netscape/cms/profile/input/EnrollInput.java
deleted file mode 100644
index b4ed31223..000000000
--- a/base/common/src/com/netscape/cms/profile/input/EnrollInput.java
+++ /dev/null
@@ -1,303 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.input;
-
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.pkix.crmf.CertReqMsg;
-import org.mozilla.jss.pkix.crmf.ProofOfPossession;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.common.EnrollProfile;
-
-/**
- * This class implements the base enrollment input.
- *
- * @version $Revision$, $Date$
- */
-public abstract class EnrollInput implements IProfileInput {
-
-    private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION =
-            "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
-
-    protected IConfigStore mConfig = null;
-    protected Vector<String> mValueNames = new Vector<String>();
-    protected Vector<String> mConfigNames = new Vector<String>();
-    protected IProfile mProfile = null;
-
-    protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        mConfig = config;
-        mProfile = profile;
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    /**
-     * Populates the request with this policy default.
-     *
-     * @param ctx profile context
-     * @param request request
-     * @exception EProfileException failed to populate
-     */
-    public abstract void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException;
-
-    /**
-     * Retrieves the localizable name of this policy.
-     *
-     * @param locale user locale
-     * @return localized input name
-     */
-    public abstract String getName(Locale locale);
-
-    /**
-     * Retrieves the localizable description of this policy.
-     *
-     * @param locale user locale
-     * @return localized input description
-     */
-    public abstract String getText(Locale locale);
-
-    /**
-     * Retrieves the descriptor of the given value
-     * property by name.
-     *
-     * @param locale user locale
-     * @param name property name
-     * @return descriptor of the property
-     */
-    public abstract IDescriptor getValueDescriptor(Locale locale, String name);
-
-    public void addValueName(String name) {
-        mValueNames.addElement(name);
-    }
-
-    /**
-     * Retrieves a list of names of the value parameter.
-     */
-    public Enumeration<String> getValueNames() {
-        return mValueNames.elements();
-    }
-
-    public void addConfigName(String name) {
-        mConfigNames.addElement(name);
-    }
-
-    public Enumeration<String> getConfigNames() {
-        return mConfigNames.elements();
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        if (mConfig.getSubStore("params") == null) {
-            //
-        } else {
-            mConfig.getSubStore("params").putString(name, value);
-        }
-    }
-
-    public String getConfig(String name) {
-        try {
-            if (mConfig == null) {
-                return null;
-            }
-            if (mConfig.getSubStore("params") != null) {
-                return mConfig.getSubStore("params").getString(name);
-            }
-        } catch (EBaseException e) {
-        }
-        return "";
-    }
-
-    public String getDefaultConfig(String name) {
-        return null;
-    }
-
-    public String getValue(String name, Locale locale, IRequest request)
-            throws EProfileException {
-        return request.getExtDataInString(name);
-    }
-
-    /**
-     * Sets the value of the given value parameter by name.
-     */
-    public void setValue(String name, Locale locale, IRequest request,
-            String value) throws EPropertyException {
-        request.setExtData(name, value);
-    }
-
-    public Locale getLocale(IRequest request) {
-        Locale locale = null;
-        String language = request.getExtDataInString(
-                EnrollProfile.REQUEST_LOCALE);
-        if (language != null) {
-            locale = new Locale(language);
-        }
-        return locale;
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        return null;
-    }
-
-    public void verifyPOP(Locale locale, CertReqMsg certReqMsg)
-            throws EProfileException {
-        CMS.debug("EnrollInput ::in verifyPOP");
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        if (!certReqMsg.hasPop()) {
-            CMS.debug("CertReqMsg has not POP, return");
-            return;
-        }
-        ProofOfPossession pop = certReqMsg.getPop();
-        ProofOfPossession.Type popType = pop.getType();
-
-        if (popType != ProofOfPossession.SIGNATURE) {
-            CMS.debug("not POP SIGNATURE, return");
-            return;
-        }
-
-        try {
-            if (CMS.getConfigStore().getBoolean("cms.skipPOPVerify", false)) {
-                CMS.debug("skipPOPVerify on, return");
-                return;
-            }
-            CMS.debug("POP verification begins:");
-            CryptoManager cm = CryptoManager.getInstance();
-
-            CryptoToken verifyToken = null;
-            String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal");
-            if (tokenName.equals("internal")) {
-                CMS.debug("POP verification using internal token");
-                certReqMsg.verify();
-            } else {
-                CMS.debug("POP verification using token:" + tokenName);
-                verifyToken = cm.getTokenByName(tokenName);
-                certReqMsg.verify(verifyToken);
-            }
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-                    auditSubjectID,
-                    ILogger.SUCCESS);
-            audit(auditMessage);
-        } catch (Exception e) {
-
-            CMS.debug("Failed POP verify! " + e.toString());
-            CMS.debug(e);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-                    auditSubjectID,
-                    ILogger.FAILURE);
-
-            audit(auditMessage);
-
-            throw new EProfileException(CMS.getUserMessage(locale,
-                        "CMS_POP_VERIFICATION_ERROR"));
-        }
-    }
-
-    /**
-     * Signed Audit Log
-     *
-     * This method is inherited by all extended "CMSServlet"s,
-     * and is called to store messages to the signed audit log.
-     * <P>
-     *
-     * @param msg signed audit log message
-     */
-    protected void audit(String msg) {
-        // in this case, do NOT strip preceding/trailing whitespace
-        // from passed-in String parameters
-
-        if (mSignedAuditLogger == null) {
-            return;
-        }
-
-        mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-                null,
-                ILogger.S_SIGNED_AUDIT,
-                ILogger.LL_SECURITY,
-                msg);
-    }
-
-    /**
-     * Signed Audit Log Subject ID
-     *
-     * This method is inherited by all extended "CMSServlet"s,
-     * and is called to obtain the "SubjectID" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @return id string containing the signed audit log message SubjectID
-     */
-    protected String auditSubjectID() {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        String subjectID = null;
-
-        // Initialize subjectID
-        SessionContext auditContext = SessionContext.getExistingContext();
-
-        if (auditContext != null) {
-            subjectID = (String)
-                    auditContext.get(SessionContext.USER_ID);
-
-            if (subjectID != null) {
-                subjectID = subjectID.trim();
-            } else {
-                subjectID = ILogger.NONROLEUSER;
-            }
-        } else {
-            subjectID = ILogger.UNIDENTIFIED;
-        }
-
-        return subjectID;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java b/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java
deleted file mode 100644
index f62a5964c..000000000
--- a/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java
+++ /dev/null
@@ -1,143 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.input;
-
-import java.io.BufferedInputStream;
-import java.net.URL;
-import java.net.URLConnection;
-import java.security.MessageDigest;
-import java.util.Locale;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements the image
- * input that collects a picture.
- * <p>
- *
- * @version $Revision$, $Date$
- */
-public class FileSigningInput extends EnrollInput implements IProfileInput {
-
-    public static final String URL = "file_signing_url";
-    public static final String TEXT = "file_signing_text";
-    public static final String SIZE = "file_signing_size";
-    public static final String DIGEST = "file_signing_digest";
-    public static final String DIGEST_TYPE = "file_signing_digest_type";
-
-    public FileSigningInput() {
-        addValueName(URL);
-        addValueName(TEXT);
-    }
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT");
-    }
-
-    public String toHexString(byte data[]) {
-        StringBuffer sb = new StringBuffer();
-        for (int i = 0; i < data.length; i++) {
-            int v = data[i] & 0xff;
-            if (v < 16) {
-                sb.append("0");
-            }
-            sb.append(Integer.toHexString(v));
-        }
-        return sb.toString();
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-        request.setExtData(TEXT, ctx.get(TEXT));
-        request.setExtData(URL, ctx.get(URL));
-        request.setExtData(DIGEST_TYPE, "SHA256");
-
-        try {
-            // retrieve file and calculate the hash
-            URL url = new URL(ctx.get(URL));
-            URLConnection c = url.openConnection();
-            c.setAllowUserInteraction(false);
-            c.setDoInput(true);
-            c.setDoOutput(false);
-            c.setUseCaches(false);
-            c.connect();
-            int len = c.getContentLength();
-            request.setExtData(SIZE, Integer.toString(len));
-            BufferedInputStream is = new BufferedInputStream(c.getInputStream());
-            byte data[] = new byte[len];
-            is.read(data, 0, len);
-            is.close();
-
-            // calculate digest
-            MessageDigest digester = MessageDigest.getInstance("SHA256");
-            byte digest[] = digester.digest(data);
-            request.setExtData(DIGEST, toHexString(digest));
-        } catch (Exception e) {
-            CMS.debug("FileSigningInput populate failure " + e);
-            throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_FILE_NOT_FOUND"));
-        }
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(URL)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_URL"));
-        } else if (name.equals(TEXT)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT"));
-        }
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/input/GenericInput.java b/base/common/src/com/netscape/cms/profile/input/GenericInput.java
deleted file mode 100644
index e92fbe93e..000000000
--- a/base/common/src/com/netscape/cms/profile/input/GenericInput.java
+++ /dev/null
@@ -1,160 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.input;
-
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements a generic input.
- * <p>
- *
- * @version $Revision$, $Date$
- */
-public class GenericInput extends EnrollInput implements IProfileInput {
-
-    public static final String CONFIG_NUM = "gi_num";
-    public static final String CONFIG_DISPLAY_NAME = "gi_display_name";
-    public static final String CONFIG_PARAM_NAME = "gi_param_name";
-    public static final String CONFIG_ENABLE = "gi_param_enable";
-
-    public static final int DEF_NUM = 5;
-
-    public GenericInput() {
-        int num = getNum();
-        for (int i = 0; i < num; i++) {
-            addConfigName(CONFIG_PARAM_NAME + i);
-            addConfigName(CONFIG_DISPLAY_NAME + i);
-            addConfigName(CONFIG_ENABLE + i);
-        }
-    }
-
-    protected int getNum() {
-        int num = DEF_NUM;
-        String numC = getConfig(CONFIG_NUM);
-
-        if (numC != null) {
-            try {
-                num = Integer.parseInt(numC);
-            } catch (NumberFormatException e) {
-                // ignore
-            }
-        }
-        return num;
-    }
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_GENERIC_NAME_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_GENERIC_NAME_TEXT");
-    }
-
-    /**
-     * Returns selected value names based on the configuration.
-     */
-    public Enumeration<String> getValueNames() {
-        Vector<String> v = new Vector<String>();
-        int num = getNum();
-        for (int i = 0; i < num; i++) {
-            String enable = getConfig(CONFIG_ENABLE + i);
-            if (enable != null && enable.equals("true")) {
-                v.addElement(getConfig(CONFIG_PARAM_NAME + i));
-            }
-        }
-        return v.elements();
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-        int num = getNum();
-        for (int i = 0; i < num; i++) {
-            String enable = getConfig(CONFIG_ENABLE + i);
-            if (enable != null && enable.equals("true")) {
-                String param = getConfig(CONFIG_PARAM_NAME + i);
-                request.setExtData(param, ctx.get(param));
-            }
-        }
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        int num = getNum();
-        for (int i = 0; i < num; i++) {
-            if (name.equals(CONFIG_PARAM_NAME + i)) {
-                return new Descriptor(IDescriptor.STRING, null,
-                        null,
-                        CMS.getUserMessage(locale, "CMS_PROFILE_GI_PARAM_NAME") + i);
-            } else if (name.equals(CONFIG_DISPLAY_NAME + i)) {
-                return new Descriptor(IDescriptor.STRING, null,
-                        null,
-                        CMS.getUserMessage(locale, "CMS_PROFILE_GI_DISPLAY_NAME") + i);
-            } else if (name.equals(CONFIG_ENABLE + i)) {
-                return new Descriptor(IDescriptor.BOOLEAN, null,
-                        "false",
-                        CMS.getUserMessage(locale, "CMS_PROFILE_GI_ENABLE") + i);
-            }
-        } // for
-        return null;
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        int num = getNum();
-        for (int i = 0; i < num; i++) {
-            String param = getConfig(CONFIG_PARAM_NAME + i);
-            if (param != null && param.equals(name)) {
-                return new Descriptor(IDescriptor.STRING, null,
-                        null,
-                        getConfig(CONFIG_DISPLAY_NAME + i));
-            }
-        }
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/input/ImageInput.java b/base/common/src/com/netscape/cms/profile/input/ImageInput.java
deleted file mode 100644
index 5874cc07f..000000000
--- a/base/common/src/com/netscape/cms/profile/input/ImageInput.java
+++ /dev/null
@@ -1,89 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.input;
-
-import java.util.Locale;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements the image
- * input that collects a picture.
- * <p>
- *
- * @version $Revision$, $Date$
- */
-public class ImageInput extends EnrollInput implements IProfileInput {
-
-    public static final String IMAGE_URL = "image_url";
-
-    public ImageInput() {
-        addValueName(IMAGE_URL);
-    }
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_IMAGE_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_IMAGE_TEXT");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-        request.setExtData(IMAGE_URL, ctx.get(IMAGE_URL));
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(IMAGE_URL)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_IMAGE_URL"));
-        }
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java b/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java
deleted file mode 100644
index 1b3564ab7..000000000
--- a/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java
+++ /dev/null
@@ -1,189 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.input;
-
-import java.util.Locale;
-
-import netscape.security.pkcs.PKCS10;
-import netscape.security.util.DerInputStream;
-import netscape.security.x509.X509CertInfo;
-
-import org.mozilla.jss.pkix.cmc.TaggedRequest;
-import org.mozilla.jss.pkix.crmf.CertReqMsg;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.common.EnrollProfile;
-
-/**
- * This class implements the key generation input that
- * populates parameters to the enrollment page for
- * key generation.
- * <p>
- *
- * This input normally is used with user-based or non certificate request profile.
- * <p>
- *
- * @version $Revision$, $Date$
- */
-public class KeyGenInput extends EnrollInput implements IProfileInput {
-
-    public static final String VAL_KEYGEN_REQUEST_TYPE =
-            EnrollProfile.CTX_CERT_REQUEST_TYPE;
-    public static final String VAL_KEYGEN_REQUEST =
-            EnrollProfile.CTX_CERT_REQUEST;
-
-    public EnrollProfile mEnrollProfile = null;
-
-    public KeyGenInput() {
-        addValueName(VAL_KEYGEN_REQUEST_TYPE);
-        addValueName(VAL_KEYGEN_REQUEST);
-    }
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-        mEnrollProfile = (EnrollProfile) profile;
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEY_GEN_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEY_GEN_TEXT");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-        String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE);
-        String keygen_request = ctx.get(VAL_KEYGEN_REQUEST);
-
-        X509CertInfo info =
-                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
-
-        if (keygen_request_type == null) {
-            CMS.debug("KeyGenInput: populate - invalid cert request type " +
-                    "");
-            throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
-                            ""));
-        }
-        if (keygen_request == null) {
-            CMS.debug("KeyGenInput: populate - invalid certificate request");
-            throw new EProfileException(CMS.getUserMessage(
-                        getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-        }
-        if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) {
-            PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request);
-
-            if (pkcs10 == null) {
-                throw new EProfileException(CMS.getUserMessage(
-                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-            }
-
-            mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);
-        } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) {
-            DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request);
-
-            if (keygen == null) {
-                throw new EProfileException(CMS.getUserMessage(
-                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-            }
-
-            mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request);
-        } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) {
-            CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request);
-
-            if (msgs == null) {
-                throw new EProfileException(CMS.getUserMessage(
-                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-            }
-            for (int x = 0; x < msgs.length; x++) {
-                verifyPOP(getLocale(request), msgs[x]);
-            }
-            // This profile only handle the first request in CRMF
-            Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
-
-            mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request);
-        } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) {
-            TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), keygen_request);
-
-            if (msgs == null) {
-                throw new EProfileException(CMS.getUserMessage(
-                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-            }
-            // This profile only handle the first request in CRMF
-            Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
-
-            if (seqNum == null) {
-                throw new EProfileException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
-            }
-
-            mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request);
-        } else {
-            // error
-            CMS.debug("DualKeyGenInput: populate - " +
-                    "invalid cert request type " + keygen_request_type);
-            throw new EProfileException(CMS.getUserMessage(
-                        getLocale(request),
-                        "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
-                        keygen_request_type));
-        }
-        request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) {
-            return new Descriptor(IDescriptor.KEYGEN_REQUEST_TYPE, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE"));
-        } else if (name.equals(VAL_KEYGEN_REQUEST)) {
-            return new Descriptor(IDescriptor.KEYGEN_REQUEST, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ"));
-        }
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java b/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java
deleted file mode 100644
index c2566139a..000000000
--- a/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java
+++ /dev/null
@@ -1,89 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.input;
-
-import java.util.Locale;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements the serial number input
- * for renewal
- * <p>
- *
- * @author Christina Fu
- */
-public class SerialNumRenewInput extends EnrollInput implements IProfileInput {
-
-    public static final String SERIAL_NUM = "serial_num";
-
-    public SerialNumRenewInput() {
-        addValueName(SERIAL_NUM);
-    }
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SERIAL_NUM_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SERIAL_NUM_TEXT");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-        //
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(SERIAL_NUM)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SERIAL_NUM_NAME"));
-        }
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/input/SigningKeyGenInput.java b/base/common/src/com/netscape/cms/profile/input/SigningKeyGenInput.java
deleted file mode 100644
index 6ee2fd42e..000000000
--- a/base/common/src/com/netscape/cms/profile/input/SigningKeyGenInput.java
+++ /dev/null
@@ -1,189 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.input;
-
-import java.util.Locale;
-
-import netscape.security.pkcs.PKCS10;
-import netscape.security.util.DerInputStream;
-import netscape.security.x509.X509CertInfo;
-
-import org.mozilla.jss.pkix.cmc.TaggedRequest;
-import org.mozilla.jss.pkix.crmf.CertReqMsg;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.common.EnrollProfile;
-
-/**
- * This class implements the key generation input that
- * populates parameters to the enrollment page for
- * key generation.
- * <p>
- *
- * This input normally is used with user-based or non certificate request profile.
- * <p>
- *
- * @version $Revision$, $Date$
- */
-public class SigningKeyGenInput extends EnrollInput implements IProfileInput {
-
-    public static final String VAL_KEYGEN_REQUEST_TYPE =
-            EnrollProfile.CTX_CERT_REQUEST_TYPE;
-    public static final String VAL_KEYGEN_REQUEST =
-            EnrollProfile.CTX_CERT_REQUEST;
-
-    public EnrollProfile mEnrollProfile = null;
-
-    public SigningKeyGenInput() {
-        addValueName(VAL_KEYGEN_REQUEST_TYPE);
-        addValueName(VAL_KEYGEN_REQUEST);
-    }
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-        mEnrollProfile = (EnrollProfile) profile;
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SIGN_KEY_GEN_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SIGN_KEY_GEN_TEXT");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-        String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE);
-        String keygen_request = ctx.get(VAL_KEYGEN_REQUEST);
-
-        X509CertInfo info =
-                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
-
-        if (keygen_request_type == null) {
-            CMS.debug("SigningKeyGenInput: populate - invalid cert request type " +
-                    "");
-            throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
-                            ""));
-        }
-        if (keygen_request == null) {
-            CMS.debug("SigningKeyGenInput: populate - invalid certificate request");
-            throw new EProfileException(CMS.getUserMessage(
-                        getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-        }
-        if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) {
-            PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request);
-
-            if (pkcs10 == null) {
-                throw new EProfileException(CMS.getUserMessage(
-                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-            }
-
-            mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);
-        } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) {
-            DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request);
-
-            if (keygen == null) {
-                throw new EProfileException(CMS.getUserMessage(
-                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-            }
-
-            mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request);
-        } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) {
-            CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request);
-
-            if (msgs == null) {
-                throw new EProfileException(CMS.getUserMessage(
-                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-            }
-            for (int x = 0; x < msgs.length; x++) {
-                verifyPOP(getLocale(request), msgs[x]);
-            }
-            // This profile only handle the first request in CRMF
-            Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
-
-            mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request);
-        } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) {
-            TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), keygen_request);
-
-            if (msgs == null) {
-                throw new EProfileException(CMS.getUserMessage(
-                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
-            }
-            // This profile only handle the first request in CRMF
-            Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
-
-            if (seqNum == null) {
-                throw new EProfileException(
-                        CMS.getUserMessage(getLocale(request),
-                                "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
-            }
-
-            mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request);
-        } else {
-            // error
-            CMS.debug("SigningKeyGenInput: populate - " +
-                    "invalid cert request type " + keygen_request_type);
-            throw new EProfileException(CMS.getUserMessage(
-                        getLocale(request),
-                        "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
-                        keygen_request_type));
-        }
-        request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) {
-            return new Descriptor(IDescriptor.SIGN_KEYGEN_REQUEST_TYPE, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE"));
-        } else if (name.equals(VAL_KEYGEN_REQUEST)) {
-            return new Descriptor(IDescriptor.SIGN_KEYGEN_REQUEST, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ"));
-        }
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java b/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java
deleted file mode 100644
index a12351f8a..000000000
--- a/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java
+++ /dev/null
@@ -1,142 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.input;
-
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.common.EnrollProfile;
-
-/**
- * This plugin accepts subject DN from end user.
- */
-public class SubjectDNInput extends EnrollInput implements IProfileInput {
-
-    public static final String VAL_SUBJECT = "subject";
-
-    public SubjectDNInput() {
-    }
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT");
-    }
-
-    public String getConfig(String name) {
-        String config = super.getConfig(name);
-        if (config == null || config.equals(""))
-            return "true";
-        return config;
-    }
-
-    /**
-     * Returns selected value names based on the configuration.
-     */
-    public Enumeration<String> getValueNames() {
-        Vector<String> v = new Vector<String>();
-        v.addElement(VAL_SUBJECT);
-        return v.elements();
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-        X509CertInfo info =
-                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
-        String subjectName = "";
-
-        subjectName = ctx.get(VAL_SUBJECT);
-        if (subjectName.equals("")) {
-            throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
-        }
-        X500Name name = null;
-
-        try {
-            name = new X500Name(subjectName);
-        } catch (Exception e) {
-            throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName));
-        }
-        parseSubjectName(name, info, request);
-        request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        return null;
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_SUBJECT)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME"));
-        }
-        return null;
-    }
-
-    protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req)
-            throws EProfileException {
-        try {
-            req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME,
-                    new CertificateSubjectName(subj));
-        } catch (Exception e) {
-            CMS.debug("SubjectNameInput: parseSubject Name " +
-                    e.toString());
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java b/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java
deleted file mode 100644
index 2c0de4486..000000000
--- a/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java
+++ /dev/null
@@ -1,382 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.input;
-
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.common.EnrollProfile;
-
-/**
- * This class implements the subject name input
- * that populates text fields to the enrollment
- * page so that distinguished name parameters
- * can be collected from the user.
- * <p>
- * The collected parameters could be used for fomulating the subject name in the certificate.
- * <p>
- *
- * @version $Revision$, $Date$
- */
-public class SubjectNameInput extends EnrollInput implements IProfileInput {
-
-    public static final String CONFIG_UID = "sn_uid";
-    public static final String CONFIG_EMAIL = "sn_e";
-    public static final String CONFIG_CN = "sn_cn";
-    public static final String CONFIG_OU3 = "sn_ou3";
-    public static final String CONFIG_OU2 = "sn_ou2";
-    public static final String CONFIG_OU1 = "sn_ou1";
-    public static final String CONFIG_OU = "sn_ou";
-    public static final String CONFIG_O = "sn_o";
-    public static final String CONFIG_C = "sn_c";
-
-    public static final String VAL_UID = "sn_uid";
-    public static final String VAL_EMAIL = "sn_e";
-    public static final String VAL_CN = "sn_cn";
-    public static final String VAL_OU3 = "sn_ou3";
-    public static final String VAL_OU2 = "sn_ou2";
-    public static final String VAL_OU1 = "sn_ou1";
-    public static final String VAL_OU = "sn_ou";
-    public static final String VAL_O = "sn_o";
-    public static final String VAL_C = "sn_c";
-
-    public SubjectNameInput() {
-        addConfigName(CONFIG_UID);
-        addConfigName(CONFIG_EMAIL);
-        addConfigName(CONFIG_CN);
-        addConfigName(CONFIG_OU3);
-        addConfigName(CONFIG_OU2);
-        addConfigName(CONFIG_OU1);
-        addConfigName(CONFIG_OU);
-        addConfigName(CONFIG_O);
-        addConfigName(CONFIG_C);
-    }
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT");
-    }
-
-    public String getConfig(String name) {
-        String config = super.getConfig(name);
-        if (config == null || config.equals(""))
-            return "true";
-        return config;
-    }
-
-    /**
-     * Returns selected value names based on the configuration.
-     */
-    public Enumeration<String> getValueNames() {
-        Vector<String> v = new Vector<String>();
-        String c_uid = getConfig(CONFIG_UID);
-        if (c_uid == null || c_uid.equals("")) {
-            v.addElement(VAL_UID); // default case
-        } else {
-            if (c_uid.equals("true")) {
-                v.addElement(VAL_UID);
-            }
-        }
-        String c_email = getConfig(CONFIG_EMAIL);
-        if (c_email == null || c_email.equals("")) {
-            v.addElement(VAL_EMAIL);
-        } else {
-            if (c_email.equals("true")) {
-                v.addElement(VAL_EMAIL);
-            }
-        }
-        String c_cn = getConfig(CONFIG_CN);
-        if (c_cn == null || c_cn.equals("")) {
-            v.addElement(VAL_CN);
-        } else {
-            if (c_cn.equals("true")) {
-                v.addElement(VAL_CN);
-            }
-        }
-        String c_ou3 = getConfig(CONFIG_OU3);
-        if (c_ou3 == null || c_ou3.equals("")) {
-            v.addElement(VAL_OU3);
-        } else {
-            if (c_ou3.equals("true")) {
-                v.addElement(VAL_OU3);
-            }
-        }
-        String c_ou2 = getConfig(CONFIG_OU2);
-        if (c_ou2 == null || c_ou2.equals("")) {
-            v.addElement(VAL_OU2);
-        } else {
-            if (c_ou2.equals("true")) {
-                v.addElement(VAL_OU2);
-            }
-        }
-        String c_ou1 = getConfig(CONFIG_OU1);
-        if (c_ou1 == null || c_ou1.equals("")) {
-            v.addElement(VAL_OU1);
-        } else {
-            if (c_ou1.equals("true")) {
-                v.addElement(VAL_OU1);
-            }
-        }
-        String c_ou = getConfig(CONFIG_OU);
-        if (c_ou == null || c_ou.equals("")) {
-            v.addElement(VAL_OU);
-        } else {
-            if (c_ou.equals("true")) {
-                v.addElement(VAL_OU);
-            }
-        }
-        String c_o = getConfig(CONFIG_O);
-        if (c_o == null || c_o.equals("")) {
-            v.addElement(VAL_O);
-        } else {
-            if (c_o.equals("true")) {
-                v.addElement(VAL_O);
-            }
-        }
-        String c_c = getConfig(CONFIG_C);
-        if (c_c == null || c_c.equals("")) {
-            v.addElement(VAL_C);
-        } else {
-            if (c_c.equals("true")) {
-                v.addElement(VAL_C);
-            }
-        }
-        return v.elements();
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-        X509CertInfo info =
-                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
-        String subjectName = "";
-
-        String uid = ctx.get(VAL_UID);
-
-        if (uid != null && !uid.equals("")) {
-            subjectName += "UID=" + uid;
-        }
-        String email = ctx.get(VAL_EMAIL);
-
-        if (email != null && !email.equals("")) {
-            if (!subjectName.equals("")) {
-                subjectName += ",";
-            }
-            subjectName += "E=" + email;
-        }
-        String cn = ctx.get(VAL_CN);
-
-        if (cn != null && !cn.equals("")) {
-            if (!subjectName.equals("")) {
-                subjectName += ",";
-            }
-            subjectName += "CN=" + cn;
-        }
-        String ou3 = ctx.get(VAL_OU3);
-        if (ou3 != null && !ou3.equals("")) {
-            if (!subjectName.equals("")) {
-                subjectName += ",";
-            }
-            subjectName += "OU=" + ou3;
-        }
-        String ou2 = ctx.get(VAL_OU2);
-        if (ou2 != null && !ou2.equals("")) {
-            if (!subjectName.equals("")) {
-                subjectName += ",";
-            }
-            subjectName += "OU=" + ou2;
-        }
-        String ou1 = ctx.get(VAL_OU1);
-        if (ou1 != null && !ou1.equals("")) {
-            if (!subjectName.equals("")) {
-                subjectName += ",";
-            }
-            subjectName += "OU=" + ou1;
-        }
-        String ou = ctx.get(VAL_OU);
-        if (ou != null && !ou.equals("")) {
-            if (!subjectName.equals("")) {
-                subjectName += ",";
-            }
-            subjectName += "OU=" + ou;
-        }
-        String o = ctx.get(VAL_O);
-
-        if (o != null && !o.equals("")) {
-            if (!subjectName.equals("")) {
-                subjectName += ",";
-            }
-            subjectName += "O=" + o;
-        }
-        String c = ctx.get(VAL_C);
-
-        if (c != null && !c.equals("")) {
-            if (!subjectName.equals("")) {
-                subjectName += ",";
-            }
-            subjectName += "C=" + c;
-        }
-        if (subjectName.equals("")) {
-            throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
-        }
-        X500Name name = null;
-
-        try {
-            name = new X500Name(subjectName);
-        } catch (Exception e) {
-            throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName));
-        }
-        parseSubjectName(name, info, request);
-        request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        if (name.equals(CONFIG_UID)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "true",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SN_UID"));
-        } else if (name.equals(CONFIG_EMAIL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "true",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SN_UID"));
-        } else if (name.equals(CONFIG_CN)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "true",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SN_CN"));
-        } else if (name.equals(CONFIG_OU3)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "true",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU"));
-        } else if (name.equals(CONFIG_OU2)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "true",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU"));
-        } else if (name.equals(CONFIG_OU1)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "true",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU"));
-        } else if (name.equals(CONFIG_OU)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "true",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU"));
-        } else if (name.equals(CONFIG_O)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "true",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SN_O"));
-        } else if (name.equals(CONFIG_C)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "true",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SN_C"));
-        } else {
-            return null;
-        }
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_UID)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SN_UID"));
-        } else if (name.equals(VAL_EMAIL)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SN_EMAIL"));
-        } else if (name.equals(VAL_CN)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SN_CN"));
-        } else if (name.equals(VAL_OU3)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU") + " 3");
-        } else if (name.equals(VAL_OU2)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU") + " 2");
-        } else if (name.equals(VAL_OU1)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU") + " 1");
-        } else if (name.equals(VAL_OU)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU"));
-        } else if (name.equals(VAL_O)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SN_O"));
-        } else if (name.equals(VAL_C)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_SN_C"));
-        }
-        return null;
-    }
-
-    protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req)
-            throws EProfileException {
-        try {
-            req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME,
-                    new CertificateSubjectName(subj));
-        } catch (Exception e) {
-            CMS.debug("SubjectNameInput: parseSubject Name " +
-                    e.toString());
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java b/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java
deleted file mode 100644
index e15e13e91..000000000
--- a/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java
+++ /dev/null
@@ -1,102 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.input;
-
-import java.util.Locale;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements the submitter information
- * input that collects certificate requestor's
- * information such as name, email and phone.
- * <p>
- *
- * @version $Revision$, $Date$
- */
-public class SubmitterInfoInput extends EnrollInput implements IProfileInput {
-
-    public static final String NAME = "requestor_name";
-    public static final String EMAIL = "requestor_email";
-    public static final String PHONE = "requestor_phone";
-
-    public SubmitterInfoInput() {
-        addValueName(NAME);
-        addValueName(EMAIL);
-        addValueName(PHONE);
-    }
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBMITTER_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBMITTER_TEXT");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-        //
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(NAME)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_REQUESTOR_NAME"));
-        } else if (name.equals(EMAIL)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_REQUESTOR_EMAIL"));
-        } else if (name.equals(PHONE)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_REQUESTOR_PHONE"));
-        }
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java b/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java
deleted file mode 100644
index 15f296a9e..000000000
--- a/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java
+++ /dev/null
@@ -1,160 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.input;
-
-import java.util.Locale;
-
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.common.EnrollProfile;
-
-/**
- * This class implements the certificate request input from TPS.
- * This input populates 2 main fields to the enrollment "page":
- * 1/ token cuid, 2/ publickey
- * <p>
- *
- * This input usually is used by an enrollment profile for certificate requests coming from TPS.
- *
- * @version $Revision$, $Date$
- */
-public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput {
-    public static final String VAL_TOKEN_CUID = "tokencuid";
-    public static final String VAL_PUBLIC_KEY = "publickey";
-
-    public EnrollProfile mEnrollProfile = null;
-
-    public nsHKeyCertReqInput() {
-        addValueName(VAL_TOKEN_CUID);
-        addValueName(VAL_PUBLIC_KEY);
-    }
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-
-        mEnrollProfile = (EnrollProfile) profile;
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT");
-    }
-
-    /*
-     * Pretty print token cuid
-     */
-    public String toPrettyPrint(String cuid) {
-        if (cuid == null)
-            return null;
-
-        if (cuid.length() != 20)
-            return null;
-
-        StringBuffer sb = new StringBuffer();
-        for (int i = 0; i < cuid.length(); i++) {
-            if (i == 4 || i == 8 || i == 12 || i == 16) {
-                sb.append("-");
-            }
-            sb.append(cuid.charAt(i));
-        }
-        return sb.toString();
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-        String tcuid = ctx.get(VAL_TOKEN_CUID);
-        // pretty print tcuid
-        String prettyPrintCuid = toPrettyPrint(tcuid);
-        if (prettyPrintCuid == null) {
-            throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_TOKENKEY_NO_TOKENCUID",
-                            ""));
-        }
-
-        request.setExtData("pretty_print_tokencuid", prettyPrintCuid);
-
-        String pk = ctx.get(VAL_PUBLIC_KEY);
-        X509CertInfo info =
-                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
-
-        if (tcuid == null) {
-            CMS.debug("nsHKeyCertReqInput: populate - tokencuid not found " +
-                    "");
-            throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_TOKENKEY_NO_TOKENCUID",
-                            ""));
-        }
-        if (pk == null) {
-            CMS.debug("nsHKeyCertReqInput: populate - public key not found " +
-                    "");
-            throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY",
-                            ""));
-        }
-
-        mEnrollProfile.fillNSHKEY(getLocale(request), tcuid, pk, info, request);
-        request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_TOKEN_CUID)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TOKEN_CUID"));
-        } else if (name.equals(VAL_PUBLIC_KEY)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK"));
-        }
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java b/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java
deleted file mode 100644
index f14df1a80..000000000
--- a/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java
+++ /dev/null
@@ -1,129 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.input;
-
-import java.util.Locale;
-
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.common.EnrollProfile;
-
-/**
- * This class implements the certificate request input from TPS.
- * This input populates 2 main fields to the enrollment "page":
- * 1/ id, 2/ publickey
- * <p>
- *
- * This input usually is used by an enrollment profile for certificate requests coming from TPS.
- *
- * @version $Revision$, $Date$
- */
-public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput {
-    public static final String VAL_SN = "screenname";
-    public static final String VAL_PUBLIC_KEY = "publickey";
-
-    public EnrollProfile mEnrollProfile = null;
-
-    public nsNKeyCertReqInput() {
-        addValueName(VAL_SN);
-        addValueName(VAL_PUBLIC_KEY);
-    }
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-
-        mEnrollProfile = (EnrollProfile) profile;
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-        String sn = ctx.get(VAL_SN);
-        String pk = ctx.get(VAL_PUBLIC_KEY);
-        X509CertInfo info =
-                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
-
-        if (sn == null) {
-            CMS.debug("nsNKeyCertReqInput: populate - id not found " +
-                    "");
-            throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_TOKENKEY_NO_ID",
-                            ""));
-        }
-        if (pk == null) {
-            CMS.debug("nsNKeyCertReqInput: populate - public key not found " +
-                    "");
-            throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY",
-                            ""));
-        }
-
-        mEnrollProfile.fillNSNKEY(getLocale(request), sn, pk, info, request);
-        request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_SN)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_UID"));
-        } else if (name.equals(VAL_PUBLIC_KEY)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK"));
-        }
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java b/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java
deleted file mode 100644
index 9c04e6962..000000000
--- a/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java
+++ /dev/null
@@ -1,161 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.output;
-
-import java.io.ByteArrayOutputStream;
-import java.security.cert.X509Certificate;
-import java.util.Locale;
-
-import netscape.security.x509.CertificateChain;
-import netscape.security.x509.X509CertImpl;
-
-import org.mozilla.jss.asn1.INTEGER;
-import org.mozilla.jss.pkix.cmmf.CertOrEncCert;
-import org.mozilla.jss.pkix.cmmf.CertRepContent;
-import org.mozilla.jss.pkix.cmmf.CertResponse;
-import org.mozilla.jss.pkix.cmmf.CertifiedKeyPair;
-import org.mozilla.jss.pkix.cmmf.PKIStatusInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.ICertPrettyPrint;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileOutput;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.common.EnrollProfile;
-
-/**
- * This class implements the output plugin that outputs
- * CMMF response for the issued certificate.
- *
- * @version $Revision$, $Date$
- */
-public class CMMFOutput extends EnrollOutput implements IProfileOutput {
-
-    public static final String VAL_PRETTY_CERT = "pretty_cert";
-    public static final String VAL_CMMF_RESPONSE = "cmmf_response";
-
-    public CMMFOutput() {
-        addValueName(VAL_PRETTY_CERT);
-        addValueName(VAL_CMMF_RESPONSE);
-    }
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_TEXT");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_PRETTY_CERT)) {
-            return new Descriptor(IDescriptor.PRETTY_PRINT, null,
-                    null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_OUTPUT_CERT_PP"));
-        } else if (name.equals(VAL_CMMF_RESPONSE)) {
-            return new Descriptor(IDescriptor.PRETTY_PRINT, null,
-                    null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_OUTPUT_CMMF_B64"));
-        }
-        return null;
-    }
-
-    public String getValue(String name, Locale locale, IRequest request)
-            throws EProfileException {
-        if (name.equals(VAL_PRETTY_CERT)) {
-            X509CertImpl cert = request.getExtDataInCert(
-                    EnrollProfile.REQUEST_ISSUED_CERT);
-            ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert);
-
-            return prettyCert.toString(locale);
-        } else if (name.equals(VAL_CMMF_RESPONSE)) {
-            try {
-                X509CertImpl cert = request.getExtDataInCert(
-                        EnrollProfile.REQUEST_ISSUED_CERT);
-                if (cert == null)
-                    return null;
-
-                ICertificateAuthority ca = (ICertificateAuthority)
-                        CMS.getSubsystem("ca");
-                CertificateChain cachain = ca.getCACertChain();
-                X509Certificate[] cacerts = cachain.getChain();
-
-                byte[][] caPubs = new byte[cacerts.length][];
-
-                for (int j = 0; j < cacerts.length; j++) {
-                    caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded();
-                }
-
-                CertRepContent certRepContent = null;
-                certRepContent = new CertRepContent(caPubs);
-
-                PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted);
-                CertifiedKeyPair certifiedKP =
-                        new CertifiedKeyPair(new CertOrEncCert(cert.getEncoded()));
-                CertResponse resp =
-                        new CertResponse(new INTEGER(request.getRequestId().toString()),
-                                status, certifiedKP);
-                certRepContent.addCertResponse(resp);
-
-                ByteArrayOutputStream certRepOut = new ByteArrayOutputStream();
-                certRepContent.encode(certRepOut);
-                byte[] certRepBytes = certRepOut.toByteArray();
-
-                return CMS.BtoA(certRepBytes);
-            } catch (Exception e) {
-                return null;
-            }
-        } else {
-            return null;
-        }
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/profile/output/CertOutput.java b/base/common/src/com/netscape/cms/profile/output/CertOutput.java
deleted file mode 100644
index a556d4a44..000000000
--- a/base/common/src/com/netscape/cms/profile/output/CertOutput.java
+++ /dev/null
@@ -1,120 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.output;
-
-import java.util.Locale;
-
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.ICertPrettyPrint;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileOutput;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.common.EnrollProfile;
-
-/**
- * This class implements the pretty print certificate output
- * that displays the issued certificate in a pretty print format.
- *
- * @version $Revision$, $Date$
- */
-public class CertOutput extends EnrollOutput implements IProfileOutput {
-    public static final String VAL_PRETTY_CERT = "pretty_cert";
-    public static final String VAL_B64_CERT = "b64_cert";
-
-    public CertOutput() {
-        addValueName(VAL_PRETTY_CERT);
-        addValueName(VAL_B64_CERT);
-    }
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_TEXT");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_PRETTY_CERT)) {
-            return new Descriptor(IDescriptor.PRETTY_PRINT, null,
-                    null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_OUTPUT_CERT_PP"));
-        } else if (name.equals(VAL_B64_CERT)) {
-            return new Descriptor(IDescriptor.PRETTY_PRINT, null,
-                    null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_OUTPUT_CERT_B64"));
-        }
-        return null;
-    }
-
-    public String getValue(String name, Locale locale, IRequest request)
-            throws EProfileException {
-        if (name.equals(VAL_PRETTY_CERT)) {
-            X509CertImpl cert = request.getExtDataInCert(
-                    EnrollProfile.REQUEST_ISSUED_CERT);
-            if (cert == null)
-                return null;
-            ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert);
-
-            return prettyCert.toString(locale);
-        } else if (name.equals(VAL_B64_CERT)) {
-            X509CertImpl cert = request.getExtDataInCert(
-                    EnrollProfile.REQUEST_ISSUED_CERT);
-            if (cert == null)
-                return null;
-            return CMS.getEncodedCert(cert);
-        } else {
-            return null;
-        }
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java b/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java
deleted file mode 100644
index 06c940e8c..000000000
--- a/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java
+++ /dev/null
@@ -1,134 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.output;
-
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileOutput;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * This class implements the basic enrollment output.
- *
- * @version $Revision$, $Date$
- */
-public abstract class EnrollOutput implements IProfileOutput {
-    private IConfigStore mConfig = null;
-    private Vector<String> mValueNames = new Vector<String>();
-    protected Vector<String> mConfigNames = new Vector<String>();
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        mConfig = config;
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    public void addValueName(String name) {
-        mValueNames.addElement(name);
-    }
-
-    /**
-     * Populates the request with this policy default.
-     *
-     * @param ctx profile context
-     * @param request request
-     * @exception EProfileException failed to populate
-     */
-    public abstract void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException;
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     *
-     * @param locale user locale
-     * @param name property name
-     * @return property descriptor
-     */
-    public abstract IDescriptor getValueDescriptor(Locale locale, String name);
-
-    /**
-     * Retrieves the localizable name of this policy.
-     *
-     * @param locale user locale
-     * @return output policy name
-     */
-    public abstract String getName(Locale locale);
-
-    /**
-     * Retrieves the localizable description of this policy.
-     *
-     * @param locale user locale
-     * @return output policy description
-     */
-    public abstract String getText(Locale locale);
-
-    /**
-     * Retrieves a list of names of the value parameter.
-     */
-    public Enumeration<String> getValueNames() {
-        return mValueNames.elements();
-    }
-
-    public String getValue(String name, Locale locale, IRequest request)
-            throws EProfileException {
-        return request.getExtDataInString(name);
-    }
-
-    /**
-     * Sets the value of the given value parameter by name.
-     */
-    public void setValue(String name, Locale locale, IRequest request,
-            String value) throws EPropertyException {
-        request.setExtData(name, value);
-    }
-
-    public Enumeration<String> getConfigNames() {
-        return mConfigNames.elements();
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        return null;
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-    }
-
-    public String getConfig(String name) {
-        return null;
-    }
-
-    public String getDefaultConfig(String name) {
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java b/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java
deleted file mode 100644
index c412eb2fd..000000000
--- a/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java
+++ /dev/null
@@ -1,158 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.output;
-
-import java.io.ByteArrayOutputStream;
-import java.security.cert.X509Certificate;
-import java.util.Locale;
-
-import netscape.security.pkcs.ContentInfo;
-import netscape.security.pkcs.PKCS7;
-import netscape.security.pkcs.SignerInfo;
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.CertificateChain;
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.ICertPrettyPrint;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileOutput;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.common.EnrollProfile;
-
-/**
- * This class implements the output plugin that outputs
- * PKCS7 for the issued certificate.
- *
- * @version $Revision$, $Date$
- */
-public class PKCS7Output extends EnrollOutput implements IProfileOutput {
-
-    public static final String VAL_PRETTY_CERT = "pretty_cert";
-    public static final String VAL_PKCS7 = "pkcs7";
-
-    public PKCS7Output() {
-        addValueName(VAL_PRETTY_CERT);
-        addValueName(VAL_PKCS7);
-    }
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_TEXT");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_PRETTY_CERT)) {
-            return new Descriptor(IDescriptor.PRETTY_PRINT, null,
-                    null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_OUTPUT_CERT_PP"));
-        } else if (name.equals(VAL_PKCS7)) {
-            return new Descriptor(IDescriptor.PRETTY_PRINT, null,
-                    null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_OUTPUT_PKCS7_B64"));
-        }
-        return null;
-    }
-
-    public String getValue(String name, Locale locale, IRequest request)
-            throws EProfileException {
-        if (name.equals(VAL_PRETTY_CERT)) {
-            X509CertImpl cert = request.getExtDataInCert(
-                    EnrollProfile.REQUEST_ISSUED_CERT);
-            if (cert == null)
-                return null;
-            ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert);
-
-            return prettyCert.toString(locale);
-        } else if (name.equals(VAL_PKCS7)) {
-
-            try {
-                X509CertImpl cert = request.getExtDataInCert(
-                        EnrollProfile.REQUEST_ISSUED_CERT);
-                if (cert == null)
-                    return null;
-
-                ICertificateAuthority ca = (ICertificateAuthority)
-                        CMS.getSubsystem("ca");
-                CertificateChain cachain = ca.getCACertChain();
-                X509Certificate[] cacerts = cachain.getChain();
-
-                X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
-                int m = 1, n = 0;
-
-                for (; n < cacerts.length; m++, n++) {
-                    userChain[m] = (X509CertImpl) cacerts[n];
-                }
-
-                userChain[0] = cert;
-                PKCS7 p7 = new PKCS7(new AlgorithmId[0],
-                        new ContentInfo(new byte[0]),
-                        userChain,
-                        new SignerInfo[0]);
-                ByteArrayOutputStream bos = new ByteArrayOutputStream();
-
-                p7.encodeSignedData(bos);
-                byte[] p7Bytes = bos.toByteArray();
-                String p7Str = CMS.BtoA(p7Bytes);
-
-                return p7Str;
-            } catch (Exception e) {
-                return "";
-            }
-        } else {
-            return null;
-        }
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java b/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java
deleted file mode 100644
index 571022ad8..000000000
--- a/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java
+++ /dev/null
@@ -1,110 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.output;
-
-import java.util.Locale;
-
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileOutput;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.common.EnrollProfile;
-
-/**
- * This class implements the output plugin that outputs
- * DER for the issued certificate for token keys
- *
- * @version $Revision$, $Date$
- */
-public class nsNKeyOutput extends EnrollOutput implements IProfileOutput {
-
-    public static final String VAL_DER = "der";
-
-    public nsNKeyOutput() {
-        addValueName(VAL_DER);
-    }
-
-    /**
-     * Initializes this default policy.
-     */
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        super.init(profile, config);
-    }
-
-    /**
-     * Retrieves the localizable name of this policy.
-     */
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_TOKENKEY_NAME");
-    }
-
-    /**
-     * Retrieves the localizable description of this policy.
-     */
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_TOKENKEY_TEXT");
-    }
-
-    /**
-     * Populates the request with this policy default.
-     */
-    public void populate(IProfileContext ctx, IRequest request)
-            throws EProfileException {
-    }
-
-    /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     */
-    public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_DER)) {
-            return new Descriptor("der_b64", null,
-                    null,
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_OUTPUT_DER_B64"));
-        }
-        return null;
-    }
-
-    public String getValue(String name, Locale locale, IRequest request)
-            throws EProfileException {
-        if (name.equals(VAL_DER)) {
-
-            try {
-                X509CertImpl cert = request.getExtDataInCert(
-                        EnrollProfile.REQUEST_ISSUED_CERT);
-                if (cert == null)
-                    return null;
-                return CMS.BtoA(cert.getEncoded());
-            } catch (Exception e) {
-                return "";
-            }
-        } else {
-            return null;
-        }
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java b/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java
deleted file mode 100644
index b703f5b47..000000000
--- a/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java
+++ /dev/null
@@ -1,314 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.profile.updater;
-
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.ldap.LDAPException;
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileUpdater;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.certsrv.usrgrp.IGroup;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.certsrv.usrgrp.IUser;
-
-/**
- * This updater class will create the new user to the subsystem group and
- * then add the subsystem certificate to the user.
- *
- * @version $Revision$, $Date$
- */
-public class SubsystemGroupUpdater implements IProfileUpdater {
-
-    @SuppressWarnings("unused")
-    private IProfile mProfile;
-    private IConfigStore mConfig = null;
-    private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
-    private Vector<String> mConfigNames = new Vector<String>();
-
-    private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
-            "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
-
-    public SubsystemGroupUpdater() {
-    }
-
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
-        mConfig = config;
-        mProfile = profile;
-    }
-
-    public Enumeration<String> getConfigNames() {
-        return mConfigNames.elements();
-    }
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        return null;
-    }
-
-    public void setConfig(String name, String value)
-            throws EPropertyException {
-        if (mConfig.getSubStore("params") == null) {
-            //
-        } else {
-            mConfig.getSubStore("params").putString(name, value);
-        }
-    }
-
-    public String getConfig(String name) {
-        try {
-            if (mConfig == null) {
-                return null;
-            }
-            if (mConfig.getSubStore("params") != null) {
-                return mConfig.getSubStore("params").getString(name);
-            }
-        } catch (EBaseException e) {
-        }
-        return "";
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    public void update(IRequest req, RequestStatus status)
-            throws EProfileException {
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        CMS.debug("SubsystemGroupUpdater update starts");
-        if (status != req.getRequestStatus()) {
-            return;
-        }
-
-        X509CertImpl cert = req.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
-        if (cert == null)
-            return;
-
-        IConfigStore mainConfig = CMS.getConfigStore();
-
-        int num = 0;
-        try {
-            num = mainConfig.getInteger("subsystem.count", 0);
-        } catch (Exception e) {
-        }
-
-        IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
-
-        String requestor_name = "subsystem";
-        try {
-            requestor_name = req.getExtDataInString("requestor_name");
-        } catch (Exception e1) {
-            // ignore
-        }
-
-        // i.e. tps-1.2.3.4-4
-        String id = requestor_name;
-
-        num++;
-        mainConfig.putInteger("subsystem.count", num);
-
-        try {
-            mainConfig.commit(false);
-        } catch (Exception e) {
-        }
-        String auditParams = "Scope;;users+Operation;;OP_ADD+source;;SubsystemGroupUpdater" +
-                             "+Resource;;" + id +
-                             "+fullname;;" + id +
-                             "+state;;1" +
-                             "+userType;;agentType+email;;<null>+password;;<null>+phone;;<null>";
-
-        IUser user = null;
-        CMS.debug("SubsystemGroupUpdater adduser");
-        try {
-            user = system.createUser(id);
-            user.setFullName(id);
-            user.setEmail("");
-            user.setPassword("");
-            user.setUserType("agentType");
-            user.setState("1");
-            user.setPhone("");
-            X509CertImpl[] certs = new X509CertImpl[1];
-            certs[0] = cert;
-            user.setX509Certificates(certs);
-
-            system.addUser(user);
-            CMS.debug("SubsystemGroupUpdater update: successfully add the user");
-            auditMessage = CMS.getLogMessage(
-                               LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                               auditSubjectID,
-                               ILogger.SUCCESS,
-                               auditParams);
-            audit(auditMessage);
-
-            String b64 = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-            try {
-                byte[] certEncoded = cert.getEncoded();
-                b64 = CMS.BtoA(certEncoded).trim();
-
-                // extract all line separators
-                StringBuffer sb = new StringBuffer();
-                for (int i = 0; i < b64.length(); i++) {
-                    if (!Character.isWhitespace(b64.charAt(i))) {
-                        sb.append(b64.charAt(i));
-                    }
-                }
-                b64 = sb.toString();
-            } catch (Exception ence) {
-                CMS.debug("SubsystemGroupUpdater update: user cert encoding failed: " + ence);
-            }
-
-            auditParams = "Scope;;certs+Operation;;OP_ADD+source;;SubsystemGroupUpdater" +
-                             "+Resource;;" + id +
-                             "+cert;;" + b64;
-
-            system.addUserCert(user);
-            CMS.debug("SubsystemGroupUpdater update: successfully add the user certificate");
-            auditMessage = CMS.getLogMessage(
-                               LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                               auditSubjectID,
-                               ILogger.SUCCESS,
-                               auditParams);
-            audit(auditMessage);
-        } catch (LDAPException e) {
-            CMS.debug("UpdateSubsystemGroup: update " + e.toString());
-            if (e.getLDAPResultCode() != LDAPException.ENTRY_ALREADY_EXISTS) {
-                auditMessage = CMS.getLogMessage(
-                                   LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                                   auditSubjectID,
-                                   ILogger.FAILURE,
-                                   auditParams);
-                audit(auditMessage);
-                throw new EProfileException(e.toString());
-            }
-        } catch (Exception e) {
-            CMS.debug("UpdateSubsystemGroup: update addUser " + e.toString());
-            auditMessage = CMS.getLogMessage(
-                               LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                               auditSubjectID,
-                               ILogger.FAILURE,
-                               auditParams);
-            audit(auditMessage);
-            throw new EProfileException(e.toString());
-        }
-
-        IGroup group = null;
-        String groupName = "Subsystem Group";
-        auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;SubsystemGroupUpdater" +
-                      "+Resource;;" + groupName;
-
-        try {
-            group = system.getGroupFromName(groupName);
-
-            auditParams += "+user;;";
-            Enumeration<String> members = group.getMemberNames();
-            while (members.hasMoreElements()) {
-                auditParams += members.nextElement();
-                if (members.hasMoreElements()) {
-                    auditParams += ",";
-                }
-            }
-
-            if (!group.isMember(id)) {
-                auditParams += "," + id;
-                group.addMemberName(id);
-                system.modifyGroup(group);
-
-                auditMessage = CMS.getLogMessage(
-                               LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                               auditSubjectID,
-                               ILogger.SUCCESS,
-                               auditParams);
-                audit(auditMessage);
-
-                CMS.debug("UpdateSubsystemGroup: update: successfully added the user to the group.");
-            } else {
-                CMS.debug("UpdateSubsystemGroup: update: user already a member of the group");
-            }
-        } catch (Exception e) {
-            CMS.debug("UpdateSubsystemGroup update: modifyGroup " + e.toString());
-            auditMessage = CMS.getLogMessage(
-                               LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                               auditSubjectID,
-                               ILogger.FAILURE,
-                               auditParams);
-            audit(auditMessage);
-        }
-    }
-
-    public String getName(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_UPDATER_SUBSYSTEM_NAME");
-    }
-
-    public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_UPDATER_SUBSYSTEM_TEXT");
-    }
-
-    private void audit(String msg) {
-        if (mSignedAuditLogger == null) {
-            return;
-        }
-
-        mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-                null,
-                ILogger.S_SIGNED_AUDIT,
-                ILogger.LL_SECURITY,
-                msg);
-    }
-
-    private String auditSubjectID() {
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        String subjectID = null;
-
-        // Initialize subjectID
-        SessionContext auditContext = SessionContext.getExistingContext();
-
-        if (auditContext != null) {
-            subjectID = (String)
-                    auditContext.get(SessionContext.USER_ID);
-
-            if (subjectID != null) {
-                subjectID = subjectID.trim();
-            } else {
-                subjectID = ILogger.NONROLEUSER;
-            }
-        } else {
-            subjectID = ILogger.UNIDENTIFIED;
-        }
-        return subjectID;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java b/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java
deleted file mode 100644
index e612c339a..000000000
--- a/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java
+++ /dev/null
@@ -1,587 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-// package statement //
-///////////////////////
-
-package com.netscape.cms.publish.mappers;
-
-///////////////////////
-// import statements //
-///////////////////////
-
-/* cert server imports */
-import java.io.IOException;
-import java.io.PushbackReader;
-import java.io.StringReader;
-import java.util.Enumeration;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import netscape.ldap.LDAPDN;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.Extension;
-import netscape.security.x509.GeneralName;
-import netscape.security.x509.GeneralNameInterface;
-import netscape.security.x509.GeneralNames;
-import netscape.security.x509.OIDMap;
-import netscape.security.x509.SubjectAlternativeNameExtension;
-import netscape.security.x509.X500Name;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.publish.ECompSyntaxErr;
-import com.netscape.certsrv.request.IRequest;
-
-//////////////////////
-// class definition //
-//////////////////////
-
-/**
- * avaPattern is a string representing an ldap
- * attribute formulated from the certificate
- * subject name, extension or request attributes.
- * <p>
- *
- * The syntax is
- *
- * <pre>
- *     avaPattern := constant-value |
- *                   "$subj" "." attrName [ "." attrNumber ] |
- *                   "$req" "." [ prefix .] attrName [ "." attrNumber ] |
- *                   "$ext" "." extName [ "." nameType ] [ "." attrNumber ]
- * </pre>
- *
- * <pre>
- * Example: <i>$ext.SubjectAlternativeName.RFC822Name.1</i>
- * cert subjectAltName is rfc822Name: jjames@mcom.com
- * <p>
- * The ldap attribute formulated will be : <br>
- *     jjames@mcom.com
- * <p>
- *     The first rfc822name value in the subjAltName extension.  <br>
- * <p>
- * </pre>
- *
- * If a request attribute or subject DN component does not exist, the attribute is skipped.
- *
- * @version $Revision$, $Date$
- */
-class AVAPattern {
-    ////////////////
-    // parameters //
-    ////////////////
-
-    /* the value type of the dn component */
-    public static final String TYPE_REQ = "$req";
-    public static final String TYPE_SUBJ = "$subj";
-    public static final String TYPE_EXT = "$ext";
-    public static final String TYPE_CONSTANT = "constant";
-
-    public static final String[] GENERAL_NAME_TYPE = { "ANY",
-            "RFC822Name",
-            "DNSName",
-            "X400Name",
-            "DIRECTORYName",
-            "EDIName",
-            "URIName",
-            "IPAddress",
-            "OIDName" };
-
-    /* the list of request attributes needed by this AVA  */
-    protected String[] mReqAttrs = null;
-
-    /* the list of cert attributes needed by this AVA*/
-    protected String[] mCertAttrs = null;
-
-    /* value type */
-    protected String mType = null;
-
-    /* value - could be name of a request  attribute or
-     * cert subject attribute or extension name.
-     */
-    protected String mValue = null;
-
-    /* value type - general name type of an
-     *              extension attribute if any.
-     */
-    protected String mGNType = null;
-
-    /* prefix - prefix of a request attribute if any. */
-    protected String mPrefix = null;
-
-    /* nth value of the ldap or dn attribute */
-    protected int mElement = 0;
-
-    protected String mTestDN = null;
-
-    /////////////
-    // methods //
-    /////////////
-
-    public AVAPattern(String component)
-            throws ELdapException {
-        if (component == null || component.length() == 0) {
-            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component));
-        }
-
-        parse(new PushbackReader(new StringReader(component)));
-    }
-
-    public AVAPattern(PushbackReader in)
-            throws ELdapException {
-        parse(in);
-    }
-
-    private void parse(PushbackReader in)
-            throws ELdapException {
-        int c;
-
-        // skip spaces
-        //System.out.println("============ AVAPattern Begin ===========");
-        //System.out.println("skip spaces");
-
-        try {
-            while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces read "+(char)c);
-                ;
-            }
-        } catch (IOException e) {
-            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
-        }
-
-        if (c == -1) {
-            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
-        }
-
-        if (c == '$') {
-            // check for $subj $ext or $req
-            try {
-                c = in.read();
-            } catch (IOException e) {
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-            }
-
-            if (c == -1) {
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                            "expecting $subj $ext or $req in ava pattern"));
-            }
-
-            if (c == 'r') {
-                try {
-                    if (in.read() != 'e' ||
-                            in.read() != 'q' ||
-                            in.read() != '.') {
-                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                                    "expecting $req in ava pattern"));
-                    }
-                } catch (IOException e) {
-                    throw new ELdapException(
-                            CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-                }
-
-                mType = TYPE_REQ;
-                //System.out.println("---- mtype $req");
-            } else if (c == 's') {
-                try {
-                    if (in.read() != 'u' ||
-                            in.read() != 'b' ||
-                            in.read() != 'j' ||
-                            in.read() != '.') {
-                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                                    "expecting $subj in ava pattern"));
-                    }
-                } catch (IOException e) {
-                    throw new ELdapException(
-                            CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-                }
-
-                mType = TYPE_SUBJ;
-                //System.out.println("----- mtype $subj");
-            } else if (c == 'e') {
-                try {
-                    if (in.read() != 'x' ||
-                            in.read() != 't' ||
-                            in.read() != '.') {
-                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                                    "expecting $ext in ava pattern"));
-                    }
-                } catch (IOException e) {
-                    throw new ELdapException(
-                            CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-                }
-
-                mType = TYPE_EXT;
-                //System.out.println("----- mtype $ext");
-            } else {
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                            "unknown keyword. expecting $subj $ext or $req."));
-            }
-
-            // get request attribute or
-            // cert subject or
-            // extension attribute
-
-            StringBuffer valueBuf = new StringBuffer();
-
-            try {
-                while ((c = in.read()) != ',' &&
-                        c != -1 && c != '.' && c != '+') {
-                    //System.out.println("mValue read "+(char)c);
-                    valueBuf.append((char) c);
-                }
-
-                if (c == '+' || c == ',') { // either ',' or '+'
-                    in.unread(c); // pushback last , or +
-                }
-            } catch (IOException e) {
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-            }
-
-            mValue = valueBuf.toString().trim();
-            if (mValue.length() == 0) {
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                            "$subj $ext or $req attribute name expected"));
-            }
-            //System.out.println("----- mValue "+mValue);
-
-            // get nth dn xxx not nth request attribute .
-            if (c == '.') {
-                StringBuffer attrNumberBuf = new StringBuffer();
-
-                try {
-                    while ((c = in.read()) != ',' && c != -1 && c != '.'
-                            && c != '+') {
-                        //System.out.println("mElement read "+(char)c);
-                        attrNumberBuf.append((char) c);
-                    }
-
-                    if (c == ',' || c == '+') { // either ','  or '+'
-                        in.unread(c); // pushback last , or +
-                    }
-                } catch (IOException e) {
-                    throw new ELdapException(
-                            CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-                }
-
-                String attrNumber = attrNumberBuf.toString().trim();
-
-                if (attrNumber.length() == 0) {
-                    throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                                "nth element $req $ext or $subj expected"));
-                }
-
-                try {
-                    mElement = Integer.parseInt(attrNumber) - 1;
-                } catch (NumberFormatException e) {
-
-                    if (TYPE_REQ.equals(mType)) {
-                        mPrefix = mValue;
-                        mValue = attrNumber;
-                    } else if (TYPE_EXT.equals(mType)) {
-                        mGNType = attrNumber;
-                    } else {
-                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                                    "Invalid format in nth element " +
-                                            "$req $ext or $subj"));
-                    }
-
-                    // get nth request attribute .
-                    if (c == '.') {
-                        StringBuffer attrNumberBuf1 = new StringBuffer();
-
-                        try {
-                            while ((c = in.read()) != ',' &&
-                                    c != -1 && c != '+') {
-                                //System.out.println("mElement read "+
-                                //                   (char)c);
-                                attrNumberBuf1.append((char) c);
-                            }
-
-                            if (c != -1) { // either ',' or '+'
-                                in.unread(c); // pushback last , or +
-                            }
-                        } catch (IOException ex) {
-                            throw new ELdapException(
-                                    CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", ex.toString()));
-                        }
-
-                        String attrNumber1 =
-                                attrNumberBuf1.toString().trim();
-
-                        if (attrNumber1.length() == 0) {
-                            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                                    "nth element $req or $ext expected"));
-                        }
-
-                        try {
-                            mElement = Integer.parseInt(attrNumber1) - 1;
-                        } catch (NumberFormatException ex) {
-                            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                                        "Invalid format in nth element " +
-                                                "$req or $ext."));
-                        }
-                    }
-                }
-            }
-            //System.out.println("----- mElement "+mElement);
-        } else {
-            // value is constant. treat as regular ava.
-            mType = TYPE_CONSTANT;
-
-            // parse ava value.
-            StringBuffer valueBuf = new StringBuffer();
-
-            valueBuf.append((char) c);
-
-            // read forward to get attribute value
-            try {
-                while ((c = in.read()) != ',' && c != -1) {
-                    valueBuf.append((char) c);
-                }
-
-                if (c == '+' || c == ',') { // either ',' or '+'
-                    in.unread(c); // pushback last , or +
-                }
-            } catch (IOException e) {
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-            }
-
-            mValue = valueBuf.toString().trim();
-
-            /*  try {
-             *      AVA ava = mLdapDNStrConverter.parseAVA(
-             *                    valueBuf.toString());
-             *      mValue = ava.toLdapDNString();
-             *      //System.out.println("----- mValue "+mValue);
-             *  } catch (IOException e) {
-             *      throw new ECompSyntaxErr(e.toString());
-             *  }
-             */
-        }
-    }
-
-    public String formAVA(IRequest req,
-            X500Name subject,
-            CertificateExtensions extensions)
-            throws ELdapException {
-        if (TYPE_CONSTANT.equals(mType)) {
-            return mValue;
-        }
-
-        if (TYPE_SUBJ.equals(mType)) {
-            String dn = subject.toString();
-
-            if (mTestDN != null) {
-                dn = mTestDN;
-            }
-
-            //System.out.println("AVAPattern Using dn "+mTestDN);
-            String[] rdns = LDAPDN.explodeDN(dn, false);
-
-            String value = null;
-
-            int nFound = -1;
-
-            for (int i = 0; i < rdns.length; i++) {
-                String[] avas = explodeRDN(rdns[i]);
-
-                for (int j = 0; j < avas.length; j++) {
-                    String[] exploded = explodeAVA(avas[j]);
-
-                    if (exploded[0].equalsIgnoreCase(mValue) &&
-                            ++nFound == mElement) {
-                        value = exploded[1];
-                        break;
-                    }
-                }
-            }
-
-            if (value == null) {
-                return null;
-            }
-
-            return value;
-        }
-
-        if (TYPE_EXT.equals(mType)) {
-
-            if (extensions != null) {
-
-                for (int i = 0; i < extensions.size(); i++) {
-                    Extension ext = extensions.elementAt(i);
-
-                    String extName =
-                            OIDMap.getName(ext.getExtensionId());
-
-                    int index = extName.lastIndexOf(".");
-
-                    if (index != -1) {
-                        extName = extName.substring(index + 1);
-                    }
-
-                    if (extName.equals(mValue)) {
-                        // Check the extensions one by one.
-                        // For now, just give subjectAltName
-                        // as an example.
-                        if (mValue.equalsIgnoreCase(
-                                SubjectAlternativeNameExtension.NAME)) {
-                            try {
-                                GeneralNames subjectNames = (GeneralNames)
-                                        ((SubjectAlternativeNameExtension)
-                                        ext).get(
-                                                SubjectAlternativeNameExtension.SUBJECT_NAME);
-
-                                if (subjectNames.size() == 0) {
-                                    break;
-                                }
-
-                                int j = 0;
-
-                                for (Enumeration<GeneralNameInterface> n =
-                                        subjectNames.elements(); n.hasMoreElements();) {
-
-                                    GeneralName gn = (GeneralName)
-                                            n.nextElement();
-
-                                    String gname = gn.toString();
-
-                                    index = gname.indexOf(":");
-
-                                    if (index == -1) {
-                                        break;
-                                    }
-
-                                    String gType =
-                                            gname.substring(0, index);
-
-                                    if (mGNType != null) {
-                                        if (mGNType.equalsIgnoreCase(gType)) {
-                                            if (mElement == j) {
-                                                gname =
-                                                        gname.substring(index + 2);
-                                                return gname;
-                                            } else {
-                                                j++;
-                                            }
-                                        }
-                                    } else {
-                                        if (mElement == j) {
-                                            gname =
-                                                    gname.substring(index + 2);
-                                            return gname;
-                                        }
-                                        j++;
-                                    }
-                                }
-                            } catch (IOException e) {
-                                CMS.debug(
-                                        "AVAPattern: Publishing attr not formed " +
-                                                "from extension " +
-                                                "-- no attr : " +
-                                                mValue);
-                            }
-                        }
-                    }
-                }
-            }
-
-            CMS.debug(
-                    "AVAPattern: Publishing:attr not formed " +
-                            "from extension " +
-                            "-- no attr : " +
-                            mValue);
-
-            return null;
-        }
-
-        if (TYPE_REQ.equals(mType)) {
-            // mPrefix and mValue are looked up case-insensitive
-            String reqAttr = req.getExtDataInString(mPrefix, mValue);
-            if (reqAttr == null) {
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_NO_REQUEST", mValue, ""));
-            }
-
-            return reqAttr;
-        }
-
-        return null;
-    }
-
-    public String getReqAttr() {
-        if (TYPE_REQ.equals(mType)) {
-            return mValue;
-        } else {
-            return null;
-        }
-    }
-
-    public String getCertAttr() {
-        if (TYPE_SUBJ.equals(mType)) {
-            return mValue;
-        } else {
-            return null;
-        }
-    }
-
-    /**
-     * Explode RDN into AVAs.
-     * Does not handle escaped '+'
-     * Java ldap library does not yet support multiple avas per rdn.
-     * If RDN is malformed returns empty array.
-     */
-    public static String[] explodeRDN(String rdn) {
-        int plus = rdn.indexOf('+');
-
-        if (plus == -1) {
-            return new String[] { rdn };
-        }
-
-        Vector<String> avas = new Vector<String>();
-
-        StringTokenizer token = new StringTokenizer(rdn, "+");
-
-        while (token.hasMoreTokens()) {
-            avas.addElement(token.nextToken());
-        }
-
-        String[] theAvas = new String[avas.size()];
-
-        avas.copyInto(theAvas);
-
-        return theAvas;
-    }
-
-    /**
-     * Explode AVA into name and value.
-     * Does not handle escaped '='
-     * If AVA is malformed empty array is returned.
-     */
-    public static String[] explodeAVA(String ava) {
-        int equals = ava.indexOf('=');
-
-        if (equals == -1) {
-            return null;
-        }
-
-        return new String[] { ava.substring(0, equals).trim(),
-                ava.substring(equals + 1).trim() };
-    }
-}
diff --git a/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java b/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java
deleted file mode 100644
index 1b1531000..000000000
--- a/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java
+++ /dev/null
@@ -1,368 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.publish.mappers;
-
-import java.io.IOException;
-import java.security.cert.X509Certificate;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPAttributeSet;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-import netscape.ldap.LDAPv3;
-import netscape.ldap.util.DN;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CRLImpl;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.ldap.ELdapServerDownException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.ILdapMapper;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * Maps a request to an entry in the LDAP server.
- * Takes a dnPattern to form the baseDN from the request attributes
- * and certificate subject name.Do a base search for the entry
- * in the directory to publish the cert or crl.
- * The restriction of this mapper is that the ldap dn components must
- * be part of certificate subject name or request attributes or constant.
- *
- * @version $Revision$, $Date$
- */
-public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
-    protected static final String PROP_DNPATTERN = "dnPattern";
-    protected static final String PROP_CREATECA = "createCAEntry";
-    protected String mDnPattern = null;
-    protected boolean mCreateCAEntry = true;
-
-    private ILogger mLogger = CMS.getLogger();
-    private boolean mInited = false;
-    protected IConfigStore mConfig = null;
-
-    /* the subject DN pattern */
-    protected MapDNPattern mPattern = null;
-
-    /* the list of request attriubutes to retrieve*/
-    protected String[] mReqAttrs = null;
-
-    /* the list of cert attriubutes to retrieve*/
-    protected String[] mCertAttrs = null;
-
-    /* default dn pattern if left blank or not set in the config */
-    public static final String DEFAULT_DNPATTERN =
-            "UID=$req.HTTP_PARAMS.UID,  OU=people, O=$subj.o, C=$subj.c";
-
-    /**
-     * Constructor.
-     *
-     * @param dnPattern The base DN.
-     */
-    public LdapCaSimpleMap(String dnPattern) {
-        try {
-            init(dnPattern);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-        }
-
-    }
-
-    /**
-     * constructor if initializing from config store.
-     */
-    public LdapCaSimpleMap() {
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String params[] = {
-                "dnPattern;string;Describes how to form the Ldap Subject name in" +
-                        " the directory.  Example 1:  'uid=CertMgr, o=Fedora'.  Example 2:" +
-                        " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " +
-                        "$req means: take the attribute from the request. " +
-                        "$subj means: take the attribute from the certificate subject name. " +
-                        "$ext means: take the attribute from the certificate extension",
-                "createCAEntry;boolean;If checked, CA entry will be created automatically",
-                IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-casimplemapper",
-                IExtendedPluginInfo.HELP_TEXT + ";Describes how to form the LDAP DN of the entry to publish to"
-            };
-
-        return params;
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    /**
-     * for initializing from config store.
-     */
-    public void init(IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-        String dnPattern = mConfig.getString(PROP_DNPATTERN);
-
-        mCreateCAEntry = mConfig.getBoolean(PROP_CREATECA, true);
-        init(dnPattern);
-    }
-
-    /**
-     * common initialization routine.
-     */
-    protected void init(String dnPattern)
-            throws EBaseException {
-        if (mInited)
-            return;
-
-        mDnPattern = dnPattern;
-        if (mDnPattern == null || mDnPattern.length() == 0)
-            mDnPattern = DEFAULT_DNPATTERN;
-        try {
-            mPattern = new MapDNPattern(mDnPattern);
-        } catch (ELdapException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", dnPattern, e.toString()));
-            throw new EBaseException("falied to init with pattern " +
-                    dnPattern + " " + e);
-        }
-
-        mInited = true;
-    }
-
-    /**
-     * Maps a X500 subject name to LDAP entry.
-     * Uses DN pattern to form a DN for a LDAP base search.
-     *
-     * @param conn the LDAP connection.
-     * @param obj the object to map.
-     * @exception ELdapException if any LDAP exceptions occured.
-     */
-    public String map(LDAPConnection conn, Object obj)
-            throws ELdapException {
-        return map(conn, null, obj);
-    }
-
-    /**
-     * Maps a X500 subject name to LDAP entry.
-     * Uses DN pattern to form a DN for a LDAP base search.
-     *
-     * @param conn the LDAP connection.
-     * @param req the request to map.
-     * @param obj the object to map.
-     * @exception ELdapException if any LDAP exceptions occured.
-     */
-    public String map(LDAPConnection conn, IRequest req, Object obj)
-            throws ELdapException {
-        if (conn == null)
-            return null;
-        String dn = null;
-
-        try {
-            dn = formDN(req, obj);
-            if (dn == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_NOT_FORMED"));
-                String s1 = "";
-
-                if (req != null)
-                    s1 = req.getRequestId().toString();
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_NO_DN_MATCH", s1));
-            }
-            int scope = LDAPv2.SCOPE_BASE;
-            String filter = "(objectclass=*)";
-
-            // search for entry
-            String[] attrs = new String[] { LDAPv3.NO_ATTRS };
-
-            log(ILogger.LL_INFO, "searching for dn: " + dn + " filter:"
-                    + filter + " scope: base");
-
-            LDAPSearchResults results =
-                    conn.search(dn, scope, filter, attrs, false);
-            LDAPEntry entry = results.next();
-
-            if (results.hasMoreElements()) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn,
-                                ((req == null) ? "" : req.getRequestId().toString())));
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY",
-                                ((req == null) ? "" : req.getRequestId().toString())));
-            }
-            if (entry != null)
-                return entry.getDN();
-            else {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn,
-                                ((req == null) ? "" : req.getRequestId().toString())));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND",
-                            "null entry"));
-            }
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                // need to intercept this because message from LDAP is
-                // "DSA is unavailable" which confuses with DSA PKI.
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
-                throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
-                        + conn.getPort()));
-            } else if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT && mCreateCAEntry) {
-                try {
-                    createCAEntry(conn, dn);
-                    log(ILogger.LL_INFO, "CA Entry " + dn + " Created");
-                    return dn;
-                } catch (LDAPException e1) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn, e1.toString()));
-                    if (e1.getLDAPResultCode() == LDAPException.CONSTRAINT_VIOLATION) {
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CA_ENTRY_NOT_CREATED"));
-                    } else {
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CA_ENTRY_NOT_CREATED1"));
-                    }
-                    throw new ELdapException(CMS.getUserMessage("CMS_LDAP_CREATE_CA_FAILED", dn));
-                }
-            } else {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn, e.toString()));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
-            }
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", e.toString()));
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
-        }
-    }
-
-    private void createCAEntry(LDAPConnection conn, String dn)
-            throws LDAPException {
-        LDAPAttributeSet attrs = new LDAPAttributeSet();
-        // OID 2.5.6.16
-        String caOc[] = new String[] { "top",
-                "person",
-                "organizationalPerson",
-                "inetOrgPerson" };
-
-        DN dnobj = new DN(dn);
-        String attrval[] = dnobj.explodeDN(true);
-
-        attrs.add(new LDAPAttribute("cn", attrval[0]));
-        attrs.add(new LDAPAttribute("sn", attrval[0]));
-        attrs.add(new LDAPAttribute("objectclass", caOc));
-        LDAPEntry entry = new LDAPEntry(dn, attrs);
-
-        conn.add(entry);
-    }
-
-    /**
-     * form a dn from component in the request and cert subject name
-     *
-     * @param req The request
-     * @param obj The certificate or crl
-     */
-    private String formDN(IRequest req, Object obj) throws EBaseException {
-        X500Name subjectDN = null;
-        CertificateExtensions certExt = null;
-
-        try {
-            X509Certificate cert = (X509Certificate) obj;
-            subjectDN = (X500Name) cert.getSubjectDN();
-
-            CMS.debug("LdapCaSimpleMap: cert subject dn:" + subjectDN.toString());
-            X509CertInfo info = (X509CertInfo)
-                    ((X509CertImpl) cert).get(
-                            X509CertImpl.NAME + "." + X509CertImpl.INFO);
-
-            certExt = (CertificateExtensions) info.get(
-                        CertificateExtensions.NAME);
-        } catch (java.security.cert.CertificateParsingException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
-        } catch (java.security.cert.CertificateException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
-        } catch (ClassCastException e) {
-            try {
-                X509CRLImpl crl = (X509CRLImpl) obj;
-                subjectDN = (X500Name) crl.getIssuerDN();
-
-                CMS.debug("LdapCaSimpleMap: crl issuer dn: " +
-                        subjectDN.toString());
-            } catch (ClassCastException ex) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED",
-                        ((req == null) ? "" : req.getRequestId().toString())));
-                return null;
-            }
-        }
-        try {
-            String dn = mPattern.formDN(req, subjectDN, certExt);
-
-            return dn;
-        } catch (ELdapException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_CANT_FORM_DN",
-                            ((req == null) ? "" : req.getRequestId().toString()), e.toString()));
-            throw new EBaseException("falied to form dn for request: " +
-                    ((req == null) ? "" : req.getRequestId().toString()) + " " + e);
-        }
-    }
-
-    public String getImplName() {
-        return "LdapCaSimpleMap";
-    }
-
-    public String getDescription() {
-        return "LdapCaSimpleMap";
-    }
-
-    public Vector<String> getDefaultParams() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement(PROP_DNPATTERN + "=");
-        v.addElement(PROP_CREATECA + "=true");
-        return v;
-    }
-
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = new Vector<String>();
-
-        try {
-            if (mDnPattern == null) {
-                v.addElement(PROP_DNPATTERN + "=");
-            } else {
-                v.addElement(PROP_DNPATTERN + "=" +
-                        mConfig.getString(PROP_DNPATTERN));
-            }
-            v.addElement(PROP_CREATECA + "=" + mConfig.getBoolean(PROP_CREATECA, true));
-        } catch (Exception e) {
-        }
-        return v;
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-                "LdapCaSimpleMapper: " + msg);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java b/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java
deleted file mode 100644
index 8ed702f50..000000000
--- a/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java
+++ /dev/null
@@ -1,176 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.publish.mappers;
-
-import java.security.cert.CRLException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.Vector;
-
-import netscape.ldap.LDAPConnection;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CRLImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.ILdapMapper;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * Maps a X509 certificate to a LDAP entry using AVAs in the certificate's
- * subject name to form the ldap search dn and filter.
- * Takes a optional root search dn.
- * The DN comps are used to form a LDAP entry to begin a subtree search.
- * The filter comps are used to form a search filter for the subtree.
- * If none of the DN comps matched, baseDN is used for the subtree.
- * If the baseDN is null and none of the DN comps matched, it is an error.
- * If none of the DN comps and filter comps matched, it is an error.
- * If just the filter comps is null, a base search is performed.
- *
- * @version $Revision$, $Date$
- */
-public class LdapCertCompsMap
-        extends LdapDNCompsMap implements ILdapMapper {
-    ILogger mLogger = CMS.getLogger();
-
-    public LdapCertCompsMap() {
-        // need to support baseDN, dnComps, and filterComps
-        // via configuration
-    }
-
-    /**
-     * Constructor.
-     *
-     * The DN comps are used to form a LDAP entry to begin a subtree search.
-     * The filter comps are used to form a search filter for the subtree.
-     * If none of the DN comps matched, baseDN is used for the subtree.
-     * If the baseDN is null and none of the DN comps matched, it is an error.
-     * If none of the DN comps and filter comps matched, it is an error.
-     * If just the filter comps is null, a base search is performed.
-     *
-     * @param baseDN The base DN.
-     * @param dnComps Components to form the LDAP base dn for search.
-     * @param filterComps Components to form the LDAP search filter.
-     */
-    public LdapCertCompsMap(String baseDN, ObjectIdentifier[] dnComps,
-            ObjectIdentifier[] filterComps) {
-        init(baseDN, dnComps, filterComps);
-    }
-
-    public String getImplName() {
-        return "LdapCertCompsMap";
-    }
-
-    public String getDescription() {
-        return "LdapCertCompsMap";
-    }
-
-    public Vector<String> getDefaultParams() {
-        Vector<String> v = super.getDefaultParams();
-
-        return v;
-    }
-
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = super.getInstanceParams();
-
-        return v;
-    }
-
-    /**
-     * constructor using non-standard certificate attribute.
-     */
-    public LdapCertCompsMap(String certAttr, String baseDN,
-            ObjectIdentifier[] dnComps,
-            ObjectIdentifier[] filterComps) {
-        super(certAttr, baseDN, dnComps, filterComps);
-    }
-
-    protected void init(String baseDN, ObjectIdentifier[] dnComps,
-            ObjectIdentifier[] filterComps) {
-        super.init(baseDN, dnComps, filterComps);
-    }
-
-    /**
-     * Maps a certificate to LDAP entry.
-     * Uses DN components and filter components to form a DN and
-     * filter for a LDAP search.
-     * If the formed DN is null the baseDN will be used.
-     * If the formed DN is null and baseDN is null an error is thrown.
-     * If the filter is null a base search is performed.
-     * If both are null an error is thrown.
-     *
-     * @param conn - the LDAP connection.
-     * @param obj - the X509Certificate.
-     */
-    public String
-            map(LDAPConnection conn, Object obj)
-                    throws ELdapException {
-        if (conn == null)
-            return null;
-        try {
-            X509Certificate cert = (X509Certificate) obj;
-            String result = null;
-            // form dn and filter for search.
-            X500Name subjectDN = (X500Name) cert.getSubjectDN();
-
-            CMS.debug("LdapCertCompsMap: " + subjectDN.toString());
-
-            byte[] certbytes = cert.getEncoded();
-
-            result = super.map(conn, subjectDN, certbytes);
-            return result;
-        } catch (CertificateEncodingException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString()));
-            throw new ELdapException(
-                    CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
-        } catch (ClassCastException e) {
-            try {
-                X509CRLImpl crl = (X509CRLImpl) obj;
-                String result = null;
-                X500Name issuerDN = (X500Name) crl.getIssuerDN();
-
-                CMS.debug("LdapCertCompsMap: " + issuerDN.toString());
-
-                byte[] crlbytes = crl.getEncoded();
-
-                result = super.map(conn, issuerDN, crlbytes);
-                return result;
-            } catch (CRLException ex) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", ex.toString()));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CRL_FAILED", ex.toString()));
-            } catch (ClassCastException ex) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT"));
-                return null;
-            }
-        }
-    }
-
-    public String map(LDAPConnection conn, IRequest req, Object obj)
-            throws ELdapException {
-        return map(conn, obj);
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-                "LdapCertCompsMap: " + msg);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java b/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java
deleted file mode 100644
index 21a3a0794..000000000
--- a/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java
+++ /dev/null
@@ -1,195 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.publish.mappers;
-
-import java.security.cert.X509Certificate;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-import netscape.ldap.LDAPv3;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CRLImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.ldap.ELdapServerDownException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.ILdapMapper;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * Maps a X509 certificate to a LDAP entry by using the subject name
- * of the certificate as the LDAP entry DN.
- *
- * @version $Revision$, $Date$
- */
-public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
-    private ILogger mLogger = CMS.getLogger();
-    protected IConfigStore mConfig = null;
-    boolean mInited = false;
-
-    /**
-     * constructs a certificate subject name mapper with search base.
-     */
-    public LdapCertExactMap() {
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    public void init(IConfigStore config)
-            throws EBaseException {
-        if (mInited == true)
-            return;
-        mConfig = config;
-        mInited = true;
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ldappublish-mapper-certexactmapper",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Literally uses the subject name of the certificate as the DN to publish to"
-            };
-
-        return params;
-    }
-
-    public String getImplName() {
-        return "LdapCertExactMap";
-    }
-
-    public String getDescription() {
-        return "LdapCertExactMap";
-    }
-
-    public Vector<String> getDefaultParams() {
-        Vector<String> v = new Vector<String>();
-
-        return v;
-    }
-
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = new Vector<String>();
-
-        return v;
-    }
-
-    /**
-     * Finds the entry for the certificate by looking for the cert
-     * subject name in the subject name attribute.
-     *
-     * @param conn - the LDAP connection.
-     * @param obj - the X509Certificate.
-     */
-    public String
-            map(LDAPConnection conn, Object obj)
-                    throws ELdapException {
-        if (conn == null)
-            return null;
-
-        X500Name subjectDN = null;
-
-        try {
-            X509Certificate cert = (X509Certificate) obj;
-            subjectDN = (X500Name) cert.getSubjectDN();
-
-            CMS.debug("LdapCertExactMap: cert subject dn:" + subjectDN.toString());
-        } catch (ClassCastException e) {
-            try {
-                X509CRLImpl crl = (X509CRLImpl) obj;
-                subjectDN = (X500Name) crl.getIssuerDN();
-
-                CMS.debug("LdapCertExactMap: crl issuer dn: " +
-                        subjectDN.toString());
-            } catch (ClassCastException ex) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT"));
-                return null;
-            }
-        }
-        try {
-            String[] attrs = new String[] { LDAPv3.NO_ATTRS };
-
-            log(ILogger.LL_INFO, "Searching for " + subjectDN.toString());
-
-            LDAPSearchResults results =
-                    conn.search(subjectDN.toString(), LDAPv2.SCOPE_BASE,
-                            "(objectclass=*)", attrs, false);
-
-            LDAPEntry entry = results.next();
-
-            if (results.hasMoreElements()) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString()));
-            }
-            if (entry != null) {
-                log(ILogger.LL_INFO, "entry found");
-                return entry.getDN();
-            }
-            return null;
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                // need to intercept this because message from LDAP is
-                // "DSA is unavailable" which confuses with DSA PKI.
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
-                throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
-                        + conn.getPort()));
-            } else {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", e.toString()));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
-            }
-        }
-
-        /*
-         catch (IOException e) {
-         log(ILogger.LL_FAILURE,
-         CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString()));
-         throw new ELdapException(
-         LdapResources.GET_CERT_SUBJECT_DN_FAILED, e);
-         }
-         catch (CertificateEncodingException e) {
-         log(ILogger.LL_FAILURE,
-         CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString()));
-         throw new ELdapException(
-         LdapResources.GET_DER_ENCODED_CERT_FAILED, e);
-         }
-         */
-    }
-
-    public String map(LDAPConnection conn, IRequest req, Object obj)
-            throws ELdapException {
-        return map(conn, obj);
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-                "LdapCertExactMap: " + msg);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java b/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java
deleted file mode 100644
index a1f7207f6..000000000
--- a/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java
+++ /dev/null
@@ -1,339 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.publish.mappers;
-
-import java.security.cert.X509Certificate;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-import netscape.ldap.LDAPv3;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CRLImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.ldap.ELdapServerDownException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.ILdapMapper;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * Maps a X509 certificate to a LDAP entry by finding an LDAP entry
- * which has an attribute whose contents are equal to the cert subject name.
- *
- * @version $Revision$, $Date$
- */
-public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
-    public static final String LDAP_CERTSUBJNAME_ATTR = "certSubjectName";
-    protected String mSearchBase = null;
-    protected String mCertSubjNameAttr = LDAP_CERTSUBJNAME_ATTR;
-    protected boolean mUseAllEntries = false;
-
-    private ILogger mLogger = CMS.getLogger();
-    protected IConfigStore mConfig = null;
-    boolean mInited = false;
-
-    public LdapCertSubjMap() {
-        // need to setup the mSearchBase via configuration
-    }
-
-    /**
-     * constructs a certificate subject name mapper with search base.
-     *
-     * @param searchBase the dn to start searching for the certificate
-     *            subject name.
-     */
-    public LdapCertSubjMap(String searchBase) {
-        if (searchBase == null)
-            throw new IllegalArgumentException(
-                    "a null argument to constructor " + this.getClass().getName());
-        mSearchBase = searchBase;
-        mInited = true;
-    }
-
-    /**
-     * Constructor using non-ES cert map attribute name.
-     *
-     * @param searchBase entry to start search.
-     * @param certSubjNameAttr attribute for certificate subject names.
-     * @param certAttr attribute to find certificate.
-     */
-    public LdapCertSubjMap(String searchBase,
-            String certSubjNameAttr, String certAttr) {
-        if (searchBase == null ||
-                certSubjNameAttr == null || certAttr == null)
-            throw new IllegalArgumentException(
-                    "a null argument to constructor " + this.getClass().getName());
-        mCertSubjNameAttr = certSubjNameAttr;
-        mSearchBase = searchBase;
-        mInited = true;
-    }
-
-    public LdapCertSubjMap(String searchBase,
-            String certSubjNameAttr, String certAttr, boolean useAllEntries) {
-        if (searchBase == null ||
-                certSubjNameAttr == null || certAttr == null)
-            throw new IllegalArgumentException(
-                    "a null argument to constructor " + this.getClass().getName());
-        mCertSubjNameAttr = certSubjNameAttr;
-        mSearchBase = searchBase;
-        mUseAllEntries = useAllEntries;
-        mInited = true;
-    }
-
-    public String getImplName() {
-        return "LdapCertSubjMap";
-    }
-
-    public String getDescription() {
-        return "LdapCertSubjMap";
-    }
-
-    public Vector<String> getDefaultParams() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement("certSubjNameAttr=" + mCertSubjNameAttr);
-        v.addElement("searchBase=");
-        v.addElement("useAllEntries=" + mUseAllEntries);
-        return v;
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                "certSubjNameAttr;string;Name of Ldap attribute containing cert subject name",
-                "searchBase;string;Base DN to search from",
-                "useAllEntries;boolean;Use all entries for publishing",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ldappublish-mapper-certsubjmapper",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";This plugin assumes you want to publish to an LDAP entry which has " +
-                        "an attribute whose contents are equal to the cert subject name"
-            };
-
-        return params;
-    }
-
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = new Vector<String>();
-
-        if (mCertSubjNameAttr == null) {
-            v.addElement("certSubjNameAttr=");
-        } else {
-            v.addElement("certSubjNameAttr=" + mCertSubjNameAttr);
-        }
-        if (mSearchBase == null) {
-            v.addElement("searchBase=");
-        } else {
-            v.addElement("searchBase=" + mSearchBase);
-        }
-        v.addElement("useAllEntries=" + mUseAllEntries);
-        return v;
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    public void init(IConfigStore config)
-            throws EBaseException {
-        if (mInited == true)
-            return;
-        mConfig = config;
-        mCertSubjNameAttr = config.getString("certSubjNameAttr",
-                    LDAP_CERTSUBJNAME_ATTR);
-        mSearchBase = config.getString("searchBase");
-        mUseAllEntries = config.getBoolean("useAllEntries", false);
-        mInited = true;
-    }
-
-    /**
-     * Finds the entry for the certificate by looking for the cert
-     * subject name in the subject name attribute.
-     *
-     * @param conn - the LDAP connection.
-     * @param obj - the X509Certificate.
-     */
-    public String
-            map(LDAPConnection conn, Object obj)
-                    throws ELdapException {
-        if (conn == null)
-            return null;
-        X500Name subjectDN = null;
-
-        try {
-            X509Certificate cert = (X509Certificate) obj;
-            subjectDN = (X500Name) cert.getSubjectDN();
-
-            CMS.debug("LdapCertSubjMap: cert subject dn:" + subjectDN.toString());
-        } catch (ClassCastException e) {
-            try {
-                X509CRLImpl crl = (X509CRLImpl) obj;
-                subjectDN = (X500Name) crl.getIssuerDN();
-
-                CMS.debug("LdapCertSubjMap: crl issuer dn: " +
-                        subjectDN.toString());
-            } catch (ClassCastException ex) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT"));
-                return null;
-            }
-        }
-        try {
-            String[] attrs = new String[] { LDAPv3.NO_ATTRS };
-
-            log(ILogger.LL_INFO, "search " + mSearchBase +
-                    " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr);
-
-            LDAPSearchResults results =
-                    conn.search(mSearchBase, LDAPv2.SCOPE_SUB,
-                            "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false);
-
-            LDAPEntry entry = results.next();
-
-            if (results.hasMoreElements()) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString()));
-            }
-            if (entry != null) {
-                log(ILogger.LL_INFO, "entry found");
-                return entry.getDN();
-            }
-            return null;
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                // need to intercept this because message from LDAP is
-                // "DSA is unavailable" which confuses with DSA PKI.
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
-                throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
-                        + conn.getPort()));
-            } else {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString()));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
-            }
-        }
-
-        /*
-         catch (IOException e) {
-         log(ILogger.LL_FAILURE,
-         CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString()));
-         throw new ELdapException(
-         LdapResources.GET_CERT_SUBJECT_DN_FAILED, e);
-         }
-         catch (CertificateEncodingException e) {
-         log(ILogger.LL_FAILURE,
-         CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString()));
-         throw new ELdapException(
-         LdapResources.GET_DER_ENCODED_CERT_FAILED, e);
-         }
-         */
-    }
-
-    public String map(LDAPConnection conn, IRequest req, Object obj)
-            throws ELdapException {
-        return map(conn, obj);
-    }
-
-    public Vector<String> mapAll(LDAPConnection conn, Object obj)
-            throws ELdapException {
-        Vector<String> v = new Vector<String>();
-
-        if (conn == null)
-            return null;
-        X500Name subjectDN = null;
-
-        try {
-            X509Certificate cert = (X509Certificate) obj;
-            subjectDN = (X500Name) cert.getSubjectDN();
-            CMS.debug("LdapCertSubjMap: cert subject dn:" + subjectDN.toString());
-        } catch (ClassCastException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT"));
-            return v;
-        }
-        try {
-            String[] attrs = new String[] { LDAPv3.NO_ATTRS };
-
-            log(ILogger.LL_INFO, "search " + mSearchBase +
-                    " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr);
-
-            LDAPSearchResults results =
-                    conn.search(mSearchBase, LDAPv2.SCOPE_SUB,
-                            "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false);
-
-            while (results.hasMoreElements()) {
-                LDAPEntry entry = results.next();
-                String dn = entry.getDN();
-                v.addElement(dn);
-                CMS.debug("LdapCertSubjMap: dn=" + dn);
-            }
-            CMS.debug("LdapCertSubjMap: Number of entries: " + v.size());
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                // need to intercept this because message from LDAP is
-                // "DSA is unavailable" which confuses with DSA PKI.
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
-                throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
-                        + conn.getPort()));
-            } else {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString()));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
-            }
-        }
-
-        return v;
-    }
-
-    public Vector<String> mapAll(LDAPConnection conn, IRequest req, Object obj)
-            throws ELdapException {
-        return mapAll(conn, obj);
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-                "LdapCertSubjMap: " + msg);
-    }
-
-    /**
-     * return search base
-     */
-    public String getSearchBase() {
-        return mSearchBase;
-    }
-
-    /**
-     * return certificate subject attribute
-     */
-    public String getCertSubjNameAttr() {
-        return mCertSubjNameAttr;
-    }
-
-    public boolean useAllEntries() {
-        return mUseAllEntries;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java b/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java
deleted file mode 100644
index ca5903ee0..000000000
--- a/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java
+++ /dev/null
@@ -1,155 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.publish.mappers;
-
-import java.security.cert.CRLException;
-import java.util.Vector;
-
-import netscape.ldap.LDAPConnection;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CRLImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.ILdapMapper;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * Default crl mapper.
- * maps the crl to a ldap entry by using components in the issuer name
- * to find the CA's entry.
- *
- * @version $Revision$, $Date$
- */
-public class LdapCrlIssuerCompsMap
-        extends LdapDNCompsMap implements ILdapMapper {
-    ILogger mLogger = CMS.getLogger();
-
-    public LdapCrlIssuerCompsMap() {
-        // need to support baseDN, dnComps, and filterComps
-        // via configuration
-    }
-
-    /**
-     * Constructor.
-     *
-     * The DN comps are used to form a LDAP entry to begin a subtree search.
-     * The filter comps are used to form a search filter for the subtree.
-     * If none of the DN comps matched, baseDN is used for the subtree.
-     * If the baseDN is null and none of the DN comps matched, it is an error.
-     * If none of the DN comps and filter comps matched, it is an error.
-     * If just the filter comps is null, a base search is performed.
-     *
-     * @param baseDN The base DN.
-     * @param dnComps Components to form the LDAP base dn for search.
-     * @param filterComps Components to form the LDAP search filter.
-     */
-    public LdapCrlIssuerCompsMap(String baseDN, ObjectIdentifier[] dnComps,
-            ObjectIdentifier[] filterComps) {
-        init(baseDN, dnComps, filterComps);
-    }
-
-    /**
-     * constructor using non-standard certificate attribute.
-     */
-    public LdapCrlIssuerCompsMap(String crlAttr, String baseDN,
-            ObjectIdentifier[] dnComps,
-            ObjectIdentifier[] filterComps) {
-        super(crlAttr, baseDN, dnComps, filterComps);
-    }
-
-    public String getImplName() {
-        return "LdapCrlIssuerCompsMap";
-    }
-
-    public String getDescription() {
-        return "LdapCrlIssuerCompsMap";
-    }
-
-    public Vector<String> getDefaultParams() {
-        Vector<String> v = super.getDefaultParams();
-
-        //v.addElement("crlAttr=" + LdapCrlPublisher.LDAP_CRL_ATTR);
-        return v;
-    }
-
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = super.getInstanceParams();
-
-        return v;
-    }
-
-    protected void init(String baseDN, ObjectIdentifier[] dnComps,
-            ObjectIdentifier[] filterComps) {
-        //mLdapAttr = LdapCrlPublisher.LDAP_CRL_ATTR;
-        super.init(baseDN, dnComps, filterComps);
-    }
-
-    /**
-     * Maps a crl to LDAP entry.
-     * Uses issuer DN components and filter components to form a DN and
-     * filter for a LDAP search.
-     * If the formed DN is null the baseDN will be used.
-     * If the formed DN is null and baseDN is null an error is thrown.
-     * If the filter is null a base search is performed.
-     * If both are null an error is thrown.
-     *
-     * @param conn - the LDAP connection.
-     * @param obj - the X509Certificate.
-     * @return the result. LdapCertMapResult is also used for CRL.
-     */
-    public String
-            map(LDAPConnection conn, Object obj)
-                    throws ELdapException {
-        if (conn == null)
-            return null;
-        X509CRLImpl crl = (X509CRLImpl) obj;
-
-        try {
-            String result = null;
-            X500Name issuerDN = (X500Name) crl.getIssuerDN();
-
-            CMS.debug("LdapCrlIssuerCompsMap: " + issuerDN.toString());
-
-            byte[] crlbytes = crl.getEncoded();
-
-            result = super.map(conn, issuerDN, crlbytes);
-            return result;
-        } catch (CRLException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", e.toString()));
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CRL_FAILED", e.toString()));
-        }
-    }
-
-    public String map(LDAPConnection conn, IRequest req, Object obj)
-            throws ELdapException {
-        return map(conn, obj);
-    }
-
-    /**
-     * overrides super's log().
-     */
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-                "LdapCrlCompsMap: " + msg);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java b/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java
deleted file mode 100644
index 96ff2a11e..000000000
--- a/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java
+++ /dev/null
@@ -1,457 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.publish.mappers;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-import netscape.ldap.LDAPv3;
-import netscape.security.util.DerValue;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.AVA;
-import netscape.security.x509.RDN;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X500NameAttrMap;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.ldap.ELdapServerDownException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.ILdapPlugin;
-
-/**
- * Maps a Subject name to an entry in the LDAP server.
- * subject name to form the ldap search dn and filter.
- * Takes a optional root search dn.
- * The DN comps are used to form a LDAP entry to begin a subtree search.
- * The filter comps are used to form a search filter for the subtree.
- * If none of the DN comps matched, baseDN is used for the subtree.
- * If the baseDN is null and none of the DN comps matched, it is an error.
- * If none of the DN comps and filter comps matched, it is an error.
- * If just the filter comps is null, a base search is performed.
- *
- * @version $Revision$, $Date$
- */
-public class LdapDNCompsMap
-        implements ILdapPlugin, IExtendedPluginInfo {
-    //protected String mLdapAttr = null;
-    protected String mBaseDN = null;
-    protected ObjectIdentifier[] mDnComps = null;
-    protected ObjectIdentifier[] mFilterComps = null;
-
-    private ILogger mLogger = CMS.getLogger();
-    private boolean mInited = false;
-    protected IConfigStore mConfig = null;
-
-    /**
-     * Constructor.
-     *
-     * The DN comps are used to form a LDAP entry to begin a subtree search.
-     * The filter comps are used to form a search filter for the subtree.
-     * If none of the DN comps matched, baseDN is used for the subtree.
-     * If the baseDN is null and none of the DN comps matched, it is an error.
-     * If none of the DN comps and filter comps matched, it is an error.
-     * If just the filter comps is null, a base search is performed.
-     *
-     * @param baseDN The base DN.
-     * @param dnComps Components to form the LDAP base dn for search.
-     * @param filterComps Components to form the LDAP search filter.
-     */
-    public LdapDNCompsMap(String ldapAttr, String baseDN,
-            ObjectIdentifier[] dnComps,
-            ObjectIdentifier[] filterComps) {
-        //mLdapAttr = ldapAttr;
-        init(baseDN, dnComps, filterComps);
-    }
-
-    /**
-     * constructor if initializing from config store.
-     */
-    public LdapDNCompsMap() {
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    /**
-     * for initializing from config store.
-     */
-    public void init(IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-        String baseDN = mConfig.getString("baseDN");
-        ObjectIdentifier[] dnComps =
-                getCompsFromString(mConfig.getString("dnComps"));
-        ObjectIdentifier[] filterComps =
-                getCompsFromString(mConfig.getString("filterComps"));
-
-        init(baseDN, dnComps, filterComps);
-    }
-
-    public String getImplName() {
-        return "LdapDNCompsMap";
-    }
-
-    public String getDescription() {
-        return "LdapDNCompsMap";
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] s = {
-                "baseDN;string;Base to search from. E.g ou=Engineering,o=Fedora",
-                "dnComps;string;Comma-separated list of attributes to put in the DN",
-                "filterComps;string;Comma-separated list of attributes to form the filter",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ldappublish-mapper-dncompsmapper",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";More complex mapper. Used when there is not enough information " +
-                        "in the cert request to form the complete LDAP DN. Using this " +
-                        "plugin, you can specify additional LDAP filters to narrow down the " +
-                        "search"
-            };
-
-        return s;
-    }
-
-    public Vector<String> getDefaultParams() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement("baseDN=");
-        v.addElement("dnComps=");
-        v.addElement("filterComps=");
-        return v;
-    }
-
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = new Vector<String>();
-
-        try {
-            if (mBaseDN == null) {
-                v.addElement("baseDN=");
-            } else {
-                v.addElement("baseDN=" + mConfig.getString("baseDN"));
-            }
-            if (mDnComps == null) {
-                v.addElement("dnComps=");
-            } else {
-                v.addElement("dnComps=" +
-                        mConfig.getString("dnComps"));
-            }
-            if (mFilterComps == null) {
-                v.addElement("filterComps=");
-            } else {
-                v.addElement("filterComps=" +
-                        mConfig.getString("filterComps"));
-            }
-        } catch (Exception e) {
-        }
-        return v;
-    }
-
-    /**
-     * common initialization routine.
-     */
-    protected void init(String baseDN, ObjectIdentifier[] dnComps,
-            ObjectIdentifier[] filterComps) {
-        if (mInited)
-            return;
-
-        mBaseDN = baseDN;
-        if (dnComps != null)
-            mDnComps = dnComps.clone();
-        if (filterComps != null)
-            mFilterComps = filterComps.clone();
-
-        // log debug info.
-        for (int i = 0; i < mDnComps.length; i++) {
-            CMS.debug(
-                    "LdapDNCompsMap: dnComp " + X500NameAttrMap.getDefault().getName(mDnComps[i]));
-        }
-        for (int i = 0; i < mFilterComps.length; i++) {
-            CMS.debug("LdapDNCompsMap: filterComp " +
-                    X500NameAttrMap.getDefault().getName(mFilterComps[i]));
-        }
-        mInited = true;
-    }
-
-    /**
-     * Maps a X500 subject name to LDAP entry.
-     * Uses DN components and filter components to form a DN and
-     * filter for a LDAP search.
-     * If the formed DN is null the baseDN will be used.
-     * If the formed DN is null and baseDN is null an error is thrown.
-     * If the filter is null a base search is performed.
-     * If both are null an error is thrown.
-     *
-     * @param conn the LDAP connection.
-     * @param x500name the dn to map.
-     * @param obj the object
-     * @exception ELdapException if any LDAP exceptions occured.
-     * @return the DN of the entry.
-     */
-    public String map(LDAPConnection conn, X500Name x500name,
-            byte[] obj)
-            throws ELdapException {
-        try {
-            if (conn == null)
-                return null;
-
-            CMS.debug("LdapDNCompsMap: " + x500name.toString());
-
-            String[] dnAndFilter = formDNandFilter(x500name);
-            String dn = dnAndFilter[0];
-            String filter = dnAndFilter[1];
-
-            if (dn == null) {
-                // #362332
-                // if (filter == null) {
-                //	log(ILogger.LL_FAILURE, "No dn and filter formed");
-                //	throw new ELdapException(
-                //		LdapResources.NO_DN_AND_FILTER_COMPS,
-                //		x500name.toString());
-                // }
-                if (mBaseDN == null) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("PUBLISH_NO_BASE"));
-                    throw new ELdapException(
-                            CMS.getUserMessage("CMS_LDAP_NO_DN_COMPS_AND_BASEDN",
-                                    x500name.toString()));
-                }
-                dn = mBaseDN;
-            }
-            int scope = LDAPv2.SCOPE_SUB;
-
-            if (filter == null) {
-                scope = LDAPv2.SCOPE_BASE;
-                filter = "(objectclass=*)";
-            }
-
-            // search for entry
-            String[] attrs;
-
-            attrs = new String[] { LDAPv3.NO_ATTRS };
-
-            log(ILogger.LL_INFO, "searching for " + dn + " " + filter + " " +
-                    ((scope == LDAPv2.SCOPE_SUB) ? "sub" : "base"));
-
-            LDAPSearchResults results =
-                    conn.search(dn, scope, filter, attrs, false);
-            LDAPEntry entry = results.next();
-
-            if (results.hasMoreElements()) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", x500name.toString()));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY",
-                            x500name.toString()));
-            }
-            if (entry != null) {
-                return entry.getDN();
-            } else {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", "", x500name.toString()));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND",
-                            "null entry"));
-            }
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                // need to intercept this because message from LDAP is
-                // "DSA is unavailable" which confuses with DSA PKI.
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
-                throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
-                        + conn.getPort()));
-            } else {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString()));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
-            }
-        }
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-                "LdapDNCompsMap: " + msg);
-    }
-
-    /**
-     * form a dn and filter from component in the cert subject name
-     *
-     * @param subjName subject name
-     */
-    public String[] formDNandFilter(X500Name subjName)
-            throws ELdapException {
-        Vector<RDN> dnRdns = new Vector<RDN>();
-        SearchFilter filter = new SearchFilter();
-        X500NameAttrMap attrMap = X500NameAttrMap.getDefault();
-        String dnStr = null, filterStr = null;
-        ObjectIdentifier EOid = attrMap.getOid("E");
-        ObjectIdentifier mailOid = attrMap.getOid("MAIL");
-
-        try {
-            // get the base DN & filter.
-            for (Enumeration<RDN> n = subjName.getRDNs(); n.hasMoreElements();) {
-                RDN rdn = n.nextElement();
-                // NOTE assumes one AVA per RDN.
-                AVA ava = rdn.getAssertion()[0];
-                ObjectIdentifier oid = ava.getOid();
-
-                for (int i = 0; i < mDnComps.length; i++) {
-                    if (mDnComps[i].equals(oid)) {
-                        if (oid == EOid) {
-                            DerValue val = ava.getValue();
-                            AVA newAVA = new AVA(mailOid, val);
-                            RDN newRDN = new RDN(new AVA[] { newAVA }
-                                    );
-
-                            CMS.debug(
-                                    "LdapDNCompsMap: Converted " + rdn.toLdapDNString() + " to " +
-                                            newRDN.toLdapDNString() + " in DN");
-                            rdn = newRDN;
-                        }
-                        dnRdns.addElement(rdn);
-                        CMS.debug(
-                                "LdapDNCompsMap: adding dn comp " + rdn.toLdapDNString());
-                        break;
-                    }
-                }
-                for (int i = 0; i < mFilterComps.length; i++) {
-                    if (mFilterComps[i].equals(oid)) {
-                        if (oid == EOid) {
-                            DerValue val = ava.getValue();
-                            AVA newAVA = new AVA(mailOid, val);
-
-                            CMS.debug(
-                                    "LdapDNCompsMap: Converted " + ava.toLdapDNString() + " to " +
-                                            newAVA.toLdapDNString() + " in filter");
-                            ava = newAVA;
-                        }
-                        filter.addElement(ava.toLdapDNString());
-                        CMS.debug(
-                                "LdapDNCompsMap: adding filter comp " + ava.toLdapDNString());
-                        break;
-                    }
-                }
-
-                // XXX should be an error when string is null?
-                // return to caller to decide.
-                if (dnRdns.size() != 0) {
-                    dnStr = new X500Name(dnRdns).toLdapDNString();
-                }
-                if (filter.size() != 0) {
-                    filterStr = filter.toFilterString();
-                }
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_FROM_SUBJ_TO_DN", e.toString()));
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FORM_DN_COMPS_FAILED", e.toString()));
-        }
-
-        return new String[] { dnStr, filterStr };
-    }
-
-    public ObjectIdentifier[] getDnComps() {
-        return mDnComps.clone();
-    }
-
-    public ObjectIdentifier[] getFilterComps() {
-        return mFilterComps.clone();
-    }
-
-    /**
-     * class for forming search filters for ldap searching from
-     * name=value components. components are anded.
-     */
-
-    public static class SearchFilter extends Vector<Object> {
-        private static final long serialVersionUID = 4210302171279891828L;
-
-        public String toFilterString() {
-            StringBuffer buf = new StringBuffer();
-
-            if (elementCount == 0) {
-                return null;
-            }
-            if (elementCount == 1) {
-                buf.append("(" + (String) elementData[0] + ")");
-                return buf.toString();
-            }
-            buf.append("(&");
-            for (int i = 0; i < elementCount; i++) {
-                buf.append("(" + (String) elementData[i] + ")");
-            }
-            buf.append(")");
-            return buf.toString();
-        }
-    }
-
-    /**
-     * useful routine for parsing components given as string to
-     * arrays of objectidentifiers.
-     * The string is expected to be comma separated AVA attribute names.
-     * For example, "uid,cn,o,ou". Attribute names are case insensitive.
-     *
-     * @param val the string specifying the comps
-     * @exception ELdapException if any error occurs.
-     */
-    public static ObjectIdentifier[] getCompsFromString(String val)
-            throws ELdapException {
-        StringTokenizer tokens;
-        ObjectIdentifier[] comps;
-        String attr;
-        ObjectIdentifier oid;
-
-        if (val == null || val.length() == 0)
-            return new ObjectIdentifier[0];
-
-        tokens = new StringTokenizer(val, ", \t\n\r");
-        comps = new ObjectIdentifier[tokens.countTokens()];
-        if (comps.length == 0) {
-            return new ObjectIdentifier[0];
-        }
-        int i = 0;
-
-        while (tokens.hasMoreTokens()) {
-            attr = tokens.nextToken().trim();
-            // mail -> E hack to look for E in subject names.
-            if (attr.equalsIgnoreCase("mail"))
-                attr = "E";
-            oid = X500NameAttrMap.getDefault().getOid(attr);
-            if (oid != null) {
-                comps[i++] = oid;
-            } else {
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_UNKNOWN_ATTR_IN_DN_FILTER_COMPS", attr));
-            }
-        }
-        return comps;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java b/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java
deleted file mode 100644
index a970602bd..000000000
--- a/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java
+++ /dev/null
@@ -1,635 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-// package statement //
-///////////////////////
-
-package com.netscape.cms.publish.mappers;
-
-///////////////////////
-// import statements //
-///////////////////////
-
-/* cert server imports */
-import java.io.IOException;
-import java.security.cert.X509Certificate;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPAttributeSet;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-import netscape.ldap.LDAPv3;
-import netscape.ldap.util.DN;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CRLImpl;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.ldap.ELdapServerDownException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.ILdapMapper;
-import com.netscape.certsrv.request.IRequest;
-
-//////////////////////
-// class definition //
-//////////////////////
-
-/**
- * Maps a request to an entry in the LDAP server.
- * Takes a dnPattern to form the baseDN from the
- * request attributes and certificate subject name.
- * Does a base search for the entry in the directory
- * to publish the cert or crl. The restriction of
- * this mapper is that the ldap dn components must
- * be part of certificate subject name or request
- * attributes or constant. The difference of this
- * mapper and LdapSimpleMap is that if the ldap
- * entry is not found, it has the option to create
- * the ldap entry given the dn and attributes
- * formulated.
- *
- * @version $Revision$, $Date$
- */
-public class LdapEnhancedMap
-        implements ILdapMapper, IExtendedPluginInfo {
-    ////////////////////////
-    // default parameters //
-    ////////////////////////
-
-    //////////////////////////////////////
-    // local LdapEnhancedMap parameters //
-    //////////////////////////////////////
-
-    private boolean mInited = false;
-
-    // the subject DN pattern
-    protected MapDNPattern mPattern = null;
-
-    // the list of request attriubutes to retrieve
-    protected String[] mReqAttrs = null;
-
-    // the list of cert attributes to retrieve
-    protected String[] mCertAttrs = null;
-
-    protected String[] mLdapValues = null;
-
-    ////////////////////////////
-    // ILdapMapper parameters //
-    ////////////////////////////
-
-    /* mapper plug-in fields */
-    protected static final String PROP_DNPATTERN = "dnPattern";
-    protected static final String PROP_CREATE = "createEntry";
-    // the object class of the entry to be created. xxxx not done yet
-    protected static final String PROP_OBJCLASS = "objectClass";
-    // req/cert/ext attribute --> directory attribute table
-    protected static final String PROP_ATTRNUM = "attrNum";
-    protected static final String PROP_ATTR_NAME = "attrName";
-    protected static final String PROP_ATTR_PATTERN = "attrPattern";
-
-    /* mapper plug-in fields initialization values */
-    private static final int DEFAULT_NUM_ATTRS = 1;
-
-    /* Holds mapper plug-in fields accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
-     */
-    private static Vector<String> defaultParams = new Vector<String>();
-
-    static {
-        defaultParams.addElement(PROP_DNPATTERN + "=");
-        defaultParams.addElement(PROP_CREATE + "=true");
-        defaultParams.addElement(PROP_ATTRNUM + "=" + DEFAULT_NUM_ATTRS);
-        for (int i = 0; i < DEFAULT_NUM_ATTRS; i++) {
-            defaultParams.addElement(PROP_ATTR_NAME + i + "=");
-            defaultParams.addElement(PROP_ATTR_PATTERN + i + "=");
-        }
-    }
-
-    /* mapper plug-in values */
-    protected String mDnPattern = null;
-    protected boolean mCreateEntry = true;
-    private int mNumAttrs = DEFAULT_NUM_ATTRS;
-    protected String[] mLdapNames = null;
-    protected String[] mLdapPatterns = null;
-
-    /* miscellaneous constants local to this mapper plug-in */
-    // default dn pattern if left blank or not set in the config
-    public static final String DEFAULT_DNPATTERN =
-            "UID=$req.HTTP_PARAMS.UID, " +
-                    "OU=people, O=$subj.o, C=$subj.c";
-    private static final int MAX_ATTRS = 10;
-    protected static final int DEFAULT_ATTRNUM = 1;
-
-    /* miscellaneous variables local to this mapper plug-in */
-    protected IConfigStore mConfig = null;
-    protected AVAPattern[] mPatterns = null;
-
-    ////////////////////////////////////
-    // IExtendedPluginInfo parameters //
-    ////////////////////////////////////
-
-    ///////////////////////
-    // Logger parameters //
-    ///////////////////////
-
-    private ILogger mLogger = CMS.getLogger();
-
-    /////////////////////
-    // default methods //
-    /////////////////////
-
-    /**
-     * Default constructor, initialization must follow.
-     */
-    public LdapEnhancedMap() {
-    }
-
-    ///////////////////////////////////
-    // local LdapEnhancedMap methods //
-    ///////////////////////////////////
-
-    /**
-     * common initialization routine.
-     */
-    protected void init(String dnPattern)
-            throws EBaseException {
-        if (mInited) {
-            return;
-        }
-
-        mDnPattern = dnPattern;
-        if (mDnPattern == null ||
-                mDnPattern.length() == 0) {
-            mDnPattern = DEFAULT_DNPATTERN;
-        }
-
-        try {
-            mPattern = new MapDNPattern(mDnPattern);
-        } catch (ELdapException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT",
-                            dnPattern, e.toString()));
-            throw new EBaseException(
-                    "falied to init with pattern " +
-                            dnPattern + " " + e);
-        }
-
-        mInited = true;
-    }
-
-    /**
-     * form a dn from component in the request and cert subject name
-     *
-     * @param req The request
-     * @param obj The certificate or crl
-     */
-    private String formDN(IRequest req, Object obj)
-            throws EBaseException {
-        CertificateExtensions certExt = null;
-        X500Name subjectDN = null;
-
-        try {
-            X509Certificate cert = (X509Certificate) obj;
-            subjectDN = (X500Name) cert.getSubjectDN();
-            CMS.debug(
-                    "LdapEnhancedMap: cert subject dn:" +
-                            subjectDN.toString());
-
-            //certExt = (CertificateExtensions)
-            //          ((X509CertImpl)cert).get(
-            //              X509CertInfo.EXTENSIONS);
-            X509CertInfo info = (X509CertInfo)
-                    ((X509CertImpl) cert).get(
-                            X509CertImpl.NAME +
-                                    "." +
-                                    X509CertImpl.INFO);
-
-            certExt = (CertificateExtensions)
-                    info.get(CertificateExtensions.NAME);
-        } catch (java.security.cert.CertificateParsingException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
-        } catch (java.security.cert.CertificateException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
-        } catch (ClassCastException e) {
-
-            try {
-                X509CRLImpl crl = (X509CRLImpl) obj;
-                subjectDN = (X500Name) crl.getIssuerDN();
-
-                CMS.debug(
-                        "LdapEnhancedMap: crl issuer dn: " +
-                        subjectDN.toString());
-            } catch (ClassCastException ex) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED",
-                                ((req == null) ? ""
-                                        : req.getRequestId().toString())));
-                return null;
-            }
-        }
-
-        try {
-            mLdapValues = new String[mNumAttrs];
-
-            for (int i = 0; i < mNumAttrs; i++) {
-                if (mPatterns[i] != null) {
-                    mLdapValues[i] = mPatterns[i].formAVA(
-                                req,
-                                subjectDN,
-                                certExt);
-                }
-            }
-
-            String dn = mPattern.formDN(req, subjectDN, certExt);
-
-            return dn;
-        } catch (ELdapException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_CANT_FORM_DN",
-                            ((req == null) ? ""
-                                    : req.getRequestId().toString()), e.toString()));
-
-            throw new EBaseException(
-                    "failed to form dn for request: " +
-                            ((req == null) ? ""
-                                    : req.getRequestId().toString()) +
-                            " " + e);
-        }
-    }
-
-    private void createEntry(LDAPConnection conn, String dn)
-            throws LDAPException {
-        LDAPAttributeSet attrs = new LDAPAttributeSet();
-
-        // OID 2.5.6.16
-        String caOc[] = { "top",
-                "person",
-                "organizationalPerson",
-                "inetOrgPerson" };
-
-        DN dnobj = new DN(dn);
-        String attrval[] = dnobj.explodeDN(true);
-
-        attrs.add(new LDAPAttribute("cn", attrval[0]));
-        attrs.add(new LDAPAttribute("sn", attrval[0]));
-        attrs.add(new LDAPAttribute("objectclass", caOc));
-
-        for (int i = 0; i < mNumAttrs; i++) {
-            if (mLdapNames[i] != null &&
-                    !mLdapNames[i].trim().equals("") &&
-                    mLdapValues[i] != null &&
-                    !mLdapValues[i].trim().equals("")) {
-                attrs.add(new LDAPAttribute(mLdapNames[i],
-                        mLdapValues[i]));
-            }
-        }
-
-        LDAPEntry entry = new LDAPEntry(dn, attrs);
-
-        conn.add(entry);
-    }
-
-    /////////////////////////
-    // ILdapMapper methods //
-    /////////////////////////
-
-    /**
-     * for initializing from config store.
-     *
-     * implementation for extended
-     * ILdapPlugin interface method
-     */
-    public void init(IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-
-        mDnPattern = mConfig.getString(PROP_DNPATTERN,
-                    DEFAULT_DNPATTERN);
-
-        mCreateEntry = mConfig.getBoolean(PROP_CREATE,
-                    true);
-
-        mNumAttrs = mConfig.getInteger(PROP_ATTRNUM,
-                    0);
-
-        mLdapNames = new String[mNumAttrs];
-
-        mLdapPatterns = new String[mNumAttrs];
-
-        mPatterns = new AVAPattern[mNumAttrs];
-        for (int i = 0; i < mNumAttrs; i++) {
-            mLdapNames[i] =
-                    mConfig.getString(PROP_ATTR_NAME +
-                            Integer.toString(i),
-                            "");
-
-            mLdapPatterns[i] =
-                    mConfig.getString(PROP_ATTR_PATTERN +
-                            Integer.toString(i),
-                            "");
-
-            if (mLdapPatterns[i] != null &&
-                    !mLdapPatterns[i].trim().equals("")) {
-                mPatterns[i] = new AVAPattern(mLdapPatterns[i]);
-            }
-        }
-
-        init(mDnPattern);
-    }
-
-    /**
-     * implementation for extended
-     * ILdapPlugin interface method
-     */
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    public String getImplName() {
-        return "LdapEnhancedMap";
-    }
-
-    public String getDescription() {
-        return "LdapEnhancedMap";
-    }
-
-    public Vector<String> getDefaultParams() {
-        return defaultParams;
-    }
-
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = new Vector<String>();
-
-        try {
-            if (mDnPattern == null) {
-                v.addElement(PROP_DNPATTERN + "=");
-            } else {
-                v.addElement(PROP_DNPATTERN + "=" +
-                        mConfig.getString(PROP_DNPATTERN));
-            }
-
-            v.addElement(PROP_CREATE + "=" +
-                    mConfig.getBoolean(PROP_CREATE,
-                            true));
-
-            v.addElement(PROP_ATTRNUM + "=" +
-                    mConfig.getInteger(PROP_ATTRNUM,
-                            DEFAULT_NUM_ATTRS));
-
-            for (int i = 0; i < mNumAttrs; i++) {
-                if (mLdapNames[i] != null) {
-                    v.addElement(PROP_ATTR_NAME + i +
-                            "=" + mLdapNames[i]);
-                } else {
-                    v.addElement(PROP_ATTR_NAME + i +
-                            "=");
-                }
-
-                if (mLdapPatterns[i] != null) {
-                    v.addElement(PROP_ATTR_PATTERN + i +
-                            "=" + mLdapPatterns[i]);
-                } else {
-                    v.addElement(PROP_ATTR_PATTERN + i +
-                            "=");
-                }
-            }
-        } catch (Exception e) {
-        }
-
-        return v;
-    }
-
-    /**
-     * Maps an X500 subject name to an LDAP entry.
-     * Uses DN pattern to form a DN for an LDAP base search.
-     *
-     * @param conn the LDAP connection.
-     * @param obj the object to map.
-     * @exception ELdapException if any LDAP exceptions occurred.
-     */
-    public String map(LDAPConnection conn, Object obj)
-            throws ELdapException {
-        return map(conn, null, obj);
-    }
-
-    /**
-     * Maps an X500 subject name to an LDAP entry.
-     * Uses DN pattern to form a DN for an LDAP base search.
-     *
-     * @param conn the LDAP connection.
-     * @param req the request to map.
-     * @param obj the object to map.
-     * @exception ELdapException if any LDAP exceptions occurred.
-     */
-    public String map(LDAPConnection conn, IRequest req, Object obj)
-            throws ELdapException {
-        if (conn == null) {
-            return null;
-        }
-
-        String dn = null;
-
-        try {
-            dn = formDN(req, obj);
-            if (dn == null) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_DN_NOT_FORMED"));
-
-                String s1 = "";
-
-                if (req != null)
-                    s1 = req.getRequestId().toString();
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_NO_DN_MATCH", s1));
-            }
-
-            int scope = LDAPv2.SCOPE_BASE;
-            String filter = "(objectclass=*)";
-
-            // search for entry
-            String[] attrs = new String[] { LDAPv3.NO_ATTRS };
-
-            log(ILogger.LL_INFO,
-                    "searching for dn: " +
-                            dn + " filter:" +
-                            filter + " scope: base");
-
-            LDAPSearchResults results = conn.search(dn,
-                    scope,
-                    filter,
-                    attrs,
-                    false);
-
-            LDAPEntry entry = results.next();
-
-            if (results.hasMoreElements()) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY",
-                                dn +
-                                        ((req == null) ? ""
-                                                : req.getRequestId().toString())));
-
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY",
-                                ((req == null) ? ""
-                                        : req.getRequestId().toString())));
-            }
-
-            if (entry != null) {
-                return entry.getDN();
-            } else {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND",
-                                dn +
-                                        ((req == null) ? ""
-                                                : req.getRequestId().toString())));
-
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND",
-                            "null entry"));
-            }
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                // need to intercept this because message from LDAP is
-                // "DSA is unavailable" which confuses with DSA PKI.
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
-
-                throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
-                        + conn.getPort()));
-            } else if (e.getLDAPResultCode() ==
-                    LDAPException.NO_SUCH_OBJECT && mCreateEntry) {
-
-                try {
-                    createEntry(conn, dn);
-
-                    log(ILogger.LL_INFO,
-                            "Entry " +
-                                    dn +
-                                    " Created");
-
-                    return dn;
-                } catch (LDAPException e1) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION",
-                                    dn,
-                                    e.toString()));
-
-                    log(ILogger.LL_FAILURE,
-                            "Entry is not created. " +
-                                    "This may because there are " +
-                                    "entries in the directory " +
-                                    "hierachy not exit.");
-
-                    throw new ELdapException(
-                            CMS.getUserMessage("CMS_LDAP_CREATE_ENTRY", dn));
-                }
-            } else {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION",
-                                dn,
-                                e.toString()));
-
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
-            }
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT",
-                            e.toString()));
-
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
-        }
-    }
-
-    /////////////////////////////////
-    // IExtendedPluginInfo methods //
-    /////////////////////////////////
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement(PROP_DNPATTERN +
-                ";string;Describes how to form the Ldap " +
-                "Subject name in the directory.  " +
-                "Example 1:  'uid=CertMgr, o=Fedora'.  " +
-                "Example 2:  'uid=$req.HTTP_PARAMS.uid, " +
-                "E=$ext.SubjectAlternativeName.RFC822Name, " +
-                "ou=$subj.ou'. " +
-                "$req means: take the attribute from the " +
-                "request. " +
-                "$subj means: take the attribute from the " +
-                "certificate subject name. " +
-                "$ext means: take the attribute from the " +
-                "certificate extension");
-        v.addElement(PROP_CREATE +
-                ";boolean;If checked, An entry will be " +
-                "created automatically");
-        v.addElement(PROP_ATTRNUM +
-                ";string;How many attributes to add.");
-        v.addElement(IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-mapper-enhancedmapper");
-        v.addElement(IExtendedPluginInfo.HELP_TEXT +
-                ";Describes how to form the LDAP DN of the " +
-                "entry to publish to");
-
-        for (int i = 0; i < MAX_ATTRS; i++) {
-            v.addElement(PROP_ATTR_NAME +
-                    Integer.toString(i) +
-                    ";string;" +
-                    "The name of LDAP attribute " +
-                    "to be added. e.g. mail");
-            v.addElement(PROP_ATTR_PATTERN +
-                    Integer.toString(i) +
-                    ";string;" +
-                    "How to create the LDAP attribute value. " +
-                    "e.g. $req.HTTP_PARAMS.csrRequestorEmail, " +
-                    "$subj.E or " +
-                    "$ext.SubjectAlternativeName.RFC822Name");
-        }
-
-        String params[] =
-                com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
-
-        return params;
-    }
-
-    ////////////////////
-    // Logger methods //
-    ////////////////////
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-                "LdapEnhancedMapper: " + msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java b/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java
deleted file mode 100644
index 8f88ffaba..000000000
--- a/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java
+++ /dev/null
@@ -1,328 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.publish.mappers;
-
-import java.io.IOException;
-import java.security.cert.X509Certificate;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-import netscape.ldap.LDAPv3;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CRLImpl;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.ldap.ELdapServerDownException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.ILdapMapper;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * Maps a request to an entry in the LDAP server.
- * Takes a dnPattern to form the baseDN from the request attributes
- * and certificate subject name.Do a base search for the entry
- * in the directory to publish the cert or crl.
- * The restriction of this mapper is that the ldap dn components must
- * be part of certificate subject name or request attributes or constant.
- *
- * @version $Revision$, $Date$
- */
-public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
-    protected static final String PROP_DNPATTERN = "dnPattern";
-    protected String mDnPattern = null;
-
-    private ILogger mLogger = CMS.getLogger();
-    private boolean mInited = false;
-    protected IConfigStore mConfig = null;
-
-    /* the subject DN pattern */
-    protected MapDNPattern mPattern = null;
-
-    /* the list of request attriubutes to retrieve*/
-    protected String[] mReqAttrs = null;
-
-    /* the list of cert attriubutes to retrieve*/
-    protected String[] mCertAttrs = null;
-
-    /* default dn pattern if left blank or not set in the config */
-    public static final String DEFAULT_DNPATTERN =
-            "UID=$req.HTTP_PARAMS.UID,  OU=people, O=$subj.o, C=$subj.c";
-
-    /**
-     * Constructor.
-     *
-     * @param dnPattern The base DN.
-     */
-    public LdapSimpleMap(String dnPattern) {
-        try {
-            init(dnPattern);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-        }
-
-    }
-
-    /**
-     * constructor if initializing from config store.
-     */
-    public LdapSimpleMap() {
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String params[] = {
-                "dnPattern;string;Describes how to form the Ldap Subject name in" +
-                        " the directory.  Example 1:  'uid=CertMgr, o=Fedora'.  Example 2:" +
-                        " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " +
-                        "$req means: take the attribute from the request. " +
-                        "$subj means: take the attribute from the certificate subject name. " +
-                        "$ext means: take the attribute from the certificate extension",
-                IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-simplemapper",
-                IExtendedPluginInfo.HELP_TEXT + ";Describes how to form the LDAP DN of the entry to publish to"
-            };
-
-        return params;
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    /**
-     * for initializing from config store.
-     */
-    public void init(IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-        String dnPattern = mConfig.getString(PROP_DNPATTERN);
-
-        init(dnPattern);
-    }
-
-    /**
-     * common initialization routine.
-     */
-    protected void init(String dnPattern)
-            throws EBaseException {
-        if (mInited)
-            return;
-
-        mDnPattern = dnPattern;
-        if (mDnPattern == null || mDnPattern.length() == 0)
-            mDnPattern = DEFAULT_DNPATTERN;
-        try {
-            mPattern = new MapDNPattern(mDnPattern);
-        } catch (ELdapException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT",
-                    dnPattern, e.toString()));
-            throw new EBaseException("falied to init with pattern " +
-                    dnPattern + " " + e);
-        }
-
-        mInited = true;
-    }
-
-    /**
-     * Maps a X500 subject name to LDAP entry.
-     * Uses DN pattern to form a DN for a LDAP base search.
-     *
-     * @param conn the LDAP connection.
-     * @param obj the object to map.
-     * @exception ELdapException if any LDAP exceptions occured.
-     */
-    public String map(LDAPConnection conn, Object obj)
-            throws ELdapException {
-        return map(conn, null, obj);
-    }
-
-    /**
-     * Maps a X500 subject name to LDAP entry.
-     * Uses DN pattern to form a DN for a LDAP base search.
-     *
-     * @param conn the LDAP connection.
-     * @param req the request to map.
-     * @param obj the object to map.
-     * @exception ELdapException if any LDAP exceptions occured.
-     */
-    public String map(LDAPConnection conn, IRequest req, Object obj)
-            throws ELdapException {
-        if (conn == null)
-            return null;
-        String dn = null;
-
-        try {
-            dn = formDN(req, obj);
-            if (dn == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_NOT_FORMED"));
-                String s1 = "";
-
-                if (req != null)
-                    s1 = req.getRequestId().toString();
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_NO_DN_MATCH", s1));
-            }
-            int scope = LDAPv2.SCOPE_BASE;
-            String filter = "(objectclass=*)";
-
-            // search for entry
-            String[] attrs = new String[] { LDAPv3.NO_ATTRS };
-
-            log(ILogger.LL_INFO, "searching for dn: " + dn + " filter:"
-                    + filter + " scope: base");
-
-            LDAPSearchResults results =
-                    conn.search(dn, scope, filter, attrs, false);
-            LDAPEntry entry = results.next();
-
-            if (results.hasMoreElements()) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? "" :
-                        req.getRequestId().toString())));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY",
-                            ((req == null) ? "" : req.getRequestId().toString())));
-            }
-            if (entry != null)
-                return entry.getDN();
-            else {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? "" : req.getRequestId()
-                                .toString())));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND",
-                            "null entry"));
-            }
-        } catch (ELdapException e) {
-            throw e;
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                // need to intercept this because message from LDAP is
-                // "DSA is unavailable" which confuses with DSA PKI.
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
-                throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
-                        + conn.getPort()));
-            } else {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "", e.toString()));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
-            }
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", e.toString()));
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
-        }
-    }
-
-    /**
-     * form a dn from component in the request and cert subject name
-     *
-     * @param req The request
-     * @param obj The certificate or crl
-     */
-    private String formDN(IRequest req, Object obj) throws
-            EBaseException, ELdapException {
-        X500Name subjectDN = null;
-        CertificateExtensions certExt = null;
-
-        try {
-            X509Certificate cert = (X509Certificate) obj;
-            subjectDN = (X500Name) cert.getSubjectDN();
-
-            CMS.debug("LdapSimpleMap: cert subject dn:" + subjectDN.toString());
-            //certExt = (CertificateExtensions)
-            //        ((X509CertImpl)cert).get(X509CertInfo.EXTENSIONS);
-            X509CertInfo info = (X509CertInfo)
-                    ((X509CertImpl) cert).get(
-                            X509CertImpl.NAME + "." + X509CertImpl.INFO);
-
-            certExt = (CertificateExtensions) info.get(
-                        CertificateExtensions.NAME);
-        } catch (java.security.cert.CertificateParsingException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
-        } catch (java.security.cert.CertificateException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
-        } catch (ClassCastException e) {
-            try {
-                X509CRLImpl crl = (X509CRLImpl) obj;
-                subjectDN = (X500Name) crl.getIssuerDN();
-
-                CMS.debug("LdapSimpleMap: crl issuer dn: " +
-                        subjectDN.toString());
-            } catch (ClassCastException ex) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED",
-                                ((req == null) ? "" : req.getRequestId().toString())));
-                return null;
-            }
-        }
-        try {
-            String dn = mPattern.formDN(req, subjectDN, certExt);
-
-            return dn;
-        } catch (ELdapException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_FORM_DN",
-                    ((req == null) ? "" : req.getRequestId().toString()), e.toString()));
-            throw e;
-        }
-    }
-
-    public String getImplName() {
-        return "LdapSimpleMap";
-    }
-
-    public String getDescription() {
-        return "LdapSimpleMap";
-    }
-
-    public Vector<String> getDefaultParams() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement(PROP_DNPATTERN + "=");
-        return v;
-    }
-
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = new Vector<String>();
-
-        try {
-            if (mDnPattern == null) {
-                v.addElement(PROP_DNPATTERN + "=");
-            } else {
-                v.addElement(PROP_DNPATTERN + "=" +
-                        mConfig.getString(PROP_DNPATTERN));
-            }
-        } catch (Exception e) {
-        }
-        return v;
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-                "LdapSimpleMapper: " + msg);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java b/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java
deleted file mode 100644
index ea69cc5a1..000000000
--- a/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java
+++ /dev/null
@@ -1,650 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.publish.mappers;
-
-import java.io.IOException;
-import java.io.PushbackReader;
-import java.io.StringReader;
-import java.util.Enumeration;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import netscape.ldap.LDAPDN;
-import netscape.security.x509.AVA;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.Extension;
-import netscape.security.x509.GeneralName;
-import netscape.security.x509.GeneralNameInterface;
-import netscape.security.x509.GeneralNames;
-import netscape.security.x509.LdapV3DNStrConverter;
-import netscape.security.x509.OIDMap;
-import netscape.security.x509.SubjectAlternativeNameExtension;
-import netscape.security.x509.X500Name;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.publish.ECompSyntaxErr;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * class for parsing a DN pattern used to construct a ldap dn from
- * request attributes and cert subject name.
- * <p>
- *
- * dnpattern is a string representing a ldap dn pattern to formulate from the certificate subject name attributes and
- * request attributes . If empty or not set, the certificate subject name will be used as the ldap dn.
- * <p>
- *
- * The syntax is
- *
- * <pre>
- * 	dnPattern := rdnPattern *[ "," rdnPattern ]
- * 	rdnPattern := avaPattern *[ "+" avaPattern ]
- * 		avaPattern := name "=" value |
- * 			      name "=" "$subj" "." attrName [ "." attrNumber ] |
- * 			      name "=" "$ext" "." extName [ "." nameType ] [ "." attrNumber ]
- * 			      name "=" "$req" "." attrName [ "." attrNumber ] |
- * 			 	  "$rdn" "." number
- * </pre>
- *
- * <pre>
- * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i>
- * cert subject name: dn:  CN=Certificate Manager, OU=people, O=mcom.com
- * request attributes: uid: cmanager
- * <p>
- * The dn formulated will be : <br>
- *     CN=Certificate Manager, OU=people, O=mcom.com
- * <p>
- * note: Subordinate ca enrollment will use ca mapper. Use predicate
- * to distinguish the ca itself and the subordinates.
- *
- * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, OU=people, , O=mcom.com</i>
- * cert subject name: dn:  UID=jjames, OU=IS, OU=people, , O=mcom.com
- * request attributes: uid: cmanager
- * <p>
- * The dn formulated will be : <br>
- *     UID=jjames, OU=IS, OU=people, O=mcom.com
- * <p>
- *     UID = the 'uid' attribute value in the request. <br>
- *     OU = the 'ou' value in the cert subject name.  <br>
- *     O = the string mcom.com. <br>
- * <p>
- * Example3: <i>UID=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name.1, O=mcom.com</i>
- * cert subject name: dn:  UID=jjames, OU=IS, OU=people, O=mcom.com
- * cert subjectAltName is rfc822Name: jjames@mcom.com
- * request attributes: uid: cmanager
- * <p>
- * The dn formulated will be : <br>
- *     UID=jjames, E=jjames@mcom.com, O=mcom.com
- * <p>
- *     UID = the 'uid' attribute value in the request. <br>
- *     E = The first rfc822name value in the subjAltName extension.  <br>
- *     O = the string mcom.com. <br>
- * <p>
- * </pre>
- *
- * If an request attribute or subject DN component does not exist, the attribute is skipped. There is potential risk
- * that a wrong dn will be mapped into.
- *
- * @version $Revision$, $Date$
- */
-class MapAVAPattern {
-
-    /* the value type of the dn component */
-    public static final String TYPE_REQ = "$req";
-    public static final String TYPE_SUBJ = "$subj";
-    public static final String TYPE_EXT = "$ext";
-    public static final String TYPE_RDN = "$rdn";
-    public static final String TYPE_CONSTANT = "constant";
-
-    public static final String[] GENERAL_NAME_TYPE = { "ANY",
-            "RFC822Name",
-            "DNSName",
-            "X400Name",
-            "DIRECTORYName",
-            "EDIName",
-            "URIName",
-            "IPAddress",
-            "OIDName" };
-
-    private static final LdapV3DNStrConverter mLdapDNStrConverter =
-            new LdapV3DNStrConverter();
-
-    /* the list of request attributes needed by this AVA  */
-    protected String[] mReqAttrs = null;
-
-    /* the list of cert attributes needed by this AVA*/
-    protected String[] mCertAttrs = null;
-
-    /* value type */
-    protected String mType = null;
-
-    /* the attribute in the AVA pair */
-    protected String mAttr = null;
-
-    /* value - could be name of a request  attribute or
-     * cert subject dn attribute. */
-    protected String mValue = null;
-
-    /* value type - general name type of an extension attribute if any. */
-    protected String mGNType = null;
-
-    /* prefix - prefix of a request attribute if any. */
-    protected String mPrefix = null;
-
-    /* nth value of the ldap or dn attribute */
-    protected int mElement = 0;
-
-    protected String mTestDN = null;
-
-    public MapAVAPattern(String component)
-            throws ELdapException {
-        if (component == null || component.length() == 0)
-            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component));
-        parse(new PushbackReader(new StringReader(component)));
-    }
-
-    public MapAVAPattern(PushbackReader in)
-            throws ELdapException {
-        parse(in);
-    }
-
-    private void parse(PushbackReader in)
-            throws ELdapException {
-        int c;
-
-        // mark ava beginning.
-
-        // skip spaces
-        //System.out.println("============ AVAPattern Begin ===========");
-        //System.out.println("skip spaces");
-
-        try {
-            while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces read "+(char)c);
-                ;
-            }
-        } catch (IOException e) {
-            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
-        }
-        if (c == -1)
-            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
-
-        // $rdn "." number syntax.
-
-        if (c == '$') {
-            //System.out.println("$rdn syntax");
-            mType = TYPE_RDN;
-            try {
-                if (in.read() != 'r' ||
-                        in.read() != 'd' ||
-                        in.read() != 'n' ||
-                        in.read() != '.')
-                    throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                            "Invalid $ syntax, expecting $rdn"));
-            } catch (IOException e) {
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                        "Invalid $ syntax, expecting $rdn"));
-            }
-
-            StringBuffer rdnNumberBuf = new StringBuffer();
-
-            try {
-                while ((c = in.read()) != ',' && c != -1 && c != '+') {
-                    //System.out.println("rdnNumber read "+(char)c);
-                    rdnNumberBuf.append((char) c);
-                }
-                if (c != -1) // either ',' or '+'
-                    in.unread(c);
-            } catch (IOException e) {
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-            }
-
-            String rdnNumber = rdnNumberBuf.toString().trim();
-
-            if (rdnNumber.length() == 0)
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                        "$rdn number not set in ava pattern"));
-            try {
-                mElement = Integer.parseInt(rdnNumber) - 1;
-            } catch (NumberFormatException e) {
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                        "Invalid $rdn number in ava pattern"));
-            }
-            return;
-        }
-
-        // name "=" ... syntax.
-
-        // read name
-        //System.out.println("reading name");
-
-        StringBuffer attrBuf = new StringBuffer();
-
-        try {
-            while (c != '=' && c != -1 && c != ',' && c != '+') {
-                attrBuf.append((char) c);
-                c = in.read();
-                //System.out.println("name read "+(char)c);
-            }
-            if (c == ',' || c == '+')
-                in.unread(c);
-        } catch (IOException e) {
-            throw new ELdapException(
-                    CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-        }
-        if (c != '=')
-            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                    "Missing \"=\" in ava pattern"));
-
-        // read value
-        //System.out.println("reading value");
-
-        // skip spaces
-        //System.out.println("skip spaces for value");
-        try {
-            while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces2 read "+(char)c);
-                ;
-            }
-        } catch (IOException e) {
-            throw new ELdapException(
-                    CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-        }
-        if (c == -1)
-            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                    "no value after = in ava pattern"));
-
-        if (c == '$') {
-            // check for $subj $ext or $req
-            try {
-                c = in.read();
-                //System.out.println("check $dn or $attr read "+(char)c);
-            } catch (IOException e) {
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-            }
-            if (c == -1)
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                            "expecting $subj or $req in ava pattern"));
-            if (c == 'r') {
-                try {
-                    if (in.read() != 'e' ||
-                            in.read() != 'q' ||
-                            in.read() != '.')
-                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                                    "expecting $req in ava pattern"));
-                } catch (IOException e) {
-                    throw new ELdapException(
-                            CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-                }
-                mType = TYPE_REQ;
-                //System.out.println("---- mtype $req");
-            } else if (c == 's') {
-                try {
-                    if (in.read() != 'u' ||
-                            in.read() != 'b' ||
-                            in.read() != 'j' ||
-                            in.read() != '.')
-                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                                    "expecting $subj in ava pattern"));
-                } catch (IOException e) {
-                    throw new ELdapException(
-                            CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-                }
-                mType = TYPE_SUBJ;
-                //System.out.println("----- mtype $subj");
-            } else if (c == 'e') {
-                try {
-                    if (in.read() != 'x' ||
-                            in.read() != 't' ||
-                            in.read() != '.')
-                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                                    "expecting $ext in ava pattern"));
-                } catch (IOException e) {
-                    throw new ELdapException(
-                            CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-                }
-                mType = TYPE_EXT;
-                //System.out.println("----- mtype $ext");
-            } else {
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                            "unknown keyword. expecting $subj $ext or $req."));
-            }
-
-            // get request attr name of subject dn pattern from above.
-            String attrName = attrBuf.toString().trim();
-
-            //System.out.println("----- attrName "+attrName);
-            if (attrName.length() == 0)
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                        "attribute name expected"));
-            mAttr = attrName;
-
-            /*
-             try {
-             ObjectIdentifier attrOid =
-             mLdapDNStrConverter.parseAVAKeyword(attrName);
-             mAttr = mLdapDNStrConverter.encodeOID(attrOid);
-             //System.out.println("----- mAttr "+mAttr);
-             }
-             catch (IOException e) {
-             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.toString()));
-             }
-             */
-
-            // get request attribute or cert subject dn attribute
-
-            StringBuffer valueBuf = new StringBuffer();
-
-            try {
-                while ((c = in.read()) != ',' &&
-                        c != -1 && c != '.' && c != '+') {
-                    //System.out.println("mValue read "+(char)c);
-                    valueBuf.append((char) c);
-                }
-                if (c == '+' || c == ',') // either ',' or '+'
-                    in.unread(c); // pushback last , or +
-            } catch (IOException e) {
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-            }
-
-            mValue = valueBuf.toString().trim();
-            if (mValue.length() == 0)
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                            "$subj or $req attribute name expected"));
-            //System.out.println("----- mValue "+mValue);
-
-            // get nth dn xxx not nth request attribute .
-            if (c == '.') {
-                StringBuffer attrNumberBuf = new StringBuffer();
-
-                try {
-                    while ((c = in.read()) != ',' && c != -1 && c != '.'
-                            && c != '+') {
-                        //System.out.println("mElement read "+(char)c);
-                        attrNumberBuf.append((char) c);
-                    }
-                    if (c == ',' || c == '+') // either ','  or '+'
-                        in.unread(c); // pushback last , or +
-                } catch (IOException e) {
-                    throw new ELdapException(
-                            CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-                }
-                String attrNumber = attrNumberBuf.toString().trim();
-
-                if (attrNumber.length() == 0)
-                    throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                                "nth element $req $ext or $subj expected"));
-                try {
-                    mElement = Integer.parseInt(attrNumber) - 1;
-                } catch (NumberFormatException e) {
-                    if (TYPE_REQ.equals(mType)) {
-                        mPrefix = mValue;
-                        mValue = attrNumber;
-                    } else if (TYPE_EXT.equals(mType)) {
-                        mGNType = attrNumber;
-                    } else
-                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                                    "Invalid format in nth element $req $ext or $subj"));
-
-                    // get nth request attribute .
-                    if (c == '.') {
-                        StringBuffer attrNumberBuf1 = new StringBuffer();
-
-                        try {
-                            while ((c = in.read()) != ',' && c != -1 && c != '+') {
-                                //System.out.println("mElement read "+(char)c);
-                                attrNumberBuf1.append((char) c);
-                            }
-                            if (c != -1) // either ',' or '+'
-                                in.unread(c); // pushback last , or +
-                        } catch (IOException ex) {
-                            throw new ELdapException(
-                                    CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", ex.toString()));
-                        }
-                        String attrNumber1 = attrNumberBuf1.toString().trim();
-
-                        if (attrNumber1.length() == 0)
-                            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                                        "nth element $req expected"));
-                        try {
-                            mElement = Integer.parseInt(attrNumber1) - 1;
-                        } catch (NumberFormatException ex) {
-                            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                                        "Invalid format in nth element $req."));
-
-                        }
-                    }
-                }
-            }
-            //System.out.println("----- mElement "+mElement);
-        } else {
-            // value is constant. treat as regular ava.
-            mType = TYPE_CONSTANT;
-            //System.out.println("----- mType constant");
-            // parse ava value.
-            StringBuffer valueBuf = new StringBuffer();
-
-            valueBuf.append((char) c);
-            // read forward to get attribute value
-            try {
-                while ((c = in.read()) != ',' &&
-                        c != -1) {
-                    valueBuf.append((char) c);
-                }
-                if (c == '+' || c == ',') { // either ',' or '+'
-                    in.unread(c); // pushback last , or +
-                }
-            } catch (IOException e) {
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-            }
-            try {
-                AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf);
-
-                mValue = ava.toLdapDNString();
-                //System.out.println("----- mValue "+mValue);
-            } catch (IOException e) {
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.toString()));
-            }
-        }
-    }
-
-    public String formAVA(IRequest req, X500Name subject, CertificateExtensions extensions)
-            throws ELdapException {
-        if (TYPE_CONSTANT.equals(mType))
-            return mValue;
-
-        if (TYPE_RDN.equals(mType)) {
-            String dn = subject.toString();
-
-            if (mTestDN != null)
-                dn = mTestDN;
-            //System.out.println("AVAPattern Using dn "+mTestDN);
-            String[] rdns = LDAPDN.explodeDN(dn, false);
-
-            if (mElement >= rdns.length)
-                return null;
-            return rdns[mElement];
-        }
-
-        if (TYPE_SUBJ.equals(mType)) {
-            String dn = subject.toString();
-
-            if (mTestDN != null)
-                dn = mTestDN;
-            //System.out.println("AVAPattern Using dn "+mTestDN);
-            String[] rdns = LDAPDN.explodeDN(dn, false);
-            String value = null;
-            int nFound = -1;
-
-            for (int i = 0; i < rdns.length; i++) {
-                String[] avas = explodeRDN(rdns[i]);
-
-                for (int j = 0; j < avas.length; j++) {
-                    String[] exploded = explodeAVA(avas[j]);
-
-                    if (exploded[0].equalsIgnoreCase(mValue) &&
-                            ++nFound == mElement) {
-                        value = exploded[1];
-                        break;
-                    }
-                }
-            }
-            if (value == null) {
-                CMS.debug(
-                        "MapAVAPattern: attr " + mAttr +
-                                " not formed from: cert subject " +
-                                dn +
-                                "-- no subject component : " + mValue);
-                return null;
-            }
-            return mAttr + "=" + value;
-        }
-
-        if (TYPE_EXT.equals(mType)) {
-            if (extensions != null) {
-                for (int i = 0; i < extensions.size(); i++) {
-                    Extension ext = extensions.elementAt(i);
-                    String extName = OIDMap.getName(ext.getExtensionId());
-                    int index = extName.lastIndexOf(".");
-
-                    if (index != -1)
-                        extName = extName.substring(index + 1);
-                    if (extName.equals(mValue)) {
-                        // Check the extensions one by one.
-                        // For now, just give subjectAltName as an example.
-                        if (mValue.equalsIgnoreCase(SubjectAlternativeNameExtension.NAME)) {
-                            try {
-                                GeneralNames subjectNames =
-                                        (GeneralNames)
-                                        ((SubjectAlternativeNameExtension) ext)
-                                                .get(SubjectAlternativeNameExtension.SUBJECT_NAME);
-
-                                if (subjectNames.size() == 0)
-                                    break;
-                                int j = 0;
-
-                                for (Enumeration<GeneralNameInterface> n = subjectNames.elements(); n.hasMoreElements();) {
-                                    GeneralName gn = (GeneralName) n.nextElement();
-                                    String gname = gn.toString();
-
-                                    index = gname.indexOf(":");
-                                    if (index == -1)
-                                        break;
-                                    String gType = gname.substring(0, index);
-
-                                    if (mGNType != null) {
-                                        if (mGNType.equalsIgnoreCase(gType)) {
-                                            if (mElement == j) {
-                                                gname =
-                                                        gname.substring(index + 2);
-                                                return mAttr + "=" + gname;
-                                            } else {
-                                                j++;
-                                            }
-                                        }
-                                    } else {
-                                        if (mElement == j) {
-                                            gname =
-                                                    gname.substring(index + 2);
-                                            return mAttr + "=" + gname;
-                                        }
-                                        j++;
-                                    }
-                                }
-                            } catch (IOException e) {
-                                CMS.debug(
-                                        "MapAVAPattern: Publishing attr not formed from extension." +
-                                                "-- no attr : " + mValue);
-                            }
-                        }
-                    }
-                }
-            }
-            CMS.debug(
-                    "MapAVAPattern: Publishing:attr not formed from extension " +
-                            "-- no attr : " + mValue);
-
-            return null;
-        }
-
-        if (TYPE_REQ.equals(mType)) {
-            // mPrefix and mValue are looked up case-insensitive
-            String reqAttr = req.getExtDataInString(mPrefix, mValue);
-            if (reqAttr == null) {
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_REQUEST",
-                        mValue, mAttr));
-            }
-            return mAttr + "=" + reqAttr;
-        }
-
-        return null;
-    }
-
-    public String getReqAttr() {
-        if (TYPE_REQ.equals(mType))
-            return mValue;
-        else
-            return null;
-    }
-
-    public String getCertAttr() {
-        if (TYPE_SUBJ.equals(mType))
-            return mValue;
-        else
-            return null;
-    }
-
-    /**
-     * Explode RDN into AVAs.
-     * Does not handle escaped '+'
-     * Java ldap library does not yet support multiple avas per rdn.
-     * If RDN is malformed returns empty array.
-     */
-    public static String[] explodeRDN(String rdn) {
-        int plus = rdn.indexOf('+');
-
-        if (plus == -1)
-            return new String[] { rdn };
-        Vector<String> avas = new Vector<String>();
-        StringTokenizer token = new StringTokenizer(rdn, "+");
-
-        while (token.hasMoreTokens())
-            avas.addElement(token.nextToken());
-        String[] theAvas = new String[avas.size()];
-
-        avas.copyInto(theAvas);
-        return theAvas;
-    }
-
-    /**
-     * Explode AVA into name and value.
-     * Does not handle escaped '='
-     * If AVA is malformed empty array is returned.
-     */
-    public static String[] explodeAVA(String ava) {
-        int equals = ava.indexOf('=');
-
-        if (equals == -1)
-            return null;
-        return new String[] {
-                ava.substring(0, equals).trim(), ava.substring(equals + 1).trim() };
-    }
-}
diff --git a/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java b/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java
deleted file mode 100644
index 6656f4a1f..000000000
--- a/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java
+++ /dev/null
@@ -1,201 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.publish.mappers;
-
-import java.io.IOException;
-import java.io.PushbackReader;
-import java.io.StringReader;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.X500Name;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * class for parsing a DN pattern used to construct a ldap dn from
- * request attributes and cert subject name.
- * <p>
- *
- * dnpattern is a string representing a ldap dn pattern to formulate from the certificate subject name attributes and
- * request attributes . If empty or not set, the certificate subject name will be used as the ldap dn.
- * <p>
- *
- * The syntax is
- *
- * <pre>
- * 	dnPattern := rdnPattern *[ "," rdnPattern ]
- * 	rdnPattern := avaPattern *[ "+" avaPattern ]
- * 		avaPattern := name "=" value |
- * 			      name "=" "$subj" "." attrName [ "." attrNumber ] |
- * 			      name "=" "$req" "." attrName [ "." attrNumber ] |
- *     		 	  "$rdn" "." number
- * </pre>
- *
- * <pre>
- * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i>
- * cert subject name: dn:  CN=Certificate Manager, OU=people, O=mcom.com
- * request attributes: uid: cmanager
- * <p>
- * The dn formulated will be : <br>
- *     CN=Certificate Manager, OU=people, O=mcom.com
- * <p>
- * note: Subordinate ca enrollment will use ca mapper. Use predicate
- * to distinguish the ca itself and the subordinates.
- *
- * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, O=people, , O=mcom.com</i>
- * cert subject name: dn:  UID=jjames, OU=IS, O=people, , O=mcom.com
- * request attributes: uid: cmanager
- * <p>
- * The dn formulated will be : <br>
- *     UID=jjames, OU=IS, OU=people, O=mcom.com
- * <p>
- *     UID = the 'uid' attribute value in the request. <br>
- *     OU = the 'ou' value in the cert subject name.  <br>
- *     O = the string people, mcom.com. <br>
- * <p>
- * </pre>
- *
- * If an request attribute or subject DN component does not exist, the attribute is skipped. There is potential risk
- * that a wrong dn will be mapped into.
- *
- * @version $Revision$, $Date$
- */
-public class MapDNPattern {
-
-    /* the list of request attriubutes to retrieve*/
-    protected String[] mReqAttrs = null;
-
-    /* the list of cert attriubutes to retrieve*/
-    protected String[] mCertAttrs = null;
-
-    /* rdn patterns */
-    protected MapRDNPattern[] mRDNPatterns = null;
-
-    /* original pattern string */
-    protected String mPatternString = null;
-
-    protected String mTestDN = null;
-
-    /**
-     * Construct a DN pattern by parsing a pattern string.
-     *
-     * @param pattern the DN pattern
-     * @exception EBaseException If parsing error occurs.
-     */
-    public MapDNPattern(String pattern)
-            throws ELdapException {
-        if (pattern == null || pattern.equals("")) {
-            CMS.debug(
-                    "MapDNPattern: null pattern");
-        } else {
-            mPatternString = pattern;
-            PushbackReader in = new PushbackReader(new StringReader(pattern));
-
-            parse(in);
-        }
-    }
-
-    public MapDNPattern(PushbackReader in)
-            throws ELdapException {
-        parse(in);
-    }
-
-    private void parse(PushbackReader in)
-            throws ELdapException {
-        Vector<MapRDNPattern> rdnPatterns = new Vector<MapRDNPattern>();
-        MapRDNPattern rdnPattern = null;
-        int lastChar = -1;
-
-        do {
-            rdnPattern = new MapRDNPattern(in);
-            rdnPatterns.addElement(rdnPattern);
-            try {
-                lastChar = in.read();
-            } catch (IOException e) {
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-            }
-        } while (lastChar == ',');
-
-        mRDNPatterns = new MapRDNPattern[rdnPatterns.size()];
-        rdnPatterns.copyInto(mRDNPatterns);
-
-        Vector<String> reqAttrs = new Vector<String>();
-
-        for (int i = 0; i < mRDNPatterns.length; i++) {
-            String[] rdnAttrs = mRDNPatterns[i].getReqAttrs();
-
-            if (rdnAttrs != null && rdnAttrs.length > 0)
-                for (int j = 0; j < rdnAttrs.length; j++)
-                    reqAttrs.addElement(rdnAttrs[j]);
-        }
-        mReqAttrs = new String[reqAttrs.size()];
-        reqAttrs.copyInto(mReqAttrs);
-
-        Vector<String> certAttrs = new Vector<String>();
-
-        for (int i = 0; i < mRDNPatterns.length; i++) {
-            String[] rdnAttrs = mRDNPatterns[i].getCertAttrs();
-
-            if (rdnAttrs != null && rdnAttrs.length > 0)
-                for (int j = 0; j < rdnAttrs.length; j++)
-                    certAttrs.addElement(rdnAttrs[j]);
-        }
-        mCertAttrs = new String[certAttrs.size()];
-        certAttrs.copyInto(mCertAttrs);
-    }
-
-    /**
-     * Form a Ldap v3 DN string from a request and a cert subject name.
-     *
-     * @param req the request for (un)publish
-     * @param subject the subjectDN of the certificate
-     * @return Ldap v3 DN string to use for base ldap search.
-     */
-    public String formDN(IRequest req, X500Name subject, CertificateExtensions ext)
-            throws ELdapException {
-        StringBuffer formedDN = new StringBuffer();
-
-        for (int i = 0; i < mRDNPatterns.length; i++) {
-            if (mTestDN != null)
-                mRDNPatterns[i].mTestDN = mTestDN;
-            String rdn = mRDNPatterns[i].formRDN(req, subject, ext);
-
-            if (rdn != null && rdn.length() != 0) {
-                if (formedDN.length() != 0)
-                    formedDN.append(",");
-                formedDN.append(rdn);
-            } else {
-                throw new ELdapException("pattern not matched");
-            }
-        }
-        return formedDN.toString();
-    }
-
-    public String[] getReqAttrs() {
-        return mReqAttrs.clone();
-    }
-
-    public String[] getCertAttrs() {
-        return mCertAttrs.clone();
-    }
-}
diff --git a/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java b/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java
deleted file mode 100644
index 058294d7c..000000000
--- a/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java
+++ /dev/null
@@ -1,217 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.publish.mappers;
-
-import java.io.IOException;
-import java.io.PushbackReader;
-import java.io.StringReader;
-import java.util.Vector;
-
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.X500Name;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * class for parsing a DN pattern used to construct a ldap dn from
- * request attributes and cert subject name.
- * <p>
- *
- * dnpattern is a string representing a ldap dn pattern to formulate from the certificate subject name attributes and
- * request attributes . If empty or not set, the certificate subject name will be used as the ldap dn.
- * <p>
- *
- * The syntax is
- *
- * <pre>
- * 	dnPattern := rdnPattern *[ "," rdnPattern ]
- * 	rdnPattern := avaPattern *[ "+" avaPattern ]
- * 		avaPattern := name "=" value |
- * 			      name "=" "$subj" "." attrName [ "." attrNumber ] |
- * 			      name "=" "$req" "." attrName [ "." attrNumber ] |
- * 			 	  "$rdn" "." number
- * </pre>
- *
- * <pre>
- * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i>
- * cert subject name: dn:  CN=Certificate Manager, OU=people, O=mcom.com
- * request attributes: uid: cmanager
- * <p>
- * The dn formulated will be : <br>
- *     CN=Certificate Manager, OU=people, O=mcom.com
- * <p>
- * note: Subordinate ca enrollment will use ca mapper. Use predicate
- * to distinguish the ca itself and the subordinates.
- *
- * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, O=people, , O=mcom.com</i>
- * cert subject name: dn:  UID=jjames, OU=IS, O=people, , O=mcom.com
- * request attributes: uid: cmanager
- * <p>
- * The dn formulated will be : <br>
- *     UID=jjames, OU=IS, OU=people, O=mcom.com
- * <p>
- *     UID = the 'uid' attribute value in the request. <br>
- *     OU = the 'ou' value in the cert subject name.  <br>
- *     O = the string people, mcom.com. <br>
- * <p>
- * </pre>
- *
- * If an request attribute or subject DN component does not exist, the attribute is skipped.There is potential risk that
- * a wrong dn will be mapped into.
- *
- * @version $Revision$, $Date$
- */
-class MapRDNPattern {
-
-    /* the list of request attributes needed by this RDN  */
-    protected String[] mReqAttrs = null;
-
-    /* the list of cert attributes needed by this RDN  */
-    protected String[] mCertAttrs = null;
-
-    /* AVA patterns */
-    protected MapAVAPattern[] mAVAPatterns = null;
-
-    /* original pattern string */
-    protected String mPatternString = null;
-
-    protected String mTestDN = null;
-
-    /**
-     * Construct a DN pattern by parsing a pattern string.
-     *
-     * @param pattenr the DN pattern
-     * @exception ELdapException If parsing error occurs.
-     */
-    public MapRDNPattern(String pattern)
-            throws ELdapException {
-        if (pattern == null || pattern.equals("")) {
-            CMS.debug(
-                    "MapDNPattern: null pattern");
-        } else {
-            mPatternString = pattern;
-            PushbackReader in = new PushbackReader(new StringReader(pattern));
-
-            parse(in);
-        }
-    }
-
-    /**
-     * Construct a DN pattern from a input stream of pattern
-     */
-    public MapRDNPattern(PushbackReader in)
-            throws ELdapException {
-        parse(in);
-    }
-
-    private void parse(PushbackReader in)
-            throws ELdapException {
-        //System.out.println("_________ begin rdn _________");
-        Vector<MapAVAPattern> avaPatterns = new Vector<MapAVAPattern>();
-        MapAVAPattern avaPattern = null;
-        int lastChar;
-
-        do {
-            avaPattern = new MapAVAPattern(in);
-            avaPatterns.addElement(avaPattern);
-            //System.out.println("added AVAPattern"+
-            //" mType "+avaPattern.mType+
-            //" mAttr "+avaPattern.mAttr+
-            //" mValue "+avaPattern.mValue+
-            //" mElement "+avaPattern.mElement);
-            try {
-                lastChar = in.read();
-            } catch (IOException e) {
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-            }
-        } while (lastChar == '+');
-
-        if (lastChar != -1) {
-            try {
-                in.unread(lastChar); // pushback last ,
-            } catch (IOException e) {
-                throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-            }
-        }
-
-        mAVAPatterns = new MapAVAPattern[avaPatterns.size()];
-        avaPatterns.copyInto(mAVAPatterns);
-
-        Vector<String> reqAttrs = new Vector<String>();
-
-        for (int i = 0; i < mAVAPatterns.length; i++) {
-            String avaAttr = mAVAPatterns[i].getReqAttr();
-
-            if (avaAttr == null || avaAttr.length() == 0)
-                continue;
-            reqAttrs.addElement(avaAttr);
-        }
-        mReqAttrs = new String[reqAttrs.size()];
-        reqAttrs.copyInto(mReqAttrs);
-
-        Vector<String> certAttrs = new Vector<String>();
-
-        for (int i = 0; i < mAVAPatterns.length; i++) {
-            String avaAttr = mAVAPatterns[i].getCertAttr();
-
-            if (avaAttr == null || avaAttr.length() == 0)
-                continue;
-            certAttrs.addElement(avaAttr);
-        }
-        mCertAttrs = new String[certAttrs.size()];
-        certAttrs.copyInto(mCertAttrs);
-    }
-
-    /**
-     * Form a Ldap v3 DN string from a request and a cert subject name.
-     *
-     * @param req the request for (un)publish
-     * @param subject the subjectDN of the certificate
-     * @return Ldap v3 DN string to use for base ldap search.
-     */
-    public String formRDN(IRequest req, X500Name subject, CertificateExtensions ext)
-            throws ELdapException {
-        StringBuffer formedRDN = new StringBuffer();
-
-        for (int i = 0; i < mAVAPatterns.length; i++) {
-            if (mTestDN != null)
-                mAVAPatterns[i].mTestDN = mTestDN;
-            String ava = mAVAPatterns[i].formAVA(req, subject, ext);
-
-            if (ava != null && ava.length() > 0) {
-                if (formedRDN.length() != 0)
-                    formedRDN.append("+");
-                formedRDN.append(ava);
-            }
-        }
-        //System.out.println("formed RDN "+formedRDN.toString());
-        return formedRDN.toString();
-    }
-
-    public String[] getReqAttrs() {
-        return mReqAttrs.clone();
-    }
-
-    public String[] getCertAttrs() {
-        return mCertAttrs.clone();
-    }
-}
diff --git a/base/common/src/com/netscape/cms/publish/mappers/NoMap.java b/base/common/src/com/netscape/cms/publish/mappers/NoMap.java
deleted file mode 100644
index cc12714e2..000000000
--- a/base/common/src/com/netscape/cms/publish/mappers/NoMap.java
+++ /dev/null
@@ -1,104 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.publish.mappers;
-
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.ldap.LDAPConnection;
-
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.publish.ILdapMapper;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * No Map
- *
- * @version $Revision$, $Date$
- */
-public class NoMap implements ILdapMapper, IExtendedPluginInfo {
-
-    public IConfigStore mConfig = null;
-
-    /**
-     * constructor if initializing from config store.
-     */
-    public NoMap() {
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String params[] = {
-                IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-simplemapper",
-                IExtendedPluginInfo.HELP_TEXT + ";Describes how to form the name of the entry to publish to"
-            };
-
-        return params;
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    /**
-     * for initializing from config store.
-     */
-    public void init(IConfigStore config)
-            throws EBaseException {
-        mConfig = config;
-    }
-
-    /**
-     * Maps a X500 subject name to LDAP entry.
-     * Uses DN pattern to form a DN for a LDAP base search.
-     *
-     * @param conn the LDAP connection.
-     * @param obj the object to map.
-     * @exception ELdapException if any LDAP exceptions occured.
-     */
-    public String map(LDAPConnection conn, Object obj)
-            throws ELdapException {
-        return null;
-    }
-
-    public String map(LDAPConnection conn, IRequest req, Object obj)
-            throws ELdapException {
-        return null;
-    }
-
-    public String getImplName() {
-        return "NoMap";
-    }
-
-    public String getDescription() {
-        return "NoMap";
-    }
-
-    public Vector<String> getDefaultParams() {
-        Vector<String> v = new Vector<String>();
-        return v;
-    }
-
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = new Vector<String>();
-        return v;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java b/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java
deleted file mode 100644
index c48aa2db4..000000000
--- a/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java
+++ /dev/null
@@ -1,476 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.publish.publishers;
-
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.FilterOutputStream;
-import java.io.IOException;
-import java.io.PrintStream;
-import java.math.BigInteger;
-import java.security.cert.CRLException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.util.Locale;
-import java.util.TimeZone;
-import java.util.Vector;
-import java.util.zip.ZipEntry;
-import java.util.zip.ZipOutputStream;
-
-import netscape.ldap.LDAPConnection;
-
-import org.mozilla.jss.util.Base64OutputStream;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.ILdapPublisher;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * This publisher writes certificate and CRL into
- * a directory.
- *
- * @version $Revision$, $Date$
- */
-public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
-    private static final String PROP_DIR = "directory";
-    private static final String PROP_DER = "Filename.der";
-    private static final String PROP_B64 = "Filename.b64";
-    private static final String PROP_LNK = "latestCrlLink";
-    private static final String PROP_GMT = "timeStamp";
-    private static final String PROP_EXT = "crlLinkExt";
-    private static final String PROP_ZIP = "zipCRLs";
-    private static final String PROP_LEV = "zipLevel";
-    private IConfigStore mConfig = null;
-    private String mDir = null;
-    private ILogger mLogger = CMS.getLogger();
-    private String mCrlIssuingPointId;
-    protected boolean mDerAttr = true;
-    protected boolean mB64Attr = false;
-    protected boolean mLatestCRL = false;
-    protected boolean mZipCRL = false;
-    protected String mTimeStamp = null;
-    protected String mLinkExt = null;
-    protected int mZipLevel = 9;
-
-    public void setIssuingPointId(String crlIssuingPointId) {
-        mCrlIssuingPointId = crlIssuingPointId;
-    }
-
-    /**
-     * Returns the implementation name.
-     */
-    public String getImplName() {
-        return "FileBasedPublisher";
-    }
-
-    /**
-     * Returns the description of the ldap publisher.
-     */
-
-    public String getDescription() {
-        return "This publisher writes the Certificates and CRLs into files.";
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_DIR
-                        + ";string;Directory in which to put the files (absolute path or relative path to cert-* instance directory).",
-                PROP_DER + ";boolean;Store certificates or CRLs into *.der files.",
-                PROP_B64 + ";boolean;Store certificates or CRLs into *.b64 files.",
-                PROP_GMT
-                        + ";choice(LocalTime,GMT);Use local time or GMT to time stamp CRL file name with CRL's 'thisUpdate' field.",
-                PROP_LNK
-                        + ";boolean;Generate link to the latest binary CRL. It requires '" + PROP_DER
-                        + "' to be enabled.",
-                PROP_EXT
-                        + ";string;Name extension used by link to the latest CRL. Default name extension is 'der'.",
-                PROP_ZIP + ";boolean;Generate compressed CRLs.",
-                PROP_LEV + ";choice(0,1,2,3,4,5,6,7,8,9);Set compression level from 0 to 9.",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ldappublish-publisher-filepublisher",
-                IExtendedPluginInfo.HELP_TEXT
-                        +
-                        ";Stores the certificates or CRLs into files. Certificate is named as cert-<serialno>.der or *.b64, and CRL is named as <IssuingPoint>-<thisUpdate-time>.der or *.b64."
-        };
-
-        return params;
-    }
-
-    /**
-     * Returns the current instance parameters.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = new Vector<String>();
-        String dir = "";
-        String ext = "";
-
-        try {
-            dir = mConfig.getString(PROP_DIR);
-        } catch (EBaseException e) {
-        }
-        try {
-            ext = mConfig.getString(PROP_EXT);
-        } catch (EBaseException e) {
-        }
-        try {
-            mTimeStamp = mConfig.getString(PROP_GMT);
-        } catch (EBaseException e) {
-        }
-        try {
-            mZipLevel = mConfig.getInteger(PROP_LEV, 9);
-        } catch (EBaseException e) {
-        }
-        try {
-            if (mTimeStamp == null || (!mTimeStamp.equals("GMT")))
-                mTimeStamp = "LocalTime";
-            v.addElement(PROP_DIR + "=" + dir);
-            v.addElement(PROP_DER + "=" + mConfig.getBoolean(PROP_DER, true));
-            v.addElement(PROP_B64 + "=" + mConfig.getBoolean(PROP_B64, false));
-            v.addElement(PROP_GMT + "=" + mTimeStamp);
-            v.addElement(PROP_LNK + "=" + mConfig.getBoolean(PROP_LNK, false));
-            v.addElement(PROP_EXT + "=" + ext);
-            v.addElement(PROP_ZIP + "=" + mConfig.getBoolean(PROP_ZIP, false));
-            v.addElement(PROP_LEV + "=" + mZipLevel);
-        } catch (Exception e) {
-        }
-        return v;
-    }
-
-    /**
-     * Returns the initial default parameters.
-     */
-    public Vector<String> getDefaultParams() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement(PROP_DIR + "=");
-        v.addElement(PROP_DER + "=true");
-        v.addElement(PROP_B64 + "=false");
-        v.addElement(PROP_GMT + "=LocalTime");
-        v.addElement(PROP_LNK + "=false");
-        v.addElement(PROP_EXT + "=");
-        v.addElement(PROP_ZIP + "=false");
-        v.addElement(PROP_LEV + "=9");
-        return v;
-    }
-
-    /**
-     * Initializes this plugin.
-     */
-    public void init(IConfigStore config) {
-        mConfig = config;
-        String dir = null;
-
-        try {
-            dir = mConfig.getString(PROP_DIR, null);
-            mDerAttr = mConfig.getBoolean(PROP_DER, true);
-            mB64Attr = mConfig.getBoolean(PROP_B64, false);
-            mTimeStamp = mConfig.getString(PROP_GMT, "LocalTime");
-            mLatestCRL = mConfig.getBoolean(PROP_LNK, false);
-            mLinkExt = mConfig.getString(PROP_EXT, null);
-            mZipCRL = mConfig.getBoolean(PROP_ZIP, false);
-            mZipLevel = mConfig.getInteger(PROP_LEV, 9);
-        } catch (EBaseException e) {
-        }
-        if (dir == null) {
-            throw new RuntimeException("No Directory Specified");
-        }
-
-        // convert to forward slash
-        dir = dir.replace('\\', '/');
-        config.putString(PROP_DIR, dir);
-
-        File dirCheck = new File(dir);
-
-        if (dirCheck.isDirectory()) {
-            mDir = dir;
-        } else {
-            // maybe it is relative path
-            String mInstanceRoot = null;
-
-            try {
-                mInstanceRoot = CMS.getConfigStore().getString("instanceRoot");
-            } catch (Exception e) {
-                throw new RuntimeException("Invalid Instance Dir " + e);
-            }
-            dirCheck = new File(mInstanceRoot +
-                        File.separator + dir);
-            if (dirCheck.isDirectory()) {
-                mDir = mInstanceRoot + File.separator + dir;
-            } else {
-                throw new RuntimeException("Invalid Directory " + dir);
-            }
-        }
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    private String[] getCrlNamePrefix(X509CRL crl, boolean useGMT) {
-        String[] namePrefix = { "crl", "crl" };
-
-        if (mCrlIssuingPointId != null && mCrlIssuingPointId.length() != 0) {
-            namePrefix[0] = mCrlIssuingPointId;
-            namePrefix[1] = mCrlIssuingPointId;
-        }
-        java.text.SimpleDateFormat format = new java.text.SimpleDateFormat("yyyyMMdd-HHmmss");
-        TimeZone tz = TimeZone.getTimeZone("GMT");
-        if (useGMT)
-            format.setTimeZone(tz);
-        String timeStamp = format.format(crl.getThisUpdate()).toString();
-        namePrefix[0] += "-" + timeStamp;
-        if (((netscape.security.x509.X509CRLImpl) crl).isDeltaCRL()) {
-            namePrefix[0] += "-delta";
-            namePrefix[1] += "-delta";
-        }
-
-        return namePrefix;
-    }
-
-    private void createLink(String linkName, String fileName) {
-        String cmd = "ln -s " + fileName + " " + linkName + ".new";
-        if (com.netscape.cmsutil.util.Utils.exec(cmd)) {
-            File oldLink = new File(linkName + ".old");
-            if (oldLink.exists()) { // remove old link if exists
-                oldLink.delete();
-            }
-            File link = new File(linkName);
-            if (link.exists()) { // current link becomes an old link
-                link.renameTo(new File(linkName + ".old"));
-            }
-            File newLink = new File(linkName + ".new");
-            if (newLink.exists()) { // new link becomes current link
-                newLink.renameTo(new File(linkName));
-            }
-            oldLink = new File(linkName + ".old");
-            if (oldLink.exists()) { // remove a new old link
-                oldLink.delete();
-            }
-        } else {
-            CMS.debug("FileBasedPublisher:  createLink: '" + cmd + "' --- failed");
-        }
-    }
-
-    /**
-     * Publishs a object to the ldap directory.
-     *
-     * @param conn a Ldap connection
-     *            (null if LDAP publishing is not enabled)
-     * @param dn dn of the ldap entry to publish cert
-     *            (null if LDAP publishing is not enabled)
-     * @param object object to publish
-     *            (java.security.cert.X509Certificate or,
-     *            java.security.cert.X509CRL)
-     */
-    public void publish(LDAPConnection conn, String dn, Object object)
-            throws ELdapException {
-        CMS.debug("FileBasedPublisher: publish");
-
-        try {
-            if (object instanceof X509Certificate) {
-                X509Certificate cert = (X509Certificate) object;
-                BigInteger sno = cert.getSerialNumber();
-                String name = mDir +
-                        File.separator + "cert-" +
-                        sno.toString();
-                if (mDerAttr) {
-                    FileOutputStream fos = null;
-                    try {
-                        String fileName = name + ".der";
-                        fos = new FileOutputStream(fileName);
-                        fos.write(cert.getEncoded());
-                    } finally {
-                        if (fos != null)
-                            fos.close();
-                    }
-                }
-                if (mB64Attr) {
-                    String fileName = name + ".b64";
-                    PrintStream ps = null;
-                    Base64OutputStream b64 = null;
-                    FileOutputStream fos = null;
-                    try {
-                        fos = new FileOutputStream(fileName);
-                        ByteArrayOutputStream output = new ByteArrayOutputStream();
-                        b64 = new Base64OutputStream(new PrintStream(new FilterOutputStream(output)));
-                        b64.write(cert.getEncoded());
-                        b64.flush();
-                        ps = new PrintStream(fos);
-                        ps.print(output.toString("8859_1"));
-                    } finally {
-                        if (ps != null) {
-                            ps.close();
-                        }
-                        if (b64 != null) {
-                            b64.close();
-                        }
-                        if (fos != null)
-                            fos.close();
-                    }
-                }
-            } else if (object instanceof X509CRL) {
-                X509CRL crl = (X509CRL) object;
-                String[] namePrefix = getCrlNamePrefix(crl, mTimeStamp.equals("GMT"));
-                String baseName = mDir + File.separator + namePrefix[0];
-                String tempFile = baseName + ".temp";
-                ZipOutputStream zos = null;
-                byte[] encodedArray = null;
-                File destFile = null;
-                String destName = null;
-                File renameFile = null;
-
-                if (mDerAttr) {
-                    FileOutputStream fos = null;
-                    try {
-                        fos = new FileOutputStream(tempFile);
-                        encodedArray = crl.getEncoded();
-                        fos.write(encodedArray);
-                    } finally {
-                        if (fos != null)
-                            fos.close();
-                    }
-                    if (mZipCRL) {
-                        try {
-                            zos = new ZipOutputStream(new FileOutputStream(baseName + ".zip"));
-                            zos.setLevel(mZipLevel);
-                            zos.putNextEntry(new ZipEntry(baseName + ".der"));
-                            zos.write(encodedArray, 0, encodedArray.length);
-                            zos.closeEntry();
-                        } finally {
-                            if (zos != null)
-                                zos.close();
-                        }
-                    }
-                    destName = baseName + ".der";
-                    destFile = new File(destName);
-
-                    if (destFile.exists()) {
-                        destFile.delete();
-                    }
-                    renameFile = new File(tempFile);
-                    renameFile.renameTo(destFile);
-
-                    if (mLatestCRL) {
-                        String linkExt = ".";
-                        if (mLinkExt != null && mLinkExt.length() > 0) {
-                            linkExt += mLinkExt;
-                        } else {
-                            linkExt += "der";
-                        }
-                        String linkName = mDir + File.separator + namePrefix[1] + linkExt;
-                        createLink(linkName, destName);
-                        if (mZipCRL) {
-                            linkName = mDir + File.separator + namePrefix[1] + ".zip";
-                            createLink(linkName, baseName + ".zip");
-                        }
-                    }
-                }
-
-                // output base64 file
-                if (mB64Attr == true) {
-                    if (encodedArray == null)
-                        encodedArray = crl.getEncoded();
-                    FileOutputStream fos = null;
-                    try {
-                        fos = new FileOutputStream(tempFile);
-                        fos.write(Utils.base64encode(encodedArray).getBytes());
-                    } finally {
-                        if (fos != null)
-                            fos.close();
-                    }
-                    destName = baseName + ".b64";
-                    destFile = new File(destName);
-
-                    if (destFile.exists()) {
-                        destFile.delete();
-                    }
-                    renameFile = new File(tempFile);
-                    renameFile.renameTo(destFile);
-                }
-            }
-        } catch (IOException e) {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString()));
-        } catch (CertificateEncodingException e) {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString()));
-        } catch (CRLException e) {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString()));
-        }
-    }
-
-    /**
-     * Unpublishs a object to the ldap directory.
-     *
-     * @param conn the Ldap connection
-     *            (null if LDAP publishing is not enabled)
-     * @param dn dn of the ldap entry to unpublish cert
-     *            (null if LDAP publishing is not enabled)
-     * @param object object to unpublish
-     *            (java.security.cert.X509Certificate)
-     */
-    public void unpublish(LDAPConnection conn, String dn, Object object)
-            throws ELdapException {
-        CMS.debug("FileBasedPublisher: unpublish");
-        String name = mDir + File.separator;
-        String fileName;
-
-        if (object instanceof X509Certificate) {
-            X509Certificate cert = (X509Certificate) object;
-            BigInteger sno = cert.getSerialNumber();
-            name += "cert-" + sno.toString();
-        } else if (object instanceof X509CRL) {
-            X509CRL crl = (X509CRL) object;
-            String[] namePrefix = getCrlNamePrefix(crl, mTimeStamp.equals("GMT"));
-            name += namePrefix[0];
-
-            fileName = name + ".zip";
-            File f = new File(fileName);
-            f.delete();
-        }
-        fileName = name + ".der";
-        File f = new File(fileName);
-        f.delete();
-
-        fileName = name + ".b64";
-        f = new File(fileName);
-        f.delete();
-    }
-
-    /**
-     * returns the Der attribute where it'll be published.
-     */
-    public boolean getDerAttr() {
-        return mDerAttr;
-    }
-
-    /**
-     * returns the B64 attribute where it'll be published.
-     */
-    public boolean getB64Attr() {
-        return mB64Attr;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java b/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java
deleted file mode 100644
index 06050480e..000000000
--- a/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java
+++ /dev/null
@@ -1,420 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.publish.publishers;
-
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPModification;
-import netscape.ldap.LDAPModificationSet;
-import netscape.ldap.LDAPSSLSocketFactoryExt;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.ldap.ELdapServerDownException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.ILdapPublisher;
-
-/**
- * Interface for publishing a CA certificate to
- *
- * @version $Revision$, $Date$
- */
-public class LdapCaCertPublisher
-        implements ILdapPublisher, IExtendedPluginInfo {
-    public static final String LDAP_CACERT_ATTR = "caCertificate;binary";
-    public static final String LDAP_CA_OBJECTCLASS = "pkiCA";
-    public static final String LDAP_ARL_ATTR = "authorityRevocationList;binary";
-    public static final String LDAP_CRL_ATTR = "certificateRevocationList;binary";
-
-    protected String mCaCertAttr = LDAP_CACERT_ATTR;
-    protected String mCaObjectclass = LDAP_CA_OBJECTCLASS;
-    protected String mObjAdded = "";
-    protected String mObjDeleted = "";
-
-    private ILogger mLogger = CMS.getLogger();
-    private boolean mInited = false;
-    protected IConfigStore mConfig = null;
-
-    /**
-     * constructor constructs default values.
-     */
-    public LdapCaCertPublisher() {
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String s[] = {
-                "caCertAttr;string;Name of Ldap attribute in which to store certificate",
-                "caObjectClass;string;The name of the objectclasses which should be " +
-                        "added to this entry, if they do not already exist. This can be " +
-                        "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ldappublish-publisher-cacertpublisher",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";This plugin knows how to publish the CA cert to " +
-                        "'certificateAuthority' and 'pkiCA' -type entries"
-            };
-
-        return s;
-    }
-
-    public String getImplName() {
-        return "LdapCaCertPublisher";
-    }
-
-    public String getDescription() {
-        return "LdapCaCertPublisher";
-    }
-
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement("caCertAttr=" + mCaCertAttr);
-        v.addElement("caObjectClass=" + mCaObjectclass);
-        return v;
-    }
-
-    public Vector<String> getDefaultParams() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement("caCertAttr=" + mCaCertAttr);
-        v.addElement("caObjectClass=" + mCaObjectclass);
-        return v;
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    public void init(IConfigStore config)
-            throws EBaseException {
-        if (mInited)
-            return;
-        mConfig = config;
-        mCaCertAttr = mConfig.getString("caCertAttr", LDAP_CACERT_ATTR);
-        mCaObjectclass = mConfig.getString("caObjectClass",
-                    LDAP_CA_OBJECTCLASS);
-        mObjAdded = mConfig.getString("caObjectClassAdded", "");
-        mObjDeleted = mConfig.getString("caObjectClassDeleted", "");
-        mInited = true;
-    }
-
-    // don't think anyone would ever use this but just in case.
-    public LdapCaCertPublisher(String caCertAttr, String caObjectclass) {
-        mCaCertAttr = caCertAttr;
-        mCaObjectclass = caObjectclass;
-        mInited = true;
-    }
-
-    /**
-     * Gets the CA object class to convert to.
-     */
-    public String getCAObjectclass() {
-        return mCaObjectclass;
-    }
-
-    /**
-     * returns the ca cert attribute where it'll be published.
-     */
-    public String getCaCertAttrName() {
-        return mCaCertAttr;
-    }
-
-    /**
-     * publish a CA certificate
-     * Adds the cert to the multi-valued certificate attribute as a
-     * DER encoded binary blob. Does not check if cert already exists.
-     * Converts the class to certificateAuthority.
-     *
-     * @param conn the LDAP connection
-     * @param dn dn of the entry to publish the certificate
-     * @param certObj the certificate object.
-     */
-    public void publish(LDAPConnection conn, String dn, Object certObj)
-            throws ELdapException {
-        if (conn == null) {
-            log(ILogger.LL_INFO, "LdapCaCertPublisher: no LDAP connection");
-            return;
-        }
-
-        try {
-            mCaCertAttr = mConfig.getString("caCertAttr", LDAP_CACERT_ATTR);
-            mCaObjectclass = mConfig.getString("caObjectClass", LDAP_CA_OBJECTCLASS);
-        } catch (EBaseException e) {
-        }
-
-        // Bugscape #56124 - support multiple publishing directory
-        // see if we should create local connection
-        LDAPConnection altConn = null;
-        try {
-            String host = mConfig.getString("host", null);
-            String port = mConfig.getString("port", null);
-            if (host != null && port != null) {
-                int portVal = Integer.parseInt(port);
-                int version = Integer.parseInt(mConfig.getString("version", "2"));
-                String cert_nick = mConfig.getString("clientCertNickname", null);
-                LDAPSSLSocketFactoryExt sslSocket = null;
-                if (cert_nick != null) {
-                    sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
-                }
-                String mgr_dn = mConfig.getString("bindDN", null);
-                String mgr_pwd = mConfig.getString("bindPWD", null);
-
-                altConn = CMS.getBoundConnection(host, portVal,
-                        version,
-                        sslSocket, mgr_dn, mgr_pwd);
-                conn = altConn;
-            }
-        } catch (LDAPException e) {
-            CMS.debug("Failed to create alt connection " + e);
-        } catch (EBaseException e) {
-            CMS.debug("Failed to create alt connection " + e);
-        }
-
-        if (!(certObj instanceof X509Certificate))
-            throw new IllegalArgumentException("Illegal arg to publish");
-
-        X509Certificate cert = (X509Certificate) certObj;
-
-        try {
-            byte[] certEnc = cert.getEncoded();
-
-            /* search for attribute names to determine existence of attributes */
-            LDAPSearchResults res =
-                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
-                            new String[] { LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true);
-            LDAPEntry entry = res.next();
-            LDAPAttribute arls = entry.getAttribute(LDAP_ARL_ATTR);
-            LDAPAttribute crls = entry.getAttribute(LDAP_CRL_ATTR);
-
-            /* search for objectclass and caCert values */
-            LDAPSearchResults res1 =
-                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
-                            new String[] { "objectclass", mCaCertAttr }, false);
-            LDAPEntry entry1 = res1.next();
-            LDAPAttribute ocs = entry1.getAttribute("objectclass");
-            LDAPAttribute certs = entry1.getAttribute(mCaCertAttr);
-
-            boolean hasCert =
-                    LdapUserCertPublisher.ByteValueExists(certs, certEnc);
-
-            LDAPModificationSet modSet = new LDAPModificationSet();
-
-            if (hasCert) {
-                log(ILogger.LL_INFO, "publish: CA " + dn + " already has Cert");
-            } else {
-                /*
-                 fix for 360458 - if no cert, use add, if has cert but
-                 not equal, use replace
-                 */
-                if (certs == null) {
-                    modSet.add(LDAPModification.ADD,
-                            new LDAPAttribute(mCaCertAttr, certEnc));
-                    log(ILogger.LL_INFO, "CA cert added");
-                } else {
-                    modSet.add(LDAPModification.REPLACE,
-                            new LDAPAttribute(mCaCertAttr, certEnc));
-                    log(ILogger.LL_INFO, "CA cert replaced");
-                }
-            }
-
-            String[] oclist = mCaObjectclass.split(",");
-
-            boolean attrsAdded = false;
-            for (int i = 0; i < oclist.length; i++) {
-                String oc = oclist[i].trim();
-                boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc);
-                if (!hasoc) {
-                    log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + dn);
-                    modSet.add(LDAPModification.ADD,
-                            new LDAPAttribute("objectclass", oc));
-
-                    if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) {
-                        // add MUST attributes
-                        if (arls == null)
-                            modSet.add(LDAPModification.ADD,
-                                    new LDAPAttribute(LDAP_ARL_ATTR, ""));
-                        if (crls == null)
-                            modSet.add(LDAPModification.ADD,
-                                    new LDAPAttribute(LDAP_CRL_ATTR, ""));
-                        attrsAdded = true;
-                    }
-                }
-            }
-
-            // delete objectclasses that have been deleted from config
-            String[] delList = mObjDeleted.split(",");
-            if (delList.length > 0) {
-                for (int i = 0; i < delList.length; i++) {
-                    String deloc = delList[i].trim();
-                    boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc);
-                    boolean match = false;
-                    for (int j = 0; j < oclist.length; j++) {
-                        if ((oclist[j].trim()).equals(deloc)) {
-                            match = true;
-                            break;
-                        }
-                    }
-                    if (!match && hasoc) {
-                        log(ILogger.LL_INFO, "deleting CA objectclass " + deloc + " from " + dn);
-                        modSet.add(LDAPModification.DELETE,
-                                new LDAPAttribute("objectclass", deloc));
-                    }
-                }
-            }
-
-            // reset mObjAdded and mObjDeleted, if needed
-            if ((!mObjAdded.equals("")) || (!mObjDeleted.equals(""))) {
-                mObjAdded = "";
-                mObjDeleted = "";
-                mConfig.putString("caObjectClassAdded", "");
-                mConfig.putString("caObjectClassDeleted", "");
-                try {
-                    mConfig.commit(false);
-                } catch (Exception e) {
-                    log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted");
-                }
-            }
-
-            if (modSet.size() > 0)
-                conn.modify(dn, modSet);
-        } catch (CertificateEncodingException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", dn));
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                // need to intercept this because message from LDAP is
-                // "DSA is unavailable" which confuses with DSA PKI.
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
-                throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
-                        + conn.getPort()));
-            } else {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString()));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CACERT_ERROR", e.toString()));
-            }
-        } finally {
-            if (altConn != null) {
-                try {
-                    altConn.disconnect();
-                } catch (LDAPException e) {
-                    // safely ignored
-                }
-            }
-        }
-
-        return;
-    }
-
-    /**
-     * deletes the certificate from CA's certificate attribute.
-     * if it's the last cert will also remove the certificateAuthority
-     * objectclass.
-     */
-    public void unpublish(LDAPConnection conn, String dn, Object certObj)
-            throws ELdapException {
-        if (!(certObj instanceof X509Certificate))
-            throw new IllegalArgumentException("Illegal arg to publish");
-
-        X509Certificate cert = (X509Certificate) certObj;
-
-        try {
-            mCaCertAttr = mConfig.getString("caCertAttr", LDAP_CACERT_ATTR);
-            mCaObjectclass = mConfig.getString("caObjectClass", LDAP_CA_OBJECTCLASS);
-        } catch (EBaseException e) {
-        }
-
-        try {
-            byte[] certEnc = cert.getEncoded();
-
-            LDAPSearchResults res =
-                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
-                            new String[] { mCaCertAttr, "objectclass" }, false);
-
-            LDAPEntry entry = res.next();
-            LDAPAttribute certs = entry.getAttribute(mCaCertAttr);
-            LDAPAttribute ocs = entry.getAttribute("objectclass");
-
-            boolean hasCert =
-                    LdapUserCertPublisher.ByteValueExists(certs, certEnc);
-
-            if (!hasCert) {
-                log(ILogger.LL_INFO, "unpublish: " + dn + " has not cert already");
-                //throw new ELdapException(
-                //		  LdapResources.ALREADY_UNPUBLISHED_1, dn);
-                return;
-            }
-
-            LDAPModificationSet modSet = new LDAPModificationSet();
-
-            modSet.add(LDAPModification.DELETE,
-                    new LDAPAttribute(mCaCertAttr, certEnc));
-            if (certs.size() == 1) {
-                // if last ca cert, remove oc also.
-
-                String[] oclist = mCaObjectclass.split(",");
-                for (int i = 0; i < oclist.length; i++) {
-                    String oc = oclist[i].trim();
-                    boolean hasOC = LdapUserCertPublisher.StringValueExists(ocs, oc);
-                    if (hasOC) {
-                        log(ILogger.LL_INFO, "unpublish: deleting CA oc" + oc + " from " + dn);
-                        modSet.add(LDAPModification.DELETE,
-                                new LDAPAttribute("objectclass", oc));
-                    }
-                }
-            }
-            conn.modify(dn, modSet);
-        } catch (CertificateEncodingException e) {
-            CMS.debug("LdapCaCertPublisher: unpublish: Cannot decode cert for " + dn);
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                // need to intercept this because message from LDAP is
-                // "DSA is unavailable" which confuses with DSA PKI.
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
-                throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
-                        + conn.getPort()));
-            } else {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_CACERT_ERROR", e.toString()));
-            }
-        }
-        return;
-    }
-
-    /**
-     * handy routine for logging in this class.
-     */
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-                "LdapCaPublisher: " + msg);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java b/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java
deleted file mode 100644
index ac2b64973..000000000
--- a/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java
+++ /dev/null
@@ -1,345 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.publish.publishers;
-
-import java.io.IOException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.Enumeration;
-import java.util.Vector;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPModification;
-import netscape.ldap.LDAPModificationSet;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.ldap.ELdapServerDownException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.ILdapPublisher;
-
-/**
- * Interface for mapping a X509 certificate to a LDAP entry
- * Publishes a certificate as binary and its subject name.
- * there is one subject name value for each certificate.
- *
- * @version $Revision$, $Date$
- */
-public class LdapCertSubjPublisher implements ILdapPublisher {
-    public static final String LDAP_CERTSUBJNAME_ATTR = "certSubjectName";
-    protected String mCertAttr = LdapUserCertPublisher.LDAP_USERCERT_ATTR;
-    protected String mSubjNameAttr = LDAP_CERTSUBJNAME_ATTR;
-
-    private ILogger mLogger = CMS.getLogger();
-    private boolean mInited = false;
-    protected IConfigStore mConfig = null;
-
-    /**
-     * constructor using default certificate subject name and attribute for
-     * publishing subject name.
-     */
-    public LdapCertSubjPublisher() {
-    }
-
-    public String getImplName() {
-        return "LdapCertSubjPublisher";
-    }
-
-    public String getDescription() {
-        return "LdapCertSubjPublisher";
-    }
-
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement("certAttr=" + mCertAttr);
-        v.addElement("subjectNameAttr=" + mSubjNameAttr);
-        return v;
-    }
-
-    public Vector<String> getDefaultParams() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement("certAttr=" + mCertAttr);
-        v.addElement("subjectNameAttr=" + mSubjNameAttr);
-        return v;
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    public void init(IConfigStore config)
-            throws EBaseException {
-        if (mInited)
-            return;
-        mConfig = config;
-        mCertAttr = mConfig.getString("certAttr",
-                    LdapUserCertPublisher.LDAP_USERCERT_ATTR);
-        mSubjNameAttr = mConfig.getString("certSubjectName",
-                    LDAP_CERTSUBJNAME_ATTR);
-        mInited = true;
-    }
-
-    /**
-     * constrcutor using specified certificate attribute and
-     * certificate subject name attribute.
-     */
-    public LdapCertSubjPublisher(String certAttr, String subjNameAttr) {
-        mCertAttr = certAttr;
-        mSubjNameAttr = subjNameAttr;
-    }
-
-    public String getCertAttr() {
-        return mCertAttr;
-    }
-
-    public String getSubjNameAttr() {
-        return mSubjNameAttr;
-    }
-
-    public void setSubjNameAttr(String subjNameAttr) {
-        mSubjNameAttr = subjNameAttr;
-    }
-
-    public void setCertAttr(String certAttr) {
-        mCertAttr = certAttr;
-    }
-
-    /**
-     * publish a user certificate
-     * Adds the cert to the multi-valued certificate attribute as a
-     * DER encoded binary blob. Does not check if cert already exists.
-     * Then adds the subject name of the cert to the subject name attribute.
-     *
-     * @param conn the LDAP connection
-     * @param dn dn of the entry to publish the certificate
-     * @param certObj the certificate object.
-     * @exception ELdapException if cert or subject name already exists,
-     *                if cert encoding fails, if getting cert subject name fails.
-     *                Use ELdapException.getException() to find underlying exception.
-     */
-    public void publish(LDAPConnection conn, String dn, Object certObj)
-            throws ELdapException {
-        if (conn == null) {
-            log(ILogger.LL_INFO, "LdapCertSubjPublisher: no LDAP connection");
-            return;
-        }
-
-        if (!(certObj instanceof X509Certificate))
-            throw new IllegalArgumentException("Illegal arg to publish");
-
-        X509Certificate cert = (X509Certificate) certObj;
-
-        try {
-            boolean hasCert = false, hasSubjname = false;
-            byte[] certEnc = cert.getEncoded();
-            String subjName = ((X500Name) cert.getSubjectDN()).toLdapDNString();
-
-            LDAPSearchResults res =
-                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
-                            new String[] { mCertAttr, mSubjNameAttr }, false);
-
-            LDAPEntry entry = res.next();
-            LDAPAttribute certs = entry.getAttribute(mCertAttr);
-            LDAPAttribute subjnames = entry.getAttribute(mSubjNameAttr);
-
-            // check if has cert already.
-            if (certs != null) {
-                hasCert = LdapUserCertPublisher.ByteValueExists(certs, certEnc);
-            }
-
-            // check if has subject name already.
-            if (subjnames != null) {
-                hasSubjname =
-                        LdapUserCertPublisher.StringValueExists(subjnames, subjName);
-            }
-
-            // if has both, done.
-            if (hasCert && hasSubjname) {
-                log(ILogger.LL_INFO,
-                        "publish: " + subjName + " already has cert & subject name");
-                return;
-            }
-
-            // add cert if not already there.
-            LDAPModificationSet modSet = new LDAPModificationSet();
-
-            if (!hasCert) {
-                log(ILogger.LL_INFO, "publish: adding cert to " + subjName);
-                modSet.add(LDAPModification.ADD,
-                        new LDAPAttribute(mCertAttr, certEnc));
-            }
-            // add subject name if not already there.
-            if (!hasSubjname) {
-                log(ILogger.LL_INFO, "publish: adding " + subjName + " to " + dn);
-                modSet.add(LDAPModification.ADD,
-                        new LDAPAttribute(mSubjNameAttr, subjName));
-            }
-            conn.modify(dn, modSet);
-        } catch (CertificateEncodingException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                // need to intercept this because message from LDAP is
-                // "DSA is unavailable" which confuses with DSA PKI.
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
-                throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
-                        + conn.getPort()));
-            } else {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString()));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString()));
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString()));
-        }
-    }
-
-    /**
-     * deletes the certificate from the list of certificates.
-     * does not check if certificate is already there.
-     * also takes out the subject name if no other certificate remain
-     * with the same subject name.
-     */
-    public void unpublish(LDAPConnection conn, String dn, Object certObj)
-            throws ELdapException {
-        if (!(certObj instanceof X509Certificate))
-            throw new IllegalArgumentException("Illegal arg to publish");
-
-        try {
-            boolean hasCert = false, hasSubjname = false;
-            boolean hasAnotherCert = false;
-            X509Certificate cert = (X509Certificate) certObj;
-            String subjName = ((X500Name) cert.getSubjectDN()).toLdapDNString();
-
-            byte[] certEnc = cert.getEncoded();
-
-            LDAPSearchResults res =
-                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
-                            new String[] { mCertAttr, mSubjNameAttr }, false);
-
-            LDAPEntry entry = res.next();
-            LDAPAttribute certs = entry.getAttribute(mCertAttr);
-            LDAPAttribute subjnames = entry.getAttribute(mSubjNameAttr);
-
-            // check for cert and other certs with same subject name.
-            if (certs != null) {
-                hasCert = LdapUserCertPublisher.ByteValueExists(certs, certEnc);
-                // check for other certs with the same subject name
-                @SuppressWarnings("unchecked")
-                Enumeration<byte[]> vals = certs.getByteValues();
-                byte[] val = null;
-
-                while (vals.hasMoreElements()) {
-                    val = vals.nextElement();
-                    if (PublisherUtils.byteArraysAreEqual(certEnc, val)) {
-                        hasCert = true;
-                        continue;
-                    }
-                    try {
-                        X509CertImpl certval = new X509CertImpl(val);
-                        // XXX use some sort of X500name equals function here.
-                        String subjnam =
-                                ((X500Name) certval.getSubjectDN()).toLdapDNString();
-
-                        if (subjnam.equalsIgnoreCase(subjName)) {
-                            hasAnotherCert = true;
-                        }
-                    } catch (CertificateEncodingException e) {
-                        // ignore this certificate.
-                        CMS.debug(
-                                "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered");
-                    } catch (CertificateException e) {
-                        // ignore this certificate.
-                        CMS.debug(
-                                "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered");
-                    }
-                }
-            }
-
-            // check if doesn't have subject name already.
-            if (subjnames != null) {
-                hasSubjname =
-                        LdapUserCertPublisher.StringValueExists(subjnames, subjName);
-            }
-
-            // if doesn't have both, done.
-            if (!hasCert && !hasSubjname) {
-                log(ILogger.LL_INFO,
-                        "unpublish: " + subjName + " already has not cert & subjname");
-                return;
-            }
-
-            // delete cert if there.
-            LDAPModificationSet modSet = new LDAPModificationSet();
-
-            if (hasCert) {
-                log(ILogger.LL_INFO,
-                        "unpublish: deleting cert " + subjName + " from " + dn);
-                modSet.add(LDAPModification.DELETE,
-                        new LDAPAttribute(mCertAttr, certEnc));
-            }
-            // delete subject name if no other cert has the same name.
-            if (hasSubjname && !hasAnotherCert) {
-                log(ILogger.LL_INFO,
-                        "unpublish: deleting subject name " + subjName + " from " + dn);
-                modSet.add(LDAPModification.DELETE,
-                        new LDAPAttribute(mSubjNameAttr, subjName));
-            }
-            conn.modify(dn, modSet);
-        } catch (CertificateEncodingException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_LDAP_DN_STRING_FAILED", e.toString()));
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                // need to intercept this because message from LDAP is
-                // "DSA is unavailable" which confuses with DSA PKI.
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
-                throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
-                        + conn.getPort()));
-            } else {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString()));
-            }
-        }
-        return;
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-                "LdapCertSubjPublisher: " + msg);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java b/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java
deleted file mode 100644
index 014cc0e5e..000000000
--- a/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java
+++ /dev/null
@@ -1,318 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.publish.publishers;
-
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPModification;
-import netscape.ldap.LDAPModificationSet;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.ldap.ELdapServerDownException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.ILdapPublisher;
-
-/**
- * module for publishing a cross certificate pair to ldap
- * crossCertificatePair attribute
- *
- * @version $Revision$, $Date$
- */
-public class LdapCertificatePairPublisher
-        implements ILdapPublisher, IExtendedPluginInfo {
-    public static final String LDAP_CROSS_CERT_PAIR_ATTR = "crossCertificatePair;binary";
-    public static final String LDAP_CA_OBJECTCLASS = "pkiCA";
-    public static final String LDAP_ARL_ATTR = "authorityRevocationList;binary";
-    public static final String LDAP_CRL_ATTR = "certificateRevocationList;binary";
-    public static final String LDAP_CACERT_ATTR = "caCertificate;binary";
-
-    protected String mCrossCertPairAttr = LDAP_CROSS_CERT_PAIR_ATTR;
-    protected String mCaObjectclass = LDAP_CA_OBJECTCLASS;
-    protected String mObjAdded = "";
-    protected String mObjDeleted = "";
-
-    private ILogger mLogger = CMS.getLogger();
-    private boolean mInited = false;
-    protected IConfigStore mConfig = null;
-
-    /**
-     * constructor constructs default values.
-     */
-    public LdapCertificatePairPublisher() {
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String s[] = {
-                "crossCertPairAttr;string;Name of Ldap attribute in which to store cross certificates",
-                "caObjectClass;string;The name of the objectclasses which should be " +
-                        "added to this entry, if they do not already exist. This can be " +
-                        "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ldappublish-publisher-crosscertpairpublisher",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";This plugin knows how to publish the CA cert to " +
-                        "'certificateAuthority' and 'pkiCA' -type entries"
-            };
-
-        return s;
-    }
-
-    public String getImplName() {
-        return "LdapCertificatePairPublisher";
-    }
-
-    public String getDescription() {
-        return "LdapCertificatePairPublisher";
-    }
-
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement("crossCertPairAttr=" + mCrossCertPairAttr);
-        v.addElement("caObjectClass=" + mCaObjectclass);
-        return v;
-    }
-
-    public Vector<String> getInstanceParamsWithExtras() {
-        return getInstanceParams();
-    }
-
-    public Vector<String> getDefaultParams() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement("crossCertPairAttr=" + mCrossCertPairAttr);
-        v.addElement("caObjectClass=" + mCaObjectclass);
-        return v;
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    public void init(IConfigStore config)
-            throws EBaseException {
-        if (mInited)
-            return;
-        mConfig = config;
-        mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", LDAP_CROSS_CERT_PAIR_ATTR);
-        mCaObjectclass = mConfig.getString("caObjectClass",
-                    LDAP_CA_OBJECTCLASS);
-        mObjAdded = mConfig.getString("caObjectClassAdded", "");
-        mObjDeleted = mConfig.getString("caObjectClassDeleted", "");
-
-        mInited = true;
-    }
-
-    // don't think anyone would ever use this but just in case.
-    public LdapCertificatePairPublisher(String crossCertPairAttr, String caObjectclass) {
-        mCrossCertPairAttr = crossCertPairAttr;
-        mCaObjectclass = caObjectclass;
-        mInited = true;
-    }
-
-    /**
-     * Gets the Certificate Authority object class to convert to.
-     */
-    public String getCAObjectclass() {
-        return mCaObjectclass;
-    }
-
-    /**
-     * returns the cross cert pair attribute where it'll be published.
-     */
-    public String getXCertAttrName() {
-        return mCrossCertPairAttr;
-    }
-
-    /**
-     * publish a certificatePair
-     * -should not be called from listeners.
-     *
-     * @param conn the LDAP connection
-     * @param dn dn of the entry to publish the XcertificatePair
-     * @param pair the Xcertificate bytes object.
-     */
-    public synchronized void publish(LDAPConnection conn, String dn, Object pair)
-            throws ELdapException {
-        publish(conn, dn, (byte[]) pair);
-    }
-
-    /**
-     * publish a certificatePair
-     * -should not be called from listeners.
-     *
-     * @param conn the LDAP connection
-     * @param dn dn of the entry to publish the XcertificatePair
-     * @param pair the cross cert bytes
-     */
-    public synchronized void publish(LDAPConnection conn, String dn,
-            byte[] pair)
-            throws ELdapException {
-
-        if (conn == null) {
-            log(ILogger.LL_INFO, "LdapCertificatePairPublisher: no LDAP connection");
-            return;
-        }
-
-        try {
-            mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", LDAP_CROSS_CERT_PAIR_ATTR);
-            mCaObjectclass = mConfig.getString("caObjectClass", LDAP_CA_OBJECTCLASS);
-        } catch (EBaseException e) {
-        }
-
-        try {
-            // search for attributes to determine if they exist
-            LDAPSearchResults res =
-                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
-                            new String[] { LDAP_CACERT_ATTR, LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true);
-            LDAPEntry entry = res.next();
-            LDAPAttribute certs = entry.getAttribute(LDAP_CACERT_ATTR);
-            LDAPAttribute arls = entry.getAttribute(LDAP_ARL_ATTR);
-            LDAPAttribute crls = entry.getAttribute(LDAP_CRL_ATTR);
-
-            // search for objectclass and crosscertpair attributes and values
-            LDAPSearchResults res1 =
-                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
-                            new String[] { "objectclass", mCrossCertPairAttr }, false);
-            LDAPEntry entry1 = res1.next();
-            LDAPAttribute ocs = entry1.getAttribute("objectclass");
-            LDAPAttribute certPairs = entry1.getAttribute("crosscertificatepair;binary");
-
-            LDAPModificationSet modSet = new LDAPModificationSet();
-
-            boolean hasCert = LdapUserCertPublisher.ByteValueExists(certPairs, pair);
-            if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) {
-                CMS.debug("LdapCertificatePairPublisher: cross cert pair bytes exist in publishing directory, do not publish again.");
-                return;
-            }
-            if (hasCert) {
-                log(ILogger.LL_INFO, "publish: CA " + dn + " already has cross cert pair bytes");
-            } else {
-                modSet.add(LDAPModification.ADD,
-                        new LDAPAttribute(mCrossCertPairAttr, pair));
-                log(ILogger.LL_INFO, "cross cert pair published with dn=" + dn);
-            }
-
-            String[] oclist = mCaObjectclass.split(",");
-
-            boolean attrsAdded = false;
-            for (int i = 0; i < oclist.length; i++) {
-                String oc = oclist[i].trim();
-                boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc);
-                if (!hasoc) {
-                    log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + dn);
-                    modSet.add(LDAPModification.ADD,
-                            new LDAPAttribute("objectclass", oc));
-
-                    if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) {
-                        // add MUST attributes
-                        if (arls == null)
-                            modSet.add(LDAPModification.ADD,
-                                    new LDAPAttribute(LDAP_ARL_ATTR, ""));
-                        if (crls == null)
-                            modSet.add(LDAPModification.ADD,
-                                    new LDAPAttribute(LDAP_CRL_ATTR, ""));
-                        if (certs == null)
-                            modSet.add(LDAPModification.ADD,
-                                    new LDAPAttribute(LDAP_CACERT_ATTR, ""));
-                        attrsAdded = true;
-                    }
-                }
-            }
-
-            // delete objectclasses that have been deleted from config
-            String[] delList = mObjDeleted.split(",");
-            if (delList.length > 0) {
-                for (int i = 0; i < delList.length; i++) {
-                    String deloc = delList[i].trim();
-                    boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc);
-                    boolean match = false;
-                    for (int j = 0; j < oclist.length; j++) {
-                        if ((oclist[j].trim()).equals(deloc)) {
-                            match = true;
-                            break;
-                        }
-                    }
-                    if (!match && hasoc) {
-                        log(ILogger.LL_INFO, "deleting CRL objectclass " + deloc + " from " + dn);
-                        modSet.add(LDAPModification.DELETE,
-                                new LDAPAttribute("objectclass", deloc));
-                    }
-                }
-            }
-
-            // reset mObjAdded and mObjDeleted, if needed
-            if ((!mObjAdded.equals("")) || (!mObjDeleted.equals(""))) {
-                mObjAdded = "";
-                mObjDeleted = "";
-                mConfig.putString("caObjectClassAdded", "");
-                mConfig.putString("caObjectClassDeleted", "");
-                try {
-                    mConfig.commit(false);
-                } catch (Exception e) {
-                    log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted");
-                }
-            }
-
-            if (modSet.size() > 0)
-                conn.modify(dn, modSet);
-            CMS.debug("LdapCertificatePairPublisher: in publish() just published");
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                // need to intercept this because message from LDAP is
-                // "DSA is unavailable" which confuses with DSA PKI.
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
-                throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
-                        + conn.getPort()));
-            } else {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString()));
-                throw new ELdapException("error publishing cross cert pair:" + e.toString());
-            }
-        }
-        return;
-    }
-
-    /**
-     * unsupported
-     */
-    public void unpublish(LDAPConnection conn, String dn, Object certObj)
-            throws ELdapException {
-        CMS.debug("LdapCertificatePairPublisher: unpublish() is unsupported in this revision");
-    }
-
-    /**
-     * handy routine for logging in this class.
-     */
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-                "LdapCertificatePairPublisher: " + msg);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java b/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java
deleted file mode 100644
index 51bebe236..000000000
--- a/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java
+++ /dev/null
@@ -1,379 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.publish.publishers;
-
-import java.security.cert.CRLException;
-import java.security.cert.X509CRL;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPModification;
-import netscape.ldap.LDAPModificationSet;
-import netscape.ldap.LDAPSSLSocketFactoryExt;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.ldap.ELdapServerDownException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.ILdapPublisher;
-
-/**
- * For publishing master or global CRL.
- * Publishes (replaces) the CRL in the CA's LDAP entry.
- *
- * @version $Revision$, $Date$
- */
-public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
-    private ILogger mLogger = CMS.getLogger();
-    protected IConfigStore mConfig = null;
-    boolean mInited = false;
-
-    public static final String LDAP_CACERT_ATTR = "caCertificate;binary";
-    public static final String LDAP_ARL_ATTR = "authorityRevocationList;binary";
-    public static final String LDAP_CRL_ATTR = "certificateRevocationList;binary";
-    public static final String LDAP_CRL_OBJECTCLASS = "pkiCA,deltaCRL";
-
-    protected String mCrlAttr = LDAP_CRL_ATTR;
-    protected String mCrlObjectClass = LDAP_CRL_OBJECTCLASS;
-    protected String mObjAdded = "";
-    protected String mObjDeleted = "";
-
-    /**
-     * constructs ldap crl publisher with default values
-     */
-    public LdapCrlPublisher() {
-    }
-
-    public String getImplName() {
-        return "LdapCrlPublisher";
-    }
-
-    public String getDescription() {
-        return "LdapCrlPublisher";
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                "crlAttr;string;Name of Ldap attribute in which to store the CRL",
-                "crlObjectClass;string;The name of the objectclasses which should be " +
-                        "added to this entry, if they do not already exist. This can be a comma-" +
-                        "separated list such as 'certificationAuthority,certificationAuthority-V2' " +
-                        "(if using RFC 2256) or 'pkiCA, deltaCRL' (if using RFC 4523)",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ldappublish-publisher-crlpublisher",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";This plugin knows how to publish CRL's to " +
-                        "'certificateAuthority' and 'pkiCA' -type entries"
-            };
-
-        return params;
-    }
-
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement("crlAttr=" + mCrlAttr);
-        v.addElement("crlObjectClass=" + mCrlObjectClass);
-        return v;
-    }
-
-    public Vector<String> getDefaultParams() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement("crlAttr=" + mCrlAttr);
-        v.addElement("crlObjectClass=" + mCrlObjectClass);
-        return v;
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    public void init(IConfigStore config)
-            throws EBaseException {
-        if (mInited)
-            return;
-        mConfig = config;
-        mCrlAttr = mConfig.getString("crlAttr", LDAP_CRL_ATTR);
-        mCrlObjectClass = mConfig.getString("crlObjectClass",
-                LDAP_CRL_OBJECTCLASS);
-        mObjAdded = mConfig.getString("crlObjectClassAdded", "");
-        mObjDeleted = mConfig.getString("crlObjectClassDeleted", "");
-
-        mInited = true;
-    }
-
-    public LdapCrlPublisher(String crlAttr, String crlObjectClass) {
-        mCrlAttr = crlAttr;
-        mCrlObjectClass = crlObjectClass;
-    }
-
-    /**
-     * Gets the CA object class to convert to.
-     */
-    public String getCRLObjectclass() {
-        return mCrlObjectClass;
-    }
-
-    /**
-     * Replaces the CRL in the certificateRevocationList attribute.
-     * CRL's are published as a DER encoded blob.
-     */
-    public void publish(LDAPConnection conn, String dn, Object crlObj)
-            throws ELdapException {
-        if (conn == null) {
-            log(ILogger.LL_INFO, "publish CRL: no LDAP connection");
-            return;
-        }
-
-        try {
-            mCrlAttr = mConfig.getString("crlAttr", LDAP_CRL_ATTR);
-            mCrlObjectClass = mConfig.getString("crlObjectClass", LDAP_CRL_OBJECTCLASS);
-        } catch (EBaseException e) {
-        }
-
-        // Bugscape #56124 - support multiple publishing directory
-        // see if we should create local connection
-        LDAPConnection altConn = null;
-        try {
-            String host = mConfig.getString("host", null);
-            String port = mConfig.getString("port", null);
-            if (host != null && port != null) {
-                int portVal = Integer.parseInt(port);
-                int version = Integer.parseInt(mConfig.getString("version", "2"));
-                String cert_nick = mConfig.getString("clientCertNickname", null);
-                LDAPSSLSocketFactoryExt sslSocket = null;
-                if (cert_nick != null) {
-                    sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
-                }
-                String mgr_dn = mConfig.getString("bindDN", null);
-                String mgr_pwd = mConfig.getString("bindPWD", null);
-
-                altConn = CMS.getBoundConnection(host, portVal,
-                        version,
-                        sslSocket, mgr_dn, mgr_pwd);
-                conn = altConn;
-            }
-        } catch (LDAPException e) {
-            CMS.debug("Failed to create alt connection " + e);
-        } catch (EBaseException e) {
-            CMS.debug("Failed to create alt connection " + e);
-        }
-
-        try {
-            byte[] crlEnc = ((X509CRL) crlObj).getEncoded();
-            log(ILogger.LL_INFO, "publish CRL: " + dn);
-
-            /* search for attribute names to determine existence of attributes */
-            LDAPSearchResults res = null;
-            if (mCrlAttr.equals(LDAP_CRL_ATTR)) {
-                res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
-                        new String[] { LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true);
-            } else {
-                res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
-                        new String[] { LDAP_CRL_ATTR, LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true);
-            }
-
-            LDAPEntry entry = res.next();
-            LDAPAttribute crls = entry.getAttribute(LDAP_CRL_ATTR);
-            LDAPAttribute certs = entry.getAttribute(LDAP_CACERT_ATTR);
-            LDAPAttribute arls = entry.getAttribute(LDAP_ARL_ATTR);
-
-            /* get object class values */
-            LDAPSearchResults res1 = null;
-            res1 = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
-                    new String[] { "objectclass" }, false);
-            LDAPEntry entry1 = res1.next();
-            LDAPAttribute ocs = entry1.getAttribute("objectclass");
-
-            LDAPModificationSet modSet = new LDAPModificationSet();
-
-            String[] oclist = mCrlObjectClass.split(",");
-            boolean attrsAdded = false;
-            for (int i = 0; i < oclist.length; i++) {
-                String oc = oclist[i].trim();
-                boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc);
-                if (!hasoc) {
-                    log(ILogger.LL_INFO, "adding CRL objectclass " + oc + " to " + dn);
-                    modSet.add(LDAPModification.ADD,
-                            new LDAPAttribute("objectclass", oc));
-
-                    if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) {
-                        // add MUST attributes
-                        if (arls == null)
-                            modSet.add(LDAPModification.ADD,
-                                    new LDAPAttribute(LDAP_ARL_ATTR, ""));
-                        if (certs == null)
-                            modSet.add(LDAPModification.ADD,
-                                    new LDAPAttribute(LDAP_CACERT_ATTR, ""));
-
-                        if ((crls == null) && (!mCrlAttr.equals(LDAP_CRL_ATTR)))
-                            modSet.add(LDAPModification.ADD,
-                                    new LDAPAttribute(LDAP_CRL_ATTR, ""));
-                        attrsAdded = true;
-                    }
-                }
-            }
-
-            modSet.add(LDAPModification.REPLACE, new LDAPAttribute(mCrlAttr, crlEnc));
-
-            // delete objectclasses that have been deleted from config
-            String[] delList = mObjDeleted.split(",");
-            if (delList.length > 0) {
-                for (int i = 0; i < delList.length; i++) {
-                    String deloc = delList[i].trim();
-                    boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc);
-                    boolean match = false;
-                    for (int j = 0; j < oclist.length; j++) {
-                        if ((oclist[j].trim()).equals(deloc)) {
-                            match = true;
-                            break;
-                        }
-                    }
-                    if (!match && hasoc) {
-                        log(ILogger.LL_INFO, "deleting CRL objectclass " + deloc + " from " + dn);
-                        modSet.add(LDAPModification.DELETE,
-                                new LDAPAttribute("objectclass", deloc));
-                    }
-                }
-            }
-
-            // reset mObjAdded and mObjDeleted, if needed
-            if ((!mObjAdded.equals("")) || (!mObjDeleted.equals(""))) {
-                mObjAdded = "";
-                mObjDeleted = "";
-                mConfig.putString("crlObjectClassAdded", "");
-                mConfig.putString("crlObjectClassDeleted", "");
-                try {
-                    mConfig.commit(false);
-                } catch (Exception e) {
-                    log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted");
-                }
-            }
-
-            conn.modify(dn, modSet);
-        } catch (CRLException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CRL_ERROR", e.toString()));
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                // need to intercept this because message from LDAP is
-                // "DSA is unavailable" which confuses with DSA PKI.
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
-                throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
-                        + conn.getPort()));
-            } else {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CRL_ERROR", e.toString()));
-            }
-        } finally {
-            if (altConn != null) {
-                try {
-                    altConn.disconnect();
-                } catch (LDAPException e) {
-                    // safely ignored
-                }
-            }
-        }
-
-    }
-
-    /**
-     * There shouldn't be a need to call this.
-     * CRLs are always replaced but this is implemented anyway in case
-     * there is ever a reason to remove a global CRL.
-     */
-    public void unpublish(LDAPConnection conn, String dn, Object crlObj)
-            throws ELdapException {
-        try {
-            byte[] crlEnc = ((X509CRL) crlObj).getEncoded();
-
-            try {
-                mCrlAttr = mConfig.getString("crlAttr", LDAP_CRL_ATTR);
-                mCrlObjectClass = mConfig.getString("crlObjectClass", LDAP_CRL_OBJECTCLASS);
-            } catch (EBaseException e) {
-            }
-
-            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
-                    "(objectclass=*)", new String[] { mCrlAttr, "objectclass" }, false);
-            LDAPEntry e = res.next();
-            LDAPAttribute crls = e.getAttribute(mCrlAttr);
-            LDAPAttribute ocs = e.getAttribute("objectclass");
-
-            LDAPModificationSet modSet = new LDAPModificationSet();
-
-            boolean hasOC = false;
-            boolean hasCRL =
-                    LdapUserCertPublisher.ByteValueExists(crls, crlEnc);
-
-            if (hasCRL) {
-                modSet.add(LDAPModification.DELETE,
-                        new LDAPAttribute(mCrlAttr, crlEnc));
-            }
-
-            String[] oclist = mCrlObjectClass.split(",");
-            for (int i = 0; i < oclist.length; i++) {
-                String oc = oclist[i].trim();
-                if (LdapUserCertPublisher.StringValueExists(ocs, oc)) {
-                    log(ILogger.LL_INFO, "unpublish: deleting CRL object class " + oc + " from " + dn);
-                    modSet.add(LDAPModification.DELETE,
-                            new LDAPAttribute("objectClass", oc));
-                    hasOC = true;
-                }
-            }
-
-            if (hasCRL || hasOC) {
-                conn.modify(dn, modSet);
-            } else {
-                log(ILogger.LL_INFO,
-                        "unpublish: " + dn + " already has not CRL");
-            }
-        } catch (CRLException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CRL_ERROR", e.toString()));
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                // need to intercept this because message from LDAP is
-                // "DSA is unavailable" which confuses with DSA PKI.
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
-                throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
-                        + conn.getPort()));
-            } else {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_CRL_ERROR", e.toString()));
-            }
-        }
-        return;
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-                "LdapCrlPublisher: " + msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java b/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java
deleted file mode 100644
index 41a15f93a..000000000
--- a/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java
+++ /dev/null
@@ -1,357 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.publish.publishers;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPModification;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-import netscape.security.x509.CRLExtensions;
-import netscape.security.x509.CRLReasonExtension;
-import netscape.security.x509.RevocationReason;
-import netscape.security.x509.RevokedCertImpl;
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ca.ICAService;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.ldap.ELdapServerDownException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.ILdapPublisher;
-
-/**
- * Interface for mapping a X509 certificate to a LDAP entry
- *
- * @version $Revision$, $Date$
- */
-public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPluginInfo {
-    public static final String LDAP_USERCERT_ATTR = "userCertificate;binary";
-    public static final String PROP_REVOKE_CERT = "revokeCert";
-
-    protected String mCertAttr = LDAP_USERCERT_ATTR;
-    private ILogger mLogger = CMS.getLogger();
-    private IConfigStore mConfig = null;
-    private boolean mInited = false;
-
-    public LdapEncryptCertPublisher() {
-    }
-
-    public String getImplName() {
-        return "LdapEncryptCertPublisher";
-    }
-
-    public String getDescription() {
-        return "LdapEncryptCertPublisher";
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                "certAttr;string;LDAP attribute in which to store the certificate",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ldappublish-publisher-usercertpublisher",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";This plugin knows how to publish user certificates"
-            };
-
-        return params;
-
-    }
-
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement("certAttr=" + mCertAttr);
-        return v;
-    }
-
-    public Vector<String> getDefaultParams() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement("certAttr=" + mCertAttr);
-        return v;
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    public void init(IConfigStore config)
-            throws EBaseException {
-        if (mInited)
-            return;
-        mConfig = config;
-        mCertAttr = mConfig.getString("certAttr", LDAP_USERCERT_ATTR);
-        mInited = true;
-    }
-
-    public LdapEncryptCertPublisher(String certAttr) {
-        mCertAttr = certAttr;
-    }
-
-    /**
-     * publish a user certificate
-     * Adds the cert to the multi-valued certificate attribute as a
-     * DER encoded binary blob. Does not check if cert already exists.
-     *
-     * @param conn the LDAP connection
-     * @param dn dn of the entry to publish the certificate
-     * @param certObj the certificate object.
-     */
-    public void publish(LDAPConnection conn, String dn, Object certObj)
-            throws ELdapException {
-        if (conn == null)
-            return;
-
-        if (!(certObj instanceof X509Certificate))
-            throw new IllegalArgumentException("Illegal arg to publish");
-
-        X509Certificate cert = (X509Certificate) certObj;
-
-        log(ILogger.LL_INFO, "Publishing " + cert);
-        try {
-            byte[] certEnc = cert.getEncoded();
-
-            // check if cert already exists.
-            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
-                    "(objectclass=*)", new String[] { mCertAttr }, false);
-            LDAPEntry entry = res.next();
-            LDAPAttribute attr = getModificationAttribute(entry.getAttribute(mCertAttr), certEnc);
-
-            if (attr == null) {
-                log(ILogger.LL_INFO, "publish: " + dn + " already has cert.");
-                return;
-            }
-
-            // publish
-            LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr);
-
-            conn.modify(dn, mod);
-        } catch (CertificateEncodingException e) {
-            CMS.debug("LdapEncryptCertPublisher: error in publish: " + e.toString());
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                // need to intercept this because message from LDAP is
-                // "DSA is unavailable" which confuses with DSA PKI.
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
-                throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
-                        + conn.getPort()));
-            } else {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString()));
-            }
-        }
-        return;
-    }
-
-    /**
-     * unpublish a user certificate
-     * deletes the certificate from the list of certificates.
-     * does not check if certificate is already there.
-     */
-    public void unpublish(LDAPConnection conn, String dn, Object certObj)
-            throws ELdapException {
-        if (!(certObj instanceof X509Certificate))
-            throw new IllegalArgumentException("Illegal arg to publish");
-
-        X509Certificate cert = (X509Certificate) certObj;
-
-        try {
-            byte[] certEnc = cert.getEncoded();
-
-            // check if cert already deleted.
-            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
-                    "(objectclass=*)", new String[] { mCertAttr }, false);
-            LDAPEntry entry = res.next();
-
-            if (!ByteValueExists(entry.getAttribute(mCertAttr), certEnc)) {
-                log(ILogger.LL_INFO, dn + " already has not cert");
-                return;
-            }
-
-            LDAPModification mod = new LDAPModification(LDAPModification.DELETE,
-                    new LDAPAttribute(mCertAttr, certEnc));
-
-            conn.modify(dn, mod);
-        } catch (CertificateEncodingException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                // need to intercept this because message from LDAP is
-                // "DSA is unavailable" which confuses with DSA PKI.
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
-                throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
-                        + conn.getPort()));
-            } else {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString()));
-            }
-        }
-        return;
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-                "LdapUserCertPublisher: " + msg);
-    }
-
-    public LDAPAttribute getModificationAttribute(
-            LDAPAttribute attr, byte[] bval) {
-
-        LDAPAttribute at = new LDAPAttribute(attr.getName(), bval);
-        // determine if the given cert is a signing or an encryption
-        // certificate
-        X509CertImpl thisCert = null;
-
-        try {
-            thisCert = new X509CertImpl(bval);
-        } catch (Exception e) {
-        }
-        if (thisCert == null) {
-            return at;
-        }
-
-        @SuppressWarnings("unchecked")
-        Enumeration<byte[]> vals = attr.getByteValues();
-        byte[] val = null;
-
-        while (vals.hasMoreElements()) {
-            val = vals.nextElement();
-            try {
-                X509CertImpl cert = new X509CertImpl(val);
-
-                log(ILogger.LL_INFO, "Checking " + cert);
-                if (CMS.isEncryptionCert(thisCert) &&
-                        CMS.isEncryptionCert(cert)) {
-                    // skip
-                    log(ILogger.LL_INFO, "SKIP ENCRYPTION " + cert);
-                    revokeCert(cert);
-                } else if (CMS.isSigningCert(thisCert) &&
-                        CMS.isSigningCert(cert)) {
-                    // skip
-                    log(ILogger.LL_INFO, "SKIP SIGNING " + cert);
-                    revokeCert(cert);
-                } else {
-                    at.addValue(val);
-                }
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CHECK_FAILED", e.toString()));
-            }
-        }
-        return at;
-    }
-
-    private RevokedCertImpl formCRLEntry(
-            BigInteger serialNo, RevocationReason reason)
-            throws EBaseException {
-        CRLReasonExtension reasonExt = new CRLReasonExtension(reason);
-        CRLExtensions crlentryexts = new CRLExtensions();
-
-        try {
-            crlentryexts.set(CRLReasonExtension.NAME, reasonExt);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_SET_CRL_REASON", reason.toString(), e.toString()));
-
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
-        }
-        RevokedCertImpl crlentry =
-                new RevokedCertImpl(serialNo, new Date(), crlentryexts);
-
-        return crlentry;
-    }
-
-    private void revokeCert(X509CertImpl cert)
-            throws EBaseException {
-        try {
-            if (mConfig.getBoolean(PROP_REVOKE_CERT, true) == false) {
-                return;
-            }
-        } catch (EBaseException e) {
-            return;
-        }
-        BigInteger serialNum = cert.getSerialNumber();
-        // need to revoke certificate also
-        ICertificateAuthority ca = (ICertificateAuthority)
-                CMS.getSubsystem("ca");
-        ICAService service = (ICAService) ca.getCAService();
-        RevokedCertImpl crlEntry = formCRLEntry(
-                serialNum, RevocationReason.KEY_COMPROMISE);
-
-        service.revokeCert(crlEntry);
-    }
-
-    /**
-     * checks if a byte attribute has a certain value.
-     */
-    public static boolean ByteValueExists(LDAPAttribute attr, byte[] bval) {
-        if (attr == null) {
-            return false;
-        }
-        @SuppressWarnings("unchecked")
-        Enumeration<byte[]> vals = attr.getByteValues();
-        byte[] val = null;
-
-        while (vals.hasMoreElements()) {
-            val = vals.nextElement();
-            if (PublisherUtils.byteArraysAreEqual(val, bval)) {
-                return true;
-            }
-        }
-        return false;
-    }
-
-    /**
-     * checks if a attribute has a string value.
-     */
-    public static boolean StringValueExists(LDAPAttribute attr, String sval) {
-        if (attr == null) {
-            return false;
-        }
-        @SuppressWarnings("unchecked")
-        Enumeration<String> vals = attr.getStringValues();
-        String val = null;
-
-        while (vals.hasMoreElements()) {
-            val = vals.nextElement();
-            if (val.equalsIgnoreCase(sval)) {
-                return true;
-            }
-        }
-        return false;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java b/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java
deleted file mode 100644
index 020c25552..000000000
--- a/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java
+++ /dev/null
@@ -1,333 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.publish.publishers;
-
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPModification;
-import netscape.ldap.LDAPSSLSocketFactoryExt;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.ldap.ELdapServerDownException;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.ILdapPublisher;
-
-/**
- * Interface for mapping a X509 certificate to a LDAP entry
- *
- * @version $Revision$, $Date$
- */
-public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInfo {
-    public static final String LDAP_USERCERT_ATTR = "userCertificate;binary";
-
-    protected String mCertAttr = LDAP_USERCERT_ATTR;
-    private ILogger mLogger = CMS.getLogger();
-    private IConfigStore mConfig = null;
-    private boolean mInited = false;
-
-    public LdapUserCertPublisher() {
-    }
-
-    public String getImplName() {
-        return "LdapUserCertPublisher";
-    }
-
-    public String getDescription() {
-        return "LdapUserCertPublisher";
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                "certAttr;string;LDAP attribute in which to store the certificate",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ldappublish-publisher-usercertpublisher",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";This plugin knows how to publish user certificates"
-            };
-
-        return params;
-
-    }
-
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement("certAttr=" + mCertAttr);
-        return v;
-    }
-
-    public Vector<String> getDefaultParams() {
-        Vector<String> v = new Vector<String>();
-
-        v.addElement("certAttr=" + mCertAttr);
-        return v;
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    public void init(IConfigStore config)
-            throws EBaseException {
-        if (mInited)
-            return;
-        mConfig = config;
-        mCertAttr = mConfig.getString("certAttr", LDAP_USERCERT_ATTR);
-        mInited = true;
-    }
-
-    public LdapUserCertPublisher(String certAttr) {
-        mCertAttr = certAttr;
-    }
-
-    /**
-     * publish a user certificate
-     * Adds the cert to the multi-valued certificate attribute as a
-     * DER encoded binary blob. Does not check if cert already exists.
-     *
-     * @param conn the LDAP connection
-     * @param dn dn of the entry to publish the certificate
-     * @param certObj the certificate object.
-     */
-    public void publish(LDAPConnection conn, String dn, Object certObj)
-            throws ELdapException {
-        if (conn == null)
-            return;
-
-        // Bugscape #56124 - support multiple publishing directory
-        // see if we should create local connection
-        LDAPConnection altConn = null;
-        try {
-            String host = mConfig.getString("host", null);
-            String port = mConfig.getString("port", null);
-            if (host != null && port != null) {
-                int portVal = Integer.parseInt(port);
-                int version = Integer.parseInt(mConfig.getString("version", "2"));
-                String cert_nick = mConfig.getString("clientCertNickname", null);
-                LDAPSSLSocketFactoryExt sslSocket = null;
-                if (cert_nick != null) {
-                    sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
-                }
-                String mgr_dn = mConfig.getString("bindDN", null);
-                String mgr_pwd = mConfig.getString("bindPWD", null);
-
-                altConn = CMS.getBoundConnection(host, portVal,
-                        version,
-                        sslSocket, mgr_dn, mgr_pwd);
-                conn = altConn;
-            }
-        } catch (LDAPException e) {
-            CMS.debug("Failed to create alt connection " + e);
-        } catch (EBaseException e) {
-            CMS.debug("Failed to create alt connection " + e);
-        }
-
-        if (!(certObj instanceof X509Certificate))
-            throw new IllegalArgumentException("Illegal arg to publish");
-
-        X509Certificate cert = (X509Certificate) certObj;
-
-        boolean deleteCert = false;
-        try {
-            deleteCert = mConfig.getBoolean("deleteCert", false);
-        } catch (Exception e) {
-        }
-
-        try {
-            byte[] certEnc = cert.getEncoded();
-
-            // check if cert already exists.
-            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
-                    "(objectclass=*)", new String[] { mCertAttr }, false);
-            LDAPEntry entry = res.next();
-
-            if (ByteValueExists(entry.getAttribute(mCertAttr), certEnc)) {
-                log(ILogger.LL_INFO, "publish: " + dn + " already has cert.");
-                return;
-            }
-
-            // publish
-            LDAPModification mod = null;
-            if (deleteCert) {
-                mod = new LDAPModification(LDAPModification.REPLACE,
-                        new LDAPAttribute(mCertAttr, certEnc));
-            } else {
-                mod = new LDAPModification(LDAPModification.ADD,
-                        new LDAPAttribute(mCertAttr, certEnc));
-            }
-
-            conn.modify(dn, mod);
-
-            // log a successful message to the "transactions" log
-            mLogger.log(ILogger.EV_AUDIT,
-                         ILogger.S_LDAP,
-                         ILogger.LL_INFO,
-                         AuditFormat.LDAP_PUBLISHED_FORMAT,
-                         new Object[] { "LdapUserCertPublisher",
-                                        cert.getSerialNumber().toString(16),
-                                        cert.getSubjectDN() });
-        } catch (CertificateEncodingException e) {
-            CMS.debug("LdapUserCertPublisher: error in publish: " + e.toString());
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                // need to intercept this because message from LDAP is
-                // "DSA is unavailable" which confuses with DSA PKI.
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
-                throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
-                        + conn.getPort()));
-            } else {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString()));
-            }
-        } finally {
-            if (altConn != null) {
-                try {
-                    altConn.disconnect();
-                } catch (LDAPException e) {
-                    // safely ignored
-                }
-            }
-        }
-        return;
-    }
-
-    /**
-     * unpublish a user certificate
-     * deletes the certificate from the list of certificates.
-     * does not check if certificate is already there.
-     */
-    public void unpublish(LDAPConnection conn, String dn, Object certObj)
-            throws ELdapException {
-
-        boolean disableUnpublish = false;
-        try {
-            disableUnpublish = mConfig.getBoolean("disableUnpublish", false);
-        } catch (Exception e) {
-        }
-
-        if (disableUnpublish) {
-            CMS.debug("UserCertPublisher: disable unpublish");
-            return;
-        }
-
-        if (!(certObj instanceof X509Certificate))
-            throw new IllegalArgumentException("Illegal arg to publish");
-
-        X509Certificate cert = (X509Certificate) certObj;
-
-        try {
-            byte[] certEnc = cert.getEncoded();
-
-            // check if cert already deleted.
-            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
-                    "(objectclass=*)", new String[] { mCertAttr }, false);
-            LDAPEntry entry = res.next();
-
-            if (!ByteValueExists(entry.getAttribute(mCertAttr), certEnc)) {
-                log(ILogger.LL_INFO, dn + " already has not cert");
-                return;
-            }
-
-            LDAPModification mod = new LDAPModification(LDAPModification.DELETE,
-                    new LDAPAttribute(mCertAttr, certEnc));
-
-            conn.modify(dn, mod);
-        } catch (CertificateEncodingException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                // need to intercept this because message from LDAP is
-                // "DSA is unavailable" which confuses with DSA PKI.
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
-                throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
-                        + conn.getPort()));
-            } else {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR"));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString()));
-            }
-        }
-        return;
-    }
-
-    private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-                "LdapUserCertPublisher: " + msg);
-    }
-
-    /**
-     * checks if a byte attribute has a certain value.
-     */
-    public static boolean ByteValueExists(LDAPAttribute attr, byte[] bval) {
-        if (attr == null) {
-            return false;
-        }
-        @SuppressWarnings("unchecked")
-        Enumeration<byte[]> vals = attr.getByteValues();
-        byte[] val = null;
-
-        while (vals.hasMoreElements()) {
-            val = vals.nextElement();
-            if (val.length == 0)
-                continue;
-            if (PublisherUtils.byteArraysAreEqual(val, bval)) {
-                return true;
-            }
-        }
-        return false;
-    }
-
-    /**
-     * checks if a attribute has a string value.
-     */
-    public static boolean StringValueExists(LDAPAttribute attr, String sval) {
-        if (attr == null) {
-            return false;
-        }
-        @SuppressWarnings("unchecked")
-        Enumeration<String> vals = attr.getStringValues();
-        String val = null;
-
-        while (vals.hasMoreElements()) {
-            val = vals.nextElement();
-            if (val.equalsIgnoreCase(sval)) {
-                return true;
-            }
-        }
-        return false;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java b/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java
deleted file mode 100644
index f3e9d3c6f..000000000
--- a/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java
+++ /dev/null
@@ -1,356 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.publish.publishers;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.io.OutputStream;
-import java.io.OutputStreamWriter;
-import java.net.Socket;
-import java.net.URLEncoder;
-import java.security.cert.CRLException;
-import java.security.cert.X509CRL;
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import netscape.ldap.LDAPConnection;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.ILdapPublisher;
-import com.netscape.cmsutil.http.HttpRequest;
-import com.netscape.cmsutil.http.JssSSLSocketFactory;
-
-/**
- * This publisher writes certificate and CRL into
- * a directory.
- *
- * @version $Revision$, $Date$
- */
-public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
-    private static final String PROP_HOST = "host";
-    private static final String PROP_PORT = "port";
-    private static final String PROP_PATH = "path";
-    private static final String PROP_NICK = "nickName";
-    private static final String PROP_CLIENT_AUTH_ENABLE = "enableClientAuth";
-
-    private IConfigStore mConfig = null;
-    private String mHost = null;
-    private String mPort = null;
-    private String mPath = null;
-    private String mNickname = null;
-    private boolean mClientAuthEnabled = true;
-    private ILogger mLogger = CMS.getLogger();
-
-    /**
-     * Returns the implementation name.
-     */
-    public String getImplName() {
-        return "OCSPPublisher";
-    }
-
-    /**
-     * Returns the description of the ldap publisher.
-     */
-    public String getDescription() {
-        return "This publisher writes the CRL to CMS's OCSP server.";
-    }
-
-    public String[] getExtendedPluginInfo(Locale locale) {
-        String[] params = {
-                PROP_HOST + ";string;Host of CMS's OCSP Secure agent service",
-                PROP_PORT + ";string;Port of CMS's OCSP Secure agent service",
-                PROP_PATH + ";string;URI of CMS's OCSP Secure agent service",
-                PROP_NICK + ";string;Nickname of cert used for client authentication",
-                PROP_CLIENT_AUTH_ENABLE + ";boolean;Client Authentication enabled",
-                IExtendedPluginInfo.HELP_TOKEN +
-                        ";configuration-ldappublish-publisher-ocsppublisher",
-                IExtendedPluginInfo.HELP_TEXT +
-                        ";Publishes CRLs to a Online Certificate Status Manager, an OCSP responder provided by CMS."
-            };
-
-        return params;
-    }
-
-    /**
-     * Returns the current instance parameters.
-     */
-    public Vector<String> getInstanceParams() {
-        Vector<String> v = new Vector<String>();
-        String host = "";
-        String port = "";
-        String path = "";
-        String nickname = "";
-        String clientAuthEnabled = "";
-
-        try {
-            host = mConfig.getString(PROP_HOST);
-        } catch (EBaseException e) {
-        }
-        v.addElement(PROP_HOST + "=" + host);
-        try {
-            port = mConfig.getString(PROP_PORT);
-        } catch (EBaseException e) {
-        }
-        v.addElement(PROP_PORT + "=" + port);
-        try {
-            path = mConfig.getString(PROP_PATH);
-        } catch (EBaseException e) {
-        }
-        v.addElement(PROP_PATH + "=" + path);
-        try {
-            nickname = mConfig.getString(PROP_NICK);
-        } catch (EBaseException e) {
-        }
-        v.addElement(PROP_NICK + "=" + nickname);
-        try {
-            clientAuthEnabled = mConfig.getString(PROP_CLIENT_AUTH_ENABLE);
-        } catch (EBaseException e) {
-        }
-        v.addElement(PROP_CLIENT_AUTH_ENABLE + "=" + clientAuthEnabled);
-        return v;
-    }
-
-    /**
-     * Returns the initial default parameters.
-     */
-    public Vector<String> getDefaultParams() {
-        Vector<String> v = new Vector<String>();
-
-        IConfigStore config = CMS.getConfigStore();
-        String nickname = "";
-        // get subsystem cert nickname as default for client auth
-        try {
-            nickname = config.getString("ca.subsystem.nickname", "");
-            String tokenname = config.getString("ca.subsystem.tokenname", "");
-            if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token"))
-                nickname = tokenname + ":" + nickname;
-        } catch (Exception e) {
-        }
-
-        v.addElement(PROP_HOST + "=");
-        v.addElement(PROP_PORT + "=");
-        v.addElement(PROP_PATH + "=/ocsp/agent/ocsp/addCRL");
-        v.addElement(PROP_CLIENT_AUTH_ENABLE + "=true");
-        v.addElement(PROP_NICK + "=" + nickname);
-        return v;
-    }
-
-    /**
-     * Initializes this plugin.
-     */
-    public void init(IConfigStore config) {
-        mConfig = config;
-        try {
-            mHost = mConfig.getString(PROP_HOST, "");
-            mPort = mConfig.getString(PROP_PORT, "");
-            mPath = mConfig.getString(PROP_PATH, "");
-            mNickname = mConfig.getString(PROP_NICK, "");
-            mClientAuthEnabled = mConfig.getBoolean(PROP_CLIENT_AUTH_ENABLE, true);
-        } catch (EBaseException e) {
-        }
-    }
-
-    public IConfigStore getConfigStore() {
-        return mConfig;
-    }
-
-    protected Socket Connect(String host, boolean secure, JssSSLSocketFactory factory) {
-        Socket socket = null;
-        StringTokenizer st = new StringTokenizer(host, " ");
-        while (st.hasMoreTokens()) {
-            String hp = st.nextToken(); // host:port
-            StringTokenizer st1 = new StringTokenizer(hp, ":");
-            String h = st1.nextToken();
-            int p = Integer.parseInt(st1.nextToken());
-            try {
-                if (secure) {
-                    socket = factory.makeSocket(h, p);
-                } else {
-                    socket = new Socket(h, p);
-                }
-                return socket;
-            } catch (Exception e) {
-            }
-            try {
-                Thread.sleep(5000); // 5 seconds delay
-            } catch (Exception e) {
-            }
-        }
-        return null;
-    }
-
-    /**
-     * Publishs a object to the ldap directory.
-     *
-     * @param conn a Ldap connection
-     *            (null if LDAP publishing is not enabled)
-     * @param dn dn of the ldap entry to publish cert
-     *            (null if LDAP publishing is not enabled)
-     * @param object object to publish
-     *            (java.security.cert.X509Certificate or,
-     *            java.security.cert.X509CRL)
-     */
-    public synchronized void publish(LDAPConnection conn, String dn, Object object)
-            throws ELdapException {
-        try {
-            if (!(object instanceof X509CRL))
-                return;
-            X509CRL crl = (X509CRL) object;
-
-            // talk to agent port of CMS
-
-            // open the connection and prepare it to POST
-            boolean secure = true;
-
-            String host = mHost;
-            int port = Integer.parseInt(mPort);
-            String path = mPath;
-
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_INFO, "OCSPPublisher: " +
-                            "Host='" + host + "' Port='" + port +
-                            "' URL='" + path + "'");
-            CMS.debug("OCSPPublisher: " +
-                    "Host='" + host + "' Port='" + port +
-                    "' URL='" + path + "'");
-
-            StringBuffer query = new StringBuffer();
-            query.append("crl=");
-            query.append(URLEncoder.encode("-----BEGIN CERTIFICATE REVOCATION LIST-----\n", "UTF-8"));
-            query.append(URLEncoder.encode(CMS.BtoA(crl.getEncoded()), "UTF-8"));
-            query.append(URLEncoder.encode("\n-----END CERTIFICATE REVOCATION LIST-----", "UTF-8"));
-            query.append("&noui=true");
-
-            Socket socket = null;
-            JssSSLSocketFactory factory;
-
-            if (mClientAuthEnabled) {
-                factory = new JssSSLSocketFactory(mNickname);
-            } else {
-                factory = new JssSSLSocketFactory();
-            }
-
-            if (mHost != null && mHost.indexOf(' ') != -1) {
-                // support failover hosts configuration
-                // host parameter can be
-                // "directory.knowledge.com:1050 people.catalog.com 199.254.1.2"
-                do {
-                    socket = Connect(mHost, secure, factory);
-                } while (socket == null);
-            } else {
-                if (secure) {
-                    socket = factory.makeSocket(host, port);
-                } else {
-                    socket = new Socket(host, port);
-                }
-            }
-
-            if (socket == null) {
-                CMS.debug("OCSPPublisher::publish() - socket is null!");
-                throw new ELdapException("socket is null");
-            }
-
-            // use HttpRequest and POST
-            HttpRequest httpReq = new HttpRequest();
-
-            httpReq.setMethod("POST");
-            httpReq.setURI(path);
-            httpReq.setHeader("Connection", "Keep-Alive");
-
-            httpReq.setHeader("Content-Type",
-                    "application/x-www-form-urlencoded");
-            httpReq.setHeader("Content-Transfer-Encoding", "7bit");
-
-            httpReq.setHeader("Content-Length",
-                    Integer.toString(query.length()));
-            httpReq.setContent(query.toString());
-            OutputStream os = socket.getOutputStream();
-            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(os, "UTF8");
-
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_INFO, "OCSPPublisher: start sending CRL");
-            long startTime = CMS.getCurrentDate().getTime();
-            CMS.debug("OCSPPublisher: start CRL sending startTime=" + startTime);
-            httpReq.write(outputStreamWriter);
-            long endTime = CMS.getCurrentDate().getTime();
-            CMS.debug("OCSPPublisher: done CRL sending endTime=" + endTime + " diff=" + (endTime - startTime));
-
-            // Read the response
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_INFO, "OCSPPublisher: start getting response");
-            BufferedReader dis = new BufferedReader(new InputStreamReader(socket.getInputStream()));
-            String nextline;
-            String error = "";
-            boolean status = false;
-
-            while ((nextline = dis.readLine()) != null) {
-                if (nextline.startsWith("status=")) {
-                    if (nextline.substring(7, nextline.length()).equals("0")) {
-                        status = true;
-                    }
-                }
-                if (nextline.startsWith("error=")) {
-                    error = nextline.substring(6, nextline.length());
-                }
-            }
-            dis.close();
-            if (status) {
-                mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                        ILogger.LL_INFO, "OCSPPublisher: successful");
-            } else {
-                mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                        ILogger.LL_INFO, "OCSPPublisher: failed - " + error);
-            }
-
-        } catch (IOException e) {
-            CMS.debug("OCSPPublisher: publish failed " + e.toString());
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString()));
-        } catch (CRLException e) {
-            CMS.debug("OCSPPublisher: publish failed " + e.toString());
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString()));
-        } catch (Exception e) {
-            CMS.debug("OCSPPublisher: publish failed " + e.toString());
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString()));
-        }
-    }
-
-    /**
-     * Unpublishs a object to the ldap directory.
-     *
-     * @param conn the Ldap connection
-     *            (null if LDAP publishing is not enabled)
-     * @param dn dn of the ldap entry to unpublish cert
-     *            (null if LDAP publishing is not enabled)
-     * @param object object to unpublish
-     *            (java.security.cert.X509Certificate)
-     */
-    public void unpublish(LDAPConnection conn, String dn, Object object)
-            throws ELdapException {
-        // NOT USED
-    }
-}
diff --git a/base/common/src/com/netscape/cms/publish/publishers/PublisherUtils.java b/base/common/src/com/netscape/cms/publish/publishers/PublisherUtils.java
deleted file mode 100644
index 280a0ce97..000000000
--- a/base/common/src/com/netscape/cms/publish/publishers/PublisherUtils.java
+++ /dev/null
@@ -1,136 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.publish.publishers;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.OutputStreamWriter;
-import java.net.InetAddress;
-import java.net.UnknownHostException;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.Vector;
-
-/**
- * Publisher utility class.
- *
- * @version $Revision$, $Date$
- */
-public class PublisherUtils {
-    public static void checkHost(String hostname) throws UnknownHostException {
-        InetAddress.getByName(hostname);
-    }
-
-    public static void copyStream(InputStream in, OutputStream out) throws IOException {
-        byte[] buf = new byte[4096];
-        int len;
-
-        while ((len = in.read(buf)) != -1) {
-            out.write(buf, 0, len);
-        }
-    }
-
-    public static void copyStream(BufferedReader in, OutputStreamWriter out) throws IOException {
-        char[] buf = new char[4096];
-        int len;
-
-        while ((len = in.read(buf)) != -1) {
-            out.write(buf, 0, len);
-        }
-    }
-
-    /// Sorts an array of Strings.
-    // Java currently has no general sort function.  Sorting Strings is
-    // common enough that it's worth making a special case.
-    public static void sortStrings(String[] strings) {
-        // Just does a bubblesort.
-        for (int i = 0; i < strings.length - 1; ++i) {
-            for (int j = i + 1; j < strings.length; ++j) {
-                if (strings[i].compareTo(strings[j]) > 0) {
-                    String t = strings[i];
-
-                    strings[i] = strings[j];
-                    strings[j] = t;
-                }
-            }
-        }
-    }
-
-    /// Returns a date string formatted in Unix ls style - if it's within
-    // six months of now, Mmm dd hh:ss, else Mmm dd  yyyy.
-    public static String lsDateStr(Date date) {
-        long dateTime = date.getTime();
-
-        if (dateTime == -1L)
-            return "------------";
-        long nowTime = System.currentTimeMillis();
-        SimpleDateFormat formatter = new SimpleDateFormat();
-
-        if (Math.abs(nowTime - dateTime) < 183L * 24L * 60L * 60L * 1000L)
-            formatter.applyPattern("MMM dd hh:ss");
-        else
-            formatter.applyPattern("MMM dd yyyy");
-        return formatter.format(date);
-    }
-
-    /**
-     * compares contents two byte arrays returning true if exactly same.
-     */
-    static public boolean byteArraysAreEqual(byte[] a, byte[] b) {
-        if (a.length != b.length)
-            return false;
-        for (int i = 0; i < a.length; i++) {
-            if (a[i] != b[i])
-                return false;
-        }
-        return true;
-    }
-
-    /**
-     * strips out double quotes around String parameter
-     *
-     * @param s the string potentially bracketed with double quotes
-     * @return string stripped of surrounding double quotes
-     */
-    public static String stripQuotes(String s) {
-        if (s == null) {
-            return s;
-        }
-
-        if ((s.startsWith("\"")) && (s.endsWith("\""))) {
-            return (s.substring(1, (s.length() - 1)));
-        }
-
-        return s;
-    }
-
-    /**
-     * returns an array of strings from a vector of Strings
-     * there'll be trouble if the Vector contains something other
-     * than just Strings
-     */
-    public static String[] getStringArrayFromVector(Vector<String> v) {
-        String s[] = new String[v.size()];
-
-        v.copyInto(s);
-        return s;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/realm/PKIPrincipal.java b/base/common/src/com/netscape/cms/realm/PKIPrincipal.java
deleted file mode 100644
index c39ab4157..000000000
--- a/base/common/src/com/netscape/cms/realm/PKIPrincipal.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package com.netscape.cms.realm;
-
-import java.util.List;
-
-import org.apache.catalina.realm.GenericPrincipal;
-
-import com.netscape.certsrv.authentication.IAuthToken;
-
-/**
- * @author Endi S. Dewata
- */
-
-public class PKIPrincipal extends GenericPrincipal {
-
-    IAuthToken authToken;
-
-    public PKIPrincipal(String name, String password, List<String> roles, IAuthToken authToken) {
-        super(name, password, roles);
-        this.authToken = authToken;
-    }
-
-    public PKIPrincipal(String name, String password, List<String> roles) {
-        this(name, password, roles, null);
-    }
-
-    public IAuthToken getAuthToken() {
-        return authToken;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/realm/PKIRealm.java b/base/common/src/com/netscape/cms/realm/PKIRealm.java
deleted file mode 100644
index b035f53f6..000000000
--- a/base/common/src/com/netscape/cms/realm/PKIRealm.java
+++ /dev/null
@@ -1,160 +0,0 @@
-package com.netscape.cms.realm;
-
-import java.security.Principal;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.List;
-
-import netscape.security.x509.X509CertImpl;
-
-import org.apache.catalina.realm.RealmBase;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authentication.ICertUserDBAuthentication;
-import com.netscape.certsrv.authentication.IPasswdUserDBAuthentication;
-import com.netscape.certsrv.usrgrp.EUsrGrpException;
-import com.netscape.certsrv.usrgrp.IGroup;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cms.servlet.common.AuthCredentials;
-
-/**
- *  PKI Realm
- *
- *  This realm provides an authentication service against PKI user database.
- *  The realm also provides an authorization service that validates request
- *  URL's against the access control list defined in the internal database.
- */
-
-public class PKIRealm extends RealmBase {
-
-    @Override
-    protected String getName() {
-        return "PKIRealm";
-    }
-
-    @Override
-    public Principal authenticate(String username, String password) {
-        logDebug("Authenticating username "+username+" with password.");
-
-        try {
-            IAuthSubsystem authSub = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-            IAuthManager authMgr = authSub.getAuthManager(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID);
-
-            AuthCredentials creds = new AuthCredentials();
-            creds.set(IPasswdUserDBAuthentication.CRED_UID, username);
-            creds.set(IPasswdUserDBAuthentication.CRED_PWD, password);
-
-            IAuthToken authToken = authMgr.authenticate(creds); // throws exception if authentication fails
-
-            return getPrincipal(username, authToken);
-
-        } catch (Throwable e) {
-            e.printStackTrace();
-        }
-
-        return null;
-    }
-
-    @Override
-    public Principal authenticate(final X509Certificate certs[]) {
-        logDebug("Authenticating certificate chain:");
-
-        try {
-            X509CertImpl certImpls[] = new X509CertImpl[certs.length];
-            for (int i=0; i<certs.length; i++) {
-                X509Certificate cert = certs[i];
-                logDebug("  "+cert.getSubjectDN());
-
-                // Convert sun.security.x509.X509CertImpl to netscape.security.x509.X509CertImpl
-                certImpls[i] = new X509CertImpl(cert.getEncoded());
-            }
-
-            IAuthSubsystem authSub = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-            IAuthManager authMgr = authSub.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
-
-            AuthCredentials creds = new AuthCredentials();
-            creds.set(ICertUserDBAuthentication.CRED_CERT, certImpls);
-
-            IAuthToken authToken = authMgr.authenticate(creds); // throws exception if authentication fails
-
-            String username = authToken.getInString(ICertUserDBAuthentication.TOKEN_USERID);
-            logDebug("User ID: "+username);
-
-            return getPrincipal(username, authToken);
-
-        } catch (Throwable e) {
-            e.printStackTrace();
-        }
-
-        return null;
-    }
-
-    @Override
-    protected Principal getPrincipal(String username) {
-        return getPrincipal(username, (IAuthToken)null);
-    }
-
-    protected Principal getPrincipal(String username, IAuthToken authToken) {
-
-        try {
-            IUser user = getUser(username);
-            return getPrincipal(user, authToken);
-
-        } catch (Throwable e) {
-            e.printStackTrace();
-            return null;
-        }
-    }
-
-    protected Principal getPrincipal(IUser user, IAuthToken authToken) throws EUsrGrpException {
-        List<String> roles = getRoles(user);
-        return new PKIPrincipal(user.getUserID(), null, roles, authToken);
-    }
-
-    protected IUser getUser(String username) throws EUsrGrpException {
-        IUGSubsystem ugSub = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
-        IUser user = ugSub.getUser(username);
-        logDebug("User DN: "+user.getUserDN());
-        return user;
-    }
-
-    protected List<String> getRoles(IUser user) throws EUsrGrpException {
-
-        List<String> roles = new ArrayList<String>();
-
-        IUGSubsystem ugSub = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
-        Enumeration<IGroup> groups = ugSub.findGroupsByUser(user.getUserDN());
-
-        logDebug("Roles:");
-        while (groups.hasMoreElements()) {
-            IGroup group = groups.nextElement();
-
-            String name = group.getName();
-            logDebug("  "+name);
-            roles.add(name);
-        }
-
-        return roles;
-    }
-
-    @Override
-    protected String getPassword(String username) {
-        return null;
-    }
-
-    /*
-     * TODO: Figure out how to do real logging
-     */
-    public void logErr(String msg) {
-        System.err.println(msg);
-    }
-
-    public void logDebug(String msg) {
-        System.out.println("PKIRealm: "+msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/request/RequestScheduler.java b/base/common/src/com/netscape/cms/request/RequestScheduler.java
deleted file mode 100644
index 568d6f412..000000000
--- a/base/common/src/com/netscape/cms/request/RequestScheduler.java
+++ /dev/null
@@ -1,71 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.request;
-
-import java.util.Vector;
-
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestScheduler;
-
-/**
- * This class represents a request scheduler that prioritizes
- * the threads based on the request processing order.
- * The request that enters the request queue first should
- * be processed first.
- *
- * @version $Revision$, $Date$
- */
-public class RequestScheduler implements IRequestScheduler {
-    private Vector<Thread> mRequestThreads = new Vector<Thread>();
-
-    /**
-     * Request entered the request queue processing.
-     *
-     * @param r request
-     */
-    public synchronized void requestIn(IRequest r) {
-        Thread current = Thread.currentThread();
-
-        if (mRequestThreads.size() == 0) {
-            current.setPriority(Thread.MAX_PRIORITY);
-        }
-        mRequestThreads.addElement(current);
-    }
-
-    /**
-     * Request exited the request queue processing.
-     *
-     * @param r request
-     */
-    public synchronized void requestOut(IRequest r) {
-        Thread current = Thread.currentThread();
-        Thread first = mRequestThreads.elementAt(0);
-
-        if (current.equals(first)) {
-            // reprioritize
-            try {
-                Thread second = mRequestThreads.elementAt(1);
-
-                second.setPriority(Thread.MAX_PRIORITY);
-            } catch (Exception e) {
-                // no second element; nothing to do
-            }
-        }
-        mRequestThreads.removeElement(current);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/selftests/ASelfTest.java b/base/common/src/com/netscape/cms/selftests/ASelfTest.java
deleted file mode 100644
index e77ece551..000000000
--- a/base/common/src/com/netscape/cms/selftests/ASelfTest.java
+++ /dev/null
@@ -1,193 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-// package statement //
-///////////////////////
-
-package com.netscape.cms.selftests;
-
-///////////////////////
-// import statements //
-///////////////////////
-
-import java.util.Locale;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.logging.ILogEventListener;
-import com.netscape.certsrv.selftests.EDuplicateSelfTestException;
-import com.netscape.certsrv.selftests.EInvalidSelfTestException;
-import com.netscape.certsrv.selftests.EMissingSelfTestException;
-import com.netscape.certsrv.selftests.ESelfTestException;
-import com.netscape.certsrv.selftests.ISelfTest;
-import com.netscape.certsrv.selftests.ISelfTestSubsystem;
-
-//////////////////////
-// class definition //
-//////////////////////
-
-/**
- * This class implements an individual self test.
- * <P>
- *
- * @author mharmsen
- * @author thomask
- * @version $Revision$, $Date$
- */
-public abstract class ASelfTest
-        implements ISelfTest {
-    ////////////////////////
-    // default parameters //
-    ////////////////////////
-
-    //////////////////////////
-    // ISelfTest parameters //
-    //////////////////////////
-
-    // parameter information
-    private static final String SELF_TEST_NAME = "ASelfTest";
-
-    // variables associated with this specific object
-    protected ISelfTestSubsystem mSelfTestSubsystem = null;
-    protected String mInstanceName = null;
-    protected IConfigStore mConfig = null;
-    protected String mPrefix = null;
-
-    /////////////////////
-    // default methods //
-    /////////////////////
-
-    ///////////////////////
-    // ISelfTest methods //
-    ///////////////////////
-
-    /**
-     * Initializes this subsystem with the configuration store
-     * associated with this instance name.
-     * <P>
-     *
-     * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance
-     * @param parameters configuration store (self test parameters)
-     * @exception EDuplicateSelfTestException subsystem has duplicate name/value
-     * @exception EInvalidSelfTestException subsystem has invalid name/value
-     * @exception EMissingSelfTestException subsystem has missing name/value
-     */
-    public void initSelfTest(ISelfTestSubsystem subsystem,
-            String instanceName,
-            IConfigStore parameters)
-            throws EDuplicateSelfTestException,
-            EInvalidSelfTestException,
-            EMissingSelfTestException {
-        // store individual self test class values for this instance
-        mSelfTestSubsystem = subsystem;
-
-        // strip preceding/trailing whitespace
-        // from passed-in String parameters
-        if (instanceName != null) {
-            instanceName = instanceName.trim();
-        } else {
-            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                    CMS.getLogMessage(
-                            "SELFTESTS_PARAMETER_WAS_NULL",
-                            SELF_TEST_NAME));
-
-            throw new EMissingSelfTestException();
-        }
-
-        // store additional individual self test class values for this instance
-        mInstanceName = instanceName;
-
-        // compose self test plugin parameter property prefix
-        String pluginPath = PROP_PLUGIN + "." + instanceName;
-
-        mConfig = parameters.getSubStore(pluginPath);
-
-        if ((mConfig != null) &&
-                (mConfig.getName() != null) &&
-                (mConfig.getName() != "")) {
-            mPrefix = mConfig.getName().trim();
-        } else {
-            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                    CMS.getLogMessage(
-                            "SELFTESTS_PARAMETER_WAS_NULL",
-                            SELF_TEST_NAME));
-
-            throw new EMissingSelfTestException();
-        }
-
-        return;
-    }
-
-    /**
-     * Notifies this subsystem if it is in execution mode.
-     * <P>
-     *
-     * @exception ESelfTestException failed to start
-     */
-    public abstract void startupSelfTest()
-            throws ESelfTestException;
-
-    /**
-     * Stops this subsystem. The subsystem may call shutdownSelfTest
-     * anytime after initialization.
-     * <P>
-     */
-    public abstract void shutdownSelfTest();
-
-    /**
-     * Returns the name associated with this self test. This method may
-     * return null if the self test has not been intialized.
-     * <P>
-     *
-     * @return instanceName of this self test
-     */
-    public String getSelfTestName() {
-        return mInstanceName;
-    }
-
-    /**
-     * Returns the root configuration storage (self test parameters)
-     * associated with this subsystem.
-     * <P>
-     *
-     * @return configuration store (self test parameters) of this subsystem
-     */
-    public IConfigStore getSelfTestConfigStore() {
-        return mConfig;
-    }
-
-    /**
-     * Retrieves description associated with an individual self test.
-     * This method may return null.
-     * <P>
-     *
-     * @param locale locale of the client that requests the description
-     * @return description of self test
-     */
-    public abstract String getSelfTestDescription(Locale locale);
-
-    /**
-     * Execute an individual self test.
-     * <P>
-     *
-     * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
-     */
-    public abstract void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException;
-}
diff --git a/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java b/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java
deleted file mode 100644
index 83caa0099..000000000
--- a/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java
+++ /dev/null
@@ -1,262 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-// package statement //
-///////////////////////
-
-package com.netscape.cms.selftests.ca;
-
-///////////////////////
-// import statements //
-///////////////////////
-
-import java.security.cert.CertificateParsingException;
-import java.util.Locale;
-
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509Key;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.logging.ILogEventListener;
-import com.netscape.certsrv.selftests.EDuplicateSelfTestException;
-import com.netscape.certsrv.selftests.EInvalidSelfTestException;
-import com.netscape.certsrv.selftests.EMissingSelfTestException;
-import com.netscape.certsrv.selftests.ESelfTestException;
-import com.netscape.certsrv.selftests.ISelfTestSubsystem;
-import com.netscape.cms.selftests.ASelfTest;
-
-//////////////////////
-// class definition //
-//////////////////////
-
-/**
- * This class implements a self test to check for CA presence.
- * <P>
- *
- * @author mharmsen
- * @author thomask
- * @version $Revision$, $Date$
- */
-public class CAPresence
-        extends ASelfTest {
-    ////////////////////////
-    // default parameters //
-    ////////////////////////
-
-    ///////////////////////////
-    // CAPresence parameters //
-    ///////////////////////////
-
-    // parameter information
-    public static final String PROP_CA_SUB_ID = "CaSubId";
-    private String mCaSubId = null;
-
-    /////////////////////
-    // default methods //
-    /////////////////////
-
-    ////////////////////////
-    // CAPresence methods //
-    ////////////////////////
-
-    /**
-     * Initializes this subsystem with the configuration store
-     * associated with this instance name.
-     * <P>
-     *
-     * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance
-     * @param parameters configuration store (self test parameters)
-     * @exception EDuplicateSelfTestException subsystem has duplicate name/value
-     * @exception EInvalidSelfTestException subsystem has invalid name/value
-     * @exception EMissingSelfTestException subsystem has missing name/value
-     */
-    public void initSelfTest(ISelfTestSubsystem subsystem,
-                              String instanceName,
-                              IConfigStore parameters)
-            throws EDuplicateSelfTestException,
-            EInvalidSelfTestException,
-            EMissingSelfTestException {
-        super.initSelfTest(subsystem, instanceName, parameters);
-
-        // retrieve mandatory parameter(s)
-        try {
-            mCaSubId = mConfig.getString(PROP_CA_SUB_ID);
-            if (mCaSubId != null) {
-                mCaSubId = mCaSubId.trim();
-            } else {
-                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                        CMS.getLogMessage(
-                                                "SELFTESTS_MISSING_VALUES",
-                                                getSelfTestName(),
-                                                mPrefix
-                                                        + "."
-                                                        + PROP_CA_SUB_ID));
-
-                throw new EMissingSelfTestException(PROP_CA_SUB_ID);
-            }
-        } catch (EBaseException e) {
-            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                    CMS.getLogMessage(
-                                            "SELFTESTS_MISSING_NAME",
-                                            getSelfTestName(),
-                                            mPrefix
-                                                    + "."
-                                                    + PROP_CA_SUB_ID));
-
-            throw new EMissingSelfTestException(mPrefix,
-                                                 PROP_CA_SUB_ID,
-                                                 null);
-        }
-
-        // retrieve optional parameter(s)
-
-        return;
-    }
-
-    /**
-     * Notifies this subsystem if it is in execution mode.
-     * <P>
-     *
-     * @exception ESelfTestException failed to start
-     */
-    public void startupSelfTest()
-            throws ESelfTestException {
-        return;
-    }
-
-    /**
-     * Stops this subsystem. The subsystem may call shutdownSelfTest
-     * anytime after initialization.
-     * <P>
-     */
-    public void shutdownSelfTest() {
-        return;
-    }
-
-    /**
-     * Returns the name associated with this self test. This method may
-     * return null if the self test has not been intialized.
-     * <P>
-     *
-     * @return instanceName of this self test
-     */
-    public String getSelfTestName() {
-        return super.getSelfTestName();
-    }
-
-    /**
-     * Returns the root configuration storage (self test parameters)
-     * associated with this subsystem.
-     * <P>
-     *
-     * @return configuration store (self test parameters) of this subsystem
-     */
-    public IConfigStore getSelfTestConfigStore() {
-        return super.getSelfTestConfigStore();
-    }
-
-    /**
-     * Retrieves description associated with an individual self test.
-     * This method may return null.
-     * <P>
-     *
-     * @param locale locale of the client that requests the description
-     * @return description of self test
-     */
-    public String getSelfTestDescription(Locale locale) {
-        return CMS.getUserMessage(locale,
-                                   "CMS_SELFTESTS_CA_PRESENCE_DESCRIPTION");
-    }
-
-    /**
-     * Execute an individual self test.
-     * <P>
-     *
-     * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
-     */
-    public void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException {
-        String logMessage = null;
-        ICertificateAuthority ca = null;
-        X509CertImpl caCert = null;
-        X509Key caPubKey = null;
-
-        ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId);
-
-        if (ca == null) {
-            // log that the CA is not installed
-            logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_PRESENT",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-
-            throw new ESelfTestException(logMessage);
-        } else {
-            // Retrieve the CA certificate
-            caCert = ca.getCACert();
-
-            if (caCert == null) {
-                // log that the CA is not yet initialized
-                logMessage = CMS.getLogMessage(
-                             "SELFTESTS_CA_IS_NOT_INITIALIZED",
-                             getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // Retrieve the CA certificate public key
-            try {
-                caPubKey = (X509Key) caCert.get(X509CertImpl.PUBLIC_KEY);
-
-                if (caPubKey == null) {
-                    // log that something is seriously wrong with the CA
-                    logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_CORRUPT",
-                                                    getSelfTestName());
-
-                    mSelfTestSubsystem.log(logger,
-                                            logMessage);
-
-                    throw new ESelfTestException(logMessage);
-                }
-            } catch (CertificateParsingException e) {
-                // log that something is seriously wrong with the CA
-                mSelfTestSubsystem.log(logger,
-                                        e.toString());
-
-                throw new ESelfTestException(e.toString());
-            }
-
-            // log that the CA is present
-            logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_PRESENT",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-        }
-
-        return;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java b/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java
deleted file mode 100644
index b1751ecb4..000000000
--- a/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java
+++ /dev/null
@@ -1,262 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-// package statement //
-///////////////////////
-
-package com.netscape.cms.selftests.ca;
-
-///////////////////////
-// import statements //
-///////////////////////
-
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.util.Locale;
-
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.logging.ILogEventListener;
-import com.netscape.certsrv.selftests.EDuplicateSelfTestException;
-import com.netscape.certsrv.selftests.EInvalidSelfTestException;
-import com.netscape.certsrv.selftests.EMissingSelfTestException;
-import com.netscape.certsrv.selftests.ESelfTestException;
-import com.netscape.certsrv.selftests.ISelfTestSubsystem;
-import com.netscape.cms.selftests.ASelfTest;
-
-//////////////////////
-// class definition //
-//////////////////////
-
-/**
- * This class implements a self test to check the validity of the CA.
- * <P>
- *
- * @author mharmsen
- * @author thomask
- * @version $Revision$, $Date$
- */
-public class CAValidity
-        extends ASelfTest {
-    ////////////////////////
-    // default parameters //
-    ////////////////////////
-
-    ///////////////////////////
-    // CAValidity parameters //
-    ///////////////////////////
-
-    // parameter information
-    public static final String PROP_CA_SUB_ID = "CaSubId";
-    private String mCaSubId = null;
-
-    /////////////////////
-    // default methods //
-    /////////////////////
-
-    ////////////////////////
-    // CAValidity methods //
-    ////////////////////////
-
-    /**
-     * Initializes this subsystem with the configuration store
-     * associated with this instance name.
-     * <P>
-     *
-     * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance
-     * @param parameters configuration store (self test parameters)
-     * @exception EDuplicateSelfTestException subsystem has duplicate name/value
-     * @exception EInvalidSelfTestException subsystem has invalid name/value
-     * @exception EMissingSelfTestException subsystem has missing name/value
-     */
-    public void initSelfTest(ISelfTestSubsystem subsystem,
-                              String instanceName,
-                              IConfigStore parameters)
-            throws EDuplicateSelfTestException,
-            EInvalidSelfTestException,
-            EMissingSelfTestException {
-        super.initSelfTest(subsystem, instanceName, parameters);
-
-        // retrieve mandatory parameter(s)
-        try {
-            mCaSubId = mConfig.getString(PROP_CA_SUB_ID);
-            if (mCaSubId != null) {
-                mCaSubId = mCaSubId.trim();
-            } else {
-                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                        CMS.getLogMessage(
-                                                "SELFTESTS_MISSING_VALUES",
-                                                getSelfTestName(),
-                                                mPrefix
-                                                        + "."
-                                                        + PROP_CA_SUB_ID));
-
-                throw new EMissingSelfTestException(PROP_CA_SUB_ID);
-            }
-        } catch (EBaseException e) {
-            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                    CMS.getLogMessage(
-                                            "SELFTESTS_MISSING_NAME",
-                                            getSelfTestName(),
-                                            mPrefix
-                                                    + "."
-                                                    + PROP_CA_SUB_ID));
-
-            throw new EMissingSelfTestException(mPrefix,
-                                                 PROP_CA_SUB_ID,
-                                                 null);
-        }
-
-        // retrieve optional parameter(s)
-
-        return;
-    }
-
-    /**
-     * Notifies this subsystem if it is in execution mode.
-     * <P>
-     *
-     * @exception ESelfTestException failed to start
-     */
-    public void startupSelfTest()
-            throws ESelfTestException {
-        return;
-    }
-
-    /**
-     * Stops this subsystem. The subsystem may call shutdownSelfTest
-     * anytime after initialization.
-     * <P>
-     */
-    public void shutdownSelfTest() {
-        return;
-    }
-
-    /**
-     * Returns the name associated with this self test. This method may
-     * return null if the self test has not been intialized.
-     * <P>
-     *
-     * @return instanceName of this self test
-     */
-    public String getSelfTestName() {
-        return super.getSelfTestName();
-    }
-
-    /**
-     * Returns the root configuration storage (self test parameters)
-     * associated with this subsystem.
-     * <P>
-     *
-     * @return configuration store (self test parameters) of this subsystem
-     */
-    public IConfigStore getSelfTestConfigStore() {
-        return super.getSelfTestConfigStore();
-    }
-
-    /**
-     * Retrieves description associated with an individual self test.
-     * This method may return null.
-     * <P>
-     *
-     * @param locale locale of the client that requests the description
-     * @return description of self test
-     */
-    public String getSelfTestDescription(Locale locale) {
-        return CMS.getUserMessage(locale,
-                                   "CMS_SELFTESTS_CA_VALIDITY_DESCRIPTION");
-    }
-
-    /**
-     * Execute an individual self test.
-     * <P>
-     *
-     * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
-     */
-    public void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException {
-        String logMessage = null;
-        ICertificateAuthority ca = null;
-        X509CertImpl caCert = null;
-
-        ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId);
-
-        if (ca == null) {
-            // log that the CA is not installed
-            logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_PRESENT",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-
-            throw new ESelfTestException(logMessage);
-        } else {
-            // Retrieve the CA certificate
-            caCert = ca.getCACert();
-
-            if (caCert == null) {
-                // log that the CA is not yet initialized
-                logMessage = CMS.getLogMessage(
-                             "SELFTESTS_CA_IS_NOT_INITIALIZED",
-                             getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // Retrieve the CA validity period
-            try {
-                caCert.checkValidity();
-            } catch (CertificateNotYetValidException e) {
-                // log that the CA is not yet valid
-                logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_YET_VALID",
-                                                getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            } catch (CertificateExpiredException e) {
-                // log that the CA is expired
-                logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_EXPIRED",
-                                                getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // log that the CA is valid
-            logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_VALID",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-        }
-
-        return;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java b/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
deleted file mode 100644
index f5b0939f1..000000000
--- a/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
+++ /dev/null
@@ -1,213 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2010 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-// package statement //
-///////////////////////
-
-package com.netscape.cms.selftests.common;
-
-///////////////////////
-// import statements //
-///////////////////////
-
-import java.util.Locale;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.logging.ILogEventListener;
-import com.netscape.certsrv.selftests.EDuplicateSelfTestException;
-import com.netscape.certsrv.selftests.EInvalidSelfTestException;
-import com.netscape.certsrv.selftests.EMissingSelfTestException;
-import com.netscape.certsrv.selftests.ESelfTestException;
-import com.netscape.certsrv.selftests.ISelfTestSubsystem;
-import com.netscape.cms.selftests.ASelfTest;
-
-//////////////////////
-// class definition //
-//////////////////////
-
-/**
- * This class implements a self test to check the system certs
- * of the subsystem
- * <P>
- *
- * @version $Revision: $, $Date: $
- */
-public class SystemCertsVerification
-        extends ASelfTest {
-    ////////////////////////
-    // default parameters //
-    ////////////////////////
-
-    ///////////////////////////
-    // SystemCertsVerification parameters //
-    ///////////////////////////
-
-    // parameter information
-    public static final String PROP_SUB_ID = "SubId";
-    private String mSubId = null;
-
-    /////////////////////
-    // default methods //
-    /////////////////////
-
-    ////////////////////////
-    // SystemCertsVerification methods //
-    ////////////////////////
-
-    /**
-     * Initializes this subsystem with the configuration store
-     * associated with this instance name.
-     * <P>
-     *
-     * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance
-     * @param parameters configuration store (self test parameters)
-     * @exception EDuplicateSelfTestException subsystem has duplicate name/value
-     * @exception EInvalidSelfTestException subsystem has invalid name/value
-     * @exception EMissingSelfTestException subsystem has missing name/value
-     */
-    public void initSelfTest(ISelfTestSubsystem subsystem,
-                              String instanceName,
-                              IConfigStore parameters)
-            throws EDuplicateSelfTestException,
-            EInvalidSelfTestException,
-            EMissingSelfTestException {
-        super.initSelfTest(subsystem, instanceName, parameters);
-
-        // retrieve mandatory parameter(s)
-        try {
-            mSubId = mConfig.getString(PROP_SUB_ID);
-            if (mSubId != null) {
-                mSubId = mSubId.trim();
-            } else {
-                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                        CMS.getLogMessage(
-                                                "SELFTESTS_MISSING_VALUES",
-                                                getSelfTestName(),
-                                                mPrefix
-                                                        + "."
-                                                        + PROP_SUB_ID));
-
-                throw new EMissingSelfTestException(PROP_SUB_ID);
-            }
-        } catch (EBaseException e) {
-            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                    CMS.getLogMessage(
-                                            "SELFTESTS_MISSING_NAME",
-                                            getSelfTestName(),
-                                            mPrefix
-                                                    + "."
-                                                    + PROP_SUB_ID));
-
-            throw new EMissingSelfTestException(mPrefix,
-                                                 PROP_SUB_ID,
-                                                 null);
-        }
-
-        // retrieve optional parameter(s)
-
-        return;
-    }
-
-    /**
-     * Notifies this subsystem if it is in execution mode.
-     * <P>
-     *
-     * @exception ESelfTestException failed to start
-     */
-    public void startupSelfTest()
-            throws ESelfTestException {
-        return;
-    }
-
-    /**
-     * Stops this subsystem. The subsystem may call shutdownSelfTest
-     * anytime after initialization.
-     * <P>
-     */
-    public void shutdownSelfTest() {
-        return;
-    }
-
-    /**
-     * Returns the name associated with this self test. This method may
-     * return null if the self test has not been intialized.
-     * <P>
-     *
-     * @return instanceName of this self test
-     */
-    public String getSelfTestName() {
-        return super.getSelfTestName();
-    }
-
-    /**
-     * Returns the root configuration storage (self test parameters)
-     * associated with this subsystem.
-     * <P>
-     *
-     * @return configuration store (self test parameters) of this subsystem
-     */
-    public IConfigStore getSelfTestConfigStore() {
-        return super.getSelfTestConfigStore();
-    }
-
-    /**
-     * Retrieves description associated with an individual self test.
-     * This method may return null.
-     * <P>
-     *
-     * @param locale locale of the client that requests the description
-     * @return description of self test
-     */
-    public String getSelfTestDescription(Locale locale) {
-        return CMS.getUserMessage(locale,
-                                   "CMS_SELFTESTS_SYSTEM_CERTS_VERIFICATION_DESCRIPTION");
-    }
-
-    /**
-     * Execute an individual self test.
-     * <P>
-     *
-     * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
-     */
-    public void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException {
-        String logMessage = null;
-        boolean rc = false;
-
-        rc = CMS.verifySystemCerts();
-        if (rc == true) {
-            logMessage = CMS.getLogMessage("SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS",
-                                                getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                        logMessage);
-        } else {
-            logMessage = CMS.getLogMessage("SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-            throw new ESelfTestException(logMessage);
-        }
-
-        return;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java b/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java
deleted file mode 100644
index 832d2b747..000000000
--- a/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java
+++ /dev/null
@@ -1,251 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-// package statement //
-///////////////////////
-
-package com.netscape.cms.selftests.kra;
-
-///////////////////////
-// import statements //
-///////////////////////
-
-import java.security.PublicKey;
-import java.util.Locale;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.logging.ILogEventListener;
-import com.netscape.certsrv.selftests.EDuplicateSelfTestException;
-import com.netscape.certsrv.selftests.EInvalidSelfTestException;
-import com.netscape.certsrv.selftests.EMissingSelfTestException;
-import com.netscape.certsrv.selftests.ESelfTestException;
-import com.netscape.certsrv.selftests.ISelfTestSubsystem;
-import com.netscape.cms.selftests.ASelfTest;
-
-//////////////////////
-// class definition //
-//////////////////////
-
-/**
- * This class implements a self test to check for KRA presence.
- * <P>
- *
- * @author mharmsen
- * @author thomask
- * @version $Revision$, $Date$
- */
-public class KRAPresence
-        extends ASelfTest {
-    ////////////////////////
-    // default parameters //
-    ////////////////////////
-
-    ///////////////////////////
-    // KRAPresence parameters //
-    ///////////////////////////
-
-    // parameter information
-    public static final String PROP_KRA_SUB_ID = "SubId";
-    private String mSubId = null;
-
-    /////////////////////
-    // default methods //
-    /////////////////////
-
-    ////////////////////////
-    // KRAPresence methods //
-    ////////////////////////
-
-    /**
-     * Initializes this subsystem with the configuration store
-     * associated with this instance name.
-     * <P>
-     *
-     * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance
-     * @param parameters configuration store (self test parameters)
-     * @exception EDuplicateSelfTestException subsystem has duplicate name/value
-     * @exception EInvalidSelfTestException subsystem has invalid name/value
-     * @exception EMissingSelfTestException subsystem has missing name/value
-     */
-    public void initSelfTest(ISelfTestSubsystem subsystem,
-                              String instanceName,
-                              IConfigStore parameters)
-            throws EDuplicateSelfTestException,
-            EInvalidSelfTestException,
-            EMissingSelfTestException {
-        super.initSelfTest(subsystem, instanceName, parameters);
-
-        // retrieve mandatory parameter(s)
-        try {
-            mSubId = mConfig.getString(PROP_KRA_SUB_ID);
-            if (mSubId != null) {
-                mSubId = mSubId.trim();
-            } else {
-                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                        CMS.getLogMessage(
-                                                "SELFTESTS_MISSING_VALUES",
-                                                getSelfTestName(),
-                                                mPrefix
-                                                        + "."
-                                                        + PROP_KRA_SUB_ID));
-
-                throw new EMissingSelfTestException(PROP_KRA_SUB_ID);
-            }
-        } catch (EBaseException e) {
-            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                    CMS.getLogMessage(
-                                            "SELFTESTS_MISSING_NAME",
-                                            getSelfTestName(),
-                                            mPrefix
-                                                    + "."
-                                                    + PROP_KRA_SUB_ID));
-
-            throw new EMissingSelfTestException(mPrefix,
-                                                 PROP_KRA_SUB_ID,
-                                                 null);
-        }
-
-        // retrieve optional parameter(s)
-
-        return;
-    }
-
-    /**
-     * Notifies this subsystem if it is in execution mode.
-     * <P>
-     *
-     * @exception ESelfTestException failed to start
-     */
-    public void startupSelfTest()
-            throws ESelfTestException {
-        return;
-    }
-
-    /**
-     * Stops this subsystem. The subsystem may call shutdownSelfTest
-     * anytime after initialization.
-     * <P>
-     */
-    public void shutdownSelfTest() {
-        return;
-    }
-
-    /**
-     * Returns the name associated with this self test. This method may
-     * return null if the self test has not been intialized.
-     * <P>
-     *
-     * @return instanceName of this self test
-     */
-    public String getSelfTestName() {
-        return super.getSelfTestName();
-    }
-
-    /**
-     * Returns the root configuration storage (self test parameters)
-     * associated with this subsystem.
-     * <P>
-     *
-     * @return configuration store (self test parameters) of this subsystem
-     */
-    public IConfigStore getSelfTestConfigStore() {
-        return super.getSelfTestConfigStore();
-    }
-
-    /**
-     * Retrieves description associated with an individual self test.
-     * This method may return null.
-     * <P>
-     *
-     * @param locale locale of the client that requests the description
-     * @return description of self test
-     */
-    public String getSelfTestDescription(Locale locale) {
-        return CMS.getUserMessage(locale,
-                                   "CMS_SELFTESTS_KRA_PRESENCE_DESCRIPTION");
-    }
-
-    /**
-     * Execute an individual self test.
-     * <P>
-     *
-     * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
-     */
-    public void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException {
-        String logMessage = null;
-        IKeyRecoveryAuthority kra = null;
-        org.mozilla.jss.crypto.X509Certificate kraCert = null;
-        PublicKey kraPubKey = null;
-
-        kra = (IKeyRecoveryAuthority) CMS.getSubsystem(mSubId);
-
-        if (kra == null) {
-            // log that the KRA is not installed
-            logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_NOT_PRESENT",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-
-            throw new ESelfTestException(logMessage);
-        } else {
-            // Retrieve the KRA certificate
-            kraCert = kra.getTransportCert();
-
-            if (kraCert == null) {
-                // log that the RA is not yet initialized
-                logMessage = CMS.getLogMessage(
-                             "SELFTESTS_KRA_IS_NOT_INITIALIZED",
-                             getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // Retrieve the KRA certificate public key
-            kraPubKey = kraCert.getPublicKey();
-
-            if (kraPubKey == null) {
-                // log that something is seriously wrong with the KRA
-                logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_CORRUPT",
-                                                getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // log that the KRA is present
-            logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_PRESENT",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-        }
-
-        return;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java b/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java
deleted file mode 100644
index a3d9e3ad3..000000000
--- a/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java
+++ /dev/null
@@ -1,280 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-// package statement //
-///////////////////////
-
-package com.netscape.cms.selftests.ocsp;
-
-///////////////////////
-// import statements //
-///////////////////////
-
-import java.security.cert.CertificateParsingException;
-import java.util.Locale;
-
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509Key;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.logging.ILogEventListener;
-import com.netscape.certsrv.ocsp.IOCSPAuthority;
-import com.netscape.certsrv.security.ISigningUnit;
-import com.netscape.certsrv.selftests.EDuplicateSelfTestException;
-import com.netscape.certsrv.selftests.EInvalidSelfTestException;
-import com.netscape.certsrv.selftests.EMissingSelfTestException;
-import com.netscape.certsrv.selftests.ESelfTestException;
-import com.netscape.certsrv.selftests.ISelfTestSubsystem;
-import com.netscape.cms.selftests.ASelfTest;
-
-//////////////////////
-// class definition //
-//////////////////////
-
-/**
- * This class implements a self test to check for OCSP presence.
- * <P>
- *
- * @author mharmsen
- * @author thomask
- * @version $Revision$, $Date$
- */
-public class OCSPPresence
-        extends ASelfTest {
-    ////////////////////////
-    // default parameters //
-    ////////////////////////
-
-    /////////////////////////////
-    // OCSPPresence parameters //
-    /////////////////////////////
-
-    // parameter information
-    public static final String PROP_OCSP_SUB_ID = "OcspSubId";
-    private String mOcspSubId = null;
-
-    /////////////////////
-    // default methods //
-    /////////////////////
-
-    //////////////////////////
-    // OCSPPresence methods //
-    //////////////////////////
-
-    /**
-     * Initializes this subsystem with the configuration store
-     * associated with this instance name.
-     * <P>
-     *
-     * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance
-     * @param parameters configuration store (self test parameters)
-     * @exception EDuplicateSelfTestException subsystem has duplicate name/value
-     * @exception EInvalidSelfTestException subsystem has invalid name/value
-     * @exception EMissingSelfTestException subsystem has missing name/value
-     */
-    public void initSelfTest(ISelfTestSubsystem subsystem,
-                              String instanceName,
-                              IConfigStore parameters)
-            throws EDuplicateSelfTestException,
-            EInvalidSelfTestException,
-            EMissingSelfTestException {
-        super.initSelfTest(subsystem, instanceName, parameters);
-
-        // retrieve mandatory parameter(s)
-        try {
-            mOcspSubId = mConfig.getString(PROP_OCSP_SUB_ID);
-            if (mOcspSubId != null) {
-                mOcspSubId = mOcspSubId.trim();
-            } else {
-                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                        CMS.getLogMessage(
-                                                "SELFTESTS_MISSING_VALUES",
-                                                getSelfTestName(),
-                                                mPrefix
-                                                        + "."
-                                                        + PROP_OCSP_SUB_ID));
-
-                throw new EMissingSelfTestException(PROP_OCSP_SUB_ID);
-            }
-        } catch (EBaseException e) {
-            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                    CMS.getLogMessage(
-                                            "SELFTESTS_MISSING_NAME",
-                                            getSelfTestName(),
-                                            mPrefix
-                                                    + "."
-                                                    + PROP_OCSP_SUB_ID));
-
-            throw new EMissingSelfTestException(mPrefix,
-                                                 PROP_OCSP_SUB_ID,
-                                                 null);
-        }
-
-        // retrieve optional parameter(s)
-
-        return;
-    }
-
-    /**
-     * Notifies this subsystem if it is in execution mode.
-     * <P>
-     *
-     * @exception ESelfTestException failed to start
-     */
-    public void startupSelfTest()
-            throws ESelfTestException {
-        return;
-    }
-
-    /**
-     * Stops this subsystem. The subsystem may call shutdownSelfTest
-     * anytime after initialization.
-     * <P>
-     */
-    public void shutdownSelfTest() {
-        return;
-    }
-
-    /**
-     * Returns the name associated with this self test. This method may
-     * return null if the self test has not been intialized.
-     * <P>
-     *
-     * @return instanceName of this self test
-     */
-    public String getSelfTestName() {
-        return super.getSelfTestName();
-    }
-
-    /**
-     * Returns the root configuration storage (self test parameters)
-     * associated with this subsystem.
-     * <P>
-     *
-     * @return configuration store (self test parameters) of this subsystem
-     */
-    public IConfigStore getSelfTestConfigStore() {
-        return super.getSelfTestConfigStore();
-    }
-
-    /**
-     * Retrieves description associated with an individual self test.
-     * This method may return null.
-     * <P>
-     *
-     * @param locale locale of the client that requests the description
-     * @return description of self test
-     */
-    public String getSelfTestDescription(Locale locale) {
-        return CMS.getUserMessage(locale,
-                                   "CMS_SELFTESTS_OCSP_PRESENCE_DESCRIPTION");
-    }
-
-    /**
-     * Execute an individual self test.
-     * <P>
-     *
-     * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
-     */
-    public void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException {
-        String logMessage = null;
-        IOCSPAuthority ocsp = null;
-        ISigningUnit ocspSigningUnit = null;
-        X509CertImpl ocspCert = null;
-        X509Key ocspPubKey = null;
-
-        ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId);
-
-        if (ocsp == null) {
-            // log that the OCSP is not installed
-            logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_NOT_PRESENT",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-
-            throw new ESelfTestException(logMessage);
-        } else {
-            // Retrieve the OCSP signing unit
-            ocspSigningUnit = ocsp.getSigningUnit();
-
-            if (ocspSigningUnit == null) {
-                // log that the OCSP is not yet initialized
-                logMessage = CMS.getLogMessage(
-                             "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
-                             getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // Retrieve the OCSP certificate
-            ocspCert = ocspSigningUnit.getCertImpl();
-
-            if (ocspCert == null) {
-                // log that the OCSP is not yet initialized
-                logMessage = CMS.getLogMessage(
-                             "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
-                             getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // Retrieve the OCSP certificate public key
-            try {
-                ocspPubKey = (X509Key)
-                             ocspCert.get(X509CertImpl.PUBLIC_KEY);
-
-                if (ocspPubKey == null) {
-                    // log that something is seriously wrong with the OCSP
-                    logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_CORRUPT",
-                                                    getSelfTestName());
-
-                    mSelfTestSubsystem.log(logger,
-                                            logMessage);
-
-                    throw new ESelfTestException(logMessage);
-                }
-            } catch (CertificateParsingException e) {
-                // log that something is seriously wrong with the OCSP
-                mSelfTestSubsystem.log(logger,
-                                        e.toString());
-
-                throw new ESelfTestException(e.toString());
-            }
-
-            // log that the OCSP is present
-            logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_PRESENT",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-        }
-
-        return;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java b/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java
deleted file mode 100644
index 383779d22..000000000
--- a/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java
+++ /dev/null
@@ -1,280 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-// package statement //
-///////////////////////
-
-package com.netscape.cms.selftests.ocsp;
-
-///////////////////////
-// import statements //
-///////////////////////
-
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.util.Locale;
-
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.logging.ILogEventListener;
-import com.netscape.certsrv.ocsp.IOCSPAuthority;
-import com.netscape.certsrv.security.ISigningUnit;
-import com.netscape.certsrv.selftests.EDuplicateSelfTestException;
-import com.netscape.certsrv.selftests.EInvalidSelfTestException;
-import com.netscape.certsrv.selftests.EMissingSelfTestException;
-import com.netscape.certsrv.selftests.ESelfTestException;
-import com.netscape.certsrv.selftests.ISelfTestSubsystem;
-import com.netscape.cms.selftests.ASelfTest;
-
-//////////////////////
-// class definition //
-//////////////////////
-
-/**
- * This class implements a self test to check the validity of the OCSP.
- * <P>
- *
- * @author mharmsen
- * @author thomask
- * @version $Revision$, $Date$
- */
-public class OCSPValidity
-        extends ASelfTest {
-    ////////////////////////
-    // default parameters //
-    ////////////////////////
-
-    /////////////////////////////
-    // OCSPValidity parameters //
-    /////////////////////////////
-
-    // parameter information
-    public static final String PROP_OCSP_SUB_ID = "OcspSubId";
-    private String mOcspSubId = null;
-
-    /////////////////////
-    // default methods //
-    /////////////////////
-
-    //////////////////////////
-    // OCSPValidity methods //
-    //////////////////////////
-
-    /**
-     * Initializes this subsystem with the configuration store
-     * associated with this instance name.
-     * <P>
-     *
-     * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance
-     * @param parameters configuration store (self test parameters)
-     * @exception EDuplicateSelfTestException subsystem has duplicate name/value
-     * @exception EInvalidSelfTestException subsystem has invalid name/value
-     * @exception EMissingSelfTestException subsystem has missing name/value
-     */
-    public void initSelfTest(ISelfTestSubsystem subsystem,
-                              String instanceName,
-                              IConfigStore parameters)
-            throws EDuplicateSelfTestException,
-            EInvalidSelfTestException,
-            EMissingSelfTestException {
-        super.initSelfTest(subsystem, instanceName, parameters);
-
-        // retrieve mandatory parameter(s)
-        try {
-            mOcspSubId = mConfig.getString(PROP_OCSP_SUB_ID);
-            if (mOcspSubId != null) {
-                mOcspSubId = mOcspSubId.trim();
-            } else {
-                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                        CMS.getLogMessage(
-                                                "SELFTESTS_MISSING_VALUES",
-                                                getSelfTestName(),
-                                                mPrefix
-                                                        + "."
-                                                        + PROP_OCSP_SUB_ID));
-
-                throw new EMissingSelfTestException(PROP_OCSP_SUB_ID);
-            }
-        } catch (EBaseException e) {
-            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                    CMS.getLogMessage(
-                                            "SELFTESTS_MISSING_NAME",
-                                            getSelfTestName(),
-                                            mPrefix
-                                                    + "."
-                                                    + PROP_OCSP_SUB_ID));
-
-            throw new EMissingSelfTestException(mPrefix,
-                                                 PROP_OCSP_SUB_ID,
-                                                 null);
-        }
-
-        // retrieve optional parameter(s)
-
-        return;
-    }
-
-    /**
-     * Notifies this subsystem if it is in execution mode.
-     * <P>
-     *
-     * @exception ESelfTestException failed to start
-     */
-    public void startupSelfTest()
-            throws ESelfTestException {
-        return;
-    }
-
-    /**
-     * Stops this subsystem. The subsystem may call shutdownSelfTest
-     * anytime after initialization.
-     * <P>
-     */
-    public void shutdownSelfTest() {
-        return;
-    }
-
-    /**
-     * Returns the name associated with this self test. This method may
-     * return null if the self test has not been intialized.
-     * <P>
-     *
-     * @return instanceName of this self test
-     */
-    public String getSelfTestName() {
-        return super.getSelfTestName();
-    }
-
-    /**
-     * Returns the root configuration storage (self test parameters)
-     * associated with this subsystem.
-     * <P>
-     *
-     * @return configuration store (self test parameters) of this subsystem
-     */
-    public IConfigStore getSelfTestConfigStore() {
-        return super.getSelfTestConfigStore();
-    }
-
-    /**
-     * Retrieves description associated with an individual self test.
-     * This method may return null.
-     * <P>
-     *
-     * @param locale locale of the client that requests the description
-     * @return description of self test
-     */
-    public String getSelfTestDescription(Locale locale) {
-        return CMS.getUserMessage(locale,
-                                   "CMS_SELFTESTS_OCSP_VALIDITY_DESCRIPTION");
-    }
-
-    /**
-     * Execute an individual self test.
-     * <P>
-     *
-     * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
-     */
-    public void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException {
-        String logMessage = null;
-        IOCSPAuthority ocsp = null;
-        ISigningUnit ocspSigningUnit = null;
-        X509CertImpl ocspCert = null;
-
-        ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId);
-
-        if (ocsp == null) {
-            // log that the OCSP is not installed
-            logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_NOT_PRESENT",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-
-            throw new ESelfTestException(logMessage);
-        } else {
-            // Retrieve the OCSP signing unit
-            ocspSigningUnit = ocsp.getSigningUnit();
-
-            if (ocspSigningUnit == null) {
-                // log that the OCSP is not yet initialized
-                logMessage = CMS.getLogMessage(
-                             "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
-                             getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // Retrieve the OCSP certificate
-            ocspCert = ocspSigningUnit.getCertImpl();
-
-            if (ocspCert == null) {
-                // log that the OCSP is not yet initialized
-                logMessage = CMS.getLogMessage(
-                             "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
-                             getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // Retrieve the OCSP validity period
-            try {
-                ocspCert.checkValidity();
-            } catch (CertificateNotYetValidException e) {
-                // log that the OCSP is not yet valid
-                logMessage = CMS.getLogMessage(
-                                 "SELFTESTS_OCSP_IS_NOT_YET_VALID",
-                                 getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            } catch (CertificateExpiredException e) {
-                // log that the OCSP is expired
-                logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_EXPIRED",
-                                                getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // log that the OCSP is valid
-            logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_VALID",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-        }
-
-        return;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java b/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java
deleted file mode 100644
index 6facd807c..000000000
--- a/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java
+++ /dev/null
@@ -1,261 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-// package statement //
-///////////////////////
-
-package com.netscape.cms.selftests.ra;
-
-///////////////////////
-// import statements //
-///////////////////////
-
-import java.security.PublicKey;
-import java.util.Locale;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.logging.ILogEventListener;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-import com.netscape.certsrv.selftests.EDuplicateSelfTestException;
-import com.netscape.certsrv.selftests.EInvalidSelfTestException;
-import com.netscape.certsrv.selftests.EMissingSelfTestException;
-import com.netscape.certsrv.selftests.ESelfTestException;
-import com.netscape.certsrv.selftests.ISelfTestSubsystem;
-import com.netscape.cms.selftests.ASelfTest;
-
-//////////////////////
-// class definition //
-//////////////////////
-
-/**
- * This class implements a self test to check for RA presence.
- * <P>
- *
- * <PRE>
- * NOTE:  This self-test is for Registration Authorities prior to
- *        Netscape Certificate Management System 7.0.  It does NOT
- *        apply to the Registration Authority found in
- *        Red Hat Certificate System 7.3 or later (including
- *        ALL versions of Dogtag Certificate System).
- * </PRE>
- * <P>
- *
- * @deprecated
- * @author mharmsen
- * @author thomask
- * @version $Revision$, $Date$
- */
-public class RAPresence
-        extends ASelfTest {
-    ////////////////////////
-    // default parameters //
-    ////////////////////////
-
-    ///////////////////////////
-    // RAPresence parameters //
-    ///////////////////////////
-
-    // parameter information
-    public static final String PROP_RA_SUB_ID = "RaSubId";
-    private String mRaSubId = null;
-
-    /////////////////////
-    // default methods //
-    /////////////////////
-
-    ////////////////////////
-    // RAPresence methods //
-    ////////////////////////
-
-    /**
-     * Initializes this subsystem with the configuration store
-     * associated with this instance name.
-     * <P>
-     *
-     * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance
-     * @param parameters configuration store (self test parameters)
-     * @exception EDuplicateSelfTestException subsystem has duplicate name/value
-     * @exception EInvalidSelfTestException subsystem has invalid name/value
-     * @exception EMissingSelfTestException subsystem has missing name/value
-     */
-    public void initSelfTest(ISelfTestSubsystem subsystem,
-                              String instanceName,
-                              IConfigStore parameters)
-            throws EDuplicateSelfTestException,
-            EInvalidSelfTestException,
-            EMissingSelfTestException {
-        super.initSelfTest(subsystem, instanceName, parameters);
-
-        // retrieve mandatory parameter(s)
-        try {
-            mRaSubId = mConfig.getString(PROP_RA_SUB_ID);
-            if (mRaSubId != null) {
-                mRaSubId = mRaSubId.trim();
-            } else {
-                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                        CMS.getLogMessage(
-                                                "SELFTESTS_MISSING_VALUES",
-                                                getSelfTestName(),
-                                                mPrefix
-                                                        + "."
-                                                        + PROP_RA_SUB_ID));
-
-                throw new EMissingSelfTestException(PROP_RA_SUB_ID);
-            }
-        } catch (EBaseException e) {
-            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                    CMS.getLogMessage(
-                                            "SELFTESTS_MISSING_NAME",
-                                            getSelfTestName(),
-                                            mPrefix
-                                                    + "."
-                                                    + PROP_RA_SUB_ID));
-
-            throw new EMissingSelfTestException(mPrefix,
-                                                 PROP_RA_SUB_ID,
-                                                 null);
-        }
-
-        // retrieve optional parameter(s)
-
-        return;
-    }
-
-    /**
-     * Notifies this subsystem if it is in execution mode.
-     * <P>
-     *
-     * @exception ESelfTestException failed to start
-     */
-    public void startupSelfTest()
-            throws ESelfTestException {
-        return;
-    }
-
-    /**
-     * Stops this subsystem. The subsystem may call shutdownSelfTest
-     * anytime after initialization.
-     * <P>
-     */
-    public void shutdownSelfTest() {
-        return;
-    }
-
-    /**
-     * Returns the name associated with this self test. This method may
-     * return null if the self test has not been intialized.
-     * <P>
-     *
-     * @return instanceName of this self test
-     */
-    public String getSelfTestName() {
-        return super.getSelfTestName();
-    }
-
-    /**
-     * Returns the root configuration storage (self test parameters)
-     * associated with this subsystem.
-     * <P>
-     *
-     * @return configuration store (self test parameters) of this subsystem
-     */
-    public IConfigStore getSelfTestConfigStore() {
-        return super.getSelfTestConfigStore();
-    }
-
-    /**
-     * Retrieves description associated with an individual self test.
-     * This method may return null.
-     * <P>
-     *
-     * @param locale locale of the client that requests the description
-     * @return description of self test
-     */
-    public String getSelfTestDescription(Locale locale) {
-        return CMS.getUserMessage(locale,
-                                   "CMS_SELFTESTS_RA_PRESENCE_DESCRIPTION");
-    }
-
-    /**
-     * Execute an individual self test.
-     * <P>
-     *
-     * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
-     */
-    public void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException {
-        String logMessage = null;
-        IRegistrationAuthority ra = null;
-        org.mozilla.jss.crypto.X509Certificate raCert = null;
-        PublicKey raPubKey = null;
-
-        ra = (IRegistrationAuthority) CMS.getSubsystem(mRaSubId);
-
-        if (ra == null) {
-            // log that the RA is not installed
-            logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_NOT_PRESENT",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-
-            throw new ESelfTestException(logMessage);
-        } else {
-            // Retrieve the RA certificate
-            raCert = ra.getRACert();
-
-            if (raCert == null) {
-                // log that the RA is not yet initialized
-                logMessage = CMS.getLogMessage(
-                             "SELFTESTS_RA_IS_NOT_INITIALIZED",
-                             getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // Retrieve the RA certificate public key
-            raPubKey = raCert.getPublicKey();
-
-            if (raPubKey == null) {
-                // log that something is seriously wrong with the RA
-                logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_CORRUPT",
-                                                getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // log that the RA is present
-            logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_PRESENT",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-        }
-
-        return;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java b/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java
deleted file mode 100644
index 06a6398c5..000000000
--- a/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java
+++ /dev/null
@@ -1,334 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-// package statement //
-///////////////////////
-
-package com.netscape.cms.selftests.tks;
-
-///////////////////////
-// import statements //
-///////////////////////
-
-import java.util.Arrays;
-import java.util.Locale;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.logging.ILogEventListener;
-import com.netscape.certsrv.selftests.EDuplicateSelfTestException;
-import com.netscape.certsrv.selftests.EInvalidSelfTestException;
-import com.netscape.certsrv.selftests.EMissingSelfTestException;
-import com.netscape.certsrv.selftests.ESelfTestException;
-import com.netscape.certsrv.selftests.ISelfTestSubsystem;
-import com.netscape.cms.selftests.ASelfTest;
-import com.netscape.symkey.SessionKey;
-
-//////////////////////
-// class definition //
-//////////////////////
-
-/**
- * This class implements a self test to check for TKS known session key.
- * <P>
- *
- * @author mharmsen
- * @author thomask
- * @author awnuk
- * @version $Revision$, $Date$
- */
-public class TKSKnownSessionKey
-        extends ASelfTest {
-    // parameter information
-    public static final String PROP_TKS_SUB_ID = "TksSubId";
-    private String mTksSubId = null;
-    private String mToken = null;
-    private String mUseSoftToken = null;
-    private String mKeyName = null;
-    private byte[] mKeyInfo = null;
-    private byte[] mCardChallenge = null;
-    private byte[] mHostChallenge = null;
-    private byte[] mCUID = null;
-    private byte[] mMacKey = null;
-    private byte[] mSessionKey = null;
-
-    /**
-     * Initializes this subsystem with the configuration store
-     * associated with this instance name.
-     * <P>
-     *
-     * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance
-     * @param parameters configuration store (self test parameters)
-     * @exception EDuplicateSelfTestException subsystem has duplicate name/value
-     * @exception EInvalidSelfTestException subsystem has invalid name/value
-     * @exception EMissingSelfTestException subsystem has missing name/value
-     */
-    public void initSelfTest(ISelfTestSubsystem subsystem,
-                              String instanceName,
-                              IConfigStore parameters)
-            throws EDuplicateSelfTestException,
-            EInvalidSelfTestException,
-            EMissingSelfTestException {
-        ISubsystem tks = null;
-        IConfigStore tksConfig = null;
-
-        super.initSelfTest(subsystem, instanceName, parameters);
-
-        mTksSubId = getConfigString(PROP_TKS_SUB_ID);
-        mToken = getConfigString("token");
-        mKeyName = getConfigString("keyName");
-        mCardChallenge = getConfigByteArray("cardChallenge", 8);
-        mHostChallenge = getConfigByteArray("hostChallenge", 8);
-        mKeyInfo = getConfigByteArray("keyName", 2);
-        mCUID = getConfigByteArray("CUID", 10);
-        mMacKey = getConfigByteArray("macKey", 16);
-        mUseSoftToken = getConfigString("useSoftToken");
-
-        String defKeySetMacKey = null;
-        tks = CMS.getSubsystem(mTksSubId);
-        if (tks != null) {
-            tksConfig = tks.getConfigStore();
-            if (tksConfig != null) {
-                try {
-                    defKeySetMacKey = tksConfig.getString("defKeySet.mac_key");
-                    byte defMacKey[] = com.netscape.cmsutil.util.Utils.SpecialDecode(defKeySetMacKey);
-                    if (!Arrays.equals(mMacKey, defMacKey)) {
-                        defKeySetMacKey = null;
-                    }
-                } catch (EBaseException e) {
-                    defKeySetMacKey = null;
-                }
-            }
-        }
-        if (defKeySetMacKey == null) {
-            CMS.debug("TKSKnownSessionKey: invalid mac key");
-            CMS.debug("TKSKnownSessionKey self test FAILED");
-            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                    CMS.getLogMessage("SELFTESTS_INVALID_VALUES",
-                                            getSelfTestName(), mPrefix + "." + "macKey"));
-            throw new EInvalidSelfTestException(mPrefix, "macKey", null);
-        }
-
-        try {
-            mSessionKey = getConfigByteArray("sessionKey", 16);
-        } catch (EMissingSelfTestException e) {
-            if (mSessionKey == null) {
-                mSessionKey = SessionKey.ComputeSessionKey(mToken, mKeyName,
-                                                            mCardChallenge, mHostChallenge,
-                                                            mKeyInfo, mCUID, mMacKey, mUseSoftToken, null, null);
-                if (mSessionKey == null || mSessionKey.length != 16) {
-                    mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                            CMS.getLogMessage("SELFTESTS_MISSING_VALUES",
-                                                    getSelfTestName(), mPrefix + ".sessionKey"));
-                    throw new EMissingSelfTestException("sessionKey");
-                }
-                String sessionKey = SpecialEncode(mSessionKey);
-                mConfig.putString("sessionKey", sessionKey);
-                try {
-                    CMS.getConfigStore().commit(true);
-                } catch (EBaseException be) {
-                    mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                            CMS.getLogMessage("SELFTESTS_MISSING_VALUES",
-                                                    getSelfTestName(), mPrefix + ".sessionKey"));
-                    throw new EMissingSelfTestException("sessionKey");
-                }
-            }
-        }
-
-        return;
-    }
-
-    private String SpecialEncode(byte data[]) {
-        StringBuffer sb = new StringBuffer();
-
-        for (int i = 0; i < data.length; i++) {
-            sb.append("#");
-            if ((data[i] & 0xff) < 16) {
-                sb.append("0");
-            }
-            sb.append(Integer.toHexString((data[i] & 0xff)));
-        }
-
-        return sb.toString();
-    }
-
-    private String getConfigString(String name) throws EMissingSelfTestException {
-        String value = null;
-
-        try {
-            value = mConfig.getString(name);
-            if (value != null) {
-                value = value.trim();
-            } else {
-                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                        CMS.getLogMessage("SELFTESTS_MISSING_VALUES",
-                                                getSelfTestName(), mPrefix + "." + name));
-                throw new EMissingSelfTestException(name);
-            }
-        } catch (EBaseException e) {
-            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                    CMS.getLogMessage("SELFTESTS_MISSING_NAME",
-                                            getSelfTestName(), mPrefix + "." + name));
-            throw new EMissingSelfTestException(mPrefix, name, null);
-        }
-
-        return value;
-    }
-
-    private byte[] getConfigByteArray(String name, int size) throws EMissingSelfTestException,
-                                                                     EInvalidSelfTestException {
-        String stringValue = getConfigString(name);
-
-        byte byteValue[] = com.netscape.cmsutil.util.Utils.SpecialDecode(stringValue);
-        if (byteValue == null) {
-            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                    CMS.getLogMessage("SELFTESTS_MISSING_NAME",
-                                            getSelfTestName(), mPrefix + "." + name));
-            throw new EMissingSelfTestException(name);
-        }
-        if (byteValue.length != size) {
-            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                    CMS.getLogMessage("SELFTESTS_INVALID_VALUES",
-                                            getSelfTestName(), mPrefix + "." + name));
-            throw new EInvalidSelfTestException(mPrefix, name, stringValue);
-        }
-
-        return byteValue;
-    }
-
-    /**
-     * Notifies this subsystem if it is in execution mode.
-     * <P>
-     *
-     * @exception ESelfTestException failed to start
-     */
-    public void startupSelfTest()
-            throws ESelfTestException {
-        return;
-    }
-
-    /**
-     * Stops this subsystem. The subsystem may call shutdownSelfTest
-     * anytime after initialization.
-     * <P>
-     */
-    public void shutdownSelfTest() {
-        return;
-    }
-
-    /**
-     * Returns the name associated with this self test. This method may
-     * return null if the self test has not been intialized.
-     * <P>
-     *
-     * @return instanceName of this self test
-     */
-    public String getSelfTestName() {
-        return super.getSelfTestName();
-    }
-
-    /**
-     * Returns the root configuration storage (self test parameters)
-     * associated with this subsystem.
-     * <P>
-     *
-     * @return configuration store (self test parameters) of this subsystem
-     */
-    public IConfigStore getSelfTestConfigStore() {
-        return super.getSelfTestConfigStore();
-    }
-
-    /**
-     * Retrieves description associated with an individual self test.
-     * This method may return null.
-     * <P>
-     *
-     * @param locale locale of the client that requests the description
-     * @return description of self test
-     */
-    public String getSelfTestDescription(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_SELFTESTS_TKS_PRESENCE_DESCRIPTION");
-    }
-
-    /**
-     * Execute an individual self test.
-     * <P>
-     *
-     * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
-     */
-    public void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException {
-        IConfigStore cs = CMS.getConfigStore();
-        String sharedSecretName;
-        try {
-            boolean useNewNames = cs.getBoolean("tks.useNewSharedSecretNames", false);
-            if (useNewNames) {
-                String tpsList = cs.getString("tps.list", "");
-                if (tpsList.isEmpty()) {
-                    CMS.debug("TKSKnownSessionKey: no shared secrets configured, exiting");
-                    return;
-                }
-
-                for (String tpsID : tpsList.split(",")) {
-                    sharedSecretName = cs.getString("tps." + tpsID + ".nickname", "");
-                    if (!sharedSecretName.isEmpty()) {
-                        CMS.debug("TKSKnownSessionKey: testing with key " + sharedSecretName);
-                        generateSessionKey(logger, sharedSecretName);
-                    }
-                }
-            } else {
-                // legacy systems
-                sharedSecretName = cs.getString("tks.tksSharedSymKeyName", "sharedSecret");
-                generateSessionKey(logger, sharedSecretName);
-            }
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            CMS.debug("TKSKnownSessionKey: failed to read config file to set up test");
-            String logMessage = CMS.getLogMessage("SELFTESTS_TKS_FAILED", getSelfTestName(), getSelfTestName());
-            mSelfTestSubsystem.log(logger, logMessage);
-            throw new ESelfTestException(logMessage);
-        }
-        return;
-    }
-
-    private void generateSessionKey(ILogEventListener logger, String sharedSecretName) throws ESelfTestException {
-        String logMessage;
-        String keySet = "defKeySet";
-
-        byte[] sessionKey = SessionKey.ComputeSessionKey(
-                mToken, mKeyName, mCardChallenge, mHostChallenge, mKeyInfo,
-                mCUID, mMacKey, mUseSoftToken, keySet, sharedSecretName);
-
-        // Now we just see if we can successfully generate a session key.
-        // For FIPS compliance, the routine now returns a wrapped key, which can't be extracted and compared.
-        if (sessionKey == null) {
-            CMS.debug("TKSKnownSessionKey: generated no session key");
-            CMS.debug("TKSKnownSessionKey self test FAILED");
-            logMessage = CMS.getLogMessage("SELFTESTS_TKS_FAILED", getSelfTestName(), getSelfTestName());
-            mSelfTestSubsystem.log(logger, logMessage);
-            throw new ESelfTestException(logMessage);
-        } else {
-            logMessage = CMS.getLogMessage("SELFTESTS_TKS_SUCCEEDED", getSelfTestName(), getSelfTestName());
-            mSelfTestSubsystem.log(logger, logMessage);
-            CMS.debug("TKSKnownSessionKey self test SUCCEEDED");
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/account/AccountService.java b/base/common/src/com/netscape/cms/servlet/account/AccountService.java
deleted file mode 100644
index 611c865ae..000000000
--- a/base/common/src/com/netscape/cms/servlet/account/AccountService.java
+++ /dev/null
@@ -1,67 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-
-package com.netscape.cms.servlet.account;
-
-import java.security.Principal;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.Request;
-import javax.ws.rs.core.UriInfo;
-
-import com.netscape.certsrv.account.AccountResource;
-import com.netscape.cms.servlet.base.PKIService;
-
-/**
- * @author Endi S. Dewata
- */
-public class AccountService extends PKIService implements AccountResource {
-
-    @Context
-    private UriInfo uriInfo;
-
-    @Context
-    private HttpHeaders headers;
-
-    @Context
-    private Request request;
-
-    @Context
-    private HttpServletRequest servletRequest;
-
-    @Override
-    public void login() {
-        HttpSession session = servletRequest.getSession();
-        System.out.println("Creating session "+session.getId());
-
-        Principal principal = servletRequest.getUserPrincipal();
-        System.out.println("Principal: "+principal);
-    }
-
-    @Override
-    public void logout() {
-        HttpSession session = servletRequest.getSession(false);
-        if (session == null) return;
-
-        System.out.println("Destroying session "+session.getId());
-        session.invalidate();
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java b/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java
deleted file mode 100644
index 1244da12c..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java
+++ /dev/null
@@ -1,894 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.admin;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Hashtable;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.acls.ACL;
-import com.netscape.certsrv.acls.ACLEntry;
-import com.netscape.certsrv.acls.IACL;
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authorization.IAuthzManager;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.common.Constants;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.common.OpDef;
-import com.netscape.certsrv.common.ScopeDef;
-import com.netscape.certsrv.evaluators.IAccessEvaluator;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * Manage Access Control List configuration
- *
- * @version $Revision$, $Date$
- */
-public class ACLAdminServlet extends AdminServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -322237202045924779L;
-    private static final String PROP_EVAL = "accessEvaluator";
-    private final static String INFO = "ACLAdminServlet";
-    private IAuthzManager mAuthzMgr = null;
-
-    private final static String LOGGING_SIGNED_AUDIT_CONFIG_ACL =
-            "LOGGING_SIGNED_AUDIT_CONFIG_ACL_3";
-
-    /**
-     * initialize the servlet.
-     * <ul>
-     * <li>http.param OP_TYPE = OP_SEARCH,
-     * <li>http.param OP_SCOPE - the scope of the request operation:
-     * <ul>
-     * <LI>"impl" ACL implementations
-     * <LI>"acls" ACL rules
-     * <LI>"evaluatorTypes" ACL evaluators.
-     * </ul>
-     * </ul>
-     *
-     * @param config servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig config) throws ServletException {
-        super.init(config);
-        mAuthzMgr = mAuthz.get(mAclMethod);
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Process the HTTP request.
-     *
-     * @param req the object holding the request information
-     * @param resp the object holding the response information
-     */
-
-    public void service(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException {
-
-        String scope = super.getParameter(req, Constants.OP_SCOPE);
-        String op = super.getParameter(req, Constants.OP_TYPE);
-
-        if (op == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL"));
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                    null, resp);
-            return;
-        }
-
-        try {
-            super.authenticate(req);
-        } catch (IOException e) {
-            log(ILogger.LL_SECURITY, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"));
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        try {
-            AUTHZ_RES_NAME = "certServer.acl.configuration";
-
-            if (op.equals(OpDef.OP_SEARCH)) {
-                mOp = "read";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_ACL)) {
-                    listResources(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_ACL_IMPLS)) {
-                    listACLsEvaluators(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_EVALUATOR_TYPES)) {
-                    listACLsEvaluatorTypes(req, resp);
-                    return;
-                }
-            } else if (op.equals(OpDef.OP_READ)) {
-                mOp = "read";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_ACL)) {
-                    getResourceACL(req, resp);
-                    return;
-                }
-            } else if (op.equals(OpDef.OP_MODIFY)) {
-                mOp = "modify";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_ACL)) {
-                    updateResources(req, resp);
-                    return;
-                }
-            } else if (op.equals(OpDef.OP_ADD)) {
-                mOp = "modify";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_ACL_IMPLS)) {
-                    addACLsEvaluator(req, resp, scope);
-                    return;
-                }
-            } else if (op.equals(OpDef.OP_DELETE)) {
-                mOp = "modify";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_ACL_IMPLS)) {
-                    deleteACLsEvaluator(req, resp, scope);
-                    return;
-                }
-            } else {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE"));
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                        null, resp);
-                return;
-            }
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, e.toString());
-            sendResponse(ERROR, e.toString(getLocale(req)),
-                    null, resp);
-            return;
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE, e.toString());
-            log(ILogger.LL_DEBUG, "SRVLT_FAIL_PERFORM 2");
-
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        log(ILogger.LL_DEBUG, "SRVLT_FAIL_PERFORM 3");
-
-        sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
-                null, resp);
-        return;
-    }
-
-    /**
-     * list acls resources by name
-     */
-    private void listResources(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException, IOException,
-            EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-
-        Enumeration<ACL> res = mAuthzMgr.getACLs();
-
-        while (res.hasMoreElements()) {
-            ACL acl = res.nextElement();
-            String desc = acl.getDescription();
-
-            if (desc == null)
-                params.put(acl.getName(), "");
-            else
-                params.put(acl.getName(), desc);
-        }
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    /**
-     * get acls information for a resource
-     */
-    private void getResourceACL(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException, IOException,
-            EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-        //get resource id first
-        String resourceId = super.getParameter(req, Constants.RS_ID);
-
-        if (resourceId == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        IACL acl = mAuthzMgr.getACL(resourceId);
-
-        if (acl != null) {
-            Enumeration<String> rightsEnum = acl.rights();
-
-            StringBuffer rights = new StringBuffer();
-
-            if (rightsEnum.hasMoreElements()) {
-                while (rightsEnum.hasMoreElements()) {
-                    if (rights.length() != 0) {
-                        rights.append(",");
-                    }
-                    String right = rightsEnum.nextElement();
-
-                    rights.append(right);
-                }
-            }
-
-            params.put(Constants.PR_ACL_OPS, rights.toString());
-
-            Enumeration<ACLEntry> aclEntryEnum;
-            aclEntryEnum = acl.entries();
-            String acis = "";
-
-            if (aclEntryEnum.hasMoreElements()) {
-                while (aclEntryEnum.hasMoreElements()) {
-                    if (acis != "") {
-                        acis += ";";
-                    }
-                    ACLEntry aclEntry = aclEntryEnum.nextElement();
-                    String aci = aclEntry.getACLEntryString();
-
-                    acis += aci;
-                }
-            }
-
-            params.put(Constants.PR_ACI, acis);
-
-            sendResponse(SUCCESS, null, params, resp);
-            return;
-
-        } else {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("ACLS_SRVLT_RESOURCE_NOT_FOUND"));
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ACL_RESOURCE_NOT_FOUND"),
-                    null, resp);
-            return;
-        }
-    }
-
-    /**
-     * modify acls information for a resource
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring Access Control List (ACL) information
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private void updateResources(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException, IOException,
-            EBaseException {
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            // get resource id first
-            String resourceId = super.getParameter(req, Constants.RS_ID);
-
-            if (resourceId == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-
-            // get resource acls
-            String resourceACLs = super.getParameter(req, Constants.PR_ACI);
-            String rights = super.getParameter(req, Constants.PR_ACL_RIGHTS);
-            String desc = super.getParameter(req, Constants.PR_ACL_DESC);
-
-            try {
-                mAuthzMgr.updateACLs(resourceId, rights, resourceACLs, desc);
-
-                NameValuePairs params = new NameValuePairs();
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(SUCCESS, null, params, resp);
-                return;
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE, e.toString());
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ACL_UPDATE_FAIL"),
-                        null, resp);
-                return;
-            }
-            // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    /**
-     * list access evaluators by types and class paths
-     */
-    private void listACLsEvaluators(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException, IOException,
-            EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<IAccessEvaluator> res = mAuthzMgr.aclEvaluatorElements();
-
-        while (res.hasMoreElements()) {
-            IAccessEvaluator evaluator = res.nextElement();
-
-            // params.add(evaluator.getType(), evaluator.getDescription());
-            params.put(evaluator.getType(), evaluator.getClass().getName());
-        }
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private void listACLsEvaluatorTypes(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException, IOException,
-            EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<IAccessEvaluator> res = mAuthzMgr.aclEvaluatorElements();
-
-        while (res.hasMoreElements()) {
-            IAccessEvaluator evaluator = res.nextElement();
-            String[] operators = evaluator.getSupportedOperators();
-            StringBuffer str = new StringBuffer();
-
-            for (int i = 0; i < operators.length; i++) {
-                if (str.length() > 0)
-                    str.append(",");
-                str.append(operators[i]);
-            }
-
-            params.put(evaluator.getType(), str.toString());
-        }
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    /**
-     * add access evaluators
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring Access Control List (ACL) information
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @param scope string used to obtain the contents of this ACL evaluator's
-     *            substore
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private synchronized void addACLsEvaluator(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            // get evaluator type first
-            String type = super.getParameter(req, Constants.RS_ID);
-
-            if (type == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-
-            // is the evaluator type unique?
-            /*
-             if (!mACLs.isTypeUnique(type)) {
-             String infoMsg = "replacing existing type: "+ type;
-             log(ILogger.LL_WARN, infoMsg);
-             }
-             */
-
-            // get class
-            String classPath = super.getParameter(req, Constants.PR_ACL_CLASS);
-
-            IConfigStore destStore =
-                    mConfig.getSubStore(PROP_EVAL);
-            IConfigStore mStore =
-                    destStore.getSubStore(ScopeDef.SC_ACL_IMPLS);
-
-            // Does the class exist?
-            Class<?> newImpl = null;
-
-            try {
-                newImpl = Class.forName(classPath);
-            } catch (ClassNotFoundException e) {
-                String errMsg = "class " + classPath + " not found";
-
-                log(ILogger.LL_FAILURE, errMsg);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ACL_CLASS_LOAD_FAIL"),
-                        null, resp);
-                return;
-            }
-
-            // is the class an IAccessEvaluator?
-            try {
-                if (Class.forName("com.netscape.certsrv.evaluators.IAccessEvaluator").isAssignableFrom(newImpl) == false) {
-                    String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" +
-                            classPath;
-
-                    log(ILogger.LL_FAILURE, errMsg);
-
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ACL_ILL_CLASS"),
-                            null, resp);
-                    return;
-                }
-            } catch (Exception e) {
-                String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" +
-                        classPath;
-
-                log(ILogger.LL_FAILURE, errMsg);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ACL_ILL_CLASS"),
-                        null, resp);
-                return;
-            }
-
-            IConfigStore substore = mStore.makeSubStore(type);
-
-            substore.put(Constants.PR_ACL_CLASS, classPath);
-
-            // commiting
-            try {
-                mConfig.commit(true);
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ACLS_SRVLT_FAIL_COMMIT"));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ACL_COMMIT_FAIL"),
-                        null, resp);
-                return;
-            }
-
-            // Instantiate an object for this implementation
-            IAccessEvaluator evaluator = null;
-
-            try {
-                evaluator = (IAccessEvaluator) Class.forName(classPath).newInstance();
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE, e.toString());
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ACL_INST_CLASS_FAIL"),
-                        null, resp);
-                return;
-            }
-
-            // initialize the access evaluator
-            if (evaluator != null) {
-                evaluator.init();
-                // add evaluator to list
-                mAuthzMgr.registerEvaluator(type, evaluator);
-            }
-
-            //...
-            NameValuePairs params = new NameValuePairs();
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, params, resp);
-            // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    /**
-     * remove access evaluators
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring Access Control List (ACL) information
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @param scope string used to obtain the contents of this ACL evaluator's
-     *            substore
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private synchronized void deleteACLsEvaluator(HttpServletRequest req,
-            HttpServletResponse resp, String scope) throws ServletException,
-            IOException, EBaseException {
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            NameValuePairs params = new NameValuePairs();
-            String id = req.getParameter(Constants.RS_ID);
-
-            if (id == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-
-            // does the evaluator exist?
-            Hashtable<String, IAccessEvaluator> mEvaluators = mAuthzMgr.getAccessEvaluators();
-
-            if (mEvaluators.containsKey(id) == false) {
-                log(ILogger.LL_FAILURE, "evaluator attempted to be removed not found");
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ACL_EVAL_NOT_FOUND"),
-                        null, resp);
-                return;
-            }
-
-            // it's possibl that it's being used...we have to assume that
-            // the administrator knows what she is doing, for now
-            mEvaluators.remove(id);
-
-            try {
-                IConfigStore destStore =
-                        mConfig.getSubStore(PROP_EVAL);
-                IConfigStore mStore =
-                        destStore.getSubStore(ScopeDef.SC_ACL_IMPLS);
-
-                mStore.removeSubStore(id);
-            } catch (Exception eeee) {
-                //CMS.debugStackTrace(eeee);
-            }
-            // commiting
-            try {
-                mConfig.commit(true);
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ACLS_SRVLT_FAIL_COMMIT"));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ACL_COMMIT_FAIL"),
-                        null, resp);
-                return;
-            }
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, params, resp);
-            return;
-            // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    /**
-     * Searchs for certificate requests.
-     */
-
-    /*
-     private void getACLs(HttpServletRequest req,
-     HttpServletResponse resp) throws ServletException, IOException,
-     EBaseException {
-     NameValuePairs params = new NameValuePairs();
-     ByteArrayOutputStream bos = new ByteArrayOutputStream();
-     ObjectOutputStream oos = new ObjectOutputStream(bos);
-     String names = getParameter(req, Constants.PT_NAMES);
-     StringTokenizer st = new StringTokenizer(names, ",");
-     while (st.hasMoreTokens()) {
-     String target = st.nextToken();
-     ACL acl = AccessManager.getInstance().getACL(target);
-     oos.writeObject(acl);
-     }
-     // BASE64Encoder encoder = new BASE64Encoder();
-     // params.add(Constants.PT_ACLS, encoder.encodeBuffer(bos.toByteArray()));
-     params.add(Constants.PT_ACLS, CMS.BtoA(bos.toByteArray()));
-     sendResponse(SUCCESS, null, params, resp);
-     }
-     */
-
-    private void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
-                level, "ACLAdminServlet: " + msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java b/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java
deleted file mode 100644
index 19b537854..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java
+++ /dev/null
@@ -1,42 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.admin;
-
-import java.util.ListResourceBundle;
-
-/**
- * A class represents a resource bundle for the remote admin.
- *
- * @version $Revision$, $Date$
- * @see java.util.ListResourceBundle
- */
-public class AdminResources extends ListResourceBundle {
-
-    /**
-     * Returns the content of this resource.
-     */
-    public Object[][] getContents() {
-        return contents;
-    }
-
-    /**
-     * Constants. The suffix represents the number of
-     * possible parameters.
-     */
-    static final Object[][] contents = {};
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java b/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java
deleted file mode 100644
index ab7af9ec3..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java
+++ /dev/null
@@ -1,1142 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.admin;
-
-import java.io.ByteArrayOutputStream;
-import java.io.DataOutputStream;
-import java.io.IOException;
-import java.security.cert.X509Certificate;
-import java.util.Collection;
-import java.util.Enumeration;
-import java.util.Iterator;
-import java.util.LinkedHashMap;
-import java.util.Locale;
-import java.util.Map;
-import java.util.StringTokenizer;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthCredentials;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.authorization.IAuthzSubsystem;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.common.Constants;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.logging.IAuditor;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.usrgrp.EUsrGrpException;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * A class represents an administration servlet that
- * is responsible to serve administrative
- * operation such as configuration parameter updates.
- *
- * Since each administration servlet needs to perform
- * authentication information parsing and response
- * formulation, it makes sense to encapsulate the
- * commonalities into this class.
- *
- * By extending this serlvet, the subclass does not
- * need to re-implement the request parsing code
- * (i.e. authentication information parsing).
- *
- * If a subsystem needs to expose configuration
- * parameters management, it should create an
- * administration servlet (i.e. CAAdminServlet)
- * and register it to RemoteAdmin subsystem.
- *
- * <code>
- * public class CAAdminServlet extends AdminServlet {
- *   ...
- * }
- * </code>
- *
- * @version $Revision$, $Date$
- */
-public class AdminServlet extends HttpServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 7740464244137421542L;
-    private final static String HDR_AUTHORIZATION = "Authorization";
-    private final static String HDR_LANG = "accept-language";
-
-    protected ILogger mLogger = CMS.getLogger();
-    protected IAuditor auditor = CMS.getAuditor();
-    private IUGSubsystem mUG = null;
-    protected IConfigStore mConfig = null;
-    protected IAuthzSubsystem mAuthz = null;
-
-    // we don't allow to switch authz db mid-way, for now
-    protected String mAclMethod = null;
-    protected String mOp = "";
-    protected static String AUTHZ_RES_NAME = "certServer";
-    protected AuthzToken mToken;
-
-    private String mServletID = null;
-    public final static String PROP_AUTHZ_MGR = "AuthzMgr";
-    public final static String PROP_ACL = "ACLinfo";
-
-    public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz";
-    public final static String AUTHZ_MGR_LDAP = "DirAclAuthz";
-    public final static String PROP_ID = "ID";
-    public final static String AUTHZ_CONFIG_STORE = "authz";
-    public final static String AUTHZ_SRC_TYPE = "sourceType";
-    public final static String AUTHZ_SRC_LDAP = "ldap";
-    public final static String AUTHZ_SRC_XML = "web.xml";
-    public static final String CERT_ATTR =
-            "javax.servlet.request.X509Certificate";
-
-    private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
-            "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
-    private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
-            "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
-    private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL =
-            "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4";
-    private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS =
-            "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4";
-    private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME =
-            "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
-    private final static String CERTUSERDB =
-            IAuthSubsystem.CERTUSERDB_AUTHMGR_ID;
-    private final static String PASSWDUSERDB =
-            IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID;
-
-    /**
-     * Constructs generic administration servlet.
-     */
-    public AdminServlet() {
-    }
-
-    /**
-     * Initializes the servlet.
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mUG = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
-        mConfig = CMS.getConfigStore();
-
-        String srcType = AUTHZ_SRC_LDAP;
-
-        try {
-            IConfigStore authzConfig = mConfig.getSubStore(AUTHZ_CONFIG_STORE);
-
-            srcType = authzConfig.getString(AUTHZ_SRC_TYPE, AUTHZ_SRC_LDAP);
-        } catch (EBaseException e) {
-            CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_FAIL_SRC_TYPE"));
-        }
-        mAuthz =
-                (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ);
-
-        mServletID = getSCparam(sc, PROP_ID, "servlet id unknown");
-        CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", mServletID));
-
-        if (srcType.equalsIgnoreCase(AUTHZ_SRC_XML)) {
-            CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", ""));
-            // get authz mgr from xml file;  if not specified, use
-            //			ldap by default
-            mAclMethod = getSCparam(sc, PROP_AUTHZ_MGR, AUTHZ_MGR_LDAP);
-
-            if (mAclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) {
-                String aclInfo = sc.getInitParameter(PROP_ACL);
-
-                if (aclInfo != null) {
-                    try {
-                        addACLInfo(aclInfo);
-                        //mAuthz.authzMgrAccessInit(mAclMethod, aclInfo);
-                    } catch (EBaseException e) {
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_FAIL"));
-                        throw new ServletException("failed to init authz info from xml config file");
-                    }
-                    CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE", mServletID));
-                } else { // PROP_AUTHZ_MGR not specified, use default authzmgr
-                    CMS.debug("AdminServlet: "
-                            + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL, mServletID, AUTHZ_MGR_LDAP));
-                }
-            } else { // PROP_AUTHZ_MGR not specified, use default authzmgr
-                CMS.debug("AdminServlet: "
-                        + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_AUTHZ_MGR, mServletID, AUTHZ_MGR_LDAP));
-            }
-
-        } else {
-            mAclMethod = AUTHZ_MGR_LDAP;
-            CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTH_LDAP_NOT_XML", mServletID));
-        }
-    }
-
-    public void outputHttpParameters(HttpServletRequest httpReq) {
-        CMS.debug("AdminServlet:service() uri = " + httpReq.getRequestURI());
-        Enumeration<String> paramNames = httpReq.getParameterNames();
-        while (paramNames.hasMoreElements()) {
-            String pn = paramNames.nextElement();
-            // added this facility so that password can be hidden,
-            // all sensitive parameters should be prefixed with
-            // __ (double underscores); however, in the event that
-            // a security parameter slips through, we perform multiple
-            // additional checks to insure that it is NOT displayed
-            if (pn.startsWith("__") ||
-                    pn.endsWith("password") ||
-                    pn.endsWith("passwd") ||
-                    pn.endsWith("pwd") ||
-                    pn.equalsIgnoreCase("admin_password_again") ||
-                    pn.equalsIgnoreCase("directoryManagerPwd") ||
-                    pn.equalsIgnoreCase("bindpassword") ||
-                    pn.equalsIgnoreCase("bindpwd") ||
-                    pn.equalsIgnoreCase("passwd") ||
-                    pn.equalsIgnoreCase("password") ||
-                    pn.equalsIgnoreCase("pin") ||
-                    pn.equalsIgnoreCase("pwd") ||
-                    pn.equalsIgnoreCase("pwdagain") ||
-                    pn.equalsIgnoreCase("uPasswd")) {
-                CMS.debug("AdminServlet::service() param name='" + pn +
-                         "' value='(sensitive)'");
-            } else {
-                CMS.debug("AdminServlet::service() param name='" + pn +
-                         "' value='" + httpReq.getParameter(pn) + "'");
-            }
-        }
-    }
-
-    /**
-     * Serves HTTP admin request.
-     */
-    public void service(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException {
-        boolean running_state = CMS.isInRunningState();
-
-        if (!running_state)
-            throw new IOException(
-                    "CMS server is not ready to serve.");
-
-        if (CMS.debugOn()) {
-            outputHttpParameters(req);
-        }
-    }
-
-    private void addACLInfo(String info) throws EBaseException {
-        StringTokenizer tokenizer = new StringTokenizer(info, "#");
-
-        while (tokenizer.hasMoreTokens()) {
-            String acl = tokenizer.nextToken();
-
-            mAuthz.authzMgrAccessInit(mAclMethod, acl);
-        }
-    }
-
-    private String getSCparam(ServletConfig sc, String param, String defVal) {
-        String val = sc.getInitParameter(param);
-
-        if (val == null)
-            return defVal;
-        else
-            return val;
-    }
-
-    /**
-     * Authenticates to the identity scope with the given
-     * userid and password via identity manager.
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication fails (in case of SSL-client auth, only
-     * webserver env can pick up the SSL violation; CMS authMgr can pick up cert mis-match, so this event is used)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication succeeded
-     * </ul>
-     *
-     * @exception IOException an input/output error has occurred
-     */
-    protected void authenticate(HttpServletRequest req) throws
-            IOException {
-
-        String auditMessage = null;
-        String auditUID = ILogger.UNIDENTIFIED;
-        String authType = "";
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            try {
-                IConfigStore configStore = CMS.getConfigStore();
-
-                authType = configStore.getString("authType");
-            } catch (EBaseException e) {
-                // do nothing for now.
-            }
-            IAuthSubsystem auth = (IAuthSubsystem)
-                    CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-            X509Certificate cert = null;
-
-            if (authType.equals("sslclientauth")) {
-                X509Certificate[] allCerts =
-                        (X509Certificate[]) req.getAttribute(CERT_ATTR);
-
-                if (allCerts == null || allCerts.length == 0) {
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_AUTH_FAIL,
-                                ILogger.UNIDENTIFIED,
-                                ILogger.FAILURE,
-                                CERTUSERDB,
-                                auditUID);
-
-                    audit(auditMessage);
-
-                    throw new IOException("No certificate");
-                }
-
-                cert = allCerts[0];
-                try {
-                    byte[] certEncoded = cert.getEncoded();
-
-                    cert = new X509CertImpl(certEncoded);
-
-                    // save the "Subject DN" of this certificate in case it
-                    // must be audited as an authentication failure
-                    String certUID = cert.getSubjectDN().getName();
-
-                    if (certUID != null) {
-                        certUID = certUID.trim();
-
-                        if (!(certUID.equals(""))) {
-                            auditUID = certUID;
-                        }
-                    }
-                } catch (Exception e) {
-                }
-            }
-
-            // create session (if we don't, identity will reject
-            // the authentication).
-            SessionContext sc = SessionContext.getContext();
-            IAuthToken token = null;
-
-            log(ILogger.LL_DEBUG, CMS.getLogMessage("ADMIN_SRVLT_ABOUT_AUTH",
-                    mServletID));
-            try {
-                if (authType.equals("sslclientauth")) {
-                    IAuthManager authMgr = auth.get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
-                    IAuthCredentials authCreds =
-                            getAuthCreds(authMgr, cert);
-
-                    token = authMgr.authenticate(authCreds);
-                } else {
-                    String authToken = req.getHeader(HDR_AUTHORIZATION);
-                    String b64s = authToken.substring(
-                            authToken.lastIndexOf(' ') + 1);
-                    String authCode = new String(Utils.base64decode(b64s));
-                    String userid = authCode.substring(0,
-                            authCode.indexOf(':'));
-                    String password = authCode.substring(
-                            authCode.indexOf(':') + 1);
-                    AuthCredentials cred = new AuthCredentials();
-
-                    // save the "userid" of this certificate in case it
-                    // must be audited as an authentication failure
-                    String pwdUID = userid;
-
-                    if (pwdUID != null) {
-                        pwdUID = pwdUID.trim();
-
-                        if (!(pwdUID.equals(""))) {
-                            auditUID = pwdUID;
-                        }
-                    }
-
-                    cred.set("uid", userid);
-                    cred.set("pwd", password);
-
-                    token = auth.authenticate(cred,
-                                IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID);
-                    CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FOR_SRVLT",
-                            mServletID));
-                }
-            } catch (EBaseException e) {
-                //will fix it later for authorization
-                /*
-                 String errMsg = "authenticate(): " +
-                 AdminResources.SRVLT_FAIL_AUTHS +": "+userid +":"+
-                 e.getMessage();
-                 log(ILogger.LL_FAILURE,
-                 CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAIL",
-                 CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"),
-                 userid,e.getMessage()));
-                 */
-
-                if (authType.equals("sslclientauth")) {
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_AUTH_FAIL,
-                                ILogger.UNIDENTIFIED,
-                                ILogger.FAILURE,
-                                CERTUSERDB,
-                                auditUID);
-
-                    audit(auditMessage);
-                } else {
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_AUTH_FAIL,
-                                ILogger.UNIDENTIFIED,
-                                ILogger.FAILURE,
-                                PASSWDUSERDB,
-                                auditUID);
-
-                    audit(auditMessage);
-                }
-
-                throw new IOException("authentication failed");
-            }
-
-            try {
-                String tuserid = token.getInString("userid");
-
-                if (tuserid == null) {
-                    mLogger.log(
-                            ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                            CMS.getLogMessage("ADMIN_SRVLT_NO_AUTH_TOKEN",
-                                    tuserid));
-
-                    if (authType.equals("sslclientauth")) {
-                        // store a message in the signed audit log file
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_AUTH_FAIL,
-                                    ILogger.UNIDENTIFIED,
-                                    ILogger.FAILURE,
-                                    CERTUSERDB,
-                                    auditUID);
-
-                        audit(auditMessage);
-                    } else {
-                        // store a message in the signed audit log file
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_AUTH_FAIL,
-                                    ILogger.UNIDENTIFIED,
-                                    ILogger.FAILURE,
-                                    PASSWDUSERDB,
-                                    auditUID);
-
-                        audit(auditMessage);
-                    }
-
-                    throw new IOException("authentication failed");
-                }
-
-                // get user.
-                // this either returns null or
-                // throws exception when user not found
-                IUser user = mUG.getUser(tuserid);
-
-                if (user == null) {
-                    mLogger.log(
-                            ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                            CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_FOUND",
-                                    tuserid));
-
-                    if (authType.equals("sslclientauth")) {
-                        // store a message in the signed audit log file
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_AUTH_FAIL,
-                                    ILogger.UNIDENTIFIED,
-                                    ILogger.FAILURE,
-                                    CERTUSERDB,
-                                    auditUID);
-
-                        audit(auditMessage);
-                    } else {
-                        // store a message in the signed audit log file
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_AUTH_FAIL,
-                                    ILogger.UNIDENTIFIED,
-                                    ILogger.FAILURE,
-                                    PASSWDUSERDB,
-                                    auditUID);
-
-                        audit(auditMessage);
-                    }
-
-                    throw new IOException("authentication failed");
-                }
-
-                // set session context to work with some agent servlets.
-                // XXX should see if this can be used for more things.
-                SessionContext sessionContext = SessionContext.getContext();
-
-                sessionContext.put(SessionContext.AUTH_TOKEN, token);
-                sessionContext.put(SessionContext.USER_ID, tuserid);
-                sessionContext.put(SessionContext.USER, user);
-            } catch (EUsrGrpException e) {
-                mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString()));
-
-                if (authType.equals("sslclientauth")) {
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_AUTH_FAIL,
-                                ILogger.UNIDENTIFIED,
-                                ILogger.FAILURE,
-                                CERTUSERDB,
-                                auditUID);
-
-                    audit(auditMessage);
-                } else {
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_AUTH_FAIL,
-                                ILogger.UNIDENTIFIED,
-                                ILogger.FAILURE,
-                                PASSWDUSERDB,
-                                auditUID);
-
-                    audit(auditMessage);
-                }
-
-                throw new IOException("authentication failed");
-            }
-
-            // build locale based on the client language
-            Locale locale = getLocale(req);
-
-            sc.put(SessionContext.LOCALE, locale);
-
-            if (authType.equals("sslclientauth")) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_AUTH_SUCCESS,
-                            auditSubjectID(),
-                            ILogger.SUCCESS,
-                            CERTUSERDB);
-
-                audit(auditMessage);
-            } else {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_AUTH_SUCCESS,
-                            auditSubjectID(),
-                            ILogger.SUCCESS,
-                            PASSWDUSERDB);
-
-                audit(auditMessage);
-            }
-        } catch (IOException eAudit1) {
-            if (authType.equals("sslclientauth")) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_AUTH_FAIL,
-                            ILogger.UNIDENTIFIED,
-                            ILogger.FAILURE,
-                            CERTUSERDB,
-                            auditUID);
-
-                audit(auditMessage);
-            } else {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_AUTH_FAIL,
-                            ILogger.UNIDENTIFIED,
-                            ILogger.FAILURE,
-                            PASSWDUSERDB,
-                            auditUID);
-
-                audit(auditMessage);
-            }
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        }
-    }
-
-    public static AuthCredentials getAuthCreds(
-            IAuthManager authMgr, X509Certificate clientCert)
-            throws EBaseException {
-        // get credentials from http parameters.
-        String[] reqCreds = authMgr.getRequiredCreds();
-        AuthCredentials creds = new AuthCredentials();
-
-        for (int i = 0; i < reqCreds.length; i++) {
-            String reqCred = reqCreds[i];
-
-            if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) {
-                // cert could be null;
-                creds.set(reqCred, new X509Certificate[] { clientCert }
-                        );
-            }
-        }
-        return creds;
-    }
-
-    /**
-     * Authorize must occur after Authenticate
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization has failed
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization is successful
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a role (in current CMS that's when one
-     * accesses a role port)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @return the authorization token
-     */
-    protected AuthzToken authorize(HttpServletRequest req) {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditACLResource = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        String auditOperation = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        String resource = null;
-        String operation = null;
-
-        // use session context to get auth token for now
-        SessionContext sc = SessionContext.getContext();
-        IAuthToken authToken = (IAuthToken) sc.get(SessionContext.AUTH_TOKEN);
-
-        AuthzToken authzTok = null;
-
-        CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_AUTH", mServletID));
-        // hardcoded for now .. just testing
-        try {
-            // we check both "read" and "write" for now. later within
-            //			each servlet, they can break it down
-            authzTok = mAuthz.authorize(mAclMethod, authToken, AUTHZ_RES_NAME, mOp);
-            // initialize the ACL resource, overwriting "auditACLResource"
-            // if it is not null
-            resource = (String)
-                    authzTok.get(AuthzToken.TOKEN_AUTHZ_RESOURCE);
-            if (resource != null) {
-                auditACLResource = resource.trim();
-            }
-
-            // initialize the operation, overwriting "auditOperation"
-            // if it is not null
-            operation = (String)
-                    authzTok.get(AuthzToken.TOKEN_AUTHZ_OPERATION);
-            if (operation != null) {
-                auditOperation = operation.trim();
-            }
-
-            CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTH_SUCCEED", mServletID));
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditACLResource,
-                        auditOperation);
-
-            audit(auditMessage);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditGroups(auditSubjectID));
-
-            audit(auditMessage);
-
-            return null;
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditACLResource,
-                        auditOperation);
-
-            audit(auditMessage);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditGroups(auditSubjectID));
-
-            audit(auditMessage);
-
-            return null;
-        } catch (Exception e) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditACLResource,
-                        auditOperation);
-
-            audit(auditMessage);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditGroups(auditSubjectID));
-
-            audit(auditMessage);
-
-            return null;
-        }
-
-        // store a message in the signed audit log file
-        auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS,
-                    auditSubjectID,
-                    ILogger.SUCCESS,
-                    auditACLResource,
-                    auditOperation);
-
-        audit(auditMessage);
-
-        // store a message in the signed audit log file
-        auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
-                    auditSubjectID,
-                    ILogger.SUCCESS,
-                    auditGroups(auditSubjectID));
-
-        audit(auditMessage);
-
-        return authzTok;
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader(HDR_LANG);
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                        UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-
-    public static int SUCCESS = 0;
-    public static int ERROR = 1;
-    public static int RESTART = -1;
-
-    /**
-     * Sends response.
-     *
-     * @param returnCode return code
-     * @param errorMsg localized error message
-     * @param params result parameters
-     * @param resp HTTP servlet response
-     */
-    protected void sendResponse(int returnCode, String errorMsg,
-            NameValuePairs params, HttpServletResponse resp)
-            throws IOException {
-        ByteArrayOutputStream bos = new ByteArrayOutputStream();
-        DataOutputStream dos = new DataOutputStream(bos);
-
-        dos.writeInt(returnCode);
-        if (errorMsg != null) {
-            dos.writeUTF(errorMsg);
-        }
-        StringBuffer buf = new StringBuffer();
-
-        if (params != null) {
-            Collection<String> names = params.keySet();
-
-            if (!names.isEmpty()) {
-                for (Iterator<String> i = names.iterator(); i.hasNext(); ) {
-                    String name = i.next();
-                    String value = java.net.URLEncoder.encode(
-                            params.get(name), "UTF-8");
-
-                    buf.append(java.net.URLEncoder.encode(name, "UTF-8") +
-                            "=" + value);
-                    if (i.hasNext())
-                        buf.append("&");
-                }
-                byte content[] = buf.toString().getBytes();
-
-                dos.write(content, 0, content.length);
-            }
-        }
-        byte msg[] = bos.toByteArray();
-
-        resp.setContentLength(msg.length);
-        resp.getOutputStream().write(msg);
-        resp.getOutputStream().flush();
-    }
-
-    /**
-     * URL decodes the given string.
-     */
-    protected String URLdecode(String s) {
-        if (s == null)
-            return null;
-        ByteArrayOutputStream out = new ByteArrayOutputStream(s.length());
-
-        for (int i = 0; i < s.length(); i++) {
-            int c = s.charAt(i);
-
-            if (c == '+') {
-                out.write(' ');
-            } else if (c == '%') {
-                int c1 = Character.digit(s.charAt(++i), 16);
-                int c2 = Character.digit(s.charAt(++i), 16);
-
-                out.write((char) (c1 * 16 + c2));
-            } else {
-                out.write(c);
-            }
-        } // end for
-        return out.toString();
-    }
-
-    protected String getParameter(HttpServletRequest req, String name) {
-        // Servlet framework already apply URLdecode
-        //   return URLdecode(req.getParameter(name));
-        return req.getParameter(name);
-    }
-
-    /**
-     * Generic configuration store get operation.
-     */
-    protected synchronized void getConfig(
-            IConfigStore config, HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<String> e = req.getParameterNames();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-
-            //if (name.equals(Constants.PT_OP))
-            //	continue;
-            if (name.equals(Constants.OP_TYPE))
-                continue;
-            if (name.equals(Constants.RS_ID))
-                continue;
-            if (name.equals(Constants.OP_SCOPE))
-                continue;
-
-            //System.out.println(name);
-            //System.out.println(name+","+config.getString(name));
-            params.put(name, config.getString(name));
-        }
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    /**
-     * Generic configuration store set operation.
-     * The caller is responsible to do validiation before
-     * calling this, and commit changes after this call.
-     */
-    protected synchronized void setConfig(
-            IConfigStore config, HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<String> e = req.getParameterNames();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-
-            //if (name.equals(Constants.PT_OP))
-            //	continue;
-            if (name.equals(Constants.OP_TYPE))
-                continue;
-            if (name.equals(Constants.RS_ID))
-                continue;
-            if (name.equals(Constants.OP_SCOPE))
-                continue;
-            // XXX Need validation...
-            // XXX what if update failed
-            config.putString(name, req.getParameter(name));
-        }
-        commit(true);
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    /**
-     * Lists configuration store.
-     */
-    protected synchronized void listConfig(
-            IConfigStore config, HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        Enumeration<String> e = config.getPropertyNames();
-        NameValuePairs params = new NameValuePairs();
-
-        while (e.hasMoreElements()) {
-            String s = e.nextElement();
-
-            params.put(s, config.getString(s));
-        }
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    /**
-     * authorize a user based on its authentication credentials.
-     */
-    public boolean authorize(IAuthToken token) throws EBaseException {
-        String mGroupNames[] = { "Administrators" };
-        boolean mAnd = true;
-
-        try {
-            String userid = token.getInString("userid");
-
-            if (userid == null) {
-                mLogger.log(
-                        ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid));
-                return false;
-            }
-
-            // get user.
-            // this either returns null or throws exception when user not found
-            IUser user = mUG.getUser(userid);
-
-            if (user == null) {
-                mLogger.log(
-                        ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid));
-                return false;
-            }
-
-            // set session context to work with some agent servlets.
-            // XXX should see if this can be used for more things.
-            SessionContext sessionContext = SessionContext.getContext();
-
-            sessionContext.put(SessionContext.AUTH_TOKEN, token);
-            sessionContext.put(SessionContext.USER_ID, userid);
-            sessionContext.put(SessionContext.USER, user);
-
-            // check group membership of user.
-            if (mAnd) {
-                for (int i = 0; i < mGroupNames.length; i++) {
-                    if (!mUG.isMemberOf(user, mGroupNames[i])) {
-                        mLogger.log(
-                                ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                                CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_GRP", userid,
-                                        mGroupNames[i]));
-                        return false;
-                    }
-                }
-                return true;
-            } else {
-                for (int i = 0; i < mGroupNames.length; i++) {
-                    if (mUG.isMemberOf(user, mGroupNames[i])) {
-                        mLogger.log(ILogger.EV_SYSTEM,
-                                ILogger.S_OTHER, ILogger.LL_INFO,
-                                CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTH_SUCC_USER", userid,
-                                        mGroupNames[i]));
-                        return true;
-                    }
-                }
-                StringBuffer groups = new StringBuffer();
-                groups.append(mGroupNames[0]);
-
-                for (int j = 1; j < mGroupNames.length; j++) {
-                    groups.append(",");
-                    groups.append(mGroupNames[j]);
-                }
-                mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                        ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, groups.toString()));
-                return false;
-            }
-        } catch (EUsrGrpException e) {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString()));
-            return false;
-        }
-    }
-
-    /**
-     * FileConfigStore functionality
-     *
-     * The original config file is moved to <filename>.<date>.
-     * Commits the current properties to the configuration file.
-     * <P>
-     *
-     * @param createBackup true if a backup file should be created
-     */
-    protected void commit(boolean createBackup) throws EBaseException {
-        mConfig.commit(createBackup);
-    }
-
-    private void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ADMIN,
-                level, "AdminServlet: " + msg);
-    }
-
-    /**
-     * Signed Audit Log
-     *
-     * This method is inherited by all extended admin servlets
-     * and is called to store messages to the signed audit log.
-     * <P>
-     *
-     * @param msg signed audit log message
-     */
-    protected void audit(String msg) {
-        // in this case, do NOT strip preceding/trailing whitespace
-        // from passed-in String parameters
-
-        if (auditor == null) {
-            return;
-        }
-
-        auditor.log(msg);
-    }
-
-    /**
-     * Signed Audit Log Subject ID
-     *
-     * This method is inherited by all extended "CMSServlet"s,
-     * and is called to obtain the "SubjectID" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @return id string containing the signed audit log message SubjectID
-     */
-    protected String auditSubjectID() {
-        if (auditor == null) return null;
-        return auditor.getSubjectID();
-    }
-
-    /**
-     * Signed Audit Parameters
-     *
-     * This method is inherited by all extended admin servlets and
-     * is called to extract parameters from the HttpServletRequest
-     * and return a string of name;;value pairs separated by a '+'
-     * if more than one name;;value pair exists.
-     * <P>
-     *
-     * @param req HTTP servlet request
-     * @return a delimited string of one or more delimited name/value pairs
-     */
-    protected String auditParams(HttpServletRequest req) {
-        if (auditor == null) return null;
-
-        // always identify the scope of the request
-        String scope = req.getParameter(Constants.OP_SCOPE);
-
-        // identify the operation type of the request
-        String type = req.getParameter(Constants.OP_TYPE);
-
-        // identify the resource type of the request
-        String id = req.getParameter(Constants.RS_ID);
-
-        // identify any remaining request parameters
-        Map<String, String> params = new LinkedHashMap<String, String>();
-
-        Enumeration<String> e = req.getParameterNames();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-
-            // skip previously extracted parameters
-            if (name.equals(Constants.OP_SCOPE)) continue;
-            if (name.equals(Constants.OP_TYPE)) continue;
-            if (name.equals(Constants.RS_ID)) continue;
-
-            String value = req.getParameter(name);
-            params.put(name, value);
-        }
-
-        return auditor.getParamString(scope, type, id, params);
-    }
-
-    /**
-     * Signed Audit Groups
-     *
-     * This method is called to extract all "groups" associated
-     * with the "auditSubjectID()".
-     * <P>
-     *
-     * @param subjectID string containing the signed audit log message SubjectID
-     * @return a delimited string of groups associated
-     *         with the "auditSubjectID()"
-     */
-    private String auditGroups(String subjectID) {
-        if (auditor == null) return null;
-        return auditor.getGroups(subjectID);
-    }
-
-    protected NameValuePairs convertStringArrayToNVPairs(String[] s) {
-        if (s == null)
-            return null;
-        NameValuePairs nvps = new NameValuePairs();
-        int i;
-
-        for (i = 0; i < s.length; i++) {
-            int j = s[i].indexOf(";");
-            String paramName = s[i].substring(0, j);
-            String args = s[i].substring(j + 1);
-
-            nvps.put(paramName, args);
-        }
-        return nvps;
-
-    }
-
-    protected static IExtendedPluginInfo getClassByNameAsExtendedPluginInfo(String className) {
-
-        IExtendedPluginInfo epi = null;
-
-        try {
-            // here is the new dummy obj created
-            Object o = Class.forName(className).newInstance();
-
-            epi = (IExtendedPluginInfo) o;
-        } catch (Exception e) {
-        }
-
-        return epi;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java b/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java
deleted file mode 100644
index 71cf8a2ac..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java
+++ /dev/null
@@ -1,1716 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.admin;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthManagerProxy;
-import com.netscape.certsrv.authentication.AuthMgrPlugin;
-import com.netscape.certsrv.authentication.EAuthException;
-import com.netscape.certsrv.authentication.EAuthMgrNotFound;
-import com.netscape.certsrv.authentication.EAuthMgrPluginNotFound;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.common.Constants;
-import com.netscape.certsrv.common.DestDef;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.common.OpDef;
-import com.netscape.certsrv.common.ScopeDef;
-import com.netscape.certsrv.ldap.ILdapAuthInfo;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * A class representing an administration servlet for the
- * Authentication Management subsystem. This servlet is responsible
- * to serve configuration requests for the Auths Management subsystem.
- *
- *
- * @version $Revision$, $Date$
- */
-public class AuthAdminServlet extends AdminServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -6258411211380144425L;
-    private final static String INFO = "AuthAdminServlet";
-    private IAuthSubsystem mAuths = null;
-
-    private final static String PW_PASSWORD_CACHE_ADD =
-            "PASSWORD_CACHE_ADD";
-    private final static String EDIT = ";" + Constants.EDIT;
-
-    private final static String LOGGING_SIGNED_AUDIT_CONFIG_AUTH =
-            "LOGGING_SIGNED_AUDIT_CONFIG_AUTH_3";
-
-    public AuthAdminServlet() {
-        super();
-    }
-
-    /**
-     * Initializes this servlet.
-     */
-    public void init(ServletConfig config) throws ServletException {
-        super.init(config);
-        mAuths = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-        AUTHZ_RES_NAME = "certServer.auth.configuration";
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * retrieve extended plugin info such as brief description, type info
-     * from policy, authentication,
-     * need to add: listener, mapper and publishing plugins
-     * --- same as policy, should we move this into extendedpluginhelper?
-     */
-    private void getExtendedPluginInfo(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        String id = req.getParameter(Constants.RS_ID);
-
-        int colon = id.indexOf(':');
-
-        String implType = id.substring(0, colon);
-        String implName = id.substring(colon + 1);
-
-        NameValuePairs params =
-                getExtendedPluginInfo(getLocale(req), implType, implName);
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) {
-        IExtendedPluginInfo ext_info = null;
-        Object impl = null;
-
-        impl = mAuths.getAuthManagerPlugin(implName);
-        if (impl != null) {
-            if (impl instanceof IExtendedPluginInfo) {
-                ext_info = (IExtendedPluginInfo) impl;
-            }
-        }
-
-        NameValuePairs nvps = null;
-
-        if (ext_info == null) {
-            nvps = new NameValuePairs();
-        } else {
-            nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale));
-        }
-
-        return nvps;
-
-    }
-
-    /**
-     * Serves HTTP admin request.
-     */
-    public void service(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException {
-        super.service(req, resp);
-
-        String scope = req.getParameter(Constants.OP_SCOPE);
-        String op = req.getParameter(Constants.OP_TYPE);
-
-        if (op == null) {
-            //System.out.println("SRVLT_INVALID_PROTOCOL");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                    null, resp);
-            return;
-        }
-
-        // if it is not authentication, that means it is for CSC admin ping.
-        // the best way to do is to define another protocol for ping and move
-        // it to the generic servlet which is admin servlet.
-        if (!op.equals(OpDef.OP_AUTH)) {
-            if (scope.equals(ScopeDef.SC_AUTH)) {
-                String id = req.getParameter(Constants.RS_ID);
-
-                // for CSC admin ping only
-                if (op.equals(OpDef.OP_READ) &&
-                        id.equals(Constants.RS_ID_CONFIG)) {
-
-                    // no need to authenticate this. if we're alive, return true.
-                    NameValuePairs params = new NameValuePairs();
-
-                    params.put(Constants.PR_PING, Constants.TRUE);
-                    sendResponse(SUCCESS, null, params, resp);
-                    return;
-                } else {
-                    //System.out.println("SRVLT_INVALID_OP_TYPE");
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
-                            null, resp);
-                    return;
-                }
-            }
-        }
-
-        try {
-            if (op.equals(OpDef.OP_AUTH)) {
-                if (scope.equals(ScopeDef.SC_AUTHTYPE)) {
-                    IConfigStore configStore = CMS.getConfigStore();
-                    String val = configStore.getString("authType", "pwd");
-                    NameValuePairs params = new NameValuePairs();
-
-                    params.put("authType", val);
-                    sendResponse(SUCCESS, null, params, resp);
-                    return;
-                }
-            }
-        } catch (Exception e) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
-                    null, resp);
-            return;
-        }
-        // for the rest
-        try {
-            super.authenticate(req);
-            if (op.equals(OpDef.OP_AUTH)) { // for admin authentication only
-                sendResponse(SUCCESS, null, null, resp);
-                return;
-            }
-        } catch (IOException e) {
-            //System.out.println("SRVLT_FAIL_AUTHS");
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        try {
-            // perform operation based on scope
-            if (scope != null) {
-                AUTHZ_RES_NAME = "certServer.auth.configuration";
-                if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) {
-                    try {
-                        mOp = "read";
-                        if ((mToken = super.authorize(req)) == null) {
-                            sendResponse(ERROR,
-                                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                    null, resp);
-                            return;
-                        }
-                        getExtendedPluginInfo(req, resp);
-                        return;
-                    } catch (EBaseException e) {
-                        sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
-                        return;
-                    }
-                }
-                if (op.equals(OpDef.OP_SEARCH)) {
-                    mOp = "read";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-                    if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) {
-                        listAuthMgrPlugins(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_AUTH_MGR_INSTANCE)) {
-                        listAuthMgrInsts(req, resp);
-                        return;
-                    } else {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                                null, resp);
-                        return;
-                    }
-                } else if (op.equals(OpDef.OP_READ)) {
-                    mOp = "read";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-                    if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) {
-                        getConfig(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_AUTH_MGR_INSTANCE)) {
-                        getInstConfig(req, resp);
-                        return;
-                    } else {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                                null, resp);
-                        return;
-                    }
-                } else if (op.equals(OpDef.OP_ADD)) {
-                    mOp = "modify";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-                    if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) {
-                        addAuthMgrPlugin(req, resp, scope);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_AUTH_MGR_INSTANCE)) {
-                        addAuthMgrInst(req, resp, scope);
-                        return;
-                    } else {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                                null, resp);
-                        return;
-                    }
-                } else if (op.equals(OpDef.OP_DELETE)) {
-                    mOp = "modify";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-                    if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) {
-                        delAuthMgrPlugin(req, resp, scope);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_AUTH_MGR_INSTANCE)) {
-                        delAuthMgrInst(req, resp, scope);
-                        return;
-                    } else {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                                null, resp);
-                        return;
-                    }
-                } else if (op.equals(OpDef.OP_MODIFY)) {
-                    mOp = "modify";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-                    if (scope.equals(ScopeDef.SC_AUTH_MGR_INSTANCE)) {
-                        modAuthMgrInst(req, resp, scope);
-                        return;
-                    }
-                } else {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
-                    return;
-                }
-            }
-        } catch (EBaseException e) {
-            sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
-            return;
-        }
-        sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
-                null, resp);
-        return;
-    }
-
-    private void putUserPWPair(String combo) {
-        int semicolon;
-
-        semicolon = combo.indexOf(";");
-        String user = combo.substring(0, semicolon);
-        String pw = combo.substring(semicolon + 1);
-
-        CMS.putPasswordCache(user, pw);
-    }
-
-    /**
-     * Add authentication manager plug-in
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @param scope string used to obtain the contents of this authentication
-     *            manager's substore
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-
-    private synchronized void addAuthMgrPlugin(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String id = req.getParameter(Constants.RS_ID);
-
-            if (id == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                //System.out.println("SRVLT_NULL_RS_ID");
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-            // is the manager id unique?
-            if (mAuths.getPlugins().containsKey(id)) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(
-                        ERROR,
-                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID",
-                                id)).toString(),
-                        null, resp);
-                return;
-            }
-
-            String classPath = req.getParameter(Constants.PR_AUTH_CLASS);
-
-            if (classPath == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_NULL_AUTHMGR_CLASSNAME"),
-                        null, resp);
-                return;
-            }
-
-            if (classPath.equals("com.netscape.cmscore.authentication.PasswdUserDBAuthentication") ||
-                    classPath.equals("com.netscape.cmscore.authentication.CertUserDBAuthentication")) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
-                return;
-            }
-
-            IConfigStore destStore =
-                    mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
-            IConfigStore instancesConfig =
-                    destStore.getSubStore(scope);
-
-            // Does the class exist?
-
-            Class<IAuthManager> newImpl = null;
-
-            try {
-                @SuppressWarnings("unchecked")
-                Class<IAuthManager> tmpImpl = (Class<IAuthManager>) Class.forName(classPath);
-                newImpl = tmpImpl;
-            } catch (ClassNotFoundException e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"),
-                        null, resp);
-                return;
-            } catch (IllegalArgumentException e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"),
-                        null, resp);
-                return;
-            }
-
-            // is the class an IAuthManager?
-            try {
-                if (IAuthManager.class.isAssignableFrom(newImpl) == false) {
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_CLASS"),
-                            null, resp);
-                    return;
-                }
-            } catch (NullPointerException e) { // unlikely, only if newImpl null.
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_CLASS"),
-                        null, resp);
-                return;
-            }
-
-            IConfigStore substore = instancesConfig.makeSubStore(id);
-
-            substore.put(Constants.PR_AUTH_CLASS, classPath);
-
-            // commiting
-            try {
-                mConfig.commit(true);
-            } catch (EBaseException e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                //System.out.println("SRVLT_FAIL_COMMIT");
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                        null, resp);
-                return;
-            }
-
-            // add manager to registry.
-            AuthMgrPlugin plugin = new AuthMgrPlugin(id, classPath);
-
-            mAuths.getPlugins().put(id, plugin);
-            mAuths.log(ILogger.LL_INFO,
-                    CMS.getLogMessage("ADMIN_SRVLT_PLUGIN_ADD", id));
-
-            NameValuePairs params = new NameValuePairs();
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, params, resp);
-            return;
-            // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    /**
-     * Add authentication manager instance
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @param scope string used to obtain the contents of this authentication
-     *            manager's substore
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private synchronized void addAuthMgrInst(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String id = req.getParameter(Constants.RS_ID);
-
-            if (id == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-
-            // is the manager instance id unique?
-            if (mAuths.getInstances().containsKey(id)) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_MGR_INST_ID"),
-                        null, resp);
-                return;
-            }
-
-            // get required parameters
-            // SC_AUTH_IMPL_NAME is absolutely required, the rest depend on
-            // on each authenticaton manager
-            String implname = req.getParameter(Constants.PR_AUTH_IMPL_NAME);
-
-            if (implname == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_MISSING_PARAMS"),
-                        null, resp);
-                return;
-            }
-
-            // prevent agent & admin creation.
-            if (implname.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) ||
-                    implname.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) {
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
-            }
-
-            // check if implementation exists.
-            AuthMgrPlugin plugin =
-                    mAuths.getPlugins().get(implname);
-
-            if (plugin == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(
-                        ERROR,
-                        new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),
-                                "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(),
-                        null, resp);
-                return;
-            }
-
-            // now the rest of config parameters
-            // note that we only check to see if the required parameters
-            // are there, but not checking the values are valid
-            String[] configParams = mAuths.getConfigParams(implname);
-
-            IConfigStore destStore =
-                    mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
-            IConfigStore instancesConfig =
-                    destStore.getSubStore(scope);
-            IConfigStore substore = instancesConfig.makeSubStore(id);
-
-            if (configParams != null) {
-                for (int i = 0; i < configParams.length; i++) {
-                    String key = configParams[i];
-                    String val = req.getParameter(key);
-
-                    if (val != null) {
-                        substore.put(key, val);
-                    }
-                }
-            }
-            substore.put(IAuthSubsystem.PROP_PLUGIN, implname);
-
-            String pwadd = req.getParameter(PW_PASSWORD_CACHE_ADD);
-
-            if (pwadd != null) {
-                putUserPWPair(pwadd);
-            }
-
-            // Instantiate an object for this implementation
-            String className = plugin.getClassPath();
-            IAuthManager authMgrInst = null;
-
-            try {
-                authMgrInst = (IAuthManager) Class.forName(className).newInstance();
-            } catch (ClassNotFoundException e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                // cleanup
-                instancesConfig.removeSubStore(id);
-                sendResponse(
-                        ERROR,
-                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL",
-                                className)).toString(),
-                        null, resp);
-                return;
-            } catch (InstantiationException e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                instancesConfig.removeSubStore(id);
-                sendResponse(
-                        ERROR,
-                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL",
-                                className)).toString(),
-                        null, resp);
-                return;
-            } catch (IllegalAccessException e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                instancesConfig.removeSubStore(id);
-                sendResponse(
-                        ERROR,
-                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL",
-                                className)).toString(),
-                        null, resp);
-                return;
-            }
-
-            // initialize the authentication manager
-            try {
-                authMgrInst.init(id, implname, substore);
-            } catch (EBaseException e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                // don't commit in this case and cleanup the new substore.
-                instancesConfig.removeSubStore(id);
-                sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
-                return;
-            }
-
-            // commiting
-            try {
-                mConfig.commit(true);
-            } catch (EBaseException e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                // clean up.
-                instancesConfig.removeSubStore(id);
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                        null, resp);
-                return;
-            }
-
-            // inited and commited ok. now add manager instance to list.
-            mAuths.add(id, authMgrInst);
-
-            mAuths.log(ILogger.LL_INFO,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_ADD", id));
-
-            NameValuePairs params = new NameValuePairs();
-
-            params.put(Constants.PR_AUTH_IMPL_NAME, implname);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, params, resp);
-            return;
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    private synchronized void listAuthMgrPlugins(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<String> e = mAuths.getPlugins().keys();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-            AuthMgrPlugin value = mAuths.getPlugins().get(name);
-
-            if (value.isVisible()) {
-                params.put(name, value.getClassPath() + EDIT);
-            }
-        }
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void listAuthMgrInsts(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-
-        for (Enumeration<?> e = mAuths.getInstances().keys(); e.hasMoreElements();) {
-            String name = (String) e.nextElement();
-            AuthManagerProxy proxy = (AuthManagerProxy) mAuths.getInstances().get(name);
-            IAuthManager value = proxy.getAuthManager();
-            String enableStr = "enabled";
-
-            if (!proxy.isEnable()) {
-                enableStr = "disabled";
-            }
-
-            AuthMgrPlugin amgrplugin = mAuths.getPlugins().get(value.getImplName());
-
-            if (!amgrplugin.isVisible()) {
-                params.put(name, value.getImplName() + ";invisible;" + enableStr);
-            } else {
-                params.put(name, value.getImplName() + ";visible;" + enableStr);
-            }
-        }
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    /**
-     * Delete authentication manager plug-in
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @param scope string used to obtain the contents of this authentication
-     *            manager's substore
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private synchronized void delAuthMgrPlugin(HttpServletRequest req,
-            HttpServletResponse resp, String scope) throws ServletException,
-            IOException, EBaseException {
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            NameValuePairs params = new NameValuePairs();
-            String id = req.getParameter(Constants.RS_ID);
-
-            if (id == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                //System.out.println("SRVLT_NULL_RS_ID");
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-
-            // prevent deletion of admin and agent.
-            if (id.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) ||
-                    id.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) {
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
-            }
-
-            // does auth manager exist?
-            if (mAuths.getPlugins().containsKey(id) == false) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(
-                        ERROR,
-                        new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),
-                                "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(),
-                        null, resp);
-                return;
-            }
-
-            // first check if any instances from this auth manager
-            // DON'T remove auth manager if any instance
-            for (Enumeration<?> e = mAuths.getInstances().keys(); e.hasMoreElements();) {
-                IAuthManager authMgr = mAuths.get((String) e.nextElement());
-
-                if (authMgr.getImplName() == id) {
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_MGR_IN_USE"),
-                            null, resp);
-                    return;
-                }
-            }
-
-            // then delete this auth manager
-            mAuths.getPlugins().remove(id);
-
-            IConfigStore destStore =
-                    mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
-            IConfigStore instancesConfig =
-                    destStore.getSubStore(scope);
-
-            instancesConfig.removeSubStore(id);
-            // commiting
-            try {
-                mConfig.commit(true);
-            } catch (EBaseException e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                        null, resp);
-                return;
-            }
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, params, resp);
-            return;
-            // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
-        }
-    }
-
-    /**
-     * Delete authentication manager instance
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @param scope string used to obtain the contents of this authentication
-     *            manager's substore
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private synchronized void delAuthMgrInst(HttpServletRequest req,
-            HttpServletResponse resp, String scope) throws ServletException,
-            IOException, EBaseException {
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            NameValuePairs params = new NameValuePairs();
-            String id = req.getParameter(Constants.RS_ID);
-
-            if (id == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                //System.out.println("SRVLT_NULL_RS_ID");
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-
-            // prevent deletion of admin and agent.
-            if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) ||
-                    id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
-            }
-
-            // does auth manager instance exist?
-            if (mAuths.getInstances().containsKey(id) == false) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(
-                        ERROR,
-                        new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND",
-                                id)).toString(),
-                        null, resp);
-                return;
-            }
-
-            // only remove from memory
-            // cannot shutdown because we don't keep track of whether it's
-            // being used.
-            mAuths.getInstances().remove(id);
-
-            // remove the configuration.
-            IConfigStore destStore =
-                    mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
-            IConfigStore instancesConfig =
-                    destStore.getSubStore(scope);
-
-            instancesConfig.removeSubStore(id);
-            // commiting
-            try {
-                mConfig.commit(true);
-            } catch (EBaseException e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                //System.out.println("SRVLT_FAIL_COMMIT");
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                        null, resp);
-                return;
-            }
-
-            //This only works in the fact that we only support one instance per
-            //auth plugin.
-            ILdapAuthInfo authInfo = CMS.getLdapAuthInfo();
-
-            authInfo.removePassword("Rule " + id);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, params, resp);
-            return;
-            // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    /**
-     * used for getting the required configuration parameters (with
-     * possible default values) for a particular auth manager plugin
-     * implementation name specified in the RS_ID. Actually, there is
-     * no logic in here to set any default value here...there's no
-     * default value for any parameter in this authentication subsystem
-     * at this point. Later, if we do have one (or some), it can be
-     * added. The interface remains the same.
-     */
-    private synchronized void getConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-
-        String implname = req.getParameter(Constants.RS_ID);
-
-        if (implname == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        String[] configParams = mAuths.getConfigParams(implname);
-        NameValuePairs params = new NameValuePairs();
-
-        // implName is always required so always send it.
-        params.put(Constants.PR_AUTH_IMPL_NAME, "");
-        if (configParams != null) {
-            for (int i = 0; i < configParams.length; i++) {
-                params.put(configParams[i], "");
-            }
-        }
-        sendResponse(0, null, params, resp);
-        return;
-    }
-
-    private synchronized void getInstConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // does auth manager instance exist?
-        if (mAuths.getInstances().containsKey(id) == false) {
-            sendResponse(
-                    ERROR,
-                    new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id))
-                            .toString(),
-                    null, resp);
-            return;
-        }
-
-        IAuthManager mgrInst = mAuths.get(id);
-        IConfigStore config = mgrInst.getConfigStore();
-        String[] configParams = mgrInst.getConfigParams();
-        NameValuePairs params = new NameValuePairs();
-
-        params.put(Constants.PR_AUTH_IMPL_NAME, mgrInst.getImplName());
-        // implName is always required so always send it.
-        if (configParams != null) {
-            for (int i = 0; i < configParams.length; i++) {
-                String key = configParams[i];
-                String val = config.get(key);
-
-                if (val != null) {
-                    params.put(key, val);
-                } else {
-                    params.put(key, "");
-                }
-            }
-        }
-
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    /**
-     * Modify authentication manager instance
-     * This will actually create a new instance with new configuration
-     * parameters and replace the old instance if the new instance is
-     * created and initialized successfully.
-     * The old instance is left running, so this is very expensive.
-     * Restart of server recommended.
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @param scope string used to obtain the contents of this authentication
-     *            manager's substore
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private synchronized void modAuthMgrInst(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-
-        // expensive operation.
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String id = req.getParameter(Constants.RS_ID);
-
-            if (id == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                //System.out.println("SRVLT_NULL_RS_ID");
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-
-            // prevent modification of admin and agent.
-            if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) ||
-                    id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
-            }
-
-            // Does the manager instance exist?
-            if (!mAuths.getInstances().containsKey(id)) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage("CMS_AUTHENTICATION_MGR_IMPL_NOT_FOUND"),
-                        null, resp);
-                return;
-            }
-
-            // get new implementation (same or different.)
-            String implname = req.getParameter(Constants.PR_AUTH_IMPL_NAME);
-
-            if (implname == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage("CMS_AUTHENTICATION_MISSING_PARAMS"),
-                        null, resp);
-                return;
-            }
-
-            // get plugin for implementation
-            AuthMgrPlugin plugin = mAuths.getPlugins().get(implname);
-
-            if (plugin == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(
-                        ERROR,
-                        new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),
-                                "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(),
-                        null, resp);
-                return;
-            }
-
-            // save old instance substore params in case new one fails.
-
-            IAuthManager oldinst = mAuths.get(id);
-            IConfigStore oldConfig = oldinst.getConfigStore();
-
-            String[] oldConfigParms = oldinst.getConfigParams();
-            NameValuePairs saveParams = new NameValuePairs();
-
-            // implName is always required so always include it it.
-            saveParams.put(IAuthSubsystem.PROP_PLUGIN,
-                    oldConfig.get(IAuthSubsystem.PROP_PLUGIN));
-            if (oldConfigParms != null) {
-                for (int i = 0; i < oldConfigParms.length; i++) {
-                    String key = oldConfigParms[i];
-                    Object val = oldConfig.get(key);
-
-                    if (val != null) {
-                        saveParams.put(key, (String) val);
-                    }
-                }
-            }
-
-            // on to the new instance.
-
-            // remove old substore.
-
-            IConfigStore destStore =
-                    mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
-            IConfigStore instancesConfig =
-                    destStore.getSubStore(scope);
-
-            instancesConfig.removeSubStore(id);
-
-            // create new substore.
-
-            String[] configParams = mAuths.getConfigParams(implname);
-
-            IConfigStore substore = instancesConfig.makeSubStore(id);
-
-            substore.put(IAuthSubsystem.PROP_PLUGIN, implname);
-            if (configParams != null) {
-                for (int i = 0; i < configParams.length; i++) {
-                    String key = configParams[i];
-                    String val = req.getParameter(key);
-
-                    if (val != null) {
-                        substore.put(key, val);
-                    }
-                }
-            }
-
-            // Instantiate an object for new implementation
-
-            String className = plugin.getClassPath();
-            IAuthManager newMgrInst = null;
-
-            try {
-                newMgrInst = (IAuthManager) Class.forName(className).newInstance();
-            } catch (ClassNotFoundException e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                // cleanup
-                restore(instancesConfig, id, saveParams);
-                sendResponse(
-                        ERROR,
-                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL",
-                                className)).toString(),
-                        null, resp);
-                return;
-            } catch (InstantiationException e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                restore(instancesConfig, id, saveParams);
-                sendResponse(
-                        ERROR,
-                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL",
-                                className)).toString(),
-                        null, resp);
-                return;
-            } catch (IllegalAccessException e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                restore(instancesConfig, id, saveParams);
-                sendResponse(
-                        ERROR,
-                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL",
-                                className)).toString(),
-                        null, resp);
-                return;
-            }
-
-            // initialize the authentication manager
-
-            try {
-                newMgrInst.init(id, implname, substore);
-            } catch (EBaseException e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                // don't commit in this case and cleanup the new substore.
-                restore(instancesConfig, id, saveParams);
-                sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
-                return;
-            }
-
-            // initialized ok.  commiting
-            try {
-                mConfig.commit(true);
-            } catch (EBaseException e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                // clean up.
-                restore(instancesConfig, id, saveParams);
-                //System.out.println("SRVLT_FAIL_COMMIT");
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                        null, resp);
-                return;
-            }
-
-            // commited ok. replace instance.
-
-            mAuths.add(id, newMgrInst);
-
-            mAuths.log(ILogger.LL_INFO,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_REPL", id));
-
-            NameValuePairs params = new NameValuePairs();
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, params, resp);
-            return;
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    // convenience routine.
-    private static void restore(IConfigStore store,
-            String id, NameValuePairs saveParams) {
-        store.removeSubStore(id);
-        IConfigStore rstore = store.makeSubStore(id);
-
-        for (String key : saveParams.keySet()) {
-            String value = saveParams.get(key);
-
-            if (value != null)
-                rstore.put(key, value);
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java b/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java
deleted file mode 100644
index 42c8da175..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java
+++ /dev/null
@@ -1,109 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.admin;
-
-import java.util.Enumeration;
-import java.util.Hashtable;
-
-import com.netscape.certsrv.authentication.IAuthCredentials;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-
-/**
- * Authentication Credentials as input to the authMgr
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public class AuthCredentials implements IAuthCredentials {
-    /**
-     *
-     */
-    private static final long serialVersionUID = -6938644716486895814L;
-    private Hashtable<String, Object> authCreds = null;
-    // Inserted by bskim
-    private IArgBlock argblk = null;
-
-    // Insert end
-
-    public AuthCredentials() {
-        authCreds = new Hashtable<String, Object>();
-    }
-
-    /**
-     * sets a credential with credential name and the credential
-     *
-     * @param name credential name
-     * @param cred credential
-     * @exception com.netscape.certsrv.base.EBaseException NullPointerException
-     */
-    public void set(String name, Object cred) throws EBaseException {
-        if (cred == null) {
-            throw new EBaseException("AuthCredentials.set()");
-        }
-
-        authCreds.put(name, cred);
-    }
-
-    /**
-     * returns the credential to which the specified name is mapped in this
-     * credential set
-     *
-     * @param name credential name
-     * @return the named authentication credential
-     */
-    public Object get(String name) {
-        return authCreds.get(name);
-    }
-
-    /**
-     * removes the name and its corresponding credential from this
-     * credential set. This method does nothing if the named
-     * credential is not in the credential set.
-     *
-     * @param name credential name
-     */
-    public void delete(String name) {
-        authCreds.remove(name);
-    }
-
-    /**
-     * returns an enumeration of the credential names in this credential
-     * set. Use the Enumeration methods on the returned object to
-     * fetch the elements sequentially.
-     *
-     * @return an enumeration of the names in this credential set
-     * @see java.util.Enumeration
-     */
-    public Enumeration<String> getElements() {
-        return authCreds.keys();
-    }
-
-    // Inserted by bskim
-    public void setArgBlock(IArgBlock blk) {
-        argblk = blk;
-        return;
-    }
-
-    // Insert end
-
-    public IArgBlock getArgBlock() {
-        return argblk;
-    }
-    // Insert end
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java b/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
deleted file mode 100644
index 09c77e557..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
+++ /dev/null
@@ -1,1576 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.admin;
-
-import java.io.File;
-import java.io.IOException;
-import java.net.UnknownHostException;
-import java.util.Enumeration;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ca.ICMSCRLExtensions;
-import com.netscape.certsrv.ca.ICRLIssuingPoint;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.Constants;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.common.OpDef;
-import com.netscape.certsrv.common.ScopeDef;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.request.IRequestListener;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * A class representings an administration servlet for Certificate
- * Authority. This servlet is responsible to serve CA
- * administrative operations such as configuration parameter
- * updates.
- *
- * @version $Revision$, $Date$
- */
-public class CAAdminServlet extends AdminServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 6200983242040946840L;
-
-    public final static String PROP_EMAIL_TEMPLATE = "emailTemplate";
-
-    private final static String INFO = "CAAdminServlet";
-
-    private final static String LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE =
-            "LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE_3";
-
-    private ICertificateAuthority mCA = null;
-    protected static final String PROP_ENABLED = "enabled";
-
-    /**
-     * Constructs CA servlet.
-     */
-    public CAAdminServlet() {
-        super();
-    }
-
-    /**
-     * Initializes this servlet.
-     */
-    public void init(ServletConfig config) throws ServletException {
-        super.init(config);
-        mCA = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Serves HTTP request. Each request is authenticated to
-     * the authenticate manager.
-     */
-    public void service(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException {
-        super.service(req, resp);
-
-        //get all operational flags
-        String op = req.getParameter(Constants.OP_TYPE);
-        String scope = req.getParameter(Constants.OP_SCOPE);
-
-        //check operational flags
-        if ((op == null) || (scope == null)) {
-            sendResponse(1, "Invalid Protocol", null, resp);
-            return;
-        }
-
-        super.authenticate(req);
-
-        try {
-            AUTHZ_RES_NAME = "certServer.ca.configuration";
-            if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) {
-                try {
-                    mOp = "read";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-                    getExtendedPluginInfo(req, resp);
-                    return;
-                } catch (EBaseException e) {
-                    sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
-                }
-            }
-
-            if (op.equals(OpDef.OP_READ)) {
-                mOp = "read";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_GENERAL))
-                    getGeneralConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_CONNECTOR))
-                    getConnectorConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_CRLIPS))
-                    getCRLIPsConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_CRL))
-                    getCRLConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP))
-                    getNotificationReqCompConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP))
-                    getNotificationRevCompConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ))
-                    getNotificationRIQConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_CRLEXTS_RULES))
-                    getCRLExtsConfig(req, resp);
-            } else if (op.equals(OpDef.OP_MODIFY)) {
-                mOp = "modify";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_GENERAL))
-                    setGeneralConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_CONNECTOR))
-                    setConnectorConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_CRLIPS))
-                    setCRLIPsConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_CRL))
-                    setCRLConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP))
-                    setNotificationReqCompConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP))
-                    setNotificationRevCompConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ))
-                    setNotificationRIQConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_CRLEXTS_RULES))
-                    setCRLExtsConfig(req, resp);
-            } else if (op.equals(OpDef.OP_SEARCH)) {
-                mOp = "read";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_CRLEXTS_RULES))
-                    listCRLExtsConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_CRLIPS))
-                    listCRLIPsConfig(req, resp);
-            } else if (op.equals(OpDef.OP_ADD)) {
-                mOp = "modify";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_CRLIPS))
-                    addCRLIPsConfig(req, resp);
-            } else if (op.equals(OpDef.OP_DELETE)) {
-                mOp = "modify";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_CRLIPS))
-                    deleteCRLIPsConfig(req, resp);
-            } else {
-                sendResponse(1, "Unknown operation", null, resp);
-            }
-        } catch (Exception e) {
-            sendResponse(1, e.toString(), null, resp);
-            return;
-        }
-    }
-
-    /*==========================================================
-     * private methods
-     *==========================================================*/
-
-    /*
-     * handle request completion (cert issued) notification config requests
-     */
-    private void getNotificationCompConfig(HttpServletRequest req,
-            HttpServletResponse resp, IConfigStore rc) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<String> e = req.getParameterNames();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-
-            if (name.equals(Constants.OP_TYPE))
-                continue;
-            if (name.equals(Constants.RS_ID))
-                continue;
-            if (name.equals(Constants.OP_SCOPE))
-                continue;
-            if (name.equals(Constants.PR_ENABLE))
-                continue;
-            params.put(name, rc.getString(name, ""));
-        }
-
-        params.put(Constants.PR_ENABLE,
-                rc.getString(PROP_ENABLED, Constants.FALSE));
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private void getNotificationRevCompConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        IConfigStore config = mCA.getConfigStore();
-        IConfigStore nc =
-                config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
-        IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE);
-
-        getNotificationCompConfig(req, resp, rc);
-    }
-
-    private void getNotificationReqCompConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        IConfigStore config = mCA.getConfigStore();
-        IConfigStore nc =
-                config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
-        IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE);
-
-        getNotificationCompConfig(req, resp, rc);
-    }
-
-    /*
-     * handle getting request in queue notification config info
-     */
-    private void getNotificationRIQConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-
-        IConfigStore config = mCA.getConfigStore();
-        IConfigStore nc =
-                config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
-
-        IConfigStore riq = nc.getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE);
-
-        Enumeration<String> e = req.getParameterNames();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-
-            if (name.equals(Constants.OP_TYPE))
-                continue;
-            if (name.equals(Constants.RS_ID))
-                continue;
-            if (name.equals(Constants.OP_SCOPE))
-                continue;
-            if (name.equals(Constants.PR_ENABLE))
-                continue;
-            params.put(name, riq.getString(name, ""));
-        }
-
-        params.put(Constants.PR_ENABLE,
-                riq.getString(PROP_ENABLED, Constants.FALSE));
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    /*
-     * handle setting request in queue notification config info
-     */
-    private void setNotificationRIQConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        IConfigStore config = mCA.getConfigStore();
-        IConfigStore nc =
-                config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
-
-        IConfigStore riq = nc.getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE);
-
-        //set rest of the parameters
-        Enumeration<String> e = req.getParameterNames();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-
-            if (name.equals(Constants.OP_TYPE))
-                continue;
-            if (name.equals(Constants.RS_ID))
-                continue;
-            if (name.equals(Constants.OP_SCOPE))
-                continue;
-            if (name.equals(Constants.PR_ENABLE))
-                continue;
-            String val = req.getParameter(name);
-
-            // if it's emailTemplate, check to see if the path exists
-            if (name.equalsIgnoreCase(PROP_EMAIL_TEMPLATE)) {
-                File template = new File(val);
-
-                if ((!template.exists()) || (!template.canRead())
-                        || (template.isDirectory())) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH"));
-
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"),
-                            null, resp);
-                    return;
-                }
-            }
-            riq.putString(name, val);
-            mCA.getRequestInQListener().set(name, val);
-        }
-
-        // set enable flag
-        String enabledString = req.getParameter(Constants.PR_ENABLE);
-
-        riq.putString(PROP_ENABLED, enabledString);
-        mCA.getRequestInQListener().set(PROP_ENABLED, enabledString);
-
-        commit(true);
-
-        sendResponse(SUCCESS, null, null, resp);
-    }
-
-    /*
-     * handle setting request complete notification config info
-     */
-    private void setNotificationCompConfig(HttpServletRequest req,
-            HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException,
-            IOException, EBaseException {
-
-        //set rest of the parameters
-        Enumeration<String> e = req.getParameterNames();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-
-            if (name.equals(Constants.OP_TYPE))
-                continue;
-            if (name.equals(Constants.RS_ID))
-                continue;
-            if (name.equals(Constants.OP_SCOPE))
-                continue;
-            if (name.equals(Constants.PR_ENABLE))
-                continue;
-            String val = req.getParameter(name);
-
-            // if it's emailTemplate, check to see if the path exists
-            if (name.equalsIgnoreCase(PROP_EMAIL_TEMPLATE)) {
-                File template = new File(val);
-
-                if ((!template.exists()) || (!template.canRead())
-                        || (template.isDirectory())) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH"));
-
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"),
-                            null, resp);
-                    return;
-                }
-            }
-            rc.putString(name, val);
-            thisListener.set(name, val);
-        }
-
-        // set enable flag
-        String enabledString = req.getParameter(Constants.PR_ENABLE);
-
-        rc.putString(PROP_ENABLED, enabledString);
-        thisListener.set(PROP_ENABLED, enabledString);
-
-        commit(true);
-
-        sendResponse(SUCCESS, null, null, resp);
-    }
-
-    private void setNotificationRevCompConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        IConfigStore config = mCA.getConfigStore();
-        IConfigStore nc =
-                config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
-
-        IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE);
-
-        setNotificationCompConfig(req, resp, rc, mCA.getCertRevokedListener());
-    }
-
-    private void setNotificationReqCompConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        IConfigStore config = mCA.getConfigStore();
-        IConfigStore nc =
-                config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
-
-        IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE);
-
-        setNotificationCompConfig(req, resp, rc, mCA.getCertIssuedListener());
-
-    }
-
-    private void listCRLIPsConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-
-        Enumeration<ICRLIssuingPoint> ips = mCA.getCRLIssuingPoints();
-
-        while (ips.hasMoreElements()) {
-            ICRLIssuingPoint ip = ips.nextElement();
-
-            if (ip != null) {
-                String ipId = ip.getId();
-
-                if (ipId != null && ipId.length() > 0)
-                    params.put(ipId, ip.getDescription());
-                params.put(ipId + "." + Constants.PR_ENABLED,
-                        (Boolean.valueOf(ip.isCRLIssuingPointEnabled())).toString());
-            }
-        }
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private void getCRLIPsConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id != null && id.length() > 0) {
-            ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(id);
-
-            if (ip != null) {
-
-                Enumeration<String> e = req.getParameterNames();
-                String value = "";
-
-                while (e.hasMoreElements()) {
-                    String name = e.nextElement();
-
-                    if (name.equals(Constants.PR_ENABLED)) {
-                        if (ip.isCRLIssuingPointEnabled()) {
-                            value = Constants.TRUE;
-                        } else {
-                            value = Constants.FALSE;
-                        }
-                    }
-                    if (name.equals(Constants.PR_ID))
-                        value = id;
-                    if (name.equals(Constants.PR_DESCRIPTION))
-                        value = ip.getDescription();
-                    if (name.equals(Constants.PR_CLASS))
-                        value = ip.getClass().getName();
-
-                    params.put(name, value);
-                }
-            }
-        }
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    /**
-     * Add CRL issuing points configuration
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions,
-     * frequency, CRL format)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private void addCRLIPsConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            NameValuePairs params = new NameValuePairs();
-
-            String ipId = req.getParameter(Constants.PR_ID);
-
-            if (ipId == null || ipId.length() == 0) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, "Missing CRL IP name", null, resp);
-                return;
-            }
-            params.put(Constants.PR_ID, ipId);
-
-            String desc = req.getParameter(Constants.PR_DESCRIPTION);
-
-            if (desc == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, "Missing CRL IP description", null, resp);
-                return;
-            }
-            params.put(Constants.PR_DESCRIPTION, desc);
-
-            String sEnable = req.getParameter(Constants.PR_ENABLED);
-            boolean enable = true;
-
-            if (sEnable != null && sEnable.length() > 0 &&
-                    sEnable.equalsIgnoreCase(Constants.FALSE)) {
-                enable = false;
-                params.put(Constants.PR_ENABLED, Constants.FALSE);
-            } else {
-                params.put(Constants.PR_ENABLED, Constants.TRUE);
-            }
-
-            IConfigStore crlSubStore =
-                    mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
-            Enumeration<String> crlNames = crlSubStore.getSubStoreNames();
-
-            while (crlNames.hasMoreElements()) {
-                String name = crlNames.nextElement();
-
-                if (ipId.equals(name)) {
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-
-                    sendResponse(ERROR, ipId + " CRL IP already exists", null, resp);
-                    return;
-                }
-            }
-            if (!mCA.addCRLIssuingPoint(crlSubStore, ipId, enable, desc)) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, "Cannot add or edit CRL IP", null, resp);
-                return;
-            }
-            commit(true);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, params, resp);
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    /**
-     * Set CRL issuing points configuration
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions,
-     * frequency, CRL format)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private void setCRLIPsConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            NameValuePairs params = new NameValuePairs();
-
-            String ipId = req.getParameter(Constants.PR_ID);
-
-            if (ipId == null || ipId.length() == 0) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, "Missing CRL IP name", null, resp);
-                return;
-            }
-            params.put(Constants.PR_ID, ipId);
-
-            String desc = req.getParameter(Constants.PR_DESCRIPTION);
-
-            if (desc == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, "Missing CRL IP description", null, resp);
-                return;
-            }
-            params.put(Constants.PR_DESCRIPTION, desc);
-
-            String sEnable = req.getParameter(Constants.PR_ENABLED);
-            boolean enable = true;
-
-            if (sEnable != null && sEnable.length() > 0 &&
-                    sEnable.equalsIgnoreCase(Constants.FALSE)) {
-                enable = false;
-                params.put(Constants.PR_ENABLED, Constants.FALSE);
-            } else {
-                params.put(Constants.PR_ENABLED, Constants.TRUE);
-            }
-
-            IConfigStore crlSubStore =
-                    mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
-            boolean done = false;
-            Enumeration<String> crlNames = crlSubStore.getSubStoreNames();
-
-            while (crlNames.hasMoreElements()) {
-                String name = crlNames.nextElement();
-
-                if (ipId.equals(name)) {
-                    ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(ipId);
-
-                    if (ip != null) {
-                        ip.setDescription(desc);
-                        ip.enableCRLIssuingPoint(enable);
-                    }
-                    IConfigStore c = crlSubStore.getSubStore(ipId);
-
-                    if (c != null) {
-                        c.putString(Constants.PR_DESCRIPTION, desc);
-                        c.putString(Constants.PR_ENABLED,
-                                (enable) ? Constants.TRUE : Constants.FALSE);
-                    }
-                    done = true;
-                    break;
-                }
-            }
-            if (!done) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, "Missing CRL IP " + ipId, null, resp);
-                return;
-            }
-            commit(true);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, params, resp);
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    /**
-     * Delete CRL issuing points configuration
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions,
-     * frequency, CRL format)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private void deleteCRLIPsConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            NameValuePairs params = new NameValuePairs();
-
-            String id = req.getParameter(Constants.RS_ID);
-
-            if (id != null && id.length() > 0) {
-                IConfigStore crlSubStore =
-                        mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
-                boolean done = false;
-                Enumeration<String> crlNames = crlSubStore.getSubStoreNames();
-
-                while (crlNames.hasMoreElements()) {
-                    String name = crlNames.nextElement();
-
-                    if (id.equals(name)) {
-                        mCA.deleteCRLIssuingPoint(crlSubStore, id);
-                        done = true;
-                        break;
-                    }
-                }
-                if (!done) {
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-
-                    sendResponse(ERROR, "Missing CRL IP " + id, null, resp);
-                    return;
-                }
-                commit(true);
-            }
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, params, resp);
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    private void getCRLExtsConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-
-        String ipId = null;
-        Enumeration<String> e = req.getParameterNames();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-
-            if (name.equals(Constants.OP_TYPE))
-                continue;
-            if (name.equals(Constants.RS_ID))
-                continue;
-            if (name.equals(Constants.OP_SCOPE))
-                continue;
-            ipId = name;
-        }
-        if (ipId == null || ipId.length() <= 0) {
-            ipId = ICertificateAuthority.PROP_MASTER_CRL;
-        }
-
-        ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(ipId);
-        ICMSCRLExtensions crlExts = ip.getCRLExtensions();
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id != null) {
-            params = crlExts.getConfigParams(id);
-        }
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    /**
-     * Delete CRL extensions configuration
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions,
-     * frequency, CRL format)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private void setCRLExtsConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            NameValuePairs params = new NameValuePairs();
-
-            String ipId = req.getParameter(Constants.PR_ID);
-
-            if (ipId == null || ipId.length() <= 0) {
-                ipId = ICertificateAuthority.PROP_MASTER_CRL;
-            }
-
-            ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(ipId);
-            ICMSCRLExtensions crlExts = ip.getCRLExtensions();
-
-            IConfigStore config = mCA.getConfigStore();
-            IConfigStore crlsSubStore =
-                    config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
-            IConfigStore crlSubStore = crlsSubStore.getSubStore(ipId);
-            IConfigStore crlExtsSubStore =
-                    crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE);
-
-            String id = req.getParameter(Constants.RS_ID);
-
-            if (id != null) {
-                IConfigStore crlExtSubStore = crlExtsSubStore.getSubStore(id);
-
-                Enumeration<String> e = req.getParameterNames();
-
-                while (e.hasMoreElements()) {
-                    String name = e.nextElement();
-
-                    if (name.equals(Constants.OP_TYPE))
-                        continue;
-                    if (name.equals(Constants.RS_ID))
-                        continue;
-                    if (name.equals(Constants.OP_SCOPE))
-                        continue;
-                    if (name.equals(Constants.PR_CRLEXT_IMPL_NAME))
-                        continue;
-                    if (name.equals("RULENAME"))
-                        continue;
-                    String value = req.getParameter(name);
-
-                    params.put(name, value);
-                }
-                crlExts.setConfigParams(id, params, crlExtSubStore);
-                commit(true);
-                ip.clearCRLCache();
-                ip.updateCRLCacheRepository();
-            }
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, null, resp);
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    private void listCRLExtsConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-
-        String id = req.getParameter(Constants.PR_ID);
-
-        if (id == null || id.length() <= 0) {
-            id = ICertificateAuthority.PROP_MASTER_CRL;
-        }
-
-        IConfigStore config = mCA.getConfigStore();
-        IConfigStore crlsSubStore = config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
-        IConfigStore crlSubStore = crlsSubStore.getSubStore(id);
-        IConfigStore crlExtsSubStore = crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE);
-
-        if (crlExtsSubStore != null) {
-            Enumeration<String> enumExts = crlExtsSubStore.getSubStoreNames();
-
-            while (enumExts.hasMoreElements()) {
-                String extName = enumExts.nextElement();
-                boolean crlExtEnabled = false;
-                IConfigStore crlExtSubStore = crlExtsSubStore.getSubStore(extName);
-                Enumeration<String> properties = crlExtSubStore.getPropertyNames();
-
-                while (properties.hasMoreElements()) {
-                    String name = properties.nextElement();
-
-                    if (name.equals(Constants.PR_ENABLE)) {
-                        crlExtEnabled = crlExtSubStore.getBoolean(name, false);
-                    }
-                }
-                params.put(extName, extName + ";visible;" + ((crlExtEnabled) ? "enabled" : "disabled"));
-            }
-        }
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    /**
-     * retrieve extended plugin info such as brief description,
-     * type info from CRL extensions
-     */
-    private void getExtendedPluginInfo(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        String id = req.getParameter(Constants.RS_ID);
-        int colon = id.indexOf(':');
-
-        String implType = id.substring(0, colon);
-        String implName = id.substring(colon + 1);
-
-        NameValuePairs params =
-                getExtendedPluginInfo(getLocale(req), implType, implName);
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) {
-        IExtendedPluginInfo ext_info = null;
-        Object impl = null;
-
-        String ipId = null;
-        String name = null;
-
-        Enumeration<ICRLIssuingPoint> ips = mCA.getCRLIssuingPoints();
-        if (ips.hasMoreElements()) {
-            ICRLIssuingPoint ip = ips.nextElement();
-            if (ip != null) {
-                ipId = ip.getId();
-            }
-        }
-        if (ipId != null) {
-            ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(ipId);
-            ICMSCRLExtensions crlExts = ip.getCRLExtensions();
-            name = crlExts.getClassPath(implName);
-        }
-        if (name != null) {
-            impl = getClassByNameAsExtendedPluginInfo(name);
-        }
-        if (impl != null) {
-            if (impl instanceof IExtendedPluginInfo) {
-                ext_info = (IExtendedPluginInfo) impl;
-            }
-        }
-
-        NameValuePairs nvps = null;
-
-        if (ext_info == null) {
-            nvps = new NameValuePairs();
-        } else {
-            nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale));
-        }
-
-        return nvps;
-    }
-
-    /**
-     * Set CRL configuration
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions,
-     * frequency, CRL format)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private void setCRLConfig(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            NameValuePairs params = new NameValuePairs();
-
-            String id = req.getParameter(Constants.RS_ID);
-
-            if (id == null || id.length() <= 0 ||
-                    id.equals(Constants.RS_ID_CONFIG)) {
-                id = ICertificateAuthority.PROP_MASTER_CRL;
-            }
-            ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(id);
-
-            //Save New Settings to the config file
-            IConfigStore config = mCA.getConfigStore();
-            IConfigStore crlsSubStore = config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
-            IConfigStore crlSubStore = crlsSubStore.getSubStore(id);
-
-            //set reset of the parameters
-            Enumeration<String> e = req.getParameterNames();
-
-            while (e.hasMoreElements()) {
-                String name = e.nextElement();
-
-                if (name.equals(Constants.OP_TYPE))
-                    continue;
-                if (name.equals(Constants.RS_ID))
-                    continue;
-                if (name.equals(Constants.OP_SCOPE))
-                    continue;
-                if (name.equals(Constants.PR_ENABLE))
-                    continue;
-                String value = req.getParameter(name);
-
-                params.put(name, value);
-                crlSubStore.putString(name, value);
-            }
-            boolean noRestart = ip.updateConfig(params);
-
-            commit(true);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            if (noRestart)
-                sendResponse(SUCCESS, null, null, resp);
-            else
-                sendResponse(RESTART, null, null, resp);
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    private void getCRLConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null || id.length() <= 0 ||
-                id.equals(Constants.RS_ID_CONFIG)) {
-            id = ICertificateAuthority.PROP_MASTER_CRL;
-        }
-        IConfigStore crlsSubStore =
-                mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
-        IConfigStore crlSubStore = crlsSubStore.getSubStore(id);
-
-        Enumeration<String> e = req.getParameterNames();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-
-            if (name.equals(Constants.OP_TYPE))
-                continue;
-            if (name.equals(Constants.RS_ID))
-                continue;
-            if (name.equals(Constants.OP_SCOPE))
-                continue;
-            if (name.equals(Constants.PR_ENABLE))
-                continue;
-            params.put(name, crlSubStore.getString(name, ""));
-        }
-
-        getSigningAlgConfig(params);
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private void getConnectorConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        IConfigStore caConfig = mCA.getConfigStore();
-        IConfigStore connectorConfig = caConfig.getSubStore("connector");
-        IConfigStore caConnectorConfig = null;
-
-        if (isKRAConnector(req)) {
-            caConnectorConfig = connectorConfig.getSubStore("KRA");
-        } else if (isCLAConnector(req)) {
-            caConnectorConfig = connectorConfig.getSubStore("CLA");
-        }
-
-        Enumeration<String> enum1 = req.getParameterNames();
-        NameValuePairs params = new NameValuePairs();
-
-        if (caConnectorConfig != null) {
-            while (enum1.hasMoreElements()) {
-                String name = enum1.nextElement();
-
-                if (name.equals(Constants.RS_ID))
-                    continue;
-                if (name.equals(Constants.OP_SCOPE))
-                    continue;
-                if (name.equals(Constants.OP_TYPE))
-                    continue;
-
-                params.put(name, caConnectorConfig.getString(name, ""));
-            }
-        }
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private void setConnectorConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        IConfigStore caConfig = mCA.getConfigStore();
-        IConfigStore connectorConfig = caConfig.getSubStore("connector");
-        IConfigStore caConnectorConfig = null;
-
-        //        String nickname = CMS.getServerCertNickname();
-
-        if (isKRAConnector(req)) {
-            caConnectorConfig = connectorConfig.getSubStore("KRA");
-        } else if (isCLAConnector(req)) {
-            caConnectorConfig = connectorConfig.getSubStore("CLA");
-        }
-
-        Enumeration<String> enum1 = req.getParameterNames();
-
-        if (caConnectorConfig != null) {
-            while (enum1.hasMoreElements()) {
-                String name = enum1.nextElement();
-
-                if (name.equals(Constants.OP_TYPE))
-                    continue;
-                if (name.equals(Constants.RS_ID))
-                    continue;
-                if (name.equals(Constants.OP_SCOPE))
-                    continue;
-                /*
-                                if (name.equals("nickName")) {
-                                    caConnectorConfig.putString(name, nickname);
-                                    continue;
-                                }
-                */
-                if (name.equals("host")) {
-                    try {
-                        Utils.checkHost(req.getParameter("host"));
-                    } catch (UnknownHostException e) {
-                        sendResponse(ERROR, "Unknown Host " + req.getParameter("host"), null, resp);
-                        return;
-                    }
-                }
-                caConnectorConfig.putString(name, req.getParameter(name));
-            }
-        }
-
-        commit(true);
-        sendResponse(RESTART, null, null, resp);
-    }
-
-    private boolean isKRAConnector(HttpServletRequest req) {
-        Enumeration<String> enum1 = req.getParameterNames();
-
-        while (enum1.hasMoreElements()) {
-            String key = enum1.nextElement();
-
-            if (key.equals("RS_ID")) {
-                String val = req.getParameter(key);
-
-                if (val.equals("Data Recovery Manager Connector"))
-                    return true;
-                else
-                    return false;
-            }
-        }
-        return false;
-    }
-
-    private boolean isCLAConnector(HttpServletRequest req) {
-        Enumeration<String> enum1 = req.getParameterNames();
-
-        while (enum1.hasMoreElements()) {
-            String key = enum1.nextElement();
-
-            if (key.equals("RS_ID")) {
-                String val = req.getParameter(key);
-
-                if (val.equals("Clone Master Manager Connector"))
-                    return true;
-                else
-                    return false;
-            }
-        }
-        return false;
-    }
-
-    private void getGeneralConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-        String value = "false";
-
-        /*
-         ISubsystem eeGateway =
-         SubsystemRegistry.getInstance().get("eeGateway");
-         if (eeGateway != null) {
-         IConfigStore eeConfig = eeGateway.getConfigStore();
-         if (eeConfig != null)
-         value = eeConfig.getString("enabled", "true");
-         String ocspValue = "true";
-         ocspValue = eeConfig.getString("enableOCSP", "true");
-         params.add(Constants.PR_OCSP_ENABLED, ocspValue);
-         }
-         params.add(Constants.PR_EE_ENABLED, value);
-         */
-
-        IConfigStore caConfig = mCA.getConfigStore();
-
-        value = caConfig.getString(ICertificateAuthority.PROP_ENABLE_PAST_CATIME, "false");
-        params.put(Constants.PR_VALIDITY, value);
-
-        getSigningAlgConfig(params);
-        getSerialConfig(params);
-        getMaxSerialConfig(params);
-        params.put(Constants.PR_SN_MANAGEMENT,
-            Boolean.toString(mCA.getDBSubsystem().getEnableSerialMgmt()));
-        params.put(Constants.PR_RANDOM_SN,
-            Boolean.toString(mCA.getCertificateRepository().getEnableRandomSerialNumbers()));
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private void getSigningAlgConfig(NameValuePairs params) {
-        params.put(Constants.PR_DEFAULT_ALGORITHM,
-                mCA.getDefaultAlgorithm());
-        String[] algorithms = mCA.getCASigningAlgorithms();
-        StringBuffer algorStr = new StringBuffer();
-
-        for (int i = 0; i < algorithms.length; i++) {
-            if (i == 0)
-                algorStr.append(algorithms[i]);
-            else {
-                algorStr.append(":");
-                algorStr.append(algorithms[i]);
-            }
-        }
-        params.put(Constants.PR_ALL_ALGORITHMS, algorStr.toString());
-    }
-
-    private void getSerialConfig(NameValuePairs params) {
-        params.put(Constants.PR_SERIAL,
-                mCA.getStartSerial());
-    }
-
-    private void getMaxSerialConfig(NameValuePairs params) {
-        params.put(Constants.PR_MAXSERIAL,
-                mCA.getMaxSerial());
-    }
-
-    private void setGeneralConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        /*
-         ISubsystem eeGateway =
-         SubsystemRegistry.getInstance().get("eeGateway");
-         */
-
-        Enumeration<String> enum1 = req.getParameterNames();
-        boolean restart = false;
-
-        //mCA.setMaxSerial("");
-        while (enum1.hasMoreElements()) {
-            String key = enum1.nextElement();
-            String value = req.getParameter(key);
-
-            if (key.equals(Constants.PR_EE_ENABLED)) {
-
-                /*
-                 if (eeConfig != null) {
-                 if (((EEGateway)eeGateway).isEnabled() &&
-                 value.equals("false") ||
-                 !((EEGateway)eeGateway).isEnabled() &&
-                 value.equals("true")) {
-                 restart=true;;
-                 }
-                 eeConfig.putString("enabled", value);
-                 }
-                 */
-            } else if (key.equals(Constants.PR_VALIDITY)) {
-                mCA.setValidity(value);
-            } else if (key.equals(Constants.PR_DEFAULT_ALGORITHM)) {
-                mCA.setDefaultAlgorithm(value);
-            } else if (key.equals(Constants.PR_SERIAL)) {
-                mCA.setStartSerial(value);
-            } else if (key.equals(Constants.PR_MAXSERIAL)) {
-                mCA.setMaxSerial(value);
-            } else if (key.equals(Constants.PR_SN_MANAGEMENT)) {
-                mCA.getDBSubsystem().setEnableSerialMgmt(Boolean.valueOf(value));
-            } else if (key.equals(Constants.PR_RANDOM_SN)) {
-                mCA.getCertificateRepository().setEnableRandomSerialNumbers(Boolean.valueOf(value), true, false);
-            }
-        }
-
-        commit(true);
-        if (restart)
-            sendResponse(RESTART, null, null, resp);
-        else
-            sendResponse(SUCCESS, null, null, resp);
-    }
-
-    private void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-                level, "CAAdminServlet: " + msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
deleted file mode 100644
index 74c1a94a6..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
+++ /dev/null
@@ -1,3424 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.admin;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.io.PrintStream;
-import java.io.PrintWriter;
-import java.io.StringWriter;
-import java.math.BigInteger;
-import java.security.KeyPair;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.BasicConstraintsExtension;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.crypto.PQGParams;
-import org.mozilla.jss.crypto.SignatureAlgorithm;
-import org.mozilla.jss.crypto.X509Certificate;
-import org.mozilla.jss.util.ConsolePasswordCallback;
-import org.mozilla.jss.util.PasswordCallback;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.cert.ICrossCertPairSubsystem;
-import com.netscape.certsrv.common.ConfigConstants;
-import com.netscape.certsrv.common.Constants;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.common.OpDef;
-import com.netscape.certsrv.common.ScopeDef;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.ocsp.IOCSPAuthority;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-import com.netscape.certsrv.security.ICryptoSubsystem;
-import com.netscape.certsrv.security.ISigningUnit;
-import com.netscape.certsrv.security.KeyCertData;
-import com.netscape.certsrv.selftests.EMissingSelfTestException;
-import com.netscape.certsrv.selftests.ESelfTestException;
-import com.netscape.certsrv.selftests.ISelfTest;
-import com.netscape.certsrv.selftests.ISelfTestSubsystem;
-import com.netscape.certsrv.tks.ITKSAuthority;
-import com.netscape.cmsutil.util.Cert;
-import com.netscape.cmsutil.util.Utils;
-import com.netscape.symkey.SessionKey;
-
-/**
- * A class representings an administration servlet. This
- * servlet is responsible to serve Certificate Server
- * level administrative operations such as configuration
- * parameter updates.
- *
- * @version $Revision$, $Date$
- */
-public final class CMSAdminServlet extends AdminServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 714370238027440050L;
-    private final static String INFO = "CMSAdminServlet";
-    private final static String BEGIN_HEADER = "-----BEGIN CERTIFICATE-----";
-    private final static String END_HEADER = "-----END CERTIFICATE-----";
-
-    private final static String PROP_DB = "dbs";
-    private final static String PROP_SMTP = "smtp";
-    private final static String PROP_INTERNAL_DB = "internaldb";
-
-    private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
-    private final static byte EOL[] = { Character.LINE_SEPARATOR };
-    private final static String LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION =
-            "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3";
-    private final static String LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY =
-            "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3";
-    private final static String LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC =
-            "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3";
-    private final static String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION =
-            "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2";
-    private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION =
-            "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3";
-
-    // CMS must be instantiated before this admin servlet.
-
-    /**
-     * Constructs CA servlet.
-     */
-    public CMSAdminServlet() {
-        super();
-    }
-
-    /**
-     * Initializes this servlet.
-     */
-    public void init(ServletConfig config) throws ServletException {
-        super.init(config);
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Serves HTTP request.
-     */
-    public void service(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException {
-        super.service(req, resp);
-        try {
-            super.authenticate(req);
-        } catch (IOException e) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        String scope = req.getParameter(Constants.OP_SCOPE);
-        String op = req.getParameter(Constants.OP_TYPE);
-
-        try {
-            AUTHZ_RES_NAME = "certServer.general.configuration";
-            if (scope.equals(ScopeDef.SC_PLATFORM)) {
-                mOp = "read";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                getEnv(req, resp);
-                return;
-            }
-            if (op.equals(OpDef.OP_READ)) {
-                mOp = "read";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_LDAP))
-                    getDBConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_SMTP))
-                    readSMTPConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_STAT))
-                    readStat(req, resp);
-                else if (scope.equals(ScopeDef.SC_ENCRYPTION))
-                    readEncryption(req, resp);
-                else if (scope.equals(ScopeDef.SC_TOKEN))
-                    getAllTokenNames(req, resp);
-                else if (scope.equals(ScopeDef.SC_SUBJECT_NAME))
-                    getSubjectName(req, resp);
-                else if (scope.equals(ScopeDef.SC_GET_NICKNAMES))
-                    getAllNicknames(req, resp);
-                else if (scope.equals(ScopeDef.SC_CERT_PRETTY_PRINT))
-                    getCertPrettyPrint(req, resp);
-            } else if (op.equals(OpDef.OP_MODIFY)) {
-                mOp = "modify";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_LDAP))
-                    setDBConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_SMTP))
-                    modifySMTPConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_TASKS))
-                    performTasks(req, resp);
-                else if (scope.equals(ScopeDef.SC_ENCRYPTION))
-                    modifyEncryption(req, resp);
-                else if (scope.equals(ScopeDef.SC_ISSUE_IMPORT_CERT))
-                    issueImportCert(req, resp);
-                else if (scope.equals(ScopeDef.SC_INSTALL_CERT))
-                    installCert(req, resp);
-                else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT))
-                    importXCert(req, resp);
-                else if (scope.equals(ScopeDef.SC_DELETE_CERTS))
-                    deleteCerts(req, resp);
-                else if (scope.equals(ScopeDef.SC_TRUST))
-                    trustCACert(req, resp);
-                else if (scope.equals(ScopeDef.SC_TOKEN_LOGON))
-                    loggedInToken(req, resp);
-                else if (scope.equals(ScopeDef.SC_ROOTCERT_TRUSTBIT))
-                    setRootCertTrust(req, resp);
-            } else if (op.equals(OpDef.OP_SEARCH)) {
-                mOp = "read";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_SUBSYSTEM))
-                    readSubsystem(req, resp);
-                else if (scope.equals(ScopeDef.SC_CA_CERTLIST))
-                    getCACerts(req, resp);
-                else if (scope.equals(ScopeDef.SC_ALL_CERTLIST))
-                    getAllCertsManage(req, resp);
-                else if (scope.equals(ScopeDef.SC_USERCERTSLIST))
-                    getUserCerts(req, resp);
-                else if (scope.equals(ScopeDef.SC_TKSKEYSLIST))
-                    getTKSKeys(req, resp);
-                else if (scope.equals(ScopeDef.SC_TOKEN))
-                    getAllTokenNames(req, resp);
-                else if (scope.equals(ScopeDef.SC_ROOTCERTSLIST))
-                    getRootCerts(req, resp);
-            } else if (op.equals(OpDef.OP_DELETE)) {
-                mOp = "delete";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_ROOTCERTSLIST)) {
-                    deleteRootCert(req, resp);
-                } else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) {
-                    deleteUserCert(req, resp);
-                }
-            } else if (op.equals(OpDef.OP_PROCESS)) {
-                mOp = "modify";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_CERT_REQUEST))
-                    getCertRequest(req, resp);
-                else if (scope.equals(ScopeDef.SC_SUBJECT_NAME))
-                    processSubjectName(req, resp);
-                else if (scope.equals(ScopeDef.SC_CERTINFO))
-                    getCertInfo(req, resp);
-                else if (scope.equals(ScopeDef.SC_CERT_PRETTY_PRINT))
-                    getCertPrettyPrint(req, resp);
-                else if (scope.equals(ScopeDef.SC_ROOTCERT_TRUSTBIT))
-                    getRootCertTrustBit(req, resp);
-                else if (scope.equals(ScopeDef.SC_TOKEN_STATUS))
-                    checkTokenStatus(req, resp);
-                else if (scope.equals(ScopeDef.SC_SELFTESTS))
-                    runSelfTestsOnDemand(req, resp);
-                else if (scope.equals(ScopeDef.SC_TKSKEYSLIST))
-                    createMasterKey(req, resp);
-            } else if (op.equals(OpDef.OP_VALIDATE)) {
-                mOp = "modify";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_SUBJECT_NAME))
-                    validateSubjectName(req, resp);
-                else if (scope.equals(ScopeDef.SC_KEY_LENGTH))
-                    validateKeyLength(req, resp);
-                else if (scope.equals(ScopeDef.SC_CERTIFICATE_EXTENSION))
-                    validateCertExtension(req, resp);
-                else if (scope.equals(ScopeDef.SC_KEY_CURVENAME))
-                    validateCurveName(req, resp);
-            }
-        } catch (EBaseException e) {
-            sendResponse(ERROR, e.toString(getLocale(req)),
-                    null, resp);
-            return;
-        } catch (Exception e) {
-            StringWriter sw = new StringWriter();
-
-            e.printStackTrace(new PrintWriter(sw));
-
-            sendResponse(1, "operation failure", null, resp);
-            return;
-        }
-    }
-
-    private void getEnv(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-
-        if (File.separator.equals("\\"))
-            params.put(Constants.PR_NT, Constants.TRUE);
-        else
-            params.put(Constants.PR_NT, Constants.FALSE);
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private void getAllTokenNames(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-        NameValuePairs params = new NameValuePairs();
-
-        params.put(Constants.PR_TOKEN_LIST, jssSubSystem.getTokenList());
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private void getAllNicknames(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-        ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-
-        params.put(Constants.PR_ALL_NICKNAMES, jssSubSystem.getAllCerts());
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private boolean isSubsystemInstalled(String subsystem) {
-        Enumeration<ISubsystem> e = CMS.getSubsystems();
-
-        while (e.hasMoreElements()) {
-            ISubsystem sys = e.nextElement();
-
-            //get subsystem type
-            if ((sys instanceof IKeyRecoveryAuthority) &&
-                    subsystem.equals("kra"))
-                return true;
-            else if ((sys instanceof IRegistrationAuthority) &&
-                    subsystem.equals("ra"))
-                return true;
-            else if ((sys instanceof ICertificateAuthority) &&
-                    subsystem.equals("ca"))
-                return true;
-            else if ((sys instanceof IOCSPAuthority) &&
-                    subsystem.equals("ocsp"))
-                return true;
-        }
-
-        return false;
-    }
-
-    private void readEncryption(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        Enumeration<ISubsystem> e = CMS.getSubsystems();
-        boolean isCAInstalled = false;
-        boolean isRAInstalled = false;
-        boolean isKRAInstalled = false;
-
-        while (e.hasMoreElements()) {
-            ISubsystem sys = e.nextElement();
-
-            //get subsystem type
-            if (sys instanceof IKeyRecoveryAuthority)
-                isKRAInstalled = true;
-            else if (sys instanceof IRegistrationAuthority)
-                isRAInstalled = true;
-            else if (sys instanceof ICertificateAuthority)
-                isCAInstalled = true;
-
-        }
-
-        ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-        String caTokenName = "";
-
-        NameValuePairs params = new NameValuePairs();
-
-        params.put(Constants.PR_CIPHER_VERSION,
-                jssSubSystem.getCipherVersion());
-        params.put(Constants.PR_CIPHER_FORTEZZA, jssSubSystem.isCipherFortezza());
-        params.put(Constants.PR_CIPHER_PREF, jssSubSystem.getCipherPreferences());
-
-        String tokenList = jssSubSystem.getTokenList();
-
-        String tokenNewList = "";
-        StringTokenizer tokenizer = new StringTokenizer(tokenList, ",");
-
-        while (tokenizer.hasMoreElements()) {
-            String tokenName = (String) tokenizer.nextElement();
-            String certs = jssSubSystem.getCertListWithoutTokenName(tokenName);
-
-            if (certs.equals(""))
-                continue;
-            if (tokenNewList.equals(""))
-                tokenNewList = tokenNewList + tokenName;
-            else
-                tokenNewList = tokenNewList + "," + tokenName;
-            tokenName = escapeString(tokenName);
-            params.put(Constants.PR_TOKEN_PREFIX + tokenName, certs);
-        }
-
-        params.put(Constants.PR_TOKEN_LIST, tokenNewList);
-
-        if (isCAInstalled) {
-            ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-            ISigningUnit signingUnit = ca.getSigningUnit();
-
-            caTokenName = signingUnit.getTokenName();
-
-            if (caTokenName.equals(jssSubSystem.getInternalTokenName()))
-                caTokenName = Constants.PR_INTERNAL_TOKEN;
-
-            String caNickName = signingUnit.getNickname();
-
-            //params.add(Constants.PR_CERT_CA, caTokenName+","+caNickName);
-            params.put(Constants.PR_CERT_CA, getCertNickname(caNickName));
-        }
-
-        if (isRAInstalled) {
-            IRegistrationAuthority ra = (IRegistrationAuthority)
-                    CMS.getSubsystem(CMS.SUBSYSTEM_RA);
-            String raNickname = ra.getNickname();
-
-            params.put(Constants.PR_CERT_RA, getCertNickname(raNickname));
-        }
-
-        if (isKRAInstalled) {
-            IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)
-                    CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
-            String kraNickname = kra.getNickname();
-
-            params.put(Constants.PR_CERT_TRANS, getCertNickname(kraNickname));
-        }
-
-        String nickName = CMS.getServerCertNickname();
-
-        params.put(Constants.PR_CERT_SERVER, getCertNickname(nickName));
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private String escapeString(String name) {
-        StringTokenizer tokenizer = new StringTokenizer(name, " ");
-        StringBuffer tokenname = new StringBuffer();
-
-        if (tokenizer.countTokens() == 1)
-            return name;
-        while (tokenizer.hasMoreElements()) {
-            if (tokenizer.countTokens() == 1)
-                tokenname.append((String) tokenizer.nextElement());
-            else {
-                tokenname.append((String) tokenizer.nextElement());
-                tokenname.append("%20");
-            }
-        }
-
-        return tokenname.toString();
-    }
-
-    private String getCertNickname(String nickName) {
-        if (!nickName.equals("")) {
-            StringTokenizer tokenizer = new StringTokenizer(nickName, ":");
-            String tokenName = "";
-
-            if (tokenizer.countTokens() > 1) {
-                tokenName = (String) tokenizer.nextElement();
-            } else {
-                tokenName = Constants.PR_INTERNAL_TOKEN;
-            }
-            return tokenName + "," + ((String) tokenizer.nextElement());
-        }
-        return "";
-    }
-
-    /**
-     * Modify encryption configuration
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION used when configuring encryption (cert settings and SSL
-     * cipher preferences)
-     * </ul>
-     *
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException failed to modify encryption configuration
-     */
-    private void modifyEncryption(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            Enumeration<String> enum1 = req.getParameterNames();
-            NameValuePairs params = new NameValuePairs();
-            ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                    CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-
-            jssSubSystem.getInternalTokenName();
-            Enumeration<ISubsystem> e = CMS.getSubsystems();
-            boolean isCAInstalled = false;
-            boolean isRAInstalled = false;
-            boolean isKRAInstalled = false;
-
-            while (e.hasMoreElements()) {
-                ISubsystem sys = e.nextElement();
-
-                //get subsystem type
-                if (sys instanceof IKeyRecoveryAuthority)
-                    isKRAInstalled = true;
-                else if (sys instanceof IRegistrationAuthority)
-                    isRAInstalled = true;
-                else if (sys instanceof ICertificateAuthority)
-                    isCAInstalled = true;
-            }
-
-            ICertificateAuthority ca = null;
-            IRegistrationAuthority ra = null;
-            IKeyRecoveryAuthority kra = null;
-
-            if (isCAInstalled)
-                ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-            if (isRAInstalled)
-                ra = (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
-            if (isKRAInstalled)
-                kra = (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
-
-            boolean isCACert = true;
-
-            while (enum1.hasMoreElements()) {
-                String name = enum1.nextElement();
-                String val = req.getParameter(name);
-
-                if (name.equals(Constants.PR_CIPHER_PREF)) {
-                    jssSubSystem.setCipherPreferences(val);
-                } else if (name.equals(Constants.PR_CERT_CA)) {
-                    ISigningUnit signingUnit = ca.getSigningUnit();
-
-                    if ((val != null) && (!val.equals(""))) {
-                        StringTokenizer tokenizer = new StringTokenizer(val, ",");
-
-                        if (tokenizer.countTokens() != 2) {
-                            // store a message in the signed audit log file
-                            auditMessage = CMS.getLogMessage(
-                                        LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
-                                        auditSubjectID,
-                                        ILogger.FAILURE,
-                                        auditParams(req));
-
-                            audit(auditMessage);
-
-                            throw new EBaseException(CMS.getLogMessage("BASE_INVALID_UI_INFO"));
-                        }
-
-                        String tokenName = (String) tokenizer.nextElement();
-                        String nickName = (String) tokenizer.nextElement();
-
-                        if (tokenName.equals(Constants.PR_INTERNAL_TOKEN)) {
-                            tokenName = jssSubSystem.getInternalTokenName();
-                        } else {
-                            nickName = tokenName + ":" + nickName;
-                        }
-
-                        isCACert = jssSubSystem.isCACert(nickName);
-                        if (isCACert) {
-                            signingUnit.updateConfig(nickName, tokenName);
-                        } else
-                            // store a message in the signed audit log file
-                            auditMessage = CMS.getLogMessage(
-                                        LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
-                                        auditSubjectID,
-                                        ILogger.FAILURE,
-                                        auditParams(req));
-
-                        audit(auditMessage);
-
-                        throw new EBaseException(CMS.getLogMessage("BASE_NOT_CA_CERT"));
-                    }
-                } else if (name.equals(Constants.PR_CERT_RA)) {
-                    if ((val != null) && (!val.equals(""))) {
-                        String nickName = getCertConfigNickname(val);
-
-                        ra.setNickname(nickName);
-                    }
-                } else if (name.equals(Constants.PR_CERT_TRANS)) {
-                    if ((val != null) && (!val.equals(""))) {
-                        String nickName = getCertConfigNickname(val);
-
-                        kra.setNickname(nickName);
-                    }
-                } else if (name.equals(Constants.PR_CERT_SERVER)) {
-                    if ((val != null) && (!val.equals(""))) {
-                        String nickName = getCertConfigNickname(val);
-
-                        modifyRADMCert(nickName);
-                        modifyAgentGatewayCert(nickName);
-                        if (isRAInstalled)
-                            modifyEEGatewayCert(ra, nickName);
-                        if (isCAInstalled)
-                            modifyCAGatewayCert(ca, nickName);
-                    }
-                }
-            }
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(RESTART, null, params, resp);
-            mConfig.commit(true);
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    private String getCertConfigNickname(String val) throws EBaseException {
-        StringTokenizer tokenizer = new StringTokenizer(val, ",");
-
-        if (tokenizer.countTokens() != 2) {
-            throw new EBaseException(CMS.getLogMessage("BASE_INVALID_UI_INFO"));
-        }
-        String tokenName = (String) tokenizer.nextElement();
-
-        if (tokenName.equals(Constants.PR_INTERNAL_TOKEN))
-            tokenName = "";
-        else
-            tokenName = tokenName + ":";
-        return (tokenName + (String) tokenizer.nextElement());
-    }
-
-    private void modifyRADMCert(String nickName) {
-        CMS.setServerCertNickname(nickName);
-
-        /*
-         RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
-         HTTPService httpsService = raAdmin.getHttpsService();
-         httpsService.setNickName(nickName);
-         */
-    }
-
-    private void modifyAgentGatewayCert(String nickName) {
-        CMS.setServerCertNickname(nickName);
-
-        /*
-         AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
-         HTTPService httpsService = gateway.getHttpsService();
-         httpsService.setNickName(nickName);
-         */
-    }
-
-    private void modifyEEGatewayCert(IRegistrationAuthority ra, String nickName) {
-        CMS.setServerCertNickname(nickName);
-
-        /*
-         HTTPSubsystem eeGateway = ra.getHTTPSubsystem();
-         HTTPService httpsService = eeGateway.getHttpsService();
-         httpsService.setNickName(nickName);
-         */
-    }
-
-    private void modifyCAGatewayCert(ICertificateAuthority ca, String nickName) {
-        CMS.setServerCertNickname(nickName);
-
-        /*
-         HTTPSubsystem caGateway = ca.getHTTPSubsystem();
-         HTTPService httpsService = caGateway.getHttpsService();
-         httpsService.setNickName(nickName);
-         */
-    }
-
-    /**
-     * Performs Server Tasks: RESTART/STOP operation
-     */
-    private void performTasks(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        String restart = req.getParameter(Constants.PR_SERVER_RESTART);
-        String stop = req.getParameter(Constants.PR_SERVER_STOP);
-        NameValuePairs params = new NameValuePairs();
-
-        if (restart != null) {
-            //XXX Uncommented afetr watchdog is implemented
-            sendResponse(SUCCESS, null, params, resp);
-            //mServer.restart();
-            return;
-        }
-
-        if (stop != null) {
-            //XXX Send response first then shutdown
-            sendResponse(SUCCESS, null, params, resp);
-            CMS.shutdown();
-            return;
-        }
-
-        sendResponse(ERROR, "Unknown operation", null, resp);
-
-    }
-
-    /**
-     * Reads subsystems that server has loaded with.
-     */
-    private void readSubsystem(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<ISubsystem> e = CMS.getSubsystems();
-
-        while (e.hasMoreElements()) {
-            String type = "";
-            ISubsystem sys = e.nextElement();
-
-            //get subsystem type
-            if (sys instanceof IKeyRecoveryAuthority)
-                type = Constants.PR_KRA_INSTANCE;
-            if (sys instanceof IRegistrationAuthority)
-                type = Constants.PR_RA_INSTANCE;
-            if (sys instanceof ICertificateAuthority)
-                type = Constants.PR_CA_INSTANCE;
-            if (sys instanceof IOCSPAuthority)
-                type = Constants.PR_OCSP_INSTANCE;
-            if (sys instanceof ITKSAuthority)
-                type = Constants.PR_TKS_INSTANCE;
-            if (!type.trim().equals(""))
-                params.put(sys.getId(), type);
-        }
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    /**
-     * Reads server statistics.
-     */
-    private void readStat(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            String installdate = cs.getString(Constants.PR_STAT_INSTALLDATE, "");
-            params.put(Constants.PR_STAT_INSTALLDATE, installdate);
-        } catch (Exception e) {
-        }
-
-        try {
-            String version = cs.getString(Constants.PR_STAT_VERSION, "");
-            params.put(Constants.PR_STAT_VERSION, version);
-        } catch (Exception e) {
-        }
-
-        try {
-            String instanceId = cs.getString(Constants.PR_STAT_INSTANCEID, "");
-            params.put(Constants.PR_STAT_INSTANCEID, instanceId);
-        } catch (Exception e) {
-        }
-
-        params.put(Constants.PR_STAT_STARTUP,
-                (new Date(CMS.getStartupTime())).toString());
-        params.put(Constants.PR_STAT_TIME,
-                (new Date(System.currentTimeMillis())).toString());
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    /**
-     * Modifies database information.
-     */
-    private void setDBConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        IConfigStore dbConfig = mConfig.getSubStore(PROP_INTERNAL_DB);
-        Enumeration<String> enum1 = req.getParameterNames();
-
-        while (enum1.hasMoreElements()) {
-            String key = enum1.nextElement();
-
-            if (key.equals(Constants.OP_TYPE))
-                continue;
-            if (key.equals(Constants.RS_ID))
-                continue;
-            if (key.equals(Constants.OP_SCOPE))
-                continue;
-
-            dbConfig.putString(key, req.getParameter(key));
-        }
-
-        sendResponse(RESTART, null, null, resp);
-        mConfig.commit(true);
-    }
-
-    /**
-     * Create Master Key
-     */
-    private void createMasterKey(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<String> e = req.getParameterNames();
-        String newKeyName = null, selectedToken = null;
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-
-            if (name.equals(Constants.PR_KEY_LIST)) {
-                newKeyName = req.getParameter(name);
-            }
-            if (name.equals(Constants.PR_TOKEN_LIST)) {
-                selectedToken = req.getParameter(name);
-            }
-
-        }
-        if (selectedToken != null && newKeyName != null) {
-            SessionKey.GenMasterKey(selectedToken, newKeyName); // check for errors
-            CMS.getConfigStore().putString("tks.defaultSlot", selectedToken);
-            String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null);
-
-            SessionKey.SetDefaultPrefix(masterKeyPrefix);
-            params.put(Constants.PR_KEY_LIST, newKeyName);
-            params.put(Constants.PR_TOKEN_LIST, selectedToken);
-        }
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    /**
-     * Reads secmod.db
-     */
-    private void getTKSKeys(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<String> e = req.getParameterNames();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-
-            if (name.equals(Constants.PR_TOKEN_LIST)) {
-                String selectedToken = req.getParameter(name);
-
-                ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-
-                CryptoToken token = null;
-                CryptoManager mCryptoManager = null;
-                try {
-                    mCryptoManager = CryptoManager.getInstance();
-                } catch (Exception e2) {
-                }
-
-                if (!jssSubSystem.isTokenLoggedIn(selectedToken)) {
-                    PasswordCallback cpcb = new ConsolePasswordCallback();
-                    while (true) {
-                        try {
-                            token = mCryptoManager.getTokenByName(selectedToken);
-                            token.login(cpcb);
-                            break;
-                        } catch (Exception e3) {
-                            //log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD"));
-                            continue;
-                        }
-                    }
-                }
-                // String symKeys = new String("key1,key2");
-                String symKeys = SessionKey.ListSymmetricKeys(selectedToken);
-                params.put(Constants.PR_TOKEN_LIST, symKeys);
-
-            }
-        }
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    /**
-     * Reads database information.
-     */
-    private void getDBConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        IConfigStore dbConfig = mConfig.getSubStore(PROP_DB);
-        IConfigStore ldapConfig = dbConfig.getSubStore("ldap");
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<String> e = req.getParameterNames();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-
-            if (name.equals(Constants.OP_TYPE))
-                continue;
-            if (name.equals(Constants.RS_ID))
-                continue;
-            if (name.equals(Constants.OP_SCOPE))
-                continue;
-            if (name.equals(Constants.PR_SECURE_PORT_ENABLED))
-                params.put(name, ldapConfig.getString(name, "Constants.FALSE"));
-            else
-                params.put(name, ldapConfig.getString(name, ""));
-        }
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    /**
-     * Modifies SMTP configuration.
-     */
-    private void modifySMTPConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        // XXX
-        IConfigStore sConfig = mConfig.getSubStore(PROP_SMTP);
-
-        String host = req.getParameter(Constants.PR_SERVER_NAME);
-
-        if (host != null)
-            sConfig.putString("host", host);
-
-        String port = req.getParameter(Constants.PR_PORT);
-
-        if (port != null)
-            sConfig.putString("port", port);
-
-        commit(true);
-
-        sendResponse(SUCCESS, null, null, resp);
-    }
-
-    /**
-     * Reads SMTP configuration.
-     */
-    private void readSMTPConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        IConfigStore dbConfig = mConfig.getSubStore(PROP_SMTP);
-        NameValuePairs params = new NameValuePairs();
-
-        params.put(Constants.PR_SERVER_NAME,
-                dbConfig.getString("host"));
-        params.put(Constants.PR_PORT,
-                dbConfig.getString("port"));
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private void loggedInToken(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        Enumeration<String> enum1 = req.getParameterNames();
-        String tokenName = "";
-        String pwd = "";
-
-        while (enum1.hasMoreElements()) {
-            String key = enum1.nextElement();
-            String value = req.getParameter(key);
-
-            if (key.equals(Constants.PR_TOKEN_NAME)) {
-                tokenName = value;
-            } else if (key.equals(Constants.PR_TOKEN_PASSWD)) {
-                pwd = value;
-            }
-        }
-
-        ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-
-        jssSubSystem.loggedInToken(tokenName, pwd);
-
-        /* Do a "PUT" of the new pw to the watchdog" */
-        CMS.putPasswordCache(tokenName, pwd);
-        sendResponse(SUCCESS, null, null, resp);
-    }
-
-    private void checkTokenStatus(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        Enumeration<String> enum1 = req.getParameterNames();
-        String key = "";
-        String value = "";
-
-        while (enum1.hasMoreElements()) {
-            key = enum1.nextElement();
-            value = req.getParameter(key);
-            if (key.equals(Constants.PR_TOKEN_NAME)) {
-                break;
-            }
-        }
-
-        ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-        boolean status = jssSubSystem.isTokenLoggedIn(value);
-
-        NameValuePairs params = new NameValuePairs();
-
-        params.put(Constants.PR_LOGGED_IN, "" + status);
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    /**
-     * Retrieve a certificate request
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC used when asymmetric keys are generated
-     * </ul>
-     *
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException failed to retrieve certificate request
-     */
-    private void getCertRequest(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditPublicKey = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            NameValuePairs params = new NameValuePairs();
-            Enumeration<String> enum1 = req.getParameterNames();
-            String tokenName = Constants.PR_INTERNAL_TOKEN_NAME;
-            String keyType = "";
-            int keyLength = 512;
-            String subjectName = "";
-            String certType = Constants.PR_CA_SIGNING_CERT;
-            String dir = "";
-            String pathname = "";
-            String otherNickname = "";
-            String keyCurveName = "";
-
-            while (enum1.hasMoreElements()) {
-                String key = enum1.nextElement();
-                String value = req.getParameter(key);
-
-                if (key.equals(Constants.PR_TOKEN_NAME)) {
-                    if (!value.equals(Constants.PR_INTERNAL_TOKEN))
-                        tokenName = value;
-                } else if (key.equals(Constants.PR_KEY_LENGTH)) {
-                    keyLength = Integer.parseInt(value);
-                } else if (key.equals(Constants.PR_KEY_TYPE)) {
-                    keyType = value;
-                } else if (key.equals(Constants.RS_ID)) {
-                    certType = value;
-                } else if (key.equals(Constants.PR_SUBJECT_NAME)) {
-                    subjectName = value;
-                } else if (key.equals(Constants.PR_NICKNAME)) {
-                    otherNickname = value;
-                } else if (key.equals(Constants.PR_KEY_CURVENAME)) {
-                    keyCurveName = value;
-                }
-            }
-
-            pathname = mConfig.getString("instanceRoot", "")
-                    + File.separator + "conf" + File.separator;
-            dir = pathname;
-            ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                    CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-
-            KeyPair keypair = null;
-            PQGParams pqgParams = null;
-            String nickname = "";
-
-            // other cert and has the existing key
-            if (certType.equals(Constants.PR_OTHER_CERT) && keyType.equals(""))
-                nickname = otherNickname;
-            else if (!certType.equals(Constants.PR_OTHER_CERT))
-                nickname = getNickname(certType);
-
-            String nicknameWithoutTokenName = "";
-
-            if (nickname != null && !nickname.equals("")) {
-                int index = nickname.indexOf(":");
-
-                nicknameWithoutTokenName = nickname;
-                if (index >= 0)
-                    nicknameWithoutTokenName = nickname.substring(index + 1);
-            }
-
-            if (keyType.equals("")) {
-                if (nickname.equals("")) {
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditPublicKey);
-
-                    audit(auditMessage);
-
-                    throw new EBaseException(
-                            CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
-                }
-                keypair = jssSubSystem.getKeyPair(nickname);
-            } else {
-                if (keyType.equals("ECC")) {
-                    // get ECC keypair
-                    keypair = jssSubSystem.getECCKeyPair(tokenName, keyCurveName, certType);
-                } else { //DSA or RSA
-                    if (keyType.equals("DSA"))
-                        pqgParams = jssSubSystem.getPQG(keyLength);
-                    keypair = jssSubSystem.getKeyPair(tokenName, keyType, keyLength, pqgParams);
-                }
-            }
-
-            // reset the "auditPublicKey"
-            auditPublicKey = auditPublicKey(keypair);
-
-            if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
-                pathname = pathname + File.separator + "cacsr.txt";
-                if (!keyType.equals(""))
-                    setCANewnickname(tokenName, nicknameWithoutTokenName);
-            } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) {
-                pathname = pathname + File.separator + "racsr.txt";
-                if (!keyType.equals(""))
-                    setRANewnickname(tokenName, nicknameWithoutTokenName);
-            } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
-                pathname = pathname + File.separator + "ocspcsr.txt";
-                if (!keyType.equals(""))
-                    setOCSPNewnickname(tokenName, nicknameWithoutTokenName);
-            } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) {
-                pathname = pathname + File.separator + "kracsr.txt";
-                if (!keyType.equals(""))
-                    setKRANewnickname(tokenName, nicknameWithoutTokenName);
-            } else if (certType.equals(Constants.PR_SERVER_CERT)) {
-                pathname = pathname + File.separator + "sslcsr.txt";
-                if (!keyType.equals(""))
-                    setAgentNewnickname(tokenName, nicknameWithoutTokenName);
-            } else if (certType.equals(Constants.PR_SERVER_CERT_RADM)) {
-                pathname = pathname + File.separator + "sslcsrradm.txt";
-                if (!keyType.equals(""))
-                    setRADMNewnickname(tokenName, nicknameWithoutTokenName);
-            } else if (certType.equals(Constants.PR_OTHER_CERT)) {
-                pathname = pathname + File.separator + "othercsr.txt";
-            }
-            String certReq = jssSubSystem.getCertRequest(subjectName, keypair);
-
-            params.put(Constants.PR_CSR, certReq);
-            params.put(Constants.PR_CERT_REQUEST_DIR, dir);
-            PrintStream ps = new PrintStream(new FileOutputStream(pathname));
-
-            ps.println(certReq);
-            ps.close();
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditPublicKey);
-
-            audit(auditMessage);
-
-            mConfig.commit(true);
-            sendResponse(SUCCESS, null, params, resp);
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditPublicKey);
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditPublicKey);
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditPublicKey );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    private void setCANewnickname(String tokenName, String nickname)
-            throws EBaseException {
-        ICertificateAuthority ca = (ICertificateAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-        ISigningUnit signingUnit = ca.getSigningUnit();
-
-        if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
-            signingUnit.setNewNickName(nickname);
-        else {
-            if (tokenName.equals("") && nickname.equals(""))
-                signingUnit.setNewNickName("");
-            else
-                signingUnit.setNewNickName(tokenName + ":" + nickname);
-        }
-    }
-
-    private String getCANewnickname() throws EBaseException {
-        ICertificateAuthority ca = (ICertificateAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-        ISigningUnit signingUnit = ca.getSigningUnit();
-
-        return signingUnit.getNewNickName();
-    }
-
-    private void setRANewnickname(String tokenName, String nickname)
-            throws EBaseException {
-        IRegistrationAuthority ra = (IRegistrationAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_RA);
-
-        if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
-            ra.setNewNickName(nickname);
-        else {
-            if (tokenName.equals("") && nickname.equals(""))
-                ra.setNewNickName("");
-            else
-                ra.setNewNickName(tokenName + ":" + nickname);
-        }
-    }
-
-    private String getRANewnickname() throws EBaseException {
-        IRegistrationAuthority ra = (IRegistrationAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_RA);
-
-        return ra.getNewNickName();
-    }
-
-    private void setOCSPNewnickname(String tokenName, String nickname)
-            throws EBaseException {
-        IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
-
-        if (ocsp != null) {
-            ISigningUnit signingUnit = ocsp.getSigningUnit();
-
-            if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
-                signingUnit.setNewNickName(nickname);
-            else {
-                if (tokenName.equals("") && nickname.equals(""))
-                    signingUnit.setNewNickName("");
-                else
-                    signingUnit.setNewNickName(tokenName + ":" + nickname);
-            }
-        } else {
-            ICertificateAuthority ca = (ICertificateAuthority)
-                    CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-            ISigningUnit signingUnit = ca.getOCSPSigningUnit();
-
-            if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
-                signingUnit.setNewNickName(nickname);
-            else {
-                if (tokenName.equals("") && nickname.equals(""))
-                    signingUnit.setNewNickName("");
-                else
-                    signingUnit.setNewNickName(tokenName + ":" + nickname);
-            }
-        }
-    }
-
-    private String getOCSPNewnickname() throws EBaseException {
-        IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
-
-        if (ocsp != null) {
-            ISigningUnit signingUnit = ocsp.getSigningUnit();
-
-            return signingUnit.getNewNickName();
-        } else {
-            ICertificateAuthority ca = (ICertificateAuthority)
-                    CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-            ISigningUnit signingUnit = ca.getOCSPSigningUnit();
-
-            return signingUnit.getNewNickName();
-        }
-    }
-
-    private void setKRANewnickname(String tokenName, String nickname)
-            throws EBaseException {
-        IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
-
-        if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
-            kra.setNewNickName(nickname);
-        else {
-            if (tokenName.equals("") && nickname.equals(""))
-                kra.setNewNickName("");
-            else
-                kra.setNewNickName(tokenName + ":" + nickname);
-        }
-    }
-
-    private String getKRANewnickname() throws EBaseException {
-        IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
-
-        return kra.getNewNickName();
-    }
-
-    private void setRADMNewnickname(String tokenName, String nickName)
-            throws EBaseException {
-        CMS.setServerCertNickname(tokenName, nickName);
-
-        /*
-         RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
-         HTTPService httpsService = raAdmin.getHttpsService();
-         if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
-         httpsService.setNewNickName(nickName);
-         else {
-         if (tokenName.equals("") && nickName.equals(""))
-         httpsService.setNewNickName("");
-         else
-         httpsService.setNewNickName(tokenName+":"+nickName);
-         }
-         */
-    }
-
-    private String getRADMNewnickname()
-            throws EBaseException {
-        // assuming the nickname does not change.
-        return CMS.getServerCertNickname();
-
-        /*
-         RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
-         HTTPService httpsService = raAdmin.getHttpsService();
-         return httpsService.getNewNickName();
-         */
-    }
-
-    private void setAgentNewnickname(String tokenName, String nickName)
-            throws EBaseException {
-        CMS.setServerCertNickname(tokenName, nickName);
-
-        /*
-         AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
-         HTTPService httpsService = gateway.getHttpsService();
-         if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
-         httpsService.setNewNickName(nickName);
-         else {
-         if (tokenName.equals("") && nickName.equals(""))
-         httpsService.setNewNickName("");
-         else
-         httpsService.setNewNickName(tokenName+":"+nickName);
-         }
-         */
-    }
-
-    private String getAgentNewnickname()
-            throws EBaseException {
-        // assuming the nickname does not change.
-        return CMS.getServerCertNickname();
-
-        /*
-         AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
-         HTTPService httpsService = gateway.getHttpsService();
-         return httpsService.getNewNickName();
-         */
-    }
-
-    /**
-     * Issue import certificate
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Certificate Setup Wizard" is used to
-     * import CA certs into the certificate database
-     * </ul>
-     *
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException failed to issue an import certificate
-     */
-    private void issueImportCert(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            Enumeration<String> enum1 = req.getParameterNames();
-            String tokenName = Constants.PR_INTERNAL_TOKEN_NAME;
-            String keyType = "RSA";
-            KeyCertData properties = new KeyCertData();
-
-            String newtokenname = null;
-
-            while (enum1.hasMoreElements()) {
-                String key = enum1.nextElement();
-                String value = req.getParameter(key);
-
-                if (!key.equals("pathname")) {
-                    if (key.equals(Constants.PR_TOKEN_NAME))
-                        newtokenname = value;
-                    properties.put(key, value);
-                }
-            }
-
-            String certType = (String) properties.get(Constants.RS_ID);
-
-            ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                    CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-            ICertificateAuthority ca = (ICertificateAuthority)
-                    CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-            ICertificateRepository repository =
-                    ca.getCertificateRepository();
-            ISigningUnit signingUnit = ca.getSigningUnit();
-            String oldtokenname = null;
-            //this is the old nick name
-            String nickname = getNickname(certType);
-            String nicknameWithoutTokenName = "";
-            String oldcatokenname = signingUnit.getTokenName();
-            String canickname = getNickname(Constants.PR_CA_SIGNING_CERT);
-            String canicknameWithoutTokenName = "";
-
-            int index = nickname.indexOf(":");
-
-            if (index == -1) {
-                nicknameWithoutTokenName = nickname;
-                oldtokenname = Constants.PR_INTERNAL_TOKEN_NAME;
-            } else if (index > 0 && (index < (nickname.length() - 1))) {
-                nicknameWithoutTokenName = nickname.substring(index + 1);
-                oldtokenname = nickname.substring(0, index);
-            } else {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
-            }
-
-            if (newtokenname == null)
-                newtokenname = oldtokenname;
-            index = canickname.indexOf(":");
-            if (index == -1) {
-                canicknameWithoutTokenName = canickname;
-            } else if (index > 0 && (index < (canickname.length() - 1))) {
-                canicknameWithoutTokenName = canickname.substring(index + 1);
-            } else {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
-            }
-
-            //xxx renew ca ,use old issuer?
-            properties.setIssuerName(
-                    jssSubSystem.getCertSubjectName(oldcatokenname,
-                                                canicknameWithoutTokenName));
-
-            KeyPair pair = null;
-
-            if (nickname.equals("")) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
-            }
-
-            //xxx set to old nickname?
-            properties.setCertNickname(nickname);
-            if (!certType.equals(Constants.PR_CA_SIGNING_CERT)) {
-                CertificateExtensions exts = jssSubSystem.getExtensions(
-                        oldcatokenname, canicknameWithoutTokenName);
-
-                properties.setCAExtensions(exts);
-            }
-
-            KeyPair caKeyPair = null;
-            String defaultSigningAlg = null;
-            String defaultOCSPSigningAlg = null;
-
-            if (properties.getHashType() != null) {
-                if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
-                    defaultSigningAlg = properties.getHashType();
-                }
-                if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
-                    defaultOCSPSigningAlg = properties.getHashType();
-                }
-            }
-
-            // create a new CA certificate or ssl server cert
-            if (properties.getKeyCurveName() != null) { //new ECC
-                CMS.debug("CMSAdminServlet: issueImportCert: generating ECC keys");
-                pair = jssSubSystem.getECCKeyPair(properties);
-                if (certType.equals(Constants.PR_CA_SIGNING_CERT))
-                    caKeyPair = pair;
-            } else if (properties.getKeyLength() != null) { //new RSA or DSA
-                keyType = properties.getKeyType();
-                String keyLen = properties.getKeyLength();
-
-                if (keyType.equals("DSA")) {
-                    @SuppressWarnings("unused")
-                    PQGParams pqgParams =
-                            jssSubSystem.getCAPQG(Integer.parseInt(keyLen), mConfig); // check for errors
-                    //properties.put(Constants.PR_PQGPARAMS, pqgParams);
-                }
-                pair = jssSubSystem.getKeyPair(properties);
-                if (certType.equals(Constants.PR_CA_SIGNING_CERT))
-                    caKeyPair = pair;
-                // renew the CA certificate or ssl server cert
-            } else {
-                pair = jssSubSystem.getKeyPair(nickname);
-                // should get it from the CA signing certificate
-                if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
-                    updateCASignature(nickname, properties, jssSubSystem);
-                    caKeyPair = pair;
-                    defaultSigningAlg = signingUnit.getDefaultAlgorithm();
-                }
-
-                /*
-                 String alg = jssSubSystem.getSignatureAlgorithm(nickname);
-                 SignatureAlgorithm sigAlg = SigningUnit.mapAlgorithmToJss(alg);
-                 properties.setSignatureAlgorithm(sigAlg);
-                 properties.setAlgorithmId(
-                 jssSubSystem.getAlgorithmId(alg, mConfig));
-                 */
-            }
-
-            String alg = properties.getSignedBy();
-            if (!certType.equals(Constants.PR_CA_SIGNING_CERT)) {
-                caKeyPair = jssSubSystem.getKeyPair(canickname);
-                updateCASignature(canickname, properties, jssSubSystem);
-            } else if (alg != null) {
-                // self signed CA signing cert, new keys
-                // value provided for signedBy
-                SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg);
-                properties.setSignatureAlgorithm(sigAlg);
-                properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, mConfig));
-            }
-
-            if (pair == null)
-                CMS.debug("CMSAdminServlet: issueImportCert: key pair is null");
-
-            BigInteger nextSerialNo = repository.getNextSerialNumber();
-
-            properties.setSerialNumber(nextSerialNo);
-            properties.setKeyPair(pair);
-            properties.setConfigFile(mConfig);
-            //        properties.put(Constants.PR_CA_KEYPAIR, pair);
-            properties.put(Constants.PR_CA_KEYPAIR, caKeyPair);
-
-            X509CertImpl signedCert =
-                    jssSubSystem.getSignedCert(properties, certType,
-                                           caKeyPair.getPrivate());
-
-            if (signedCert == null)
-                CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null");
-
-            /* bug 600124
-             try {
-                 jssSubSystem.deleteTokenCertificate(nickname, pathname);
-             } catch (Throwable e) {
-                 //skip it
-             }
-             */
-
-            boolean nicknameChanged = false;
-
-            //xxx import cert with nickname without token name?
-            //jss adds the token prefix!!!
-            //log(ILogger.LL_DEBUG,"import as alias"+ nicknameWithoutTokenName);
-            try {
-                CMS.debug("CMSAdminServlet: issueImportCert: Importing cert: " + nicknameWithoutTokenName);
-                jssSubSystem.importCert(signedCert, nicknameWithoutTokenName,
-                                        certType);
-            } catch (EBaseException e) {
-                // if it fails, let use a different nickname to try
-                Date now = new Date();
-                String newNickname = nicknameWithoutTokenName
-                                   + "-" + now.getTime();
-
-                CMS.debug("CMSAdminServlet: issueImportCert: Importing cert with nickname: " + newNickname);
-                jssSubSystem.importCert(signedCert, newNickname,
-                                        certType);
-                nicknameWithoutTokenName = newNickname;
-                nicknameChanged = true;
-                if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
-                    nickname = newNickname;
-                } else {
-                    nickname = tokenName + ":" + newNickname;
-                }
-            }
-
-            ICertRecord certRecord = repository.createCertRecord(
-                                         signedCert.getSerialNumber(),
-                                         signedCert, null);
-
-            repository.addCertificateRecord(certRecord);
-
-            if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
-                try {
-                    X509CertInfo certInfo = (X509CertInfo) signedCert.get(
-                            X509CertImpl.NAME + "." + X509CertImpl.INFO);
-                    CertificateExtensions extensions = (CertificateExtensions)
-                            certInfo.get(X509CertInfo.EXTENSIONS);
-
-                    if (extensions != null) {
-                        BasicConstraintsExtension basic =
-                                (BasicConstraintsExtension)
-                                extensions.get(BasicConstraintsExtension.NAME);
-
-                        if (basic == null)
-                            log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL"));
-                        else {
-                            Integer pathlen = (Integer)
-                                    basic.get(BasicConstraintsExtension.PATH_LEN);
-                            int num = pathlen.intValue();
-
-                            if (num == 0)
-                                ca.setBasicConstraintMaxLen(num);
-                            else if (num > 0) {
-                                num = num - 1;
-                                ca.setBasicConstraintMaxLen(num);
-                            }
-                        }
-                    } else
-                        log(CMS.getLogMessage("ADMIN_SRVLT_CERT_NO_EXT"));
-                } catch (Exception eee) {
-                    log("CMSAdminServlet: Exception caught: " + eee.toString());
-                }
-            }
-
-            CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname
-                    + " newtoken:" + newtokenname + " nickname:" + nickname);
-            if ((newtokenname != null &&
-                    !newtokenname.equals(oldtokenname)) || nicknameChanged) {
-                if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
-                    if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
-                        signingUnit.updateConfig(nicknameWithoutTokenName,
-                                                 newtokenname);
-                    } else {
-                        signingUnit.updateConfig(newtokenname + ":" +
-                                                 nicknameWithoutTokenName,
-                                                 newtokenname);
-                    }
-                } else if (certType.equals(Constants.PR_SERVER_CERT)) {
-                    if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
-                        nickname = nicknameWithoutTokenName;
-                    } else {
-                        nickname = newtokenname + ":"
-                                 + nicknameWithoutTokenName;
-                    }
-
-                    //setRADMNewnickname("","");
-                    //modifyRADMCert(nickname);
-                    modifyAgentGatewayCert(nickname);
-                    if (isSubsystemInstalled("ra")) {
-                        IRegistrationAuthority ra =
-                                (IRegistrationAuthority)
-                                CMS.getSubsystem(CMS.SUBSYSTEM_RA);
-
-                        modifyEEGatewayCert(ra, nickname);
-                    }
-                    if (isSubsystemInstalled("ca")) {
-                        modifyCAGatewayCert(ca, nickname);
-                    }
-                } else if (certType.equals(Constants.PR_SERVER_CERT_RADM)) {
-                    if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
-                        nickname = nicknameWithoutTokenName;
-                    } else {
-                        nickname = newtokenname + ":"
-                                 + nicknameWithoutTokenName;
-                    }
-
-                    modifyRADMCert(nickname);
-                } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
-                    if (ca != null) {
-                        ISigningUnit ocspSigningUnit = ca.getOCSPSigningUnit();
-
-                        if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
-                            ocspSigningUnit.updateConfig(
-                                    nicknameWithoutTokenName, newtokenname);
-                        } else {
-                            ocspSigningUnit.updateConfig(newtokenname + ":" +
-                                    nicknameWithoutTokenName,
-                                    newtokenname);
-                        }
-                    }
-                }
-            }
-
-            // set signing algorithms if needed
-            if (certType.equals(Constants.PR_CA_SIGNING_CERT))
-                signingUnit.setDefaultAlgorithm(defaultSigningAlg);
-
-            if (defaultOCSPSigningAlg != null) {
-                ISigningUnit ocspSigningUnit = ca.getOCSPSigningUnit();
-                ocspSigningUnit.setDefaultAlgorithm(defaultOCSPSigningAlg);
-            }
-
-            properties.clear();
-            properties = null;
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            mConfig.commit(true);
-            sendResponse(SUCCESS, null, null, resp);
-        } catch (EBaseException eAudit1) {
-            CMS.debug("CMSAdminServlet: issueImportCert: EBaseException thrown: " + eAudit1.toString());
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            CMS.debug("CMSAdminServlet: issueImportCert: IOException thrown: " + eAudit2.toString());
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    private void updateCASignature(String nickname, KeyCertData properties,
-            ICryptoSubsystem jssSubSystem) throws EBaseException {
-        String alg = jssSubSystem.getSignatureAlgorithm(nickname);
-        SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg);
-
-        properties.setSignatureAlgorithm(sigAlg);
-        properties.setAlgorithmId(
-                jssSubSystem.getAlgorithmId(alg, mConfig));
-    }
-
-    /**
-     * Install certificates
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Certificate Setup Wizard" is used to
-     * import CA certs into the certificate database
-     * </ul>
-     *
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException failed to install a certificate
-     */
-    private void installCert(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String tokenName = Constants.PR_INTERNAL_TOKEN_NAME;
-            String pkcs = "";
-            String certType = "";
-            String nickname = "";
-            String pathname = "";
-            String serverRoot = "";
-            String serverID = "";
-            String certpath = "";
-            Enumeration<String> enum1 = req.getParameterNames();
-
-            while (enum1.hasMoreElements()) {
-                String key = enum1.nextElement();
-                String value = req.getParameter(key);
-
-                if (key.equals(Constants.PR_PKCS10))
-                    pkcs = value;
-                else if (key.equals(Constants.RS_ID))
-                    certType = value;
-                else if (key.equals(Constants.PR_NICKNAME))
-                    nickname = value;
-                else if (key.equals("pathname"))
-                    pathname = value;
-                else if (key.equals(Constants.PR_SERVER_ROOT))
-                    serverRoot = value;
-                else if (key.equals(Constants.PR_SERVER_ID))
-                    serverID = value;
-                else if (key.equals(Constants.PR_CERT_FILEPATH))
-                    certpath = value;
-            }
-
-            try {
-                if (pkcs == null || pkcs.equals("")) {
-                    if (certpath == null || certpath.equals("")) {
-                        // store a message in the signed audit log file
-                        auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                        audit(auditMessage);
-
-                        EBaseException ex = new EBaseException(
-                                CMS.getLogMessage("BASE_INVALID_FILE_PATH"));
-
-                        throw ex;
-                    } else {
-                        FileInputStream in = new FileInputStream(certpath);
-                        BufferedReader d =
-                                new BufferedReader(new InputStreamReader(in));
-                        String content = "";
-
-                        pkcs = "";
-                        StringBuffer sb = new StringBuffer();
-                        while ((content = d.readLine()) != null) {
-                            sb.append(content);
-                            sb.append("\n");
-                        }
-
-                        pkcs = sb.toString();
-                        if (d != null) {
-                            d.close();
-                        }
-                        pkcs = pkcs.substring(0, pkcs.length() - 1);
-                    }
-                }
-            } catch (IOException ee) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                throw new EBaseException(
-                        CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
-            }
-
-            pkcs = pkcs.trim();
-            pathname = serverRoot + File.separator + serverID
-                     + File.separator + "config" + File.separator + pathname;
-
-            ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                    CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-            //String nickname = getNickname(certType);
-            String nicknameWithoutTokenName = "";
-
-            int index = nickname.indexOf(":");
-
-            if (index == -1)
-                nicknameWithoutTokenName = nickname;
-            else if (index > 0 && (index < (nickname.length() - 1))) {
-                tokenName = nickname.substring(0, index);
-                nicknameWithoutTokenName = nickname.substring(index + 1);
-            } else {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                throw new EBaseException(
-                        CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
-            }
-
-            /*
-            if (certType.equals(Constants.PR_CA_SIGNING_CERT) ||
-                certType.equals(Constants.PR_RA_SIGNING_CERT) ||
-                certType.equals(Constants.PR_OCSP_SIGNING_CERT) ||
-                certType.equals(Constants.PR_KRA_TRANSPORT_CERT) ||
-                certType.equals(Constants.PR_SERVER_CERT) ||
-                certType.equals(Constants.PR_SERVER_CERT_RADM)) {
-                    String oldnickname = getNickname(certType);
-                    try {
-                        jssSubsystem.deleteTokenCertificate(oldnickname,
-                                                            pathname);
-                        //jssSubsystem.deleteTokenCertificate(nickname,
-                                                              pathname);
-                    } catch (EBaseException e) {
-                        // skip it
-                    }
-            } else {
-                try {
-                    jssSubsystem.deleteTokenCertificate(nickname, pathname);
-                } catch (EBaseException e) {
-                    // skip it
-                }
-            }
-            */
-
-            // 600124 - renewal of SSL crash the server
-            // we now do not delete previously installed certificates.
-
-            // Same Subject   | Same Nickname |  Same Key  |     Legal
-            // -----------------------------------------------------------
-            // 1.   Yes             Yes            No              Yes
-            // 2.   Yes             Yes            Yes             Yes
-            // 3.   No              No             Yes             Yes
-            // 4.   No              No             No              Yes
-            // 5.   No              Yes            Yes             No
-            // 6.   No              Yes            No              No
-            // 7.   Yes             No             Yes             No
-            // 8.   Yes             No             No              No
-
-            // Based on above table, the following cases are permitted:
-            // Existing Key:
-            // 	(a) Same Subject & Same Nickname	        --- (2)
-            // 	(b) Different Subject & Different Nickname	--- (3)
-            //          (In order to support Case b., we need to use a different
-            //		nickname).
-            // New Key:
-            //      (c) Same Subject & Same Nickname                --- (1)
-            // 	(d) Different Subject & Different Nickname	--- (4)
-            //          (In order to support Case b., we need to use a different
-            //		nickname).
-            //
-
-            CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: "
-                    + nicknameWithoutTokenName);
-            try {
-                jssSubSystem.importCert(pkcs, nicknameWithoutTokenName,
-                        certType);
-            } catch (EBaseException e) {
-
-                boolean certFound = false;
-
-                String eString = e.toString();
-                if (eString.contains("Failed to find certificate that was just imported")) {
-                    CMS.debug("CMSAdminServlet.installCert(): nickname="
-                            + nicknameWithoutTokenName + " TokenException: " + eString);
-
-                    X509Certificate cert = null;
-                    try {
-                        cert = CryptoManager.getInstance().findCertByNickname(nickname);
-                        if (cert != null) {
-                            certFound = true;
-                        }
-                        CMS.debug("CMSAdminServlet.installCert() Found cert just imported: " + nickname);
-                    } catch (Exception ex) {
-                        CMS.debug("CMSAdminServlet.installCert() Can't find cert just imported: " + ex.toString());
-                    }
-                }
-
-                if (!certFound) {
-                    // if it fails, let use a different nickname to try
-                    Date now = new Date();
-                    String newNickname = nicknameWithoutTokenName + "-" +
-                                     now.getTime();
-
-                    jssSubSystem.importCert(pkcs, newNickname, certType);
-                    nicknameWithoutTokenName = newNickname;
-                    if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
-                        nickname = newNickname;
-                    } else {
-                        nickname = tokenName + ":" + newNickname;
-                    }
-                    CMS.debug("CMSAdminServlet: installCert():  After second install attempt following initial error: nickname="
-                            + nickname);
-                }
-            }
-
-            if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
-                ICertificateAuthority ca =
-                        (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-                ISigningUnit signingUnit = ca.getSigningUnit();
-                String signatureAlg =
-                        jssSubSystem.getSignatureAlgorithm(nickname);
-
-                signingUnit.setDefaultAlgorithm(signatureAlg);
-                setCANewnickname("", "");
-                try {
-                    CertificateExtensions extensions = null;
-
-                    if (nickname.equals(nicknameWithoutTokenName)) {
-                        signingUnit.updateConfig(nickname,
-                                Constants.PR_INTERNAL_TOKEN_NAME);
-                        extensions = jssSubSystem.getExtensions(
-                                Constants.PR_INTERNAL_TOKEN_NAME, nickname);
-                    } else {
-                        String tokenname1 = nickname.substring(0, index);
-
-                        signingUnit.updateConfig(nickname, tokenname1);
-                        extensions = jssSubSystem.getExtensions(tokenname1,
-                                nicknameWithoutTokenName);
-                    }
-                    if (extensions != null) {
-                        BasicConstraintsExtension basic =
-                                (BasicConstraintsExtension)
-                                extensions.get(BasicConstraintsExtension.NAME);
-
-                        if (basic == null)
-                            log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL"));
-                        else {
-                            Integer pathlen = (Integer)
-                                    basic.get(BasicConstraintsExtension.PATH_LEN);
-                            int num = pathlen.intValue();
-
-                            if (num == 0)
-                                ca.setBasicConstraintMaxLen(num);
-                            else if (num > 0) {
-                                num = num - 1;
-                                ca.setBasicConstraintMaxLen(num);
-                            }
-                        }
-                    } else {
-                        log(CMS.getLogMessage("ADMIN_SRVLT_CERT_NO_EXT"));
-                    }
-                } catch (Exception eee) {
-                    log("CMSAdminServlet: Exception: " + eee.toString());
-                }
-            } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) {
-                setRANewnickname("", "");
-                IRegistrationAuthority ra =
-                        (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
-
-                ra.setNickname(nickname);
-            } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
-                setOCSPNewnickname("", "");
-                IOCSPAuthority ocsp =
-                        (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
-
-                if (ocsp != null) {
-                    ISigningUnit signingUnit = ocsp.getSigningUnit();
-
-                    if (nickname.equals(nicknameWithoutTokenName)) {
-                        signingUnit.updateConfig(nickname,
-                                Constants.PR_INTERNAL_TOKEN_NAME);
-                    } else {
-                        String tokenname1 = nickname.substring(0, index);
-
-                        signingUnit.updateConfig(nickname, tokenname1);
-                    }
-                } else {
-                    ICertificateAuthority ca =
-                            (ICertificateAuthority)
-                            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-                    ISigningUnit signingUnit = ca.getOCSPSigningUnit();
-
-                    if (nickname.equals(nicknameWithoutTokenName)) {
-                        signingUnit.updateConfig(nickname,
-                                Constants.PR_INTERNAL_TOKEN_NAME);
-                    } else {
-                        String tokenname1 = nickname.substring(0, index);
-
-                        signingUnit.updateConfig(nickname, tokenname1);
-                    }
-                }
-            } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) {
-                setKRANewnickname("", "");
-                IKeyRecoveryAuthority kra =
-                        (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
-
-                kra.setNickname(nickname);
-            } else if (certType.equals(Constants.PR_SERVER_CERT)) {
-                setAgentNewnickname("", "");
-                //modifyRADMCert(nickname);
-                modifyAgentGatewayCert(nickname);
-                if (isSubsystemInstalled("ra")) {
-                    IRegistrationAuthority ra =
-                            (IRegistrationAuthority)
-                            CMS.getSubsystem(CMS.SUBSYSTEM_RA);
-
-                    modifyEEGatewayCert(ra, nickname);
-                }
-                if (isSubsystemInstalled("ca")) {
-                    ICertificateAuthority ca =
-                            (ICertificateAuthority)
-                            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-
-                    modifyCAGatewayCert(ca, nickname);
-                }
-            } else if (certType.equals(Constants.PR_SERVER_CERT_RADM)) {
-                setRADMNewnickname("", "");
-                modifyRADMCert(nickname);
-            }
-
-            boolean verified = CMS.verifySystemCertByNickname(nickname, null);
-            if (verified == true) {
-                CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:" + nickname);
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                                nickname);
-
-                audit(auditMessage);
-            } else {
-                CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:" + nickname);
-                auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                nickname);
-
-                audit(auditMessage);
-            }
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            mConfig.commit(true);
-            if (verified == true) {
-                sendResponse(SUCCESS, null, null, resp);
-            } else {
-                sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_CERT_VALIDATE_FAILED"),
-                        null, resp);
-            }
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    /**
-     * For "importing" cross-signed cert into internal db for further
-     * cross pair matching and publishing
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Certificate Setup Wizard" is used to
-     * import a CA cross-signed certificate into the database
-     * </ul>
-     *
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException failed to import a cross-certificate pair
-     */
-    private void importXCert(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String b64Cert = "";
-            String pathname = "";
-            String serverRoot = "";
-            String serverID = "";
-            String certpath = "";
-            Enumeration<String> enum1 = req.getParameterNames();
-            NameValuePairs results = new NameValuePairs();
-
-            while (enum1.hasMoreElements()) {
-                String key = enum1.nextElement();
-                String value = req.getParameter(key);
-
-                // really should be PR_CERT_CONTENT
-                if (key.equals(Constants.PR_PKCS10))
-                    b64Cert = value;
-                else if (key.equals("pathname"))
-                    pathname = value;
-                else if (key.equals(Constants.PR_SERVER_ROOT))
-                    serverRoot = value;
-                else if (key.equals(Constants.PR_SERVER_ID))
-                    serverID = value;
-                else if (key.equals(Constants.PR_CERT_FILEPATH))
-                    certpath = value;
-            }
-
-            try {
-                if (b64Cert == null || b64Cert.equals("")) {
-                    if (certpath == null || certpath.equals("")) {
-                        // store a message in the signed audit log file
-                        auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                        audit(auditMessage);
-
-                        EBaseException ex = new EBaseException(
-                                CMS.getLogMessage("BASE_INVALID_FILE_PATH"));
-
-                        throw ex;
-                    } else {
-                        FileInputStream in = new FileInputStream(certpath);
-                        BufferedReader d =
-                                new BufferedReader(new InputStreamReader(in));
-                        String content = "";
-
-                        b64Cert = "";
-                        StringBuffer sb = new StringBuffer();
-                        while ((content = d.readLine()) != null) {
-                            sb.append(content);
-                            sb.append("\n");
-                        }
-                        b64Cert = sb.toString();
-                        if (d != null) {
-                            d.close();
-                        }
-                        b64Cert = b64Cert.substring(0, b64Cert.length() - 1);
-                    }
-                }
-            } catch (IOException ee) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                throw new EBaseException(
-                        CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
-            }
-            CMS.debug("CMSAdminServlet: got b64Cert");
-            b64Cert = Cert.stripBrackets(b64Cert.trim());
-
-            // Base64 decode cert
-            byte[] bCert = null;
-
-            try {
-                bCert = Utils.base64decode(b64Cert);
-            } catch (Exception e) {
-                CMS.debug("CMSAdminServlet: exception: " + e.toString());
-            }
-
-            pathname = serverRoot + File.separator + serverID
-                     + File.separator + "config" + File.separator + pathname;
-
-            ICrossCertPairSubsystem ccps =
-                    (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair");
-
-            try {
-                //this will import into internal ldap crossCerts entry
-                ccps.importCert(bCert);
-            } catch (Exception e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(1, "xcert importing failure:" + e.toString(),
-                             null, resp);
-                return;
-            }
-
-            try {
-                // this will publish all of the cross cert pairs from internal
-                // db to publishing directory, if turned on
-                ccps.publishCertPairs();
-            } catch (EBaseException e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(1, "xcerts publishing failure:" + e.toString(), null, resp);
-                return;
-            }
-
-            ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                    CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-            String content = jssSubSystem.getCertPrettyPrint(b64Cert,
-                    super.getLocale(req));
-
-            results.put(Constants.PR_NICKNAME, "FBCA cross-signed cert");
-            results.put(Constants.PR_CERT_CONTENT, content);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, results, resp);
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    private String getNickname(String certType) throws EBaseException {
-        String nickname = "";
-
-        if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
-            ICertificateAuthority ca =
-                    (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-            ISigningUnit signingUnit = ca.getSigningUnit();
-
-            nickname = signingUnit.getNickname();
-        } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
-            IOCSPAuthority ocsp =
-                    (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
-
-            if (ocsp == null) {
-                // this is a local CA service
-                ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-                ISigningUnit signingUnit = ca.getOCSPSigningUnit();
-
-                nickname = signingUnit.getNickname();
-            } else {
-                ISigningUnit signingUnit = ocsp.getSigningUnit();
-
-                nickname = signingUnit.getNickname();
-            }
-        } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) {
-            IRegistrationAuthority ra =
-                    (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
-
-            nickname = ra.getNickname();
-        } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) {
-            IKeyRecoveryAuthority kra =
-                    (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
-
-            nickname = kra.getNickname();
-        } else if (certType.equals(Constants.PR_SERVER_CERT)) {
-            nickname = CMS.getServerCertNickname();
-        } else if (certType.equals(Constants.PR_SERVER_CERT_RADM)) {
-            nickname = CMS.getServerCertNickname();
-        }
-
-        return nickname;
-    }
-
-    private void getCertInfo(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        Enumeration<String> enum1 = req.getParameterNames();
-        NameValuePairs results = new NameValuePairs();
-        String pkcs = "";
-        String path = "";
-        String certType = "";
-        String otherNickname = "";
-
-        while (enum1.hasMoreElements()) {
-            String key = enum1.nextElement();
-            String value = req.getParameter(key);
-
-            if (key.equals(Constants.PR_PKCS10)) {
-                pkcs = value;
-            } else if (key.equals(Constants.RS_ID)) {
-                certType = value;
-            } else if (key.equals(Constants.PR_CERT_FILEPATH)) {
-                path = value;
-            } else if (key.equals(Constants.PR_NICKNAME)) {
-                otherNickname = value;
-            }
-        }
-
-        try {
-            if (pkcs == null || pkcs.equals("")) {
-
-                if (path == null || path.equals("")) {
-                    EBaseException ex = new EBaseException(
-                            CMS.getLogMessage("BASE_INVALID_FILE_PATH"));
-
-                    throw ex;
-                } else {
-                    FileInputStream in = new FileInputStream(path);
-                    BufferedReader d =
-                            new BufferedReader(new InputStreamReader(in));
-                    String content = "";
-
-                    pkcs = "";
-                    StringBuffer sb = new StringBuffer();
-                    while ((content = d.readLine()) != null) {
-                        sb.append(content);
-                        sb.append("\n");
-                    }
-                    pkcs = sb.toString();
-                    if (d != null) {
-                        d.close();
-                    }
-                    pkcs = pkcs.substring(0, pkcs.length() - 1);
-                }
-            }
-        } catch (IOException ee) {
-            throw new EBaseException(CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
-        }
-
-        pkcs = pkcs.trim();
-        int totalLen = pkcs.length();
-
-        if (pkcs.indexOf(BEGIN_HEADER) != 0 ||
-                pkcs.indexOf(END_HEADER) != (totalLen - 25)) {
-            throw (new EBaseException(CMS.getLogMessage("BASE_INVALID_CERT_FORMAT")));
-        }
-
-        String nickname = "";
-
-        if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
-            nickname = getCANewnickname();
-        } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) {
-            nickname = getRANewnickname();
-        } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) {
-            nickname = getKRANewnickname();
-        } else if (certType.equals(Constants.PR_SERVER_CERT)) {
-            nickname = getAgentNewnickname();
-        } else if (certType.equals(Constants.PR_SERVER_CERT_RADM)) {
-            nickname = getRADMNewnickname();
-        } else if (certType.equals(Constants.PR_OTHER_CERT)) {
-            nickname = otherNickname;
-        } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
-            nickname = getOCSPNewnickname();
-        }
-        if (nickname.equals(""))
-            nickname = getNickname(certType);
-
-        ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-        String content = jssSubSystem.getCertPrettyPrint(pkcs,
-                super.getLocale(req));
-
-        if (nickname != null && !nickname.equals(""))
-            results.put(Constants.PR_NICKNAME, nickname);
-        results.put(Constants.PR_CERT_CONTENT, content);
-        //results = jssSubSystem.getCertInfo(value);
-
-        sendResponse(SUCCESS, null, results, resp);
-    }
-
-    private void getCertPrettyPrint(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        Enumeration<String> enum1 = req.getParameterNames();
-        ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-        String nickname = "";
-        String serialno = "";
-        String issuername = "";
-        Locale locale = super.getLocale(req);
-        NameValuePairs pairs = new NameValuePairs();
-
-        while (enum1.hasMoreElements()) {
-            String key = enum1.nextElement();
-            String value = req.getParameter(key);
-
-            if (key.equals(Constants.OP_TYPE))
-                continue;
-            if (key.equals(Constants.RS_ID))
-                continue;
-            if (key.equals(Constants.OP_SCOPE))
-                continue;
-            if (key.equals(Constants.PR_NICK_NAME)) {
-                nickname = value;
-                continue;
-            }
-            if (key.equals(Constants.PR_SERIAL_NUMBER)) {
-                serialno = value;
-                continue;
-            }
-            if (key.equals(Constants.PR_ISSUER_NAME)) {
-                issuername = value;
-                continue;
-            }
-        }
-
-        String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname,
-                serialno, issuername, locale);
-        pairs.put(nickname, print);
-
-        sendResponse(SUCCESS, null, pairs, resp);
-    }
-
-    private void getRootCertTrustBit(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        Enumeration<String> enum1 = req.getParameterNames();
-        ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-        String nickname = "";
-        String serialno = "";
-        String issuername = "";
-        NameValuePairs pairs = new NameValuePairs();
-
-        while (enum1.hasMoreElements()) {
-            String key = enum1.nextElement();
-            String value = req.getParameter(key);
-
-            if (key.equals(Constants.OP_TYPE))
-                continue;
-            if (key.equals(Constants.RS_ID))
-                continue;
-            if (key.equals(Constants.OP_SCOPE))
-                continue;
-            if (key.equals(Constants.PR_NICK_NAME)) {
-                nickname = value;
-                continue;
-            }
-            if (key.equals(Constants.PR_SERIAL_NUMBER)) {
-                serialno = value;
-                continue;
-            }
-            if (key.equals(Constants.PR_ISSUER_NAME)) {
-                issuername = value;
-                continue;
-            }
-        }
-
-        String trustbit = jssSubSystem.getRootCertTrustBit(nickname,
-                serialno, issuername);
-        pairs.put(nickname, trustbit);
-
-        sendResponse(SUCCESS, null, pairs, resp);
-    }
-
-    private void getCACerts(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-        NameValuePairs pairs = jssSubSystem.getCACerts();
-
-        sendResponse(SUCCESS, null, pairs, resp);
-    }
-
-    private void deleteRootCert(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        String id = req.getParameter(Constants.RS_ID);
-        ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-        int mindex = id.indexOf(":SERIAL#<");
-        String nickname = id.substring(0, mindex);
-        String sstr1 = id.substring(mindex);
-        int lindex = sstr1.indexOf(">");
-        String serialno = sstr1.substring(9, lindex);
-        String issuername = sstr1.substring(lindex + 1);
-        jssSubSystem.deleteRootCert(nickname, serialno, issuername);
-        sendResponse(SUCCESS, null, null, resp);
-    }
-
-    private void deleteUserCert(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        String id = req.getParameter(Constants.RS_ID);
-        ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-        int mindex = id.indexOf(":SERIAL#<");
-        String nickname = id.substring(0, mindex);
-        String sstr1 = id.substring(mindex);
-        int lindex = sstr1.indexOf(">");
-        String serialno = sstr1.substring(9, lindex);
-        String issuername = sstr1.substring(lindex + 1);
-        jssSubSystem.deleteUserCert(nickname, serialno, issuername);
-        sendResponse(SUCCESS, null, null, resp);
-    }
-
-    private void getRootCerts(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-        NameValuePairs pairs = jssSubSystem.getRootCerts();
-
-        sendResponse(SUCCESS, null, pairs, resp);
-    }
-
-    private void getAllCertsManage(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-        NameValuePairs pairs = jssSubSystem.getAllCertsManage();
-
-        sendResponse(SUCCESS, null, pairs, resp);
-    }
-
-    private void getUserCerts(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-        NameValuePairs pairs = jssSubSystem.getUserCerts();
-        sendResponse(SUCCESS, null, pairs, resp);
-    }
-
-    private void deleteCerts(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        Enumeration<String> enum1 = req.getParameterNames();
-        ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-        String nickname = "";
-        String date = "";
-
-        while (enum1.hasMoreElements()) {
-            String key = enum1.nextElement();
-            String value = req.getParameter(key);
-
-            if (key.equals(Constants.OP_TYPE))
-                continue;
-            if (key.equals(Constants.RS_ID))
-                continue;
-            if (key.equals(Constants.OP_SCOPE))
-                continue;
-            int index = value.indexOf(";");
-
-            nickname = value.substring(0, index);
-            date = value.substring(index + 1);
-            // cant use this one now since jss doesnt have the interface to
-            // do it.
-            jssSubSystem.deleteCert(nickname, date);
-            //            jssSubsystem.deleteCACert(nickname, date);
-        }
-
-        sendResponse(SUCCESS, null, null, resp);
-    }
-
-    private void validateSubjectName(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        Enumeration<String> enum1 = req.getParameterNames();
-
-        while (enum1.hasMoreElements()) {
-            String key = enum1.nextElement();
-            String value = req.getParameter(key);
-
-            if (key.equals(Constants.PR_SUBJECT_NAME)) {
-                ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                        CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-
-                jssSubSystem.isX500DN(value);
-            }
-        }
-
-        sendResponse(SUCCESS, null, null, resp);
-    }
-
-    private void validateKeyLength(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        sendResponse(SUCCESS, null, null, resp);
-    }
-
-    private void validateCurveName(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        Enumeration<String> enum1 = req.getParameterNames();
-        String curveName = null;
-
-        while (enum1.hasMoreElements()) {
-            String key = enum1.nextElement();
-            String value = req.getParameter(key);
-
-            if (key.equals(Constants.PR_KEY_CURVENAME)) {
-                curveName = value;
-            }
-        }
-        // check that the curvename is in the list of supported curves
-        String curveList = mConfig.getString("keys.ecc.curve.list", "nistp521");
-        String[] curves = curveList.split(",");
-        boolean match = false;
-        for (int i = 0; i < curves.length; i++) {
-            if (curves[i].equals(curveName)) {
-                match = true;
-            }
-        }
-        if (!match) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ECC_CURVE_NAME"));
-        }
-
-        sendResponse(SUCCESS, null, null, resp);
-    }
-
-    private void validateCertExtension(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        Enumeration<String> enum1 = req.getParameterNames();
-        String certExt = "";
-
-        while (enum1.hasMoreElements()) {
-            String key = enum1.nextElement();
-            String value = req.getParameter(key);
-
-            if (key.equals(ConfigConstants.PR_CERTIFICATE_EXTENSION)) {
-                certExt = value;
-                break;
-            }
-        }
-
-        ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-
-        jssSubSystem.checkCertificateExt(certExt);
-        sendResponse(SUCCESS, null, null, resp);
-    }
-
-    private void getSubjectName(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<String> enum1 = req.getParameterNames();
-
-        String nickname = "";
-
-        while (enum1.hasMoreElements()) {
-            String key = enum1.nextElement();
-            String value = req.getParameter(key);
-
-            if (key.equals(Constants.RS_ID)) {
-                nickname = getNickname(value);
-                break;
-            }
-        }
-
-        ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-        String subjectName = jssSubSystem.getSubjectDN(nickname);
-
-        params.put(Constants.PR_SUBJECT_NAME, subjectName);
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private void processSubjectName(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<String> enum1 = req.getParameterNames();
-
-        String nickname = "";
-
-        while (enum1.hasMoreElements()) {
-            String key = enum1.nextElement();
-            String value = req.getParameter(key);
-
-            if (key.equals(Constants.PR_NICKNAME)) {
-                nickname = value;
-            }
-        }
-
-        ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-        String subjectName = jssSubSystem.getSubjectDN(nickname);
-
-        params.put(Constants.PR_SUBJECT_NAME, subjectName);
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    public void setRootCertTrust(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String nickname = req.getParameter(Constants.PR_NICK_NAME);
-        String serialno = req.getParameter(Constants.PR_SERIAL_NUMBER);
-        String issuername = req.getParameter(Constants.PR_ISSUER_NAME);
-        String trust = req.getParameter("trustbit");
-
-        CMS.debug("CMSAdminServlet: setRootCertTrust()");
-
-        ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-        try {
-            jssSubSystem.setRootCertTrust(nickname, serialno, issuername, trust);
-        } catch (EBaseException e) {
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-            // rethrow the specific exception to be handled later
-            throw e;
-        }
-
-        // store a message in the signed audit log file
-        auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                    auditSubjectID,
-                    ILogger.SUCCESS,
-                    auditParams(req));
-
-        audit(auditMessage);
-
-        sendResponse(SUCCESS, null, null, resp);
-    }
-
-    /**
-     * Establish trust of a CA certificate
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Manage Certificate" is used to edit
-     * the trustness of certs and deletion of certs
-     * </ul>
-     *
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException failed to establish CA certificate trust
-     */
-    private void trustCACert(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        CMS.debug("CMSAdminServlet: trustCACert()");
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            Enumeration<String> enum1 = req.getParameterNames();
-            ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                    CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-            String trust = "";
-
-            while (enum1.hasMoreElements()) {
-                String key = enum1.nextElement();
-                String value = req.getParameter(key);
-
-                if (key.equals(Constants.RS_ID)) {
-                    trust = value;
-                } else if (key.equals("certName0")) {
-                    int index = value.indexOf(";");
-                    String nickname = value.substring(0, index);
-                    String date = value.substring(index + 1);
-
-                    jssSubSystem.trustCert(nickname, date, trust);
-                }
-            }
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            //sendResponse(SUCCESS, null, null, resp);
-            sendResponse(RESTART, null, null, resp);
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    /**
-     * Execute all self tests specified to be run on demand.
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION used when self tests are run on demand
-     * </ul>
-     *
-     * @exception EMissingSelfTestException a self test plugin instance
-     *                property name was missing
-     * @exception ESelfTestException a self test is missing a required
-     *                configuration parameter
-     * @exception IOException an input/output error has occurred
-     */
-    private synchronized void
-            runSelfTestsOnDemand(HttpServletRequest req,
-                    HttpServletResponse resp)
-                    throws EMissingSelfTestException,
-                    ESelfTestException,
-                    IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            if (CMS.debugOn()) {
-                CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():"
-                        + "  ENTERING . . .");
-            }
-            Enumeration<String> enum1 = req.getParameterNames();
-            String request = "";
-            NameValuePairs results = new NameValuePairs();
-            String content = "";
-            String instanceName = null;
-            String instanceFullName = null;
-            String logMessage = null;
-
-            while (enum1.hasMoreElements()) {
-                String key = enum1.nextElement();
-                String value = req.getParameter(key);
-
-                if (key.equals(Constants.PR_RUN_SELFTESTS_ON_DEMAND)) {
-                    request = value;
-                }
-            }
-
-            ISelfTestSubsystem mSelfTestSubsystem = (ISelfTestSubsystem)
-                    CMS.getSubsystem(CMS.SUBSYSTEM_SELFTESTS);
-
-            if ((request == null) ||
-                    (request.equals(""))) {
-                // self test plugin run on demand request parameter was missing
-                // log the error
-                logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_REQUEST",
-                            getServletInfo(),
-                            Constants.PR_RUN_SELFTESTS_ON_DEMAND
-                        );
-
-                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                        logMessage);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
-                            auditSubjectID,
-                            ILogger.FAILURE);
-
-                audit(auditMessage);
-
-                // notify console of FAILURE
-                content += logMessage
-                        + "\n";
-                sendResponse(ERROR, content, null, resp);
-
-                // raise an exception
-                throw new ESelfTestException(logMessage);
-            }
-
-            // run all self test plugin instances (designated on-demand)
-            String[] selftests = mSelfTestSubsystem.listSelfTestsEnabledOnDemand();
-
-            if (selftests != null && selftests.length > 0) {
-                // log that execution of on-demand self tests has begun
-                logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND",
-                            getServletInfo());
-
-                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                        logMessage);
-
-                // store this information for console notification
-                content += logMessage
-                        + "\n";
-
-                for (int i = 0; i < selftests.length; i++) {
-                    if (selftests[i] != null) {
-                        instanceName = selftests[i].trim();
-                        instanceFullName = ISelfTestSubsystem.ID
-                                + "."
-                                + ISelfTestSubsystem.PROP_CONTAINER
-                                + "."
-                                + ISelfTestSubsystem.PROP_INSTANCE
-                                + "."
-                                + instanceName;
-                    } else {
-                        // self test plugin instance property name was missing
-                        // log the error
-                        logMessage = CMS.getLogMessage(
-                                    "SELFTESTS_PARAMETER_WAS_NULL",
-                                    getServletInfo());
-
-                        mSelfTestSubsystem.log(
-                                mSelfTestSubsystem.getSelfTestLogger(),
-                                logMessage);
-
-                        // store a message in the signed audit log file
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
-                                    auditSubjectID,
-                                    ILogger.FAILURE);
-
-                        audit(auditMessage);
-
-                        // notify console of FAILURE
-                        content += logMessage
-                                + "\n";
-                        sendResponse(ERROR, content, null, resp);
-
-                        // raise an exception
-                        throw new EMissingSelfTestException();
-                    }
-
-                    ISelfTest test = mSelfTestSubsystem.getSelfTest(instanceName);
-
-                    if (test == null) {
-                        // self test plugin instance property name is not present
-                        // log the error
-                        logMessage = CMS.getLogMessage("SELFTESTS_MISSING_NAME",
-                                    getServletInfo(),
-                                    instanceFullName);
-
-                        mSelfTestSubsystem.log(
-                                mSelfTestSubsystem.getSelfTestLogger(),
-                                logMessage);
-
-                        // store a message in the signed audit log file
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
-                                    auditSubjectID,
-                                    ILogger.FAILURE);
-
-                        audit(auditMessage);
-
-                        // notify console of FAILURE
-                        content += logMessage
-                                + "\n";
-                        sendResponse(ERROR, content, null, resp);
-
-                        // raise an exception
-                        throw new EMissingSelfTestException(instanceFullName);
-                    }
-
-                    try {
-                        if (CMS.debugOn()) {
-                            CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():"
-                                    + "    running \""
-                                    + test.getSelfTestName()
-                                    + "\"");
-                        }
-
-                        // store this information for console notification
-                        content += "CMSAdminServlet::runSelfTestsOnDemand():"
-                                + "    running \""
-                                + test.getSelfTestName()
-                                + "\" . . .\n";
-
-                        test.runSelfTest(mSelfTestSubsystem.getSelfTestLogger());
-
-                        // store this information for console notification
-                        content += "COMPLETED SUCCESSFULLY\n";
-                    } catch (ESelfTestException e) {
-                        // Check to see if the self test was critical:
-                        if (mSelfTestSubsystem.isSelfTestCriticalOnDemand(
-                                instanceName)) {
-                            // log the error
-                            logMessage = CMS.getLogMessage(
-                                        "SELFTESTS_RUN_ON_DEMAND_FAILED",
-                                        getServletInfo(),
-                                        instanceFullName);
-
-                            mSelfTestSubsystem.log(
-                                    mSelfTestSubsystem.getSelfTestLogger(),
-                                    logMessage);
-
-                            // store a message in the signed audit log file
-                            auditMessage = CMS.getLogMessage(
-                                        LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
-                                        auditSubjectID,
-                                        ILogger.FAILURE);
-
-                            audit(auditMessage);
-
-                            // notify console of FAILURE
-                            content += "FAILED WITH CRITICAL ERROR\n";
-                            content += logMessage
-                                    + "\n";
-                            sendResponse(ERROR, content, null, resp);
-
-                            // shutdown the system gracefully
-                            CMS.shutdown();
-
-                            return;
-                        } else {
-                            // store this information for console notification
-                            content += "FAILED WITH NON-CRITICAL ERROR\n";
-                        }
-                    }
-                }
-
-                // log that execution of all "critical" on-demand self tests
-                // has completed "successfully"
-                logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_SUCCEEDED",
-                            getServletInfo());
-                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                        logMessage);
-
-                // store this information for console notification
-                content += logMessage
-                        + "\n";
-            } else {
-                // log this fact
-                logMessage = CMS.getLogMessage("SELFTESTS_NOT_RUN_ON_DEMAND",
-                            getServletInfo());
-
-                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                        logMessage);
-
-                // store this information for console notification
-                content += logMessage
-                        + "\n";
-            }
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
-                        auditSubjectID,
-                        ILogger.SUCCESS);
-
-            audit(auditMessage);
-
-            // notify console of SUCCESS
-            results.put(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CLASS,
-                    CMSAdminServlet.class.getName());
-            results.put(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CONTENT,
-                    content);
-            sendResponse(SUCCESS, null, results, resp);
-
-            if (CMS.debugOn()) {
-                CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():"
-                        + "  EXITING.");
-            }
-        } catch (EMissingSelfTestException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
-                        auditSubjectID,
-                        ILogger.FAILURE);
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (ESelfTestException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
-                        auditSubjectID,
-                        ILogger.FAILURE);
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-        } catch (IOException eAudit3) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
-                        auditSubjectID,
-                        ILogger.FAILURE);
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit3;
-        }
-    }
-
-    public void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "CMSAdminServlet: " + msg);
-    }
-
-    /**
-     * Signed Audit Log Public Key
-     *
-     * This method is called to obtain the public key from the passed in
-     * "KeyPair" object for a signed audit log message.
-     * <P>
-     *
-     * @param object a Key Pair Object
-     * @return key string containing the public key
-     */
-    private String auditPublicKey(KeyPair object) {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        if (object == null) {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        byte rawData[] = null;
-
-        rawData = object.getPublic().getEncoded();
-
-        String key = null;
-        StringBuffer sb = new StringBuffer();
-
-        // convert "rawData" into "base64Data"
-        if (rawData != null) {
-            String base64Data = null;
-
-            base64Data = Utils.base64encode(rawData).trim();
-
-            // extract all line separators from the "base64Data"
-            for (int i = 0; i < base64Data.length(); i++) {
-                if (base64Data.substring(i, i).getBytes() != EOL) {
-                    sb.append(base64Data.substring(i, i));
-                }
-            }
-        }
-        key = sb.toString();
-
-        if (key != null) {
-            key = key.trim();
-
-            if (key.equals("")) {
-                return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-            } else {
-                return key;
-            }
-        } else {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/GroupMemberProcessor.java b/base/common/src/com/netscape/cms/servlet/admin/GroupMemberProcessor.java
deleted file mode 100644
index 399b97d0c..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/GroupMemberProcessor.java
+++ /dev/null
@@ -1,394 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2013 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.admin;
-
-import java.net.URI;
-import java.net.URLEncoder;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Map;
-
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriInfo;
-
-import org.jboss.resteasy.plugins.providers.atom.Link;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.BadRequestException;
-import com.netscape.certsrv.base.ConflictingOperationException;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.base.ResourceNotFoundException;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.common.OpDef;
-import com.netscape.certsrv.common.ScopeDef;
-import com.netscape.certsrv.group.GroupMemberCollection;
-import com.netscape.certsrv.group.GroupMemberData;
-import com.netscape.certsrv.group.GroupNotFoundException;
-import com.netscape.certsrv.group.GroupResource;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.IAuditor;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.usrgrp.IGroup;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.cms.servlet.processors.Processor;
-
-/**
- * @author Endi S. Dewata
- */
-public class GroupMemberProcessor extends Processor {
-
-    public final static int DEFAULT_SIZE = 20;
-
-    public final static String MULTI_ROLE_ENABLE = "multiroles.enable";
-    public final static String MULTI_ROLE_ENFORCE_GROUP_LIST = "multiroles.false.groupEnforceList";
-
-    public static String[] multiRoleGroupEnforceList;
-
-    public IUGSubsystem userGroupManager = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
-
-    protected UriInfo uriInfo;
-
-    public GroupMemberProcessor(Locale locale) throws EBaseException {
-        super("group", locale);
-    }
-
-    public UriInfo getUriInfo() {
-        return uriInfo;
-    }
-
-    public void setUriInfo(UriInfo uriInfo) {
-        this.uriInfo = uriInfo;
-    }
-
-    public GroupMemberData createGroupMemberData(String groupID, String memberID) throws Exception {
-
-        GroupMemberData groupMemberData = new GroupMemberData();
-        groupMemberData.setID(memberID);
-        groupMemberData.setGroupID(groupID);
-
-        URI uri = uriInfo.getBaseUriBuilder()
-                .path(GroupResource.class)
-                .path("{groupID}/members/{memberID}")
-                .build(
-                        URLEncoder.encode(groupID, "UTF-8"),
-                        URLEncoder.encode(memberID, "UTF-8"));
-
-        groupMemberData.setLink(new Link("self", uri));
-
-        return groupMemberData;
-    }
-
-    public GroupMemberCollection findGroupMembers(String groupID, Integer start, Integer size) {
-        try {
-            start = start == null ? 0 : start;
-            size = size == null ? DEFAULT_SIZE : size;
-
-            if (groupID == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
-            }
-
-            IGroup group = userGroupManager.getGroupFromName(groupID);
-            if (group == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
-                throw new GroupNotFoundException(groupID);
-            }
-
-            GroupMemberCollection response = new GroupMemberCollection();
-
-            Enumeration<String> members = group.getMemberNames();
-
-            int i = 0;
-
-            // skip to the start of the page
-            for ( ; i<start && members.hasMoreElements(); i++) members.nextElement();
-
-            // return entries up to the page size
-            for ( ; i<start+size && members.hasMoreElements(); i++) {
-                String memberID = members.nextElement();
-                response.addMember(createGroupMemberData(groupID, memberID));
-            }
-
-            // count the total entries
-            for ( ; members.hasMoreElements(); i++) members.nextElement();
-
-            if (start > 0) {
-                URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", Math.max(start-size, 0)).build();
-                response.addLink(new Link("prev", uri));
-            }
-
-            if (start+size < i) {
-                URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", start+size).build();
-                response.addLink(new Link("next", uri));
-            }
-
-            return response;
-
-        } catch (PKIException e) {
-            throw e;
-
-        } catch (Exception e) {
-            CMS.debug(e);
-            throw new PKIException(getUserMessage("CMS_INTERNAL_ERROR"));
-        }
-    }
-
-    public GroupMemberData getGroupMember(String groupID, String memberID) {
-        try {
-            if (groupID == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
-            }
-
-            IGroup group = userGroupManager.getGroupFromName(groupID);
-            if (group == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
-                throw new GroupNotFoundException(groupID);
-            }
-
-            Enumeration<String> e = group.getMemberNames();
-            while (e.hasMoreElements()) {
-                String memberName = e.nextElement();
-                if (!memberName.equals(memberID)) continue;
-
-                GroupMemberData groupMemberData = createGroupMemberData(groupID, memberID);
-                return groupMemberData;
-            }
-
-            throw new ResourceNotFoundException("Group member " + memberID + " not found");
-
-        } catch (PKIException e) {
-            throw e;
-
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE, e.toString());
-            throw new PKIException(e.getMessage());
-        }
-    }
-
-    public Response addGroupMember(GroupMemberData groupMemberData) {
-        String groupID = groupMemberData.getGroupID();
-        try {
-            if (groupID == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
-            }
-
-            IGroup group = userGroupManager.getGroupFromName(groupID);
-            if (group == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
-                throw new GroupNotFoundException(groupID);
-            }
-
-            String memberID = groupMemberData.getID();
-            boolean multiRole = true;
-
-            try {
-                IConfigStore config = CMS.getConfigStore();
-                multiRole = config.getBoolean(MULTI_ROLE_ENABLE);
-            } catch (Exception e) {
-                // ignore
-            }
-
-            if (multiRole) {
-                // a user can be a member of multiple groups
-                userGroupManager.addUserToGroup(group, memberID);
-
-            } else {
-                // a user can be a member of at most one group in the enforce list
-                if (isGroupInMultiRoleEnforceList(groupID)) {
-                    // make sure the user is not already a member in another group in the list
-                    if (!isDuplicate(groupID, memberID)) {
-                        userGroupManager.addUserToGroup(group, memberID);
-                    } else {
-                        throw new ConflictingOperationException(CMS.getUserMessage("CMS_BASE_DUPLICATE_ROLES", memberID));
-                    }
-
-                } else {
-                    // the user can be a member of multiple groups outside the list
-                    userGroupManager.addUserToGroup(group, memberID);
-                }
-            }
-
-            // for audit log
-            SessionContext sContext = SessionContext.getContext();
-            String adminId = (String) sContext.get(SessionContext.USER_ID);
-
-            logger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-                    AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
-                    new Object[] { adminId, memberID, groupID });
-
-            auditAddGroupMember(groupID, groupMemberData, ILogger.SUCCESS);
-
-            // read the data back
-            groupMemberData = getGroupMember(groupID, memberID);
-
-            return Response
-                    .created(groupMemberData.getLink().getHref())
-                    .entity(groupMemberData)
-                    .type(MediaType.APPLICATION_XML)
-                    .build();
-
-        } catch (PKIException e) {
-            auditAddGroupMember(groupID, groupMemberData, ILogger.FAILURE);
-            throw e;
-
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE, e.toString());
-            auditAddGroupMember(groupID, groupMemberData, ILogger.FAILURE);
-            throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
-        }
-    }
-
-    public boolean isGroupInMultiRoleEnforceList(String groupID) {
-
-        if (groupID == null || groupID.equals("")) {
-            return true;
-        }
-
-        String groupList = null;
-        if (multiRoleGroupEnforceList == null) {
-            try {
-                IConfigStore config = CMS.getConfigStore();
-                groupList = config.getString(MULTI_ROLE_ENFORCE_GROUP_LIST);
-            } catch (Exception e) {
-                // ignore
-            }
-
-            if (groupList != null && !groupList.equals("")) {
-                multiRoleGroupEnforceList = groupList.split(",");
-                for (int j = 0; j < multiRoleGroupEnforceList.length; j++) {
-                    multiRoleGroupEnforceList[j] = multiRoleGroupEnforceList[j].trim();
-                }
-            }
-        }
-
-        if (multiRoleGroupEnforceList == null)
-            return true;
-
-        for (int i = 0; i < multiRoleGroupEnforceList.length; i++) {
-            if (groupID.equals(multiRoleGroupEnforceList[i])) {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    public boolean isDuplicate(String groupID, String memberID) {
-
-        // Let's not mess with users that are already a member of this group
-        try {
-            boolean isMember = userGroupManager.isMemberOf(memberID, groupID);
-            if (isMember == true) return false;
-
-        } catch (Exception e) {
-            // ignore
-        }
-
-        try {
-            Enumeration<IGroup> groups = userGroupManager.listGroups("*");
-            while (groups.hasMoreElements()) {
-                IGroup group = groups.nextElement();
-                String name = group.getName();
-
-                Enumeration<IGroup> g = userGroupManager.findGroups(name);
-                IGroup g1 = g.nextElement();
-
-                if (!name.equals(groupID)) {
-                    if (isGroupInMultiRoleEnforceList(name)) {
-                        Enumeration<String> members = g1.getMemberNames();
-                        while (members.hasMoreElements()) {
-                            String m1 = members.nextElement();
-                            if (m1.equals(memberID))
-                                return true;
-                        }
-                    }
-                }
-            }
-        } catch (Exception e) {
-            // ignore
-        }
-
-        return false;
-    }
-
-    public void removeGroupMember(String groupID, String memberID) {
-        GroupMemberData groupMemberData = new GroupMemberData();
-        groupMemberData.setID(memberID);
-        groupMemberData.setGroupID(groupID);
-        removeGroupMember(groupMemberData);
-    }
-
-    public void removeGroupMember(GroupMemberData groupMemberData) {
-        String groupID = groupMemberData.getGroupID();
-        try {
-            if (groupID == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
-            }
-
-            IGroup group = userGroupManager.getGroupFromName(groupID);
-            if (group == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
-                throw new GroupNotFoundException(groupID);
-            }
-
-            String memberID = groupMemberData.getID();
-            userGroupManager.removeUserFromGroup(group, memberID);
-
-            // for audit log
-            SessionContext sContext = SessionContext.getContext();
-            String adminId = (String) sContext.get(SessionContext.USER_ID);
-
-            logger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-                    AuditFormat.LEVEL, AuditFormat.REMOVEUSERGROUPFORMAT,
-                    new Object[] { adminId, memberID, groupID });
-
-            auditDeleteGroupMember(groupID, groupMemberData, ILogger.SUCCESS);
-
-        } catch (PKIException e) {
-            auditDeleteGroupMember(groupID, groupMemberData, ILogger.FAILURE);
-            throw e;
-
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE, e.toString());
-            auditDeleteGroupMember(groupID, groupMemberData, ILogger.FAILURE);
-            throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
-        }
-    }
-
-    public void log(int level, String message) {
-        log(ILogger.S_USRGRP, level, message);
-    }
-
-    public void auditAddGroupMember(String groupID, GroupMemberData groupMemberData, String status) {
-        audit(OpDef.OP_ADD, groupID, getParams(groupMemberData), status);
-    }
-
-    public void auditDeleteGroupMember(String groupID, GroupMemberData groupMemberData, String status) {
-        audit(OpDef.OP_DELETE, groupID, getParams(groupMemberData), status);
-    }
-
-    public void audit(String type, String id, Map<String, String> params, String status) {
-        audit(IAuditor.LOGGING_SIGNED_AUDIT_CONFIG_ROLE, ScopeDef.SC_GROUP_MEMBERS, type, id, params, status);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/GroupService.java b/base/common/src/com/netscape/cms/servlet/admin/GroupService.java
deleted file mode 100644
index 91fec08c4..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/GroupService.java
+++ /dev/null
@@ -1,423 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-
-package com.netscape.cms.servlet.admin;
-
-import java.net.URI;
-import java.net.URLEncoder;
-import java.util.Enumeration;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Request;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriInfo;
-
-import org.apache.commons.lang.StringUtils;
-import org.jboss.resteasy.plugins.providers.atom.Link;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.BadRequestException;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.common.OpDef;
-import com.netscape.certsrv.common.ScopeDef;
-import com.netscape.certsrv.group.GroupCollection;
-import com.netscape.certsrv.group.GroupData;
-import com.netscape.certsrv.group.GroupMemberCollection;
-import com.netscape.certsrv.group.GroupMemberData;
-import com.netscape.certsrv.group.GroupNotFoundException;
-import com.netscape.certsrv.group.GroupResource;
-import com.netscape.certsrv.logging.IAuditor;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.usrgrp.IGroup;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.cms.servlet.base.PKIService;
-import com.netscape.cmsutil.ldap.LDAPUtil;
-
-/**
- * @author Endi S. Dewata
- */
-public class GroupService extends PKIService implements GroupResource {
-
-    @Context
-    private UriInfo uriInfo;
-
-    @Context
-    private HttpHeaders headers;
-
-    @Context
-    private Request request;
-
-    @Context
-    private HttpServletRequest servletRequest;
-
-    public final static int DEFAULT_SIZE = 20;
-
-    public IUGSubsystem userGroupManager = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
-
-    public GroupData createGroupData(IGroup group) throws Exception {
-
-        GroupData groupData = new GroupData();
-
-        String id = group.getGroupID();
-        if (!StringUtils.isEmpty(id)) groupData.setID(id);
-
-        String description = group.getDescription();
-        if (!StringUtils.isEmpty(description)) groupData.setDescription(description);
-
-        String groupID = URLEncoder.encode(groupData.getID(), "UTF-8");
-        URI uri = uriInfo.getBaseUriBuilder().path(GroupResource.class).path("{groupID}").build(groupID);
-        groupData.setLink(new Link("self", uri));
-
-        return groupData;
-    }
-
-    /**
-     * Searches for users in LDAP directory.
-     *
-     * Request/Response Syntax:
-     * http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#user-admin
-     */
-    @Override
-    public GroupCollection findGroups(String filter, Integer start, Integer size) {
-        try {
-            filter = StringUtils.isEmpty(filter) ? "*" : "*"+LDAPUtil.escapeFilter(filter)+"*";
-            start = start == null ? 0 : start;
-            size = size == null ? DEFAULT_SIZE : size;
-
-            Enumeration<IGroup> groups = userGroupManager.listGroups(filter);
-
-            GroupCollection response = new GroupCollection();
-
-            int i = 0;
-
-            // skip to the start of the page
-            for ( ; i<start && groups.hasMoreElements(); i++) groups.nextElement();
-
-            // return entries up to the page size
-            for ( ; i<start+size && groups.hasMoreElements(); i++) {
-                IGroup group = groups.nextElement();
-                response.addGroup(createGroupData(group));
-            }
-
-            // count the total entries
-            for ( ; groups.hasMoreElements(); i++) groups.nextElement();
-
-            if (start > 0) {
-                URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", Math.max(start-size, 0)).build();
-                response.addLink(new Link("prev", uri));
-            }
-
-            if (start+size < i) {
-                URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", start+size).build();
-                response.addLink(new Link("next", uri));
-            }
-
-            return response;
-
-        } catch (Exception e) {
-            throw new PKIException(getUserMessage("CMS_INTERNAL_ERROR", headers));
-        }
-    }
-
-    /**
-     * finds a group
-     * Request/Response Syntax:
-     * http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#user-admin
-     */
-    @Override
-    public GroupData getGroup(String groupID) {
-
-        try {
-            if (groupID == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID", headers));
-            }
-
-            IGroup group = userGroupManager.getGroupFromName(groupID);
-            if (group == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
-                throw new GroupNotFoundException(groupID);
-            }
-
-            return createGroupData(group);
-
-        } catch (PKIException e) {
-            throw e;
-
-        } catch (Exception e) {
-            throw new PKIException(getUserMessage("CMS_INTERNAL_ERROR", headers));
-        }
-    }
-
-    /**
-     * Adds a new group in local scope.
-     * <P>
-     *
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#group
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
-     * users/groups)
-     * </ul>
-     */
-    @Override
-    public Response addGroup(GroupData groupData) {
-
-        String groupID = groupData.getID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            if (groupID == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID", headers));
-            }
-
-            IGroup group = userGroupManager.createGroup(groupID);
-
-            String description = groupData.getDescription();
-            if (description != null) {
-                group.set("description", description);
-            } else {
-                group.set("description", "");
-            }
-
-            // allow adding a group with no members
-            try {
-                userGroupManager.addGroup(group);
-
-                auditAddGroup(groupID, groupData, ILogger.SUCCESS);
-
-                // read the data back
-                groupData = getGroup(groupID);
-
-                return Response
-                        .created(groupData.getLink().getHref())
-                        .entity(groupData)
-                        .type(MediaType.APPLICATION_XML)
-                        .build();
-
-            } catch (Exception e) {
-                throw new PKIException(getUserMessage("CMS_USRGRP_GROUP_ADD_FAILED", headers));
-            }
-
-        } catch (PKIException e) {
-            auditAddGroup(groupID, groupData, ILogger.FAILURE);
-            throw e;
-
-        } catch (EBaseException e) {
-            auditAddGroup(groupID, groupData, ILogger.FAILURE);
-            throw new PKIException(e.getMessage());
-        }
-    }
-
-    /**
-     * modifies a group
-     * <P>
-     *
-     * last person of the super power group "Certificate Server Administrators" can never be removed.
-     * <P>
-     *
-     * http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#group
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
-     * users/groups)
-     * </ul>
-     */
-    @Override
-    public Response modifyGroup(String groupID, GroupData groupData) {
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            if (groupID == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID", headers));
-            }
-
-            IGroup group = userGroupManager.getGroupFromName(groupID);
-
-            group.set("description", groupData.getDescription());
-
-            // allow adding a group with no members, except "Certificate
-            // Server Administrators"
-            try {
-                userGroupManager.modifyGroup(group);
-
-                auditModifyGroup(groupID, groupData, ILogger.SUCCESS);
-
-                // read the data back
-                groupData = getGroup(groupID);
-
-                return Response
-                        .ok(groupData)
-                        .type(MediaType.APPLICATION_XML)
-                        .build();
-
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE, e.toString());
-                throw new PKIException(getUserMessage("CMS_USRGRP_GROUP_MODIFY_FAILED", headers));
-            }
-
-        } catch (PKIException e) {
-            auditModifyGroup(groupID, groupData, ILogger.FAILURE);
-            throw e;
-
-        } catch (EBaseException e) {
-            auditModifyGroup(groupID, groupData, ILogger.FAILURE);
-            throw new PKIException(e.getMessage());
-        }
-    }
-
-    /**
-     * removes a group
-     * <P>
-     *
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#group
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
-     * users/groups)
-     * </ul>
-     */
-    @Override
-    public void removeGroup(String groupID) {
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            if (groupID == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID", headers));
-            }
-
-            // if fails, let the exception fall through
-            userGroupManager.removeGroup(groupID);
-
-            auditDeleteGroup(groupID, ILogger.SUCCESS);
-
-        } catch (PKIException e) {
-            auditDeleteGroup(groupID, ILogger.FAILURE);
-            throw e;
-
-        } catch (EBaseException e) {
-            auditDeleteGroup(groupID, ILogger.FAILURE);
-            throw new PKIException(e.getMessage());
-        }
-    }
-
-    @Override
-    public GroupMemberCollection findGroupMembers(String groupID, Integer start, Integer size) {
-        try {
-            GroupMemberProcessor processor = new GroupMemberProcessor(getLocale(headers));
-            processor.setUriInfo(uriInfo);
-            return processor.findGroupMembers(groupID, start, size);
-
-        } catch (PKIException e) {
-            throw e;
-
-        } catch (Exception e) {
-            throw new PKIException(e.getMessage(), e);
-        }
-    }
-
-    @Override
-    public GroupMemberData getGroupMember(String groupID, String memberID) {
-        try {
-            GroupMemberProcessor processor = new GroupMemberProcessor(getLocale(headers));
-            processor.setUriInfo(uriInfo);
-            return processor.getGroupMember(groupID, memberID);
-
-        } catch (PKIException e) {
-            throw e;
-
-        } catch (Exception e) {
-            throw new PKIException(e.getMessage(), e);
-        }
-    }
-
-    @Override
-    public Response addGroupMember(String groupID, String memberID) {
-        GroupMemberData groupMemberData = new GroupMemberData();
-        groupMemberData.setID(memberID);
-        groupMemberData.setGroupID(groupID);
-        return addGroupMember(groupMemberData);
-    }
-
-    public Response addGroupMember(GroupMemberData groupMemberData) {
-        try {
-            GroupMemberProcessor processor = new GroupMemberProcessor(getLocale(headers));
-            processor.setUriInfo(uriInfo);
-            return processor.addGroupMember(groupMemberData);
-
-        } catch (PKIException e) {
-            throw e;
-
-        } catch (Exception e) {
-            throw new PKIException(e.getMessage(), e);
-        }
-    }
-
-    @Override
-    public void removeGroupMember(String groupID, String memberID) {
-        try {
-            GroupMemberProcessor processor = new GroupMemberProcessor(getLocale(headers));
-            processor.setUriInfo(uriInfo);
-            processor.removeGroupMember(groupID, memberID);
-
-        } catch (PKIException e) {
-            throw e;
-
-        } catch (Exception e) {
-            throw new PKIException(e.getMessage(), e);
-        }
-    }
-
-    public void log(int level, String message) {
-        log(ILogger.S_USRGRP, level, message);
-    }
-
-    public void auditAddGroup(String groupID, GroupData groupData, String status) {
-        audit(OpDef.OP_ADD, groupID, getParams(groupData), status);
-    }
-
-    public void auditModifyGroup(String groupID, GroupData groupData, String status) {
-        audit(OpDef.OP_MODIFY, groupID, getParams(groupData), status);
-    }
-
-    public void auditDeleteGroup(String groupID, String status) {
-        audit(OpDef.OP_DELETE, groupID, null, status);
-    }
-
-    public void audit(String type, String id, Map<String, String> params, String status) {
-        audit(IAuditor.LOGGING_SIGNED_AUDIT_CONFIG_ROLE, ScopeDef.SC_GROUPS, type, id, params, status);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java b/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java
deleted file mode 100644
index 314a4072f..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java
+++ /dev/null
@@ -1,1006 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.admin;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.common.Constants;
-import com.netscape.certsrv.common.DestDef;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.common.OpDef;
-import com.netscape.certsrv.common.ScopeDef;
-import com.netscape.certsrv.jobs.EJobsException;
-import com.netscape.certsrv.jobs.IJob;
-import com.netscape.certsrv.jobs.IJobsScheduler;
-import com.netscape.certsrv.jobs.JobPlugin;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * A class representing an administration servlet for the
- * Jobs Scheduler and it's scheduled jobs.
- *
- * @version $Revision$, $Date$
- */
-public class JobsAdminServlet extends AdminServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 561767449283982015L;
-    // ... remove later
-    private final static String VISIBLE = ";visible";
-    private final static String ENABLED = ";enabled";
-    private final static String DISABLED = ";disabled";
-
-    private final static String INFO = "JobsAdminServlet";
-    private IJobsScheduler mJobsSched = null;
-
-    /**
-     * Constructs JobsAdminServlet.
-     */
-    public JobsAdminServlet() {
-        super();
-    }
-
-    /**
-     * Initializes this servlet.
-     */
-    public void init(ServletConfig config) throws ServletException {
-        super.init(config);
-        mJobsSched = (IJobsScheduler)
-                CMS.getSubsystem(CMS.SUBSYSTEM_JOBS);
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * retrieve extended plugin info such as brief description, type info
-     * from jobs
-     */
-    private void getExtendedPluginInfo(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        String id = req.getParameter(Constants.RS_ID);
-
-        int colon = id.indexOf(':');
-
-        String implType = id.substring(0, colon);
-        String implName = id.substring(colon + 1);
-
-        NameValuePairs params =
-                getExtendedPluginInfo(getLocale(req), implType, implName);
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) {
-        IExtendedPluginInfo ext_info = null;
-        Object impl = null;
-
-        JobPlugin jp =
-                mJobsSched.getPlugins().get(implName);
-
-        if (jp != null)
-            impl = getClassByNameAsExtendedPluginInfo(jp.getClassPath());
-        if (impl != null) {
-            if (impl instanceof IExtendedPluginInfo) {
-                ext_info = (IExtendedPluginInfo) impl;
-            }
-        }
-
-        NameValuePairs nvps = null;
-
-        if (ext_info == null) {
-            nvps = new NameValuePairs();
-        } else {
-            nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale));
-        }
-
-        return nvps;
-
-    }
-
-    /**
-     * Serves HTTP admin request.
-     */
-    public void service(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException {
-        super.service(req, resp);
-
-        String scope = req.getParameter(Constants.OP_SCOPE);
-        String op = req.getParameter(Constants.OP_TYPE);
-
-        if (op == null) {
-            //System.out.println("SRVLT_INVALID_PROTOCOL");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                    null, resp);
-            return;
-        }
-
-        try {
-            super.authenticate(req);
-        } catch (IOException e) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        try {
-            AUTHZ_RES_NAME = "certServer.job.configuration";
-            if (op.equals(OpDef.OP_READ)) {
-                mOp = "read";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_JOBS))
-                    getSettings(req, resp);
-                else if (scope.equals(ScopeDef.SC_JOBS_IMPLS))
-                    getConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE))
-                    getInstConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) {
-                    try {
-                        getExtendedPluginInfo(req, resp);
-                    } catch (EBaseException e) {
-                        sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
-                        return;
-                    }
-                } else {
-                    //System.out.println("SRVLT_INVALID_OP_SCOPE");
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
-                    return;
-                }
-            } else if (op.equals(OpDef.OP_MODIFY)) {
-                mOp = "modify";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_JOBS)) {
-                    setSettings(req, resp);
-                } else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) {
-                    modJobsInst(req, resp, scope);
-                } else {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
-                    return;
-                }
-            } else if (op.equals(OpDef.OP_SEARCH)) {
-                mOp = "read";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_JOBS_IMPLS))
-                    listJobPlugins(req, resp);
-                else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE))
-                    listJobsInsts(req, resp);
-                else {
-                    //System.out.println("SRVLT_INVALID_OP_SCOPE");
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
-                    return;
-                }
-            } else if (op.equals(OpDef.OP_ADD)) {
-                mOp = "modify";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_JOBS_IMPLS))
-                    addJobPlugin(req, resp, scope);
-                else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE))
-                    addJobsInst(req, resp, scope);
-                else {
-                    //System.out.println("SRVLT_INVALID_OP_SCOPE");
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
-                    return;
-                }
-            } else if (op.equals(OpDef.OP_DELETE)) {
-                mOp = "modify";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_JOBS_IMPLS))
-                    delJobPlugin(req, resp, scope);
-                else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE))
-                    delJobsInst(req, resp, scope);
-                else {
-                    //System.out.println("SRVLT_INVALID_OP_SCOPE");
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
-                    return;
-                }
-            } else {
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
-                        null, resp);
-                return;
-            }
-        } catch (EBaseException e) {
-            sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
-            return;
-        }
-    }
-
-    private synchronized void addJobPlugin(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-        // is the job plugin id unique?
-        if (mJobsSched.getPlugins().containsKey(id)) {
-            sendResponse(ERROR,
-                    new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id))
-                            .toString(),
-                    null, resp);
-            return;
-        }
-
-        String classPath = req.getParameter(Constants.PR_JOBS_CLASS);
-
-        if (classPath == null) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NULL_CLASS"),
-                    null, resp);
-            return;
-        }
-
-        IConfigStore destStore =
-                mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
-        IConfigStore instancesConfig =
-                destStore.getSubStore(scope);
-
-        // Does the class exist?
-        Class<?> newImpl = null;
-
-        try {
-            newImpl = Class.forName(classPath);
-        } catch (ClassNotFoundException e) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NO_CLASS"),
-                    null, resp);
-            return;
-        } catch (IllegalArgumentException e) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NO_CLASS"),
-                    null, resp);
-            return;
-        }
-
-        // is the class an IJob?
-        try {
-            if (IJob.class.isAssignableFrom(newImpl) == false) {
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_CLASS"),
-                        null, resp);
-                return;
-            }
-        } catch (NullPointerException e) { // unlikely, only if newImpl null.
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_CLASS"),
-                    null, resp);
-            return;
-        }
-
-        IConfigStore substore = instancesConfig.makeSubStore(id);
-
-        substore.put(Constants.PR_JOBS_CLASS, classPath);
-
-        // commiting
-        try {
-            mConfig.commit(true);
-        } catch (EBaseException e) {
-            //System.out.println("SRVLT_FAIL_COMMIT");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        // add manager to registry.
-        JobPlugin plugin = new JobPlugin(id, classPath);
-
-        mJobsSched.getPlugins().put(id, plugin);
-        mJobsSched.log(ILogger.LL_INFO,
-                CMS.getLogMessage("ADMIN_SRVLT_JS_PLUGIN_ADD", id));
-
-        NameValuePairs params = new NameValuePairs();
-
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void addJobsInst(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // is the job instance id unique?
-        if (mJobsSched.getInstances().containsKey(id)) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_INST_ID"),
-                    null, resp);
-            return;
-        }
-
-        // get required parameters
-        // SC_JOBS_IMPL_NAME is absolutely required, the rest depend on
-        // on each job plugin
-        String implname = req.getParameter(Constants.PR_JOBS_IMPL_NAME);
-
-        if (implname == null) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ADD_MISSING_PARAMS"),
-                    null, resp);
-            return;
-        }
-
-        // check if implementation exists.
-        JobPlugin plugin =
-                mJobsSched.getPlugins().get(implname);
-
-        if (plugin == null) {
-            sendResponse(ERROR,
-                    new
-                    EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
-                            id)).toString(),
-                    null, resp);
-            return;
-        }
-
-        // now the rest of config parameters
-        // note that we only check to see if the required parameters
-        // are there, but not checking the values are valid
-        String[] configParams = mJobsSched.getConfigParams(implname);
-
-        IConfigStore destStore =
-                mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
-        IConfigStore instancesConfig =
-                destStore.getSubStore(scope);
-        IConfigStore substore = instancesConfig.makeSubStore(id);
-
-        if (configParams != null) {
-            for (int i = 0; i < configParams.length; i++) {
-                String key = configParams[i];
-                String val = req.getParameter(key);
-
-                if (val != null && !val.equals("")) {
-                    substore.put(key, val);
-                } else if (!key.equals("profileId")) {
-                    sendResponse(ERROR,
-                            new
-                            EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL",
-                                    key)).toString(),
-                            null, resp);
-                    return;
-                }
-            }
-        }
-
-        substore.put(IJobsScheduler.PROP_PLUGIN, implname);
-
-        // Instantiate an object for this implementation
-        String className = plugin.getClassPath();
-        IJob jobsInst = null;
-
-        try {
-            jobsInst = (IJob) Class.forName(className).newInstance();
-        } catch (ClassNotFoundException e) {
-            // cleanup
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR,
-                    new EJobsException(
-                            CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
-                    null, resp);
-            return;
-        } catch (InstantiationException e) {
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR,
-                    new EJobsException(
-                            CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
-                    null, resp);
-            return;
-        } catch (IllegalAccessException e) {
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR,
-                    new EJobsException(
-                            CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
-                    null, resp);
-            return;
-        }
-
-        IJobsScheduler scheduler = (IJobsScheduler)
-                CMS.getSubsystem(CMS.SUBSYSTEM_JOBS);
-
-        // initialize the job plugin
-        try {
-            jobsInst.init(scheduler, id, implname, substore);
-        } catch (EBaseException e) {
-            // don't commit in this case and cleanup the new substore.
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
-            return;
-        }
-
-        // commiting
-        try {
-            mConfig.commit(true);
-        } catch (EBaseException e) {
-            // clean up.
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        // inited and commited ok. now add manager instance to list.
-        mJobsSched.getInstances().put(id, jobsInst);
-
-        mJobsSched.log(ILogger.LL_INFO,
-                CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_ADD", id));
-
-        NameValuePairs params = new NameValuePairs();
-
-        params.put(Constants.PR_JOBS_IMPL_NAME, implname);
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void listJobPlugins(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<String> e = mJobsSched.getPlugins().keys();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-            JobPlugin value = mJobsSched.getPlugins().get(name);
-
-            params.put(name, value.getClassPath());
-            //				params.add(name, value.getClassPath()+EDIT);
-        }
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void listJobsInsts(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-
-        for (Enumeration<String> e = mJobsSched.getInstances().keys(); e.hasMoreElements();) {
-            String name = e.nextElement();
-            IJob value = mJobsSched.getInstances().get(name);
-
-            //				params.add(name, value.getImplName());
-            params.put(name, value.getImplName() + VISIBLE +
-                    (value.isEnabled() ? ENABLED : DISABLED)
-            );
-        }
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void delJobPlugin(HttpServletRequest req,
-            HttpServletResponse resp, String scope) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // does this job plugin exist?
-        if (mJobsSched.getPlugins().containsKey(id) == false) {
-            sendResponse(ERROR,
-                    new
-                    EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
-                            id)).toString(),
-                    null, resp);
-            return;
-        }
-
-        // first check if any instances from this job plugin
-        // DON'T remove job plugin if any instance
-        for (Enumeration<IJob> e = mJobsSched.getInstances().elements(); e.hasMoreElements();) {
-            IJob jobs = e.nextElement();
-
-            if ((jobs.getImplName()).equals(id)) {
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_IN_USE"),
-                        null, resp);
-                return;
-            }
-        }
-
-        // then delete this job plugin
-        mJobsSched.getPlugins().remove(id);
-
-        IConfigStore destStore =
-                mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
-        IConfigStore instancesConfig =
-                destStore.getSubStore(scope);
-
-        instancesConfig.removeSubStore(id);
-        // commiting
-        try {
-            mConfig.commit(true);
-        } catch (EBaseException e) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void delJobsInst(HttpServletRequest req,
-            HttpServletResponse resp, String scope) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // does job plugin instance exist?
-        if (mJobsSched.getInstances().containsKey(id) == false) {
-            sendResponse(ERROR,
-                    new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_NOT_FOUND",
-                            id)).toString(),
-                    null, resp);
-            return;
-        }
-
-        // only remove from memory
-        // cannot shutdown because we don't keep track of whether it's
-        // being used.
-        mJobsSched.getInstances().remove(id);
-
-        // remove the configuration.
-        IConfigStore destStore =
-                mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
-        IConfigStore instancesConfig =
-                destStore.getSubStore(scope);
-
-        instancesConfig.removeSubStore(id);
-        // commiting
-        try {
-            mConfig.commit(true);
-        } catch (EBaseException e) {
-            //System.out.println("SRVLT_FAIL_COMMIT");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    /**
-     * used for getting the required configuration parameters (with
-     * possible default values) for a particular job plugin
-     * implementation name specified in the RS_ID. Actually, there is
-     * no logic in here to set any default value here...there's no
-     * default value for any parameter in this job scheduler subsystem
-     * at this point. Later, if we do have one (or some), it can be
-     * added. The interface remains the same.
-     */
-    private synchronized void getConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-
-        String implname = req.getParameter(Constants.RS_ID);
-
-        if (implname == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        String[] configParams = mJobsSched.getConfigParams(implname);
-        NameValuePairs params = new NameValuePairs();
-
-        // implName is always required so always send it.
-        params.put(Constants.PR_JOBS_IMPL_NAME, "");
-        if (configParams != null) {
-            for (int i = 0; i < configParams.length; i++) {
-                params.put(configParams[i], "");
-            }
-        }
-        sendResponse(0, null, params, resp);
-        return;
-    }
-
-    private synchronized void getInstConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // does job plugin instance exist?
-        if (mJobsSched.getInstances().containsKey(id) == false) {
-            sendResponse(ERROR,
-                    new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_NOT_FOUND",
-                            id)).toString(),
-                    null, resp);
-            return;
-        }
-
-        IJob jobInst = mJobsSched.getInstances().get(id);
-        IConfigStore config = jobInst.getConfigStore();
-        String[] configParams = jobInst.getConfigParams();
-        NameValuePairs params = new NameValuePairs();
-
-        params.put(Constants.PR_JOBS_IMPL_NAME, jobInst.getImplName());
-
-        // implName is always required so always send it.
-        if (configParams != null) {
-            for (int i = 0; i < configParams.length; i++) {
-                String key = configParams[i];
-
-                String val = config.get(key);
-
-                if (val != null && !val.equals("")) {
-                    params.put(key, val);
-                } else {
-                    params.put(key, "");
-                }
-            }
-        }
-
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    /**
-     * Modify job plugin instance.
-     * This will actually create a new instance with new configuration
-     * parameters and replace the old instance, if the new instance
-     * created and initialized successfully.
-     * The old instance is left running. so this is very expensive.
-     * Restart of server recommended.
-     */
-    private synchronized void modJobsInst(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-
-        // expensive operation.
-
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // Does the job instance exist?
-        if (!mJobsSched.getInstances().containsKey(id)) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_INST_ID"),
-                    null, resp);
-            return;
-        }
-
-        // get new implementation (same or different.)
-        String implname = req.getParameter(Constants.PR_JOBS_IMPL_NAME);
-
-        if (implname == null) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ADD_MISSING_PARAMS"),
-                    null, resp);
-            return;
-        }
-
-        // get plugin for implementation
-        JobPlugin plugin =
-                mJobsSched.getPlugins().get(implname);
-
-        if (plugin == null) {
-            sendResponse(ERROR,
-                    new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
-                            id)).toString(),
-                    null, resp);
-            return;
-        }
-
-        // save old instance substore params in case new one fails.
-
-        IJob oldinst =
-                mJobsSched.getInstances().get(id);
-        IConfigStore oldConfig = oldinst.getConfigStore();
-
-        String[] oldConfigParms = oldinst.getConfigParams();
-        NameValuePairs saveParams = new NameValuePairs();
-
-        // implName is always required so always include it it.
-        saveParams.put(IJobsScheduler.PROP_PLUGIN,
-                oldConfig.get(IJobsScheduler.PROP_PLUGIN));
-        if (oldConfigParms != null) {
-            for (int i = 0; i < oldConfigParms.length; i++) {
-                String key = oldConfigParms[i];
-                Object val = oldConfig.get(key);
-
-                if (val != null) {
-                    saveParams.put(key, (String) val);
-                }
-            }
-        }
-
-        // on to the new instance.
-
-        // remove old substore.
-
-        IConfigStore destStore =
-                mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
-        IConfigStore instancesConfig =
-                destStore.getSubStore(scope);
-
-        instancesConfig.removeSubStore(id);
-
-        // create new substore.
-
-        String[] configParams = mJobsSched.getConfigParams(implname);
-
-        IConfigStore substore = instancesConfig.makeSubStore(id);
-
-        substore.put(IJobsScheduler.PROP_PLUGIN, implname);
-        if (configParams != null) {
-            for (int i = 0; i < configParams.length; i++) {
-                String key = configParams[i];
-                String val = req.getParameter(key);
-
-                if (val != null && !val.equals("")) {
-                    substore.put(key, val);
-                } else if (!key.equals("profileId")) {
-                    restore(instancesConfig, id, saveParams);
-                    sendResponse(ERROR,
-                            new
-                            EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL",
-                                    key)).toString(),
-                            null, resp);
-                    return;
-                }
-            }
-        }
-        // Instantiate an object for new implementation
-
-        String className = plugin.getClassPath();
-        IJob newJobInst = null;
-
-        try {
-            newJobInst = (IJob) Class.forName(className).newInstance();
-        } catch (ClassNotFoundException e) {
-            // cleanup
-            restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR,
-                    new EJobsException(
-                            CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
-                    null, resp);
-            return;
-        } catch (InstantiationException e) {
-            restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR,
-                    new EJobsException(
-                            CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
-                    null, resp);
-            return;
-        } catch (IllegalAccessException e) {
-            restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR,
-                    new EJobsException(
-                            CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
-                    null, resp);
-            return;
-        }
-
-        // initialize the job plugin
-
-        IJobsScheduler scheduler = (IJobsScheduler)
-                CMS.getSubsystem(CMS.SUBSYSTEM_JOBS);
-
-        try {
-            newJobInst.init(scheduler, id, implname, substore);
-        } catch (EBaseException e) {
-            // don't commit in this case and cleanup the new substore.
-            restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
-            return;
-        } catch (Exception e) {
-            CMS.debug("JobsAdminServlet: modJobsInst: " + e);
-            restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR, "unidentified error" + e, null, resp);
-            return;
-        }
-
-        // initialized ok.  commiting
-        try {
-            mConfig.commit(true);
-
-        } catch (EBaseException e) {
-            // clean up.
-            restore(instancesConfig, id, saveParams);
-            //System.out.println("SRVLT_FAIL_COMMIT");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        // commited ok. replace instance.
-
-        mJobsSched.getInstances().put(id, newJobInst);
-
-        mJobsSched.log(ILogger.LL_INFO,
-                CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_REP", id));
-
-        NameValuePairs params = new NameValuePairs();
-
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private void getSettings(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        IConfigStore config = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
-
-        params.put(Constants.PR_ENABLE,
-                config.getString(IJobsScheduler.PROP_ENABLED,
-                        Constants.FALSE));
-        // default 1 minute
-        params.put(Constants.PR_JOBS_FREQUENCY,
-                config.getString(IJobsScheduler.PROP_INTERVAL, "1"));
-
-        //System.out.println("Send: "+params.toString());
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private void setSettings(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-        //Save New Settings to the config file
-        IConfigStore config = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
-
-        String enabled = config.getString(IJobsScheduler.PROP_ENABLED);
-        String enabledSetTo = req.getParameter(Constants.PR_ENABLE);
-        boolean enabledChanged = false;
-
-        if (!enabled.equalsIgnoreCase(enabledSetTo)) {
-            enabledChanged = true;
-            // set enable flag
-            config.putString(IJobsScheduler.PROP_ENABLED, enabledSetTo);
-        }
-
-        //set frequency
-        String interval =
-                req.getParameter(Constants.PR_JOBS_FREQUENCY);
-
-        if (interval != null) {
-            config.putString(IJobsScheduler.PROP_INTERVAL, interval);
-            mJobsSched.setInterval(
-                    config.getInteger(IJobsScheduler.PROP_INTERVAL));
-        }
-
-        if (enabledChanged == true) {
-            if (enabled.equalsIgnoreCase("false")) { // turned on
-                mJobsSched.startDaemon();
-            }
-        }
-        mConfig.commit(true);
-
-        sendResponse(SUCCESS, null, null, resp);
-    }
-
-    // convenience routine.
-    private static void restore(IConfigStore store,
-            String id, NameValuePairs saveParams) {
-        store.removeSubStore(id);
-        IConfigStore rstore = store.makeSubStore(id);
-
-        for (String key : saveParams.keySet()) {
-            String value = saveParams.get(key);
-
-            if (!value.equals(""))
-                rstore.put(key, value);
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java b/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java
deleted file mode 100644
index 3f9f558e0..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java
+++ /dev/null
@@ -1,233 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.admin;
-
-import java.io.IOException;
-import java.util.Enumeration;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.common.Constants;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.common.OpDef;
-import com.netscape.certsrv.common.ScopeDef;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * A class representings an administration servlet for Key
- * Recovery Authority. This servlet is responsible to serve
- * KRA administrative operation such as configuration
- * parameter updates.
- *
- * @version $Revision$, $Date$
- */
-public class KRAAdminServlet extends AdminServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = -5794220348195666729L;
-
-    protected static final String PROP_ENABLED = "enabled";
-
-    private final static String INFO = "KRAAdminServlet";
-
-    private IKeyRecoveryAuthority mKRA = null;
-
-    private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM =
-            "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3";
-
-    /**
-     * Constructs KRA servlet.
-     */
-    public KRAAdminServlet() {
-        super();
-    }
-
-    public void init(ServletConfig config) throws ServletException {
-        super.init(config);
-        mKRA = (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
-    }
-
-    /**
-     * Returns serlvet information.
-     *
-     * @return name of this servlet
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Serves HTTP admin request.
-     *
-     * @param req HTTP request
-     * @param resp HTTP response
-     */
-    public void service(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException {
-        super.service(req, resp);
-
-        super.authenticate(req);
-        String scope = req.getParameter(Constants.OP_SCOPE);
-
-        if (scope == null) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                    null, resp);
-            return;
-        }
-        String op = req.getParameter(Constants.OP_TYPE);
-
-        if (op == null) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
-                    null, resp);
-            return;
-        }
-
-        try {
-            AUTHZ_RES_NAME = "certServer.kra.configuration";
-            if (op.equals(OpDef.OP_READ)) {
-                mOp = "read";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                /* Functions not implemented in console
-                if (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) {
-                    readAutoRecoveryConfig(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_RECOVERY)) {
-                    readRecoveryConfig(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) {
-                    getNotificationRIQConfig(req, resp);
-                    return;
-                } else
-                */
-                if (scope.equals(ScopeDef.SC_GENERAL)) {
-                    getGeneralConfig(req, resp);
-                    return;
-                }
-            } else if (op.equals(OpDef.OP_MODIFY)) {
-                mOp = "modify";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                /* Functions not implemented in console
-                if (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) {
-                    modifyAutoRecoveryConfig(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_AGENT_PWD)) {
-                    changeAgentPwd(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_MNSCHEME)) {
-                    changeMNScheme(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) {
-                    setNotificationRIQConfig(req, resp);
-                    return;
-                } else
-                */
-                if (scope.equals(ScopeDef.SC_GENERAL)) {
-                    setGeneralConfig(req, resp);
-                }
-            }
-        } catch (EBaseException e) {
-            // convert exception into locale-specific message
-            sendResponse(ERROR, e.toString(getLocale(req)),
-                    null, resp);
-            return;
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-        sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                null, resp);
-    }
-
-    private void getGeneralConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-        int value = 1;
-
-        value = mKRA.getNoOfRequiredAgents();
-        params.put(Constants.PR_NO_OF_REQUIRED_RECOVERY_AGENTS, Integer.toString(value));
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private void setGeneralConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        Enumeration<String> enum1 = req.getParameterNames();
-        boolean restart = false;
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        while (enum1.hasMoreElements()) {
-            String key = enum1.nextElement();
-            String value = req.getParameter(key);
-
-            if (key.equals(Constants.PR_NO_OF_REQUIRED_RECOVERY_AGENTS)) {
-                try {
-                    int number = Integer.parseInt(value);
-                    mKRA.setNoOfRequiredAgents(number);
-                } catch (NumberFormatException e) {
-                    auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_DRM,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                    audit(auditMessage);
-                    throw new EBaseException("Number of agents must be an integer");
-                }
-            }
-        }
-
-        commit(true);
-
-        auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_CONFIG_DRM,
-                auditSubjectID,
-                ILogger.SUCCESS,
-                auditParams(req));
-
-        audit(auditMessage);
-
-        if (restart)
-            sendResponse(RESTART, null, null, resp);
-        else
-            sendResponse(SUCCESS, null, null, resp);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java b/base/common/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java
deleted file mode 100644
index 61536f346..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java
+++ /dev/null
@@ -1,223 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2013 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.admin;
-
-import java.util.ArrayList;
-import java.util.Locale;
-
-import org.apache.commons.lang.StringUtils;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.BadRequestException;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.ca.ICAService;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.connector.IConnector;
-import com.netscape.certsrv.system.KRAConnectorInfo;
-import com.netscape.cms.servlet.processors.Processor;
-
-/**
- * @author Ade Lee
- */
-public class KRAConnectorProcessor extends Processor {
-    private boolean connectorExists = false;
-
-    // Connector constants
-    public final static String PREFIX = "ca.connector.KRA";
-
-    public KRAConnectorProcessor(Locale locale) throws EPropertyNotFound, EBaseException {
-        super("kraconnector", locale);
-        ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
-        ICAService caService = (ICAService)ca.getCAService();
-        connectorExists = (caService.getKRAConnector() != null)? true:false;
-    }
-
-    public void removeConnector(String newHost, String newPort) throws EPropertyNotFound, EBaseException {
-        if (! connectorExists) {
-            CMS.debug("removeConnector: no KRA connector exists, returning success");
-            return;
-        }
-
-        if ((newHost == null) || (newPort == null)) {
-            CMS.debug("removeConnector: malformed request.  newHost or newPort is null");
-            throw new BadRequestException("Bad Request: KRA Host or Port not defined");
-        }
-        IConfigStore cs = CMS.getConfigStore();
-        String host = cs.getString(PREFIX + ".host");
-        String port = cs.getString(PREFIX + ".port");
-
-        if ((host == null) || (port == null)) {
-            CMS.debug("removeConnector: bad connector configuration - host or port are null");
-            throw new PKIException("Bad Connector configuration on this CA");
-        }
-
-        String hostport = newHost + ":" + newPort;
-        if ((host.equals(newHost)) && port.equals(newPort)) {
-            CMS.debug("removeConnector: Removing " + PREFIX + " substore");
-            cs.removeSubStore(PREFIX);
-            cs.commit(true);
-            deleteConnector();
-        } else if (host.indexOf(' ') != -1) { // host is a list
-            String[] hostList = host.trim().split(" ");
-            ArrayList<String> finalList = new ArrayList<String>();
-            for (String h : hostList) {
-                if (! h.equals(hostport)) {
-                    finalList.add(h);
-                }
-            }
-            if (finalList.size() == hostList.length) {
-                CMS.debug("removeConnector: no connector for " + hostport + " exists. Returning success");
-                return;
-            }
-
-            CMS.debug("removeConnector: Removing " + hostport + " from " + PREFIX);
-
-            if (finalList.size() == 0) {
-                CMS.debug("removeConnector: Removing " + PREFIX + " substore");
-                cs.removeSubStore(PREFIX);
-                cs.commit(true);
-                deleteConnector();
-            } else if (finalList.size() == 1) {
-                cs.putString(PREFIX + ".host", finalList.get(0).split(":")[0]);
-                cs.putString(PREFIX + ".port", finalList.get(0).split(":")[1]);
-                cs.commit(true);
-                replaceConnector();
-            } else {
-                String finalString = StringUtils.join(finalList, " ");
-                cs.putString(PREFIX + ".host", finalString.trim());
-                cs.commit(true);
-                replaceConnector();
-            }
-        } else {
-            CMS.debug("removeConnector: no connector for " + hostport + " exists. Returning success");
-        }
-    }
-
-    public void stopConnector() {
-        ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
-        ICAService caService = (ICAService)ca.getCAService();
-        IConnector kraConnector = caService.getKRAConnector();
-        if (kraConnector != null) {
-            kraConnector.stop();
-        }
-    }
-
-    public void startConnector() {
-        ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
-        ICAService caService = (ICAService)ca.getCAService();
-        IConnector kraConnector = caService.getKRAConnector();
-        if (kraConnector != null) {
-            kraConnector.start();
-        }
-    }
-
-    public void replaceConnector() throws EBaseException {
-        // stop the old connector
-        stopConnector();
-
-        ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
-        ICAService caService = (ICAService)ca.getCAService();
-        IConfigStore cs = CMS.getConfigStore();
-
-        IConnector kraConnector = caService.getConnector(cs.getSubStore(PREFIX));
-        caService.setKRAConnector(kraConnector);
-
-        startConnector();
-    }
-
-    public void deleteConnector() {
-        stopConnector();
-
-        ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
-        ICAService caService = (ICAService)ca.getCAService();
-        caService.setKRAConnector(null);
-    }
-
-    public void addConnector(KRAConnectorInfo info) throws EPropertyNotFound, EBaseException {
-        IConfigStore cs = CMS.getConfigStore();
-        String newHost = info.getHost();
-        String newPort = info.getPort();
-        String newTransportCert = info.getTransportCert();
-
-        if ((newHost == null) || (newPort == null) || (newTransportCert == null)) {
-            CMS.debug("addConnector: malformed request.  newHost, newPort or transport cert is null");
-            throw new BadRequestException("Bad Request: KRA host, port or transport cert not defined");
-        }
-
-        if (connectorExists) {
-            String host = cs.getString(PREFIX + ".host");
-            String port = cs.getString(PREFIX + ".port");
-
-            if ((!host.equals(newHost)) || (!port.equals(newPort))) { //existing connector is not the same
-
-                // check transport cert
-                String transportCert = cs.getString(PREFIX + ".transportCert");
-                if (!transportCert.equals(newTransportCert)) {
-                    CMS.debug("addConnector: Connector is already defined");
-                    throw new BadRequestException("KRA connector has already been defined for this CA");
-                }
-
-                String hostport = newHost + ":" + newPort;
-                if (host.indexOf(' ') != -1) { // host is a list
-                    String[] hostList = host.trim().split(" ");
-                    for (String h : hostList) {
-                        if (h.equals(hostport)) {
-                            CMS.debug("addConnector: connector for " + hostport +
-                                    " is already present.  Returning success");
-                            return;
-                        }
-                    }
-
-                    CMS.debug("addConnector: adding " + hostport + " to KRA connector host list");
-                    cs.putString(PREFIX + ".host", host + " " + hostport);
-                    cs.commit(true);
-                    replaceConnector();
-                    return;
-                } else { // host is not a list, turn it into one
-                    CMS.debug("addConnector: adding " + hostport + " to KRA connector");
-                    cs.putString(PREFIX + ".host", host + ":" + port + " " + hostport);
-                    cs.commit(true);
-                    replaceConnector();
-                    return;
-                }
-            }
-        }
-
-        // connector does not exist, or existing connector is the same host/port and we are replacing it
-        cs.putString(PREFIX + ".host", info.getHost());
-        cs.putString(PREFIX + ".port", info.getPort());
-        cs.putString(PREFIX + ".enable", info.getEnable() != null ? info.getEnable() : "true");
-        cs.putString(PREFIX + ".local", info.getLocal() != null ? info.getLocal(): "false");
-        cs.putString(PREFIX + ".timeout", info.getTimeout() != null ?  info.getTimeout() : "30");
-        cs.putString(PREFIX + ".uri", info.getUri() != null ? info.getUri() : "/kra/agent/kra/connector");
-        cs.putString(PREFIX + ".transportCert", info.getTransportCert());
-
-        String nickname = cs.getString("ca.subsystem.nickname", "");
-        String tokenname = cs.getString("ca.subsystem.tokenname", "");
-        if (!tokenname.equals("Internal Key Storage Token"))
-            nickname = tokenname + ":" + nickname;
-        cs.putString(PREFIX + ".nickName", nickname);
-        cs.commit(true);
-
-        replaceConnector();
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/KRAConnectorService.java b/base/common/src/com/netscape/cms/servlet/admin/KRAConnectorService.java
deleted file mode 100644
index 53ff8e9a2..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/KRAConnectorService.java
+++ /dev/null
@@ -1,78 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2013 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.admin;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Request;
-import javax.ws.rs.core.UriInfo;
-
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.system.KRAConnectorInfo;
-import com.netscape.certsrv.system.KRAConnectorResource;
-import com.netscape.cms.servlet.base.PKIService;
-
-/**
- * @author Ade Lee
- */
-public class KRAConnectorService extends PKIService implements KRAConnectorResource {
-
-    @Context
-    private UriInfo uriInfo;
-
-    @Context
-    private HttpHeaders headers;
-
-    @Context
-    private Request request;
-
-    @Context
-    private HttpServletRequest servletRequest;
-
-    @Override
-    public void addConnector(KRAConnectorInfo info) {
-        try {
-            KRAConnectorProcessor processor = new KRAConnectorProcessor(getLocale(headers));
-            processor.addConnector(info);
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            throw new PKIException(e.getMessage());
-        }
-    }
-
-    @Override
-    public void removeConnector(String host, String port) {
-        try {
-            KRAConnectorProcessor processor = new KRAConnectorProcessor(getLocale(headers));
-            processor.removeConnector(host, port);
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            throw new PKIException(e.getMessage());
-        }
-    }
-
-    @Override
-    public void addConnector(MultivaluedMap<String, String> form) {
-        KRAConnectorInfo info = new KRAConnectorInfo(form);
-        addConnector(info);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java b/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java
deleted file mode 100644
index d66522421..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java
+++ /dev/null
@@ -1,2352 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.admin;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.common.Constants;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.common.OpDef;
-import com.netscape.certsrv.common.ScopeDef;
-import com.netscape.certsrv.logging.ELogException;
-import com.netscape.certsrv.logging.ELogNotFound;
-import com.netscape.certsrv.logging.ELogPluginNotFound;
-import com.netscape.certsrv.logging.ILogEventListener;
-import com.netscape.certsrv.logging.ILogSubsystem;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.logging.LogPlugin;
-
-/**
- * A class representings an administration servlet for logging
- * subsystem. This servlet is responsible to serve
- * logging administrative operation such as configuration
- * parameter updates and log retriever.
- *
- * @version $Revision$, $Date$
- */
-public class LogAdminServlet extends AdminServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -99699953656847603L;
-
-    private final static String INFO = "LogAdminServlet";
-
-    private ILogSubsystem mSys = null;
-
-    private final static String SIGNED_AUDIT_LOG_TYPE = "SignedAudit";
-    private final static String LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT =
-            "LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT_3";
-    private final static String LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE =
-            "LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4";
-
-    /**
-     * Constructs Log servlet.
-     */
-    public LogAdminServlet() {
-        super();
-    }
-
-    public static Hashtable<String, String> toHashtable(HttpServletRequest req) {
-        Hashtable<String, String> httpReqHash = new Hashtable<String, String>();
-        Enumeration<?> names = req.getParameterNames();
-
-        while (names.hasMoreElements()) {
-            String name = (String) names.nextElement();
-
-            httpReqHash.put(name, req.getParameter(name));
-        }
-        return httpReqHash;
-    }
-
-    /**
-     * Initializes this servlet.
-     */
-    public void init(ServletConfig config) throws ServletException {
-        super.init(config);
-        mSys = (ILogSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_LOG);
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Serves HTTP admin request.
-     */
-    public void service(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException {
-        super.service(req, resp);
-
-        String op = req.getParameter(Constants.OP_TYPE);
-
-        if (op == null) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                    null, resp);
-            return;
-        }
-
-        super.authenticate(req);
-
-        try {
-            // perform operation based on scope
-            String scope = req.getParameter(Constants.OP_SCOPE);
-
-            if (scope != null) {
-                AUTHZ_RES_NAME = "certServer.log.configuration";
-                if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) {
-                    mOp = "read";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-                    try {
-                        getExtendedPluginInfo(req, resp);
-                        return;
-                    } catch (EBaseException e) {
-                        sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
-                        return;
-                    }
-                }
-
-                if (op.equals(OpDef.OP_READ)) {
-                    mOp = "read";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-
-                    if (scope.equals(ScopeDef.SC_LOG_IMPLS)) {
-                        getConfig(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_LOG_RULES)) {
-                        getInstConfig(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_GENERAL)) {
-                        getGeneralConfig(req, resp);
-                    } else {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                                null, resp);
-                        return;
-                    }
-                } else if (op.equals(OpDef.OP_DELETE)) {
-                    mOp = "modify";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-
-                    if (scope.equals(ScopeDef.SC_LOG_IMPLS)) {
-                        delLogPlugin(req, resp, scope);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_LOG_RULES)) {
-                        delLogInst(req, resp, scope);
-                        return;
-                    } else {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                                null, resp);
-                        return;
-                    }
-                } else if (op.equals(OpDef.OP_ADD)) {
-                    mOp = "modify";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-
-                    if (scope.equals(ScopeDef.SC_LOG_IMPLS)) {
-                        addLogPlugin(req, resp, scope);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_LOG_RULES)) {
-                        addLogInst(req, resp, scope);
-                        return;
-                    } else {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                                null, resp);
-                        return;
-                    }
-                } else if (op.equals(OpDef.OP_MODIFY)) {
-                    AUTHZ_RES_NAME = "certServer.log.configuration";
-                    mOp = "modify";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-
-                    if (scope.equals(ScopeDef.SC_LOG_RULES)) {
-                        modLogInst(req, resp, scope);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_GENERAL)) {
-                        setGeneralConfig(req, resp);
-                    } else {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                                null, resp);
-                        return;
-                    }
-                } else if (op.equals(OpDef.OP_SEARCH)) {
-                    mOp = "read";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-                    if (scope.equals(ScopeDef.SC_LOG_IMPLS)) {
-                        listLogPlugins(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_LOG_RULES)) {
-                        listLogInsts(req, resp, true);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_LOG_INSTANCES)) {
-                        listLogInsts(req, resp, false);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_LOG_CONTENT)) {
-                        String instName = req.getParameter(Constants.PR_LOG_INSTANCE);
-
-                        if (instName.equals("System")) {
-                            AUTHZ_RES_NAME = "certServer.log.content.system";
-                        } else if (instName.equals("Transactions")) {
-                            AUTHZ_RES_NAME = "certServer.log.content.transactions";
-                        } else if (instName.equals(Constants.PR_LOG_SIGNED_AUDIT)) {
-                            AUTHZ_RES_NAME = "certServer.log.content.signedAudit";
-                        }
-
-                        mOp = "read";
-                        if ((mToken = super.authorize(req)) == null) {
-                            sendResponse(ERROR,
-                                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                    null, resp);
-                            return;
-                        }
-
-                        ILogEventListener loginst =
-                                mSys.getLogInstance(instName);
-
-                        if (loginst != null) {
-                            NameValuePairs nvps = loginst.retrieveLogContent(toHashtable(req));
-
-                            sendResponse(SUCCESS, null, nvps, resp);
-                        }
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_LOG_ARCH)) {
-                        String instName = req.getParameter(Constants.PR_LOG_INSTANCE);
-
-                        if (instName.equals("System")) {
-                            AUTHZ_RES_NAME = "certServer.log.content.system";
-                        } else if (instName.equals("Transactions")) {
-                            AUTHZ_RES_NAME = "certServer.log.content.transactions";
-                        } else if (instName.equals(Constants.PR_LOG_SIGNED_AUDIT)) {
-                            AUTHZ_RES_NAME = "certServer.log.content.signedAudit";
-                        }
-
-                        mOp = "read";
-                        if ((mToken = super.authorize(req)) == null) {
-                            sendResponse(ERROR,
-                                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                    null, resp);
-                            return;
-                        }
-                        ILogEventListener loginst =
-                                mSys.getLogInstance(instName);
-
-                        if (loginst != null) {
-                            NameValuePairs nvps = loginst.retrieveLogList(toHashtable(req));
-
-                            sendResponse(SUCCESS, null, nvps, resp);
-                        }
-                        return;
-                    } else {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                                null, resp);
-                        return;
-                    }
-                } else {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
-                            null, resp);
-                    return;
-                }
-            }
-        } catch (EBaseException e) {
-            // if it is EBaseException, we can output better
-            sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
-        } catch (Exception e) {
-            System.out.println("XXX >>>" + e.toString() + "<<<");
-            e.printStackTrace();
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                    null, resp);
-        }
-
-        return;
-    }
-
-    private synchronized void listLogInsts(HttpServletRequest req,
-            HttpServletResponse resp, boolean all) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<String> e = mSys.getLogInsts().keys();
-
-        for (; e.hasMoreElements();) {
-            String name = e.nextElement();
-            ILogEventListener value = ((ILogSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_LOG)).getLogInstance(name);
-
-            if (value == null)
-                continue;
-            String pName = mSys.getLogPluginName(value);
-            LogPlugin pClass = mSys.getLogPlugins().get(pName);
-            String c = pClass.getClassPath();
-
-            // not show ntEventlog here
-            if (all || (!all && !c.endsWith("NTEventLog")))
-                params.put(name, pName + ";visible");
-        }
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    /**
-     * retrieve extended plugin info such as brief description, type info
-     * from logging
-     */
-    private void getExtendedPluginInfo(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        String id = req.getParameter(Constants.RS_ID);
-
-        int colon = id.indexOf(':');
-
-        String implType = id.substring(0, colon);
-        String implName = id.substring(colon + 1);
-        NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType, implName);
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) {
-        IExtendedPluginInfo ext_info = null;
-        Object impl = null;
-        LogPlugin lp = mSys.getLogPlugins().get(implName);
-
-        if (lp != null) {
-            impl = getClassByNameAsExtendedPluginInfo(lp.getClassPath());
-        }
-        if (impl != null) {
-            if (impl instanceof IExtendedPluginInfo) {
-                ext_info = (IExtendedPluginInfo) impl;
-            }
-        }
-
-        NameValuePairs nvps = null;
-
-        if (ext_info == null) {
-            nvps = new NameValuePairs();
-        } else {
-            nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale));
-        }
-
-        return nvps;
-
-    }
-
-    /**
-     * Add log plug-in
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @param scope string used to obtain the contents of the log's substore
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    @SuppressWarnings("unchecked")
-    private synchronized void addLogPlugin(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String logType = null;
-            String id = req.getParameter(Constants.RS_ID);
-
-            // if this "required" parameter is not present,
-            // always log messages to the signed audit log
-            logType = id;
-            if (logType == null) {
-                logType = SIGNED_AUDIT_LOG_TYPE;
-            }
-
-            if (id == null) {
-                //System.out.println("SRVLT_NULL_RS_ID");
-
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-
-            // is the log id unique?
-            if (mSys.getLogPlugins().containsKey(id)) {
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_PLUGIN_ID", id))
-                                .toString(),
-                        null, resp);
-                return;
-            }
-
-            String classPath = req.getParameter(Constants.PR_LOG_CLASS);
-
-            if (classPath == null) {
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NULL_CLASS"),
-                        null, resp);
-                return;
-            }
-
-            IConfigStore destStore = null;
-
-            destStore = mConfig.getSubStore("log");
-            IConfigStore instancesConfig =
-                    destStore.getSubStore("impl");
-
-            // Does the class exist?
-            Class<ILogEventListener> newImpl = null;
-
-            try {
-                newImpl = (Class<ILogEventListener>) Class.forName(classPath);
-            } catch (ClassNotFoundException e) {
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NO_CLASS"),
-                        null, resp);
-                return;
-            } catch (IllegalArgumentException e) {
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NO_CLASS"),
-                        null, resp);
-                return;
-            }
-
-            // is the class an ILogEventListner?
-            try {
-                if (ILogEventListener.class.isAssignableFrom(newImpl) == false) {
-                    // store a message in the signed audit log file
-                    if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditParams(req));
-
-                        audit(auditMessage);
-                    }
-
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_CLASS"),
-                            null, resp);
-                    return;
-                }
-            } catch (NullPointerException e) { // unlikely, only if newImpl null.
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_CLASS"),
-                        null, resp);
-                return;
-            }
-
-            IConfigStore substore = instancesConfig.makeSubStore(id);
-
-            substore.put(Constants.PR_LOG_CLASS, classPath);
-
-            // commiting
-            try {
-                mConfig.commit(true);
-            } catch (EBaseException e) {
-                //System.out.println("SRVLT_FAIL_COMMIT");
-
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                        null, resp);
-                return;
-            }
-
-            // add log to registry.
-            LogPlugin plugin = new LogPlugin(id, classPath);
-
-            mSys.getLogPlugins().put(id, plugin);
-
-            NameValuePairs params = new NameValuePairs();
-
-            // store a message in the signed audit log file
-            if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-            }
-
-            sendResponse(SUCCESS, null, params, resp);
-            return;
-            // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    private boolean isValidID(String id) {
-        if (id == null)
-            return false;
-        for (int i = 0; i < id.length(); i++) {
-            if (!Character.isLetterOrDigit(id.charAt(i)))
-                return false;
-        }
-        return true;
-    }
-
-    /**
-     * Add log instance
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @param scope string used to obtain the contents of the log's substore
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private synchronized void addLogInst(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String logType = null;
-            String id = req.getParameter(Constants.RS_ID);
-
-            // if this "required" parameter is not present,
-            // always log messages to the signed audit log
-            logType = id;
-            if (logType == null) {
-                logType = SIGNED_AUDIT_LOG_TYPE;
-            }
-
-            if (id == null) {
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-
-            if (!isValidID(id)) {
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR, "Invalid ID '" + id + "'",
-                        null, resp);
-                return;
-            }
-
-            if (mSys.getLogInsts().containsKey(id)) {
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_INST_ID"),
-                        null, resp);
-                return;
-            }
-
-            // get required parameters
-            String implname = req.getParameter(
-                    Constants.PR_LOG_IMPL_NAME);
-
-            if (implname == null) {
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ADD_MISSING_PARAMS"),
-                        null, resp);
-                return;
-            }
-
-            // check if implementation exists.
-            LogPlugin plugin =
-                    mSys.getLogPlugins().get(
-                    implname);
-
-            if (plugin == null) {
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(
-                        ERROR,
-                        new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname))
-                                .toString(),
-                        null, resp);
-                return;
-            }
-
-            Vector<String> configParams = mSys.getLogDefaultParams(implname);
-
-            IConfigStore destStore =
-                    mConfig.getSubStore("log");
-            IConfigStore instancesConfig =
-                    destStore.getSubStore("instance");
-            IConfigStore substore = instancesConfig.makeSubStore(id);
-
-            if (configParams != null) {
-                for (int i = 0; i < configParams.size(); i++) {
-                    String kv = configParams.elementAt(i);
-                    int index = kv.indexOf('=');
-                    String val = req.getParameter(kv.substring(0, index));
-
-                    if (val == null) {
-                        substore.put(kv.substring(0, index),
-                                kv.substring(index + 1));
-                    } else {
-                        substore.put(kv.substring(0, index),
-                                val);
-                    }
-                }
-            }
-            substore.put("pluginName", implname);
-
-            // Fix Blackflag Bug #615603:  Currently, although expiring log
-            // files is no longer supported, it is still a required parameter
-            // that must be present during the creation and modification of
-            // custom log plugins.
-            substore.put("expirationTime", "0");
-
-            // Instantiate an object for this implementation
-            String className = plugin.getClassPath();
-            ILogEventListener logInst = null;
-
-            try {
-                logInst = (ILogEventListener) Class.forName(className).newInstance();
-            } catch (ClassNotFoundException e) {
-                // cleanup
-                instancesConfig.removeSubStore(id);
-
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className))
-                                .toString(),
-                        null, resp);
-                return;
-            } catch (InstantiationException e) {
-                instancesConfig.removeSubStore(id);
-
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className))
-                                .toString(),
-                        null, resp);
-                return;
-            } catch (IllegalAccessException e) {
-                instancesConfig.removeSubStore(id);
-
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className))
-                                .toString(),
-                        null, resp);
-                return;
-            }
-
-            // initialize the log
-            try {
-                logInst.init(mSys, substore);
-            } catch (EBaseException e) {
-                // don't commit in this case and cleanup the new substore.
-                instancesConfig.removeSubStore(id);
-
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
-                return;
-            } catch (Throwable e) {
-                instancesConfig.removeSubStore(id);
-
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR, e.toString(), null, resp);
-                return;
-            }
-
-            // commiting
-            try {
-                mConfig.commit(true);
-            } catch (EBaseException e) {
-                // clean up.
-                instancesConfig.removeSubStore(id);
-
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                        null, resp);
-                return;
-            }
-
-            // inited and commited ok. now add log instance to list.
-            mSys.getLogInsts().put(id, logInst);
-
-            NameValuePairs params = new NameValuePairs();
-
-            params.put(Constants.PR_LOG_IMPL_NAME, implname);
-
-            // store a message in the signed audit log file
-            if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-            }
-
-            sendResponse(SUCCESS, null, params, resp);
-            return;
-            // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    private synchronized void listLogPlugins(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<String> e = mSys.getLogPlugins().keys();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-            LogPlugin value = mSys.getLogPlugins().get(name);
-            // get Description
-            String c = value.getClassPath();
-            String desc = "unknown";
-
-            try {
-                ILogEventListener lp = (ILogEventListener)
-                        Class.forName(c).newInstance();
-
-                desc = lp.getDescription();
-            } catch (Exception exp) {
-                sendResponse(ERROR, exp.toString(), null,
-                        resp);
-                return;
-            }
-            params.put(name, value.getClassPath() + "," + desc);
-        }
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    public String getLogPluginName(ILogEventListener log) {
-        IConfigStore cs = log.getConfigStore();
-
-        try {
-            return cs.getString("pluginName", "");
-        } catch (EBaseException e) {
-            return "";
-        }
-    }
-
-    /**
-     * Delete log instance
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @param scope string used to obtain the contents of the log's substore
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private synchronized void delLogInst(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String logType = null;
-            NameValuePairs params = new NameValuePairs();
-            String id = req.getParameter(Constants.RS_ID);
-
-            // if this "required" parameter is not present,
-            // always log messages to the signed audit log
-            logType = id;
-            if (logType == null) {
-                logType = SIGNED_AUDIT_LOG_TYPE;
-            }
-
-            if (id == null) {
-                //System.out.println("SRVLT_NULL_RS_ID");
-
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-
-            // Does the log instance exist?
-            if (mSys.getLogInsts().containsKey(id) == false) {
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND", id))
-                                .toString(),
-                        null, resp);
-                return;
-            }
-
-            // only remove from memory
-            // cannot shutdown because we don't keep track of whether it's
-            // being used.
-            mSys.getLogInsts().remove(id);
-
-            // remove the configuration.
-            IConfigStore destStore =
-                    mConfig.getSubStore("log");
-            IConfigStore instancesConfig =
-                    destStore.getSubStore("instance");
-
-            instancesConfig.removeSubStore(id);
-            // commiting
-            try {
-                mConfig.commit(true);
-            } catch (EBaseException e) {
-                //System.out.println("SRVLT_FAIL_COMMIT");
-
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                        null, resp);
-                return;
-            }
-
-            // store a message in the signed audit log file
-            if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-            }
-
-            sendResponse(SUCCESS, null, params, resp);
-            return;
-            // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    /**
-     * Delete log plug-in
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @param scope string used to obtain the contents of the log's substore
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private synchronized void delLogPlugin(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String logType = null;
-            NameValuePairs params = new NameValuePairs();
-            String id = req.getParameter(Constants.RS_ID);
-
-            // if this "required" parameter is not present,
-            // always log messages to the signed audit log
-            logType = id;
-            if (logType == null) {
-                logType = SIGNED_AUDIT_LOG_TYPE;
-            }
-
-            if (id == null) {
-                //System.out.println("SRVLT_NULL_RS_ID");
-
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-
-            if (mSys.getLogPlugins().containsKey(id) == false) {
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", id))
-                                .toString(),
-                        null, resp);
-                return;
-            }
-
-            // first check if any instances from this log
-            // DON'T remove log if any instance
-            for (Enumeration<String> e = mSys.getLogInsts().keys(); e.hasMoreElements();) {
-                String name = e.nextElement();
-                ILogEventListener log = mSys.getLogInstance(name);
-
-                if (getLogPluginName(log) == id) {
-                    // store a message in the signed audit log file
-                    if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditParams(req));
-
-                        audit(auditMessage);
-                    }
-
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_IN_USE"),
-                            null, resp);
-                    return;
-                }
-            }
-
-            // then delete this log
-            mSys.getLogPlugins().remove(id);
-
-            IConfigStore destStore =
-                    mConfig.getSubStore("log");
-            IConfigStore instancesConfig =
-                    destStore.getSubStore("impl");
-
-            instancesConfig.removeSubStore(id);
-            // commiting
-            try {
-                mConfig.commit(true);
-            } catch (EBaseException e) {
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                        null, resp);
-                return;
-            }
-
-            // store a message in the signed audit log file
-            if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-            }
-
-            sendResponse(SUCCESS, null, params, resp);
-            return;
-            // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    /**
-     * Modify log instance
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE used when log file name (including any path changes) for
-     * any of audit, system, transaction, or other customized log file change is attempted (authorization should not
-     * allow, but make sure it's written after the attempt)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE used when log expiration time change is attempted
-     * (authorization should not allow, but make sure it's written after the attempt)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @param scope string used to obtain the contents of the log's substore
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private synchronized void modLogInst(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String logType = null;
-        String origLogPath = req.getParameter(Constants.PR_LOG_FILENAME);
-        String newLogPath = origLogPath;
-        String origExpirationTime = req.getParameter(
-                Constants.PR_LOG_EXPIRED_TIME);
-        String newExpirationTime = origExpirationTime;
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String id = req.getParameter(Constants.RS_ID);
-
-            // if this "required" parameter is not present,
-            // always log messages to the signed audit log
-            logType = id;
-            if (logType == null) {
-                logType = SIGNED_AUDIT_LOG_TYPE;
-            }
-
-            if (origLogPath != null) {
-                origLogPath = origLogPath.trim();
-                newLogPath = newLogPath.trim();
-            } else {
-                origLogPath = "";
-                newLogPath = "";
-            }
-
-            if (origExpirationTime != null) {
-                origExpirationTime = origExpirationTime.trim();
-                newExpirationTime = newExpirationTime.trim();
-            } else {
-                origExpirationTime = "";
-                newExpirationTime = "";
-            }
-
-            if (id == null) {
-                //System.out.println("SRVLT_NULL_RS_ID");
-
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-
-            // Does the manager instance exist?
-            if (!mSys.getLogInsts().containsKey(id)) {
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_INST_ID"),
-                        null, resp);
-                return;
-            }
-
-            // get new implementation (same or different.)
-            String implname = req.getParameter(Constants.PR_LOG_IMPL_NAME);
-
-            if (implname == null) {
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ADD_MISSING_PARAMS"),
-
-                        null, resp);
-                return;
-            }
-            // get plugin for implementation
-            LogPlugin plugin =
-                    mSys.getLogPlugins().get(implname);
-
-            if (plugin == null) {
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(
-                        ERROR,
-                        new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname))
-                                .toString(), null, resp);
-                return;
-            }
-
-            // save old instance substore params in case new one fails.
-
-            ILogEventListener oldinst =
-                    mSys.getLogInstance(id);
-            Vector<String> oldConfigParms = oldinst.getInstanceParams();
-            NameValuePairs saveParams = new NameValuePairs();
-
-            // implName is always required so always include it it.
-            saveParams.put("pluginName", implname);
-            if (oldConfigParms != null) {
-                for (int i = 0; i < oldConfigParms.size(); i++) {
-                    String kv = oldConfigParms.elementAt(i);
-                    int index = kv.indexOf('=');
-
-                    saveParams.put(kv.substring(0, index),
-                            kv.substring(index + 1));
-                }
-            }
-
-            // on to the new instance.
-
-            // remove old substore.
-
-            IConfigStore destStore =
-                    mConfig.getSubStore("log");
-            IConfigStore instancesConfig =
-                    destStore.getSubStore("instance");
-
-            // create new substore.
-
-            Vector<String> configParams = mSys.getLogInstanceParams(id);
-
-            //instancesConfig.removeSubStore(id);
-
-            IConfigStore substore = instancesConfig.makeSubStore(id);
-
-            substore.put("pluginName", implname);
-
-            // Fix Blackflag Bug #615603:  Currently, although expiring log
-            // files is no longer supported, it is still a required parameter
-            // that must be present during the creation and modification of
-            // custom log plugins.
-            substore.put("expirationTime", "0");
-
-            // IMPORTANT:  save a copy of the original log file path
-            origLogPath = substore.getString(Constants.PR_LOG_FILENAME);
-            newLogPath = origLogPath;
-
-            if (origLogPath != null) {
-                origLogPath = origLogPath.trim();
-                newLogPath = newLogPath.trim();
-            } else {
-                origLogPath = "";
-                newLogPath = "";
-            }
-
-            // IMPORTANT:  save a copy of the original log expiration time
-            origExpirationTime = substore.getString(
-                        Constants.PR_LOG_EXPIRED_TIME);
-            newExpirationTime = origExpirationTime;
-
-            if (origExpirationTime != null) {
-                origExpirationTime = origExpirationTime.trim();
-                newExpirationTime = newExpirationTime.trim();
-            } else {
-                origExpirationTime = "";
-                newExpirationTime = "";
-            }
-
-            if (configParams != null) {
-                for (int i = 0; i < configParams.size(); i++) {
-                    AUTHZ_RES_NAME =
-                            "certServer.log.configuration";
-                    String kv = configParams.elementAt(i);
-                    int index = kv.indexOf('=');
-                    String key = kv.substring(0, index);
-                    String val = req.getParameter(key);
-
-                    if (key.equals("level")) {
-                        if (val.equals(ILogger.LL_DEBUG_STRING))
-                            val = "0";
-                        else if (val.equals(ILogger.LL_INFO_STRING))
-                            val = "1";
-                        else if (val.equals(ILogger.LL_WARN_STRING))
-                            val = "2";
-                        else if (val.equals(ILogger.LL_FAILURE_STRING))
-                            val = "3";
-                        else if (val.equals(ILogger.LL_MISCONF_STRING))
-                            val = "4";
-                        else if (val.equals(ILogger.LL_CATASTRPHE_STRING))
-                            val = "5";
-                        else if (val.equals(ILogger.LL_SECURITY_STRING))
-                            val = "6";
-
-                    }
-
-                    if (key.equals("rolloverInterval")) {
-                        if (val.equals("Hourly"))
-                            val = Integer.toString(60 * 60);
-                        else if (val.equals("Daily"))
-                            val = Integer.toString(60 * 60 * 24);
-                        else if (val.equals("Weekly"))
-                            val = Integer.toString(60 * 60 * 24 * 7);
-                        else if (val.equals("Monthly"))
-                            val = Integer.toString(60 * 60 * 24 * 30);
-                        else if (val.equals("Yearly"))
-                            val = Integer.toString(60 * 60 * 24 * 365);
-                    }
-
-                    if (val != null) {
-                        if (key.equals("fileName")) {
-                            String origVal = substore.getString(key);
-
-                            val = val.trim();
-                            newLogPath = val;
-                            if (!val.equals(origVal.trim())) {
-                                AUTHZ_RES_NAME =
-                                        "certServer.log.configuration.fileName";
-                                mOp = "modify";
-                                if ((mToken = super.authorize(req)) == null) {
-                                    // store a message in the signed audit log
-                                    // file (regardless of logType)
-                                    if (!(newLogPath.equals(origLogPath))) {
-                                        auditMessage = CMS.getLogMessage(
-                                                    LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
-                                                    auditSubjectID,
-                                                    ILogger.FAILURE,
-                                                    logType,
-                                                    newLogPath);
-
-                                        audit(auditMessage);
-                                    }
-
-                                    // store a message in the signed audit log
-                                    // file
-                                    if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                                        auditMessage = CMS.getLogMessage(
-                                                    LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                                    auditSubjectID,
-                                                    ILogger.FAILURE,
-                                                    auditParams(req));
-
-                                        audit(auditMessage);
-                                    }
-
-                                    sendResponse(ERROR,
-                                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                            null, resp);
-                                    return;
-                                }
-                            }
-                        }
-                        /*
-                                                if (key.equals("expirationTime")) {
-                                                    String origVal = substore.getString(key);
-
-                                                    val = val.trim();
-                                                    newExpirationTime = val;
-                                                    if (!val.equals(origVal.trim())) {
-                                                        if (id.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                                                            AUTHZ_RES_NAME =
-                                                                    "certServer.log.configuration.signedAudit.expirationTime";
-                                                        }
-                                                        mOp = "modify";
-                                                        if ((mToken = super.authorize(req)) == null) {
-                                                            // store a message in the signed audit log
-                                                            // file (regardless of logType)
-                                                            if (!(newExpirationTime.equals(origExpirationTime))) {
-                                                                auditMessage = CMS.getLogMessage(
-                                                                            LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
-                                                                            auditSubjectID,
-                                                                            ILogger.FAILURE,
-                                                                            logType,
-                                                                            newExpirationTime);
-
-                                                                audit(auditMessage);
-                                                            }
-
-                                                            // store a message in the signed audit log
-                                                            // file
-                                                            if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                                                                auditMessage = CMS.getLogMessage(
-                                                                            LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                                                            auditSubjectID,
-                                                                            ILogger.FAILURE,
-                                                                            auditParams(req));
-
-                                                                audit(auditMessage);
-                                                            }
-
-                                                            sendResponse(ERROR,
-                                                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                                                null, resp);
-                                                            return;
-                                                        }
-                                                    }
-                                                }
-                        */
-                        substore.put(key, val);
-                    }
-                }
-            }
-
-            // Instantiate an object for new implementation
-
-            String className = plugin.getClassPath();
-            @SuppressWarnings("unused")
-            ILogEventListener newMgrInst = null;
-
-            try {
-                newMgrInst = (ILogEventListener)
-                        Class.forName(className).newInstance();
-            } catch (ClassNotFoundException e) {
-                // check to see if the log file path parameter was changed
-                newLogPath = auditCheckLogPath(req);
-
-                // check to see if the log expiration time parameter was changed
-                // newExpirationTime = auditCheckLogExpirationTime(req);
-
-                // cleanup
-                restore(instancesConfig, id, saveParams);
-
-                // store a message in the signed audit log file
-                // (regardless of logType)
-                if (!(newLogPath.equals(origLogPath))) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                logType,
-                                newLogPath);
-
-                    audit(auditMessage);
-                }
-
-                // store a message in the signed audit log file
-                // (regardless of logType)
-                /*
-                if (!(newExpirationTime.equals(origExpirationTime))) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                logType,
-                                newExpirationTime);
-
-                    audit(auditMessage);
-                }*/
-
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className))
-                                .toString(),
-                        null, resp);
-                return;
-            } catch (InstantiationException e) {
-                // check to see if the log file path parameter was changed
-                newLogPath = auditCheckLogPath(req);
-
-                // check to see if the log expiration time parameter was changed
-                //newExpirationTime = auditCheckLogExpirationTime(req);
-
-                restore(instancesConfig, id, saveParams);
-
-                // store a message in the signed audit log file
-                // (regardless of logType)
-                if (!(newLogPath.equals(origLogPath))) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                logType,
-                                newLogPath);
-
-                    audit(auditMessage);
-                }
-
-                // store a message in the signed audit log file
-                // (regardless of logType)
-                /*if (!(newExpirationTime.equals(origExpirationTime))) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                logType,
-                                newExpirationTime);
-
-                    audit(auditMessage);
-                }*/
-
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className))
-                                .toString(),
-                        null, resp);
-                return;
-            } catch (IllegalAccessException e) {
-                // check to see if the log file path parameter was changed
-                newLogPath = auditCheckLogPath(req);
-
-                // check to see if the log expiration time parameter was changed
-                //newExpirationTime = auditCheckLogExpirationTime(req);
-
-                restore(instancesConfig, id, saveParams);
-
-                // store a message in the signed audit log file
-                // (regardless of logType)
-                if (!(newLogPath.equals(origLogPath))) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                logType,
-                                newLogPath);
-
-                    audit(auditMessage);
-                }
-
-                // store a message in the signed audit log file
-                // (regardless of logType)
-                /* if (!(newExpirationTime.equals(origExpirationTime))) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                logType,
-                                newExpirationTime);
-
-                    audit(auditMessage);
-                } */
-
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className))
-                                .toString(),
-                        null, resp);
-                return;
-            }
-            // initialize the log
-
-            // initialized ok.  commiting
-            try {
-                mConfig.commit(true);
-            } catch (EBaseException e) {
-                // check to see if the log file path parameter was changed
-                newLogPath = auditCheckLogPath(req);
-
-                // check to see if the log expiration time parameter was changed
-                // newExpirationTime = auditCheckLogExpirationTime(req);
-
-                // clean up.
-                restore(instancesConfig, id, saveParams);
-                //System.out.println("SRVLT_FAIL_COMMIT");
-
-                // store a message in the signed audit log file
-                // (regardless of logType)
-                if (!(newLogPath.equals(origLogPath))) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                logType,
-                                newLogPath);
-
-                    audit(auditMessage);
-                }
-
-                // store a message in the signed audit log file
-                // (regardless of logType)
-                /* if (!(newExpirationTime.equals(origExpirationTime))) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                logType,
-                                newExpirationTime);
-
-                    audit(auditMessage);
-                }*/
-
-                // store a message in the signed audit log file
-                if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-                }
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                        null, resp);
-                return;
-            }
-
-            // commited ok. replace instance.
-
-            // REMOVED - we didn't do anything to shut off the old instance
-            // so, it will still be running at this point. You'd have two
-            // log isntances writing to the same file - this would be a big PROBLEM!!!
-
-            //mSys.getLogInsts().put(id, newMgrInst);
-
-            NameValuePairs params = new NameValuePairs();
-
-            // check to see if the log file path parameter was changed
-            newLogPath = auditCheckLogPath(req);
-
-            // check to see if the log expiration time parameter was changed
-            //newExpirationTime = auditCheckLogExpirationTime(req);
-
-            // store a message in the signed audit log file
-            // (regardless of logType)
-            if (!(newLogPath.equals(origLogPath))) {
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            logType,
-                            newLogPath);
-
-                audit(auditMessage);
-            }
-
-            // store a message in the signed audit log file
-            // (regardless of logType)
-            /*if (!(newExpirationTime.equals(origExpirationTime))) {
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            logType,
-                            newExpirationTime);
-
-                audit(auditMessage);
-            }*/
-
-            // store a message in the signed audit log file
-            if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-            }
-
-            sendResponse(RESTART, null, params, resp);
-            return;
-        } catch (EBaseException eAudit1) {
-            // check to see if the log file path parameter was changed
-            newLogPath = auditCheckLogPath(req);
-
-            // check to see if the log expiration time parameter was changed
-            // newExpirationTime = auditCheckLogExpirationTime(req);
-
-            // store a message in the signed audit log file
-            // (regardless of logType)
-            if (!(newLogPath.equals(origLogPath))) {
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            logType,
-                            newLogPath);
-
-                audit(auditMessage);
-            }
-
-            // store a message in the signed audit log file
-            // (regardless of logType)
-            /* if (!(newExpirationTime.equals(origExpirationTime))) {
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            logType,
-                            newExpirationTime);
-
-                audit(auditMessage);
-            } */
-
-            // store a message in the signed audit log file
-            if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-            }
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // check to see if the log file path parameter was changed
-            newLogPath = auditCheckLogPath(req);
-
-            // check to see if the log expiration time parameter was changed
-            // newExpirationTime = auditCheckLogExpirationTime(req);
-
-            // store a message in the signed audit log file
-            // (regardless of logType)
-            if (!(newLogPath.equals(origLogPath))) {
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            logType,
-                            newLogPath);
-
-                audit(auditMessage);
-            }
-
-            // store a message in the signed audit log file
-            // (regardless of logType)
-            /*if (!(newExpirationTime.equals(origExpirationTime))) {
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            logType,
-                            newExpirationTime);
-
-                audit(auditMessage);
-            }*/
-
-            // store a message in the signed audit log file
-            if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-            }
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // check to see if the log file path parameter was changed
-            //     newLogPath = auditCheckLogPath( req );
-            //
-            //     // check to see if the log expiration time parameter was changed
-            //     newExpirationTime = auditCheckLogExpirationTime( req );
-            //
-            //     // store a message in the signed audit log file
-            //     // (regardless of logType)
-            //     if( !( newLogPath.equals( origLogPath ) ) ) {
-            //         auditMessage = CMS.getLogMessage(
-            //                            LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
-            //                            auditSubjectID,
-            //                            ILogger.FAILURE,
-            //                            logType,
-            //                            newLogPath );
-            //
-            //         audit( auditMessage );
-            //     }
-            //
-            //     // store a message in the signed audit log file
-            //     // (regardless of logType)
-            //     if( !( newExpirationTime.equals( origExpirationTime ) ) ) {
-            //         auditMessage = CMS.getLogMessage(
-            //                            LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
-            //                            auditSubjectID,
-            //                            ILogger.FAILURE,
-            //                            logType,
-            //                            newExpirationTime );
-            //
-            //         audit( auditMessage );
-            //     }
-            //
-            //     // store a message in the signed audit log file
-            //     if( logType.equals( SIGNED_AUDIT_LOG_TYPE ) ) {
-            //         auditMessage = CMS.getLogMessage(
-            //                            LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-            //                            auditSubjectID,
-            //                            ILogger.FAILURE,
-            //                            auditParams( req ) );
-            //
-            //         audit( auditMessage );
-            //     }
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    /**
-     * used for getting the required configuration parameters (with
-     * possible default values) for a particular plugin
-     * implementation name specified in the RS_ID. Actually, there is
-     * no logic in here to set any default value here...there's no
-     * default value for any parameter in this log subsystem
-     * at this point. Later, if we do have one (or some), it can be
-     * added. The interface remains the same.
-     */
-    private synchronized void getConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-
-        String implname = req.getParameter(Constants.RS_ID);
-
-        if (implname == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        Vector<String> configParams = mSys.getLogDefaultParams(implname);
-        NameValuePairs params = new NameValuePairs();
-
-        // implName is always required so always send it.
-        params.put(Constants.PR_LOG_IMPL_NAME, "");
-        if (configParams != null) {
-            for (int i = 0; i < configParams.size(); i++) {
-                String kv = configParams.elementAt(i);
-                int index = kv.indexOf('=');
-
-                if (index == -1) {
-                    params.put(kv, "");
-                } else {
-                    params.put(kv.substring(0, index),
-                            kv.substring(index + 1));
-                }
-            }
-        }
-        sendResponse(0, null, params, resp);
-        return;
-    }
-
-    private synchronized void getInstConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // does log instance exist?
-        if (mSys.getLogInsts().containsKey(id) == false) {
-            sendResponse(ERROR,
-                    new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(),
-                    null, resp);
-            return;
-        }
-
-        ILogEventListener logInst = mSys.getLogInstance(id);
-        Vector<String> configParams = logInst.getInstanceParams();
-        NameValuePairs params = new NameValuePairs();
-
-        params.put(Constants.PR_LOG_IMPL_NAME,
-                getLogPluginName(logInst));
-        // implName is always required so always send it.
-        if (configParams != null) {
-            for (int i = 0; i < configParams.size(); i++) {
-                String kv = configParams.elementAt(i);
-                int index = kv.indexOf('=');
-
-                params.put(kv.substring(0, index),
-                        kv.substring(index + 1));
-            }
-        }
-
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    // convenience routine.
-    private static void restore(IConfigStore store,
-            String id, NameValuePairs saveParams) {
-        store.removeSubStore(id);
-        IConfigStore rstore = store.makeSubStore(id);
-
-        for (String key : saveParams.keySet()) {
-            String value = saveParams.get(key);
-
-            if (value != null)
-                rstore.put(key, value);
-        }
-    }
-
-    /**
-     * Signed Audit Check Log Path
-     *
-     * This method is called to extract the log file path.
-     * <P>
-     *
-     * @param req http servlet request
-     * @return a string containing the log file path
-     */
-    private String auditCheckLogPath(HttpServletRequest req) {
-        // check to see if the log file path parameter was changed
-        String logPath = req.getParameter(Constants.PR_LOG_FILENAME);
-
-        if (logPath == null) {
-            logPath = "";
-        }
-
-        logPath = logPath.trim();
-
-        return logPath;
-    }
-
-    private void getGeneralConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-        String value = "false";
-
-        value = mConfig.getString(Constants.PR_DEBUG_LOG_ENABLE, "false");
-        params.put(Constants.PR_DEBUG_LOG_ENABLE, value);
-
-        value = mConfig.getString(Constants.PR_DEBUG_LOG_LEVEL, "0");
-        params.put(Constants.PR_DEBUG_LOG_LEVEL, value);
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private void setGeneralConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        Enumeration<String> enum1 = req.getParameterNames();
-        boolean restart = false;
-
-        while (enum1.hasMoreElements()) {
-            String key = enum1.nextElement();
-            String value = req.getParameter(key);
-
-            if (key.equals(Constants.PR_DEBUG_LOG_ENABLE)) {
-                if (value.equals("true") || value.equals("false")) {
-                    mConfig.putString(Constants.PR_DEBUG_LOG_ENABLE, value);
-                } else {
-                    CMS.debug("setGeneralConfig: Invalid value for " + Constants.PR_DEBUG_LOG_ENABLE + ": " + value);
-                    throw new EBaseException("Invalid value for " + Constants.PR_DEBUG_LOG_ENABLE);
-                }
-            } else if (key.equals(Constants.PR_DEBUG_LOG_LEVEL)) {
-                try {
-                    Integer.parseInt(value); // check for errors
-                    mConfig.putString(Constants.PR_DEBUG_LOG_LEVEL, value);
-                } catch (NumberFormatException e) {
-                    CMS.debug("setGeneralConfig: Invalid value for " + Constants.PR_DEBUG_LOG_LEVEL + ": " + value);
-                    throw new EBaseException("Invalid value for " + Constants.PR_DEBUG_LOG_LEVEL);
-                }
-            }
-        }
-
-        mConfig.commit(true);
-
-        if (restart)
-            sendResponse(RESTART, null, null, resp);
-        else
-            sendResponse(SUCCESS, null, null, resp);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java b/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java
deleted file mode 100644
index a7ff92274..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java
+++ /dev/null
@@ -1,541 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.admin;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.common.Constants;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.common.OpDef;
-import com.netscape.certsrv.common.ScopeDef;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.ocsp.IOCSPAuthority;
-import com.netscape.certsrv.ocsp.IOCSPStore;
-
-/**
- * A class representings an administration servlet for Certificate
- * Authority. This servlet is responsible to serve OCSP
- * administrative operations such as configuration parameter
- * updates.
- *
- * @version $Revision$, $Date$
- */
-public class OCSPAdminServlet extends AdminServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -3349635369730415767L;
-
-    protected static final String PROP_ENABLED = "enabled";
-
-    private final static String INFO = "OCSPAdminServlet";
-
-    private final static String LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE =
-            "LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE_3";
-
-    private IOCSPAuthority mOCSP = null;
-
-    public OCSPAdminServlet() {
-        super();
-    }
-
-    /**
-     * Initializes this servlet.
-     */
-    public void init(ServletConfig config) throws ServletException {
-        super.init(config);
-        mOCSP = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Serves HTTP request. Each request is authenticated to
-     * the authenticate manager.
-     */
-    public void service(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException {
-        super.service(req, resp);
-
-        //get all operational flags
-        String op = req.getParameter(Constants.OP_TYPE);
-        String scope = req.getParameter(Constants.OP_SCOPE);
-
-        //check operational flags
-        if ((op == null) || (scope == null)) {
-            sendResponse(1, "Invalid Protocol", null, resp);
-            return;
-        }
-
-        super.authenticate(req);
-
-        try {
-            AUTHZ_RES_NAME = "certServer.ocsp.configuration";
-            if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) {
-                mOp = "read";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                try {
-                    getExtendedPluginInfo(req, resp);
-                    return;
-                } catch (EBaseException e) {
-                    sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
-                }
-            }
-
-            if (scope.equals(ScopeDef.SC_OCSPSTORE_DEFAULT)) {
-                if (op.equals(OpDef.OP_MODIFY)) {
-                    mOp = "modify";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-                    setDefaultStore(req, resp);
-                    return;
-                }
-            }
-
-            if (op.equals(OpDef.OP_READ)) {
-                mOp = "read";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_GENERAL)) {
-                    getGeneralConfig(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_OCSPSTORES_RULES)) {
-                    getOCSPStoresConfig(req, resp);
-                    return;
-                }
-            } else if (op.equals(OpDef.OP_MODIFY)) {
-                mOp = "modify";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_GENERAL)) {
-                    setGeneralConfig(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_OCSPSTORES_RULES)) {
-                    setOCSPStoresConfig(req, resp);
-                    return;
-                }
-            } else if (op.equals(OpDef.OP_SEARCH)) {
-                mOp = "read";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_OCSPSTORES_RULES)) {
-                    listOCSPStoresConfig(req, resp);
-                    return;
-                }
-            }
-        } catch (Exception e) {
-            sendResponse(1, e.toString(), null, resp);
-            return;
-        }
-    }
-
-    /**
-     * retrieve extended plugin info such as brief description,
-     * type info from CRL extensions
-     */
-    private void getExtendedPluginInfo(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        String id = req.getParameter(Constants.RS_ID);
-        int colon = id.indexOf(':');
-
-        String implType = id.substring(0, colon);
-        String implName = id.substring(colon + 1);
-
-        NameValuePairs params =
-                getExtendedPluginInfo(getLocale(req), implType, implName);
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) {
-        IExtendedPluginInfo ext_info = null;
-        Object impl = null;
-
-        impl = getClassByNameAsExtendedPluginInfo(implName);
-        if (impl != null) {
-            if (impl instanceof IExtendedPluginInfo) {
-                ext_info = (IExtendedPluginInfo) impl;
-            }
-        }
-
-        NameValuePairs nvps = null;
-
-        if (ext_info == null) {
-            nvps = new NameValuePairs();
-        } else {
-            nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale));
-        }
-
-        return nvps;
-
-    }
-
-    /**
-     * Set default OCSP store
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when configuring OCSP profile (everything under
-     * Online Certificate Status Manager)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private void setDefaultStore(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String id = req.getParameter(Constants.RS_ID);
-
-            mOCSP.getConfigStore().putString(IOCSPAuthority.PROP_DEF_STORE_ID,
-                    id);
-            commit(true);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, null, resp);
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    private void getOCSPStoresConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-        String id = req.getParameter(Constants.RS_ID);
-
-        IOCSPStore store = mOCSP.getOCSPStore(id);
-        NameValuePairs params = store.getConfigParameters();
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    /**
-     * Set OCSP store configuration
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when configuring OCSP profile (everything under
-     * Online Certificate Status Manager)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private void setOCSPStoresConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            NameValuePairs params = new NameValuePairs();
-
-            String id = req.getParameter(Constants.RS_ID);
-
-            IOCSPStore store = mOCSP.getOCSPStore(id);
-
-            Enumeration<String> e = req.getParameterNames();
-
-            while (e.hasMoreElements()) {
-                String name = e.nextElement();
-
-                if (name.equals(Constants.OP_TYPE))
-                    continue;
-                if (name.equals(Constants.RS_ID))
-                    continue;
-                if (name.equals(Constants.OP_SCOPE))
-                    continue;
-                if (name.equals(Constants.PR_CRLEXT_IMPL_NAME))
-                    continue;
-                if (name.equals("RULENAME"))
-                    continue;
-                String value = req.getParameter(name);
-
-                params.put(name, value);
-            }
-            store.setConfigParameters(params);
-            commit(true);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, null, resp);
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    private void listOCSPStoresConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        IConfigStore config = mOCSP.getConfigStore();
-        String defStore = config.getString(IOCSPAuthority.PROP_DEF_STORE_ID);
-        IConfigStore SubStore = config.getSubStore(IOCSPAuthority.PROP_STORE);
-        Enumeration<String> enumStores = SubStore.getSubStoreNames();
-
-        while (enumStores.hasMoreElements()) {
-            String storeName = enumStores.nextElement();
-            boolean storeEnabled = false;
-
-            if (storeName.equals(defStore)) {
-                storeEnabled = true;
-            }
-            params.put(storeName, storeName + ";visible;" + ((storeEnabled) ? "enabled" : "disabled"));
-        }
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private void getGeneralConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-
-        getSigningAlgConfig(params);
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private void getSigningAlgConfig(NameValuePairs params) {
-        params.put(Constants.PR_DEFAULT_ALGORITHM,
-                mOCSP.getDefaultAlgorithm());
-        String[] algorithms = mOCSP.getOCSPSigningAlgorithms();
-        StringBuffer algorStr = new StringBuffer();
-
-        for (int i = 0; i < algorithms.length; i++) {
-            if (i == 0)
-                algorStr.append(algorithms[i]);
-            else
-                algorStr.append(":");
-            algorStr.append(algorithms[i]);
-        }
-        params.put(Constants.PR_ALL_ALGORITHMS, algorStr.toString());
-    }
-
-    /**
-     * Set general OCSP configuration
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when configuring OCSP profile (everything under
-     * Online Certificate Status Manager)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private void setGeneralConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            Enumeration<String> enum1 = req.getParameterNames();
-
-            while (enum1.hasMoreElements()) {
-                String key = enum1.nextElement();
-                String value = req.getParameter(key);
-
-                if (key.equals(Constants.PR_DEFAULT_ALGORITHM)) {
-                    mOCSP.setDefaultAlgorithm(value);
-                }
-            }
-
-            commit(true);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, null, resp);
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java b/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java
deleted file mode 100644
index bfc1e6f4a..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java
+++ /dev/null
@@ -1,1257 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.admin;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.Constants;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.common.OpDef;
-import com.netscape.certsrv.common.ScopeDef;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IPolicyProcessor;
-import com.netscape.certsrv.policy.IPolicyRule;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-
-/**
- * This class is an administration servlet for policy management.
- *
- * Each service (CA, KRA, RA) should be responsible
- * for registering an instance of this with the remote
- * administration subsystem.
- *
- * @deprecated
- * @version $Revision$, $Date$
- */
-public class PolicyAdminServlet extends AdminServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 8850646362111106656L;
-
-    public final static String PROP_AUTHORITY = "authority";
-
-    private final static String INFO = "PolicyAdminServlet";
-    private final static String PW_PASSWORD_CACHE_ADD =
-            "PASSWORD_CACHE_ADD";
-
-    public final static String PROP_PREDICATE = "predicate";
-    private IPolicyProcessor mProcessor = null;
-    private IAuthority mAuthority = null;
-
-    // These will be moved to PolicyResources
-    public static String INVALID_POLICY_SCOPE = "Invalid policy administration scope";
-    public static String INVALID_POLICY_IMPL_OP = "Invalid operation for policy implementation management";
-    public static String NYI = "Not Yet Implemented";
-    public static String INVALID_POLICY_IMPL_CONFIG = "Invalid policy implementation configuration";
-    public static String INVALID_POLICY_INSTANCE_CONFIG = "Invalid policy instance configuration";
-    public static String MISSING_POLICY_IMPL_ID = "Missing policy impl id in request";
-    public static String MISSING_POLICY_IMPL_CLASS = "Missing policy impl class in request";
-    public static String INVALID_POLICY_IMPL_ID = "Invalid policy impl id in request";
-    public static String MISSING_POLICY_INST_ID = "Missing policy impl id in request";
-    public static String INVALID_POLICY_INST_ID = "Invalid policy impl id in request";
-    public static String COMMA = ",";
-    public static String MISSING_POLICY_ORDERING = "Missing policy ordering";
-
-    private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY =
-            "LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY_3";
-
-    /**
-     * Constructs administration servlet.
-     */
-    public PolicyAdminServlet() {
-        super();
-    }
-
-    /**
-     * Initializes this servlet.
-     */
-    public void init(ServletConfig config) throws ServletException {
-        super.init(config);
-        String authority = config.getInitParameter(PROP_AUTHORITY);
-        String policyStatus = null;
-
-        CMS.debug("PolicyAdminServlet: In Policy Admin Servlet init!");
-
-        // CMS 6.1 began utilizing the "Certificate Profiles" framework
-        // instead of the legacy "Certificate Policies" framework.
-        //
-        // Beginning with CS 8.1, to meet the Common Criteria evaluation
-        // performed on this version of the product, it was determined
-        // that this legacy "Certificate Policies" framework would be
-        // deprecated and disabled by default (see Bugzilla Bug #472597).
-        //
-        // NOTE:  The "Certificate Policies" framework ONLY applied to
-        //        to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems.
-        //
-        //        Further, the "PolicyAdminServlet.java" servlet is ONLY used
-        //        by the CA Console for the following:
-        //
-        //            SERVLET-NAME           URL-PATTERN
-        //            ====================================================
-        //            capolicy               ca/capolicy
-        //
-        //        Finally, the "PolicyAdminServlet.java" servlet is ONLY used
-        //        by the KRA Console for the following:
-        //
-        //            SERVLET-NAME           URL-PATTERN
-        //            ====================================================
-        //            krapolicy              kra/krapolicy
-        //
-        if (authority != null)
-            mAuthority = (IAuthority) CMS.getSubsystem(authority);
-        if (mAuthority != null)
-            if (mAuthority instanceof ICertificateAuthority) {
-                mProcessor = ((ICertificateAuthority) mAuthority).getPolicyProcessor();
-                try {
-                    policyStatus = ICertificateAuthority.ID
-                                 + "." + "Policy"
-                                 + "." + IPolicyProcessor.PROP_ENABLE;
-                    if (mConfig.getBoolean(policyStatus, true) == true) {
-                        // NOTE:  If "ca.Policy.enable=<boolean>" is missing,
-                        //        then the referenced instance existed prior
-                        //        to this name=value pair existing in its
-                        //        'CS.cfg' file, and thus we err on the
-                        //        side that the user may still need to
-                        //        use the policy framework.
-                        CMS.debug("PolicyAdminServlet::init "
-                                 + "Certificate Policy Framework (deprecated) "
-                                 + "is ENABLED");
-                    } else {
-                        // CS 8.1 Default:  ca.Policy.enable=false
-                        CMS.debug("PolicyAdminServlet::init "
-                                 + "Certificate Policy Framework (deprecated) "
-                                 + "is DISABLED");
-                        return;
-                    }
-                } catch (EBaseException e) {
-                    throw new ServletException(authority
-                                              + " does not have a "
-                                              + "master policy switch called '"
-                                              + policyStatus + "'");
-                }
-            } else if (mAuthority instanceof IRegistrationAuthority) {
-                // this refers to the legacy RA (pre-CMS 7.0)
-                mProcessor = ((IRegistrationAuthority) mAuthority).getPolicyProcessor();
-            } else if (mAuthority instanceof IKeyRecoveryAuthority) {
-                mProcessor = ((IKeyRecoveryAuthority) mAuthority).getPolicyProcessor();
-                try {
-                    policyStatus = IKeyRecoveryAuthority.ID
-                                + "." + "Policy"
-                                + "." + IPolicyProcessor.PROP_ENABLE;
-                    if (mConfig.getBoolean(policyStatus, true) == true) {
-                        // NOTE:  If "kra.Policy.enable=<boolean>" is missing,
-                        //        then the referenced instance existed prior
-                        //        to this name=value pair existing in its
-                        //        'CS.cfg' file, and thus we err on the
-                        //        side that the user may still need to
-                        //        use the policy framework.
-                        CMS.debug("PolicyAdminServlet::init "
-                                 + "Certificate Policy Framework (deprecated) "
-                                 + "is ENABLED");
-                    } else {
-                        // CS 8.1 Default:  kra.Policy.enable=false
-                        CMS.debug("PolicyAdminServlet::init "
-                                 + "Certificate Policy Framework (deprecated) "
-                                 + "is DISABLED");
-                        return;
-                    }
-                } catch (EBaseException e) {
-                    throw new ServletException(authority
-                                              + " does not have a "
-                                              + "master policy switch called '"
-                                              + policyStatus + "'");
-                }
-            } else
-                throw new ServletException(authority + "  does not have policy processor!");
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * retrieve extended plugin info such as brief description, type info
-     * from policy, authentication,
-     * need to add: listener, mapper and publishing plugins
-     */
-    private void getExtendedPluginInfo(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        if (!readAuthorize(req, resp))
-            return;
-        String id = req.getParameter(Constants.RS_ID);
-        NameValuePairs params = null;
-
-        int colon = id.indexOf(':');
-
-        String implType = id.substring(0, colon);
-        String implName1 = id.substring(colon + 1);
-        String implName = implName1;
-        String instName = null;
-
-        colon = implName1.indexOf(':');
-        if (colon > -1) {
-            implName = implName1.substring(0, colon);
-            instName = implName1.substring(colon + 1);
-            params = getExtendedPluginInfo(getLocale(req), implType, implName, instName);
-        } else {
-            params = getExtendedPluginInfo(getLocale(req), implType, implName);
-        }
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) {
-        IExtendedPluginInfo ext_info = null;
-        Object impl = null;
-        IPolicyRule policy = mProcessor.getPolicyImpl(implName);
-
-        impl = policy;
-
-        if (impl != null) {
-            if (impl instanceof IExtendedPluginInfo) {
-                ext_info = (IExtendedPluginInfo) impl;
-            }
-        }
-
-        NameValuePairs nvps = null;
-
-        if (ext_info == null) {
-            nvps = new NameValuePairs();
-        } else {
-            nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale));
-        }
-
-        return nvps;
-    }
-
-    public NameValuePairs getExtendedPluginInfo(Locale locale, String pluginType,
-            String implName,
-            String instName) {
-        IExtendedPluginInfo ext_info = null;
-
-        Object impl = null;
-
-        IPolicyRule policy = mProcessor.getPolicyInstance(instName);
-
-        impl = policy;
-        if (impl == null) {
-            impl = mProcessor.getPolicyImpl(implName);
-        }
-        if (impl != null) {
-            if (impl instanceof IExtendedPluginInfo) {
-                ext_info = (IExtendedPluginInfo) impl;
-            }
-        }
-
-        NameValuePairs nvps = null;
-
-        if (ext_info == null) {
-            nvps = new NameValuePairs();
-        } else {
-            nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale));
-
-        }
-
-        if (nvps != null) {
-            addDefaultParams(impl, nvps);
-        }
-
-        return nvps;
-    }
-
-    private void addDefaultParams(Object ext_info, NameValuePairs nvps) {
-
-        /* make sure policy rules have 'enable' and 'predicate' */
-
-        if (ext_info instanceof IPolicyRule) {
-            if (nvps.get(IPolicyRule.PROP_ENABLE) == null) {
-                nvps.put(IPolicyRule.PROP_ENABLE, "boolean;Enable this policy rule");
-            }
-            if (nvps.get(PROP_PREDICATE) == null) {
-                nvps.put(PROP_PREDICATE, "string;Rules describing when this policy should run.");
-            }
-        }
-    }
-
-    /**
-     * Serves HTTP admin request.
-     */
-    public void service(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        super.service(req, resp);
-
-        super.authenticate(req);
-
-        AUTHZ_RES_NAME = "certServer.policy.configuration";
-        String scope = req.getParameter(Constants.OP_SCOPE);
-
-        if (scope.equals(ScopeDef.SC_POLICY_RULES))
-            processPolicyRuleMgmt(req, resp);
-        else if (scope.equals(ScopeDef.SC_POLICY_IMPLS))
-            processPolicyImplMgmt(req, resp);
-        else if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) {
-            try {
-                getExtendedPluginInfo(req, resp);
-            } catch (EBaseException e) {
-                sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
-                return;
-            }
-        } else
-            sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp);
-    }
-
-    private boolean readAuthorize(HttpServletRequest req,
-            HttpServletResponse resp) throws IOException {
-        mOp = "read";
-        if ((mToken = super.authorize(req)) == null) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                    null, resp);
-            return false;
-        }
-        return true;
-    }
-
-    private boolean modifyAuthorize(HttpServletRequest req,
-            HttpServletResponse resp) throws IOException {
-        mOp = "modify";
-        if ((mToken = super.authorize(req)) == null) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                    null, resp);
-            return false;
-        }
-        return true;
-    }
-
-    /**
-     * Process Policy Implementation Management.
-     */
-    public void processPolicyImplMgmt(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        // Get operation type
-        String op = req.getParameter(Constants.OP_TYPE);
-
-        if (op.equals(OpDef.OP_SEARCH)) {
-            if (!readAuthorize(req, resp))
-                return;
-            listPolicyImpls(req, resp);
-        } else if (op.equals(OpDef.OP_DELETE)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            deletePolicyImpl(req, resp);
-        } else if (op.equals(OpDef.OP_READ)) {
-            if (!readAuthorize(req, resp))
-                return;
-            getPolicyImplConfig(req, resp);
-        } else if (op.equals(OpDef.OP_ADD)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            addPolicyImpl(req, resp);
-        } else
-            sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
-                    null, resp);
-    }
-
-    public void processPolicyRuleMgmt(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        // Get operation type
-        String op = req.getParameter(Constants.OP_TYPE);
-
-        if (op.equals(OpDef.OP_SEARCH)) {
-            if (!readAuthorize(req, resp))
-                return;
-            listPolicyInstances(req, resp);
-        } else if (op.equals(OpDef.OP_DELETE)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            deletePolicyInstance(req, resp);
-        } else if (op.equals(OpDef.OP_READ)) {
-            if (!readAuthorize(req, resp))
-                return;
-            getPolicyInstanceConfig(req, resp);
-        } else if (op.equals(OpDef.OP_ADD)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            addPolicyInstance(req, resp);
-        } else if (op.equals(OpDef.OP_MODIFY)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            String id = req.getParameter(Constants.RS_ID);
-
-            if (id.equalsIgnoreCase(Constants.RS_ID_ORDER))
-                changePolicyInstanceOrdering(req, resp);
-            else
-                modifyPolicyInstance(req, resp);
-        } else
-            sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
-                    null, resp);
-    }
-
-    public void listPolicyImpls(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        Enumeration<String> policyImplNames = mProcessor.getPolicyImplsInfo();
-        Enumeration<IPolicyRule> policyImpls = mProcessor.getPolicyImpls();
-
-        if (policyImplNames == null ||
-                policyImpls == null) {
-            sendResponse(ERROR, INVALID_POLICY_IMPL_CONFIG, null, resp);
-            return;
-        }
-
-        // Assemble a name value pair;
-        NameValuePairs nvp = new NameValuePairs();
-
-        while (policyImplNames.hasMoreElements() &&
-                policyImpls.hasMoreElements()) {
-            String id = policyImplNames.nextElement();
-            IPolicyRule impl = policyImpls.nextElement();
-            String className =
-                    impl.getClass().getName();
-            String desc = impl.getDescription();
-
-            nvp.put(id, className + "," + desc);
-        }
-        sendResponse(SUCCESS, null, nvp, resp);
-    }
-
-    public void listPolicyInstances(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        Enumeration<String> instancesInfo = mProcessor.getPolicyInstancesInfo();
-
-        if (instancesInfo == null) {
-            sendResponse(ERROR, INVALID_POLICY_INSTANCE_CONFIG, null, resp);
-            return;
-        }
-
-        // Assemble name value pairs
-        NameValuePairs nvp = new NameValuePairs();
-
-        while (instancesInfo.hasMoreElements()) {
-            String info = instancesInfo.nextElement();
-            int i = info.indexOf(";");
-
-            nvp.put(info.substring(0, i), info.substring(i + 1));
-
-        }
-        sendResponse(SUCCESS, null, nvp, resp);
-    }
-
-    /**
-     * Delete policy implementation
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and
-     * extensions
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void deletePolicyImpl(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            // Get the policy impl id.
-            String id = req.getParameter(Constants.RS_ID).trim();
-
-            if (id == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp);
-                return;
-            }
-
-            try {
-                mProcessor.deletePolicyImpl(id);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(SUCCESS, null, null, resp);
-            } catch (Exception e) {
-                //e.printStackTrace();
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, e.toString(), null, resp);
-            }
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-
-    public void getPolicyImplConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        // Get the policy impl id.
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp);
-            return;
-        }
-
-        Vector<String> v = mProcessor.getPolicyImplConfig(id);
-
-        if (v == null) {
-            sendResponse(ERROR, INVALID_POLICY_IMPL_ID, null, resp);
-            return;
-        }
-        NameValuePairs nvp = new NameValuePairs();
-
-        for (Enumeration<String> e = v.elements(); e.hasMoreElements();) {
-            String nv = e.nextElement();
-            int index = nv.indexOf("=");
-
-            nvp.put(nv.substring(0, index), nv.substring(index + 1));
-        }
-        sendResponse(SUCCESS, null, nvp, resp);
-    }
-
-    /**
-     * Add policy implementation
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and
-     * extensions
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void addPolicyImpl(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            // Get the policy impl id and class path.
-            String id = req.getParameter(Constants.RS_ID);
-
-            if (id == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp);
-                return;
-            }
-
-            String classPath = req.getParameter(Constants.PR_POLICY_CLASS);
-
-            if (classPath == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, MISSING_POLICY_IMPL_CLASS, null, resp);
-                return;
-            }
-            try {
-                mProcessor.addPolicyImpl(id, classPath);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(SUCCESS, null, null, resp);
-            } catch (Exception e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, e.toString(), null, resp);
-            }
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-
-    /**
-     * Delete policy instance
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and
-     * extensions
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void deletePolicyInstance(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            // Get the policy impl id.
-            String id = req.getParameter(Constants.RS_ID).trim();
-
-            if (id == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, MISSING_POLICY_INST_ID, null, resp);
-                return;
-            }
-
-            try {
-                mProcessor.deletePolicyInstance(id);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(SUCCESS, null, null, resp);
-            } catch (Exception e) {
-                //e.printStackTrace();
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, e.toString(), null, resp);
-            }
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-
-    public void getPolicyInstanceConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        // Get the policy rule id.
-        String id = req.getParameter(Constants.RS_ID).trim();
-
-        if (id == null) {
-            sendResponse(ERROR, MISSING_POLICY_INST_ID, null, resp);
-            return;
-        }
-
-        Vector<String> v = mProcessor.getPolicyInstanceConfig(id);
-
-        if (v == null) {
-            sendResponse(ERROR, INVALID_POLICY_INST_ID, null, resp);
-            return;
-        }
-        NameValuePairs nvp = new NameValuePairs();
-
-        for (Enumeration<String> e = v.elements(); e.hasMoreElements();) {
-            String nv = e.nextElement();
-            int index = nv.indexOf("=");
-            String name = nv.substring(0, index);
-            String value = nv.substring(index + 1);
-
-            if (value == null) {
-                value = "";
-            }
-
-            nvp.put(name, value);
-
-        }
-        sendResponse(SUCCESS, null, nvp, resp);
-    }
-
-    public void
-            putUserPWPair(String combo) {
-        int semicolon;
-
-        semicolon = combo.indexOf(";");
-        String user = combo.substring(0, semicolon);
-        String pw = combo.substring(semicolon + 1);
-
-        CMS.putPasswordCache(user, pw);
-    }
-
-    /**
-     * Add policy instance
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and
-     * extensions
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void addPolicyInstance(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            // Get the policy impl id and class path.
-            String id = req.getParameter(Constants.RS_ID);
-
-            if (id == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, MISSING_POLICY_INST_ID, null, resp);
-                return;
-            }
-
-            // Get the default config params for the implementation.
-            String implName = req.getParameter(IPolicyRule.PROP_IMPLNAME);
-
-            if (implName == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp);
-                return;
-            }
-
-            // We need to fetch parameters: enable, predicate and implname
-            // always, and any additional parameters as required by the
-            // implementation.
-            Hashtable<String, String> ht = new Hashtable<String, String>();
-            String val = req.getParameter(IPolicyRule.PROP_ENABLE).trim();
-
-            if (val == null)
-                val = "true";
-            ht.put(IPolicyRule.PROP_ENABLE, val);
-
-            val = req.getParameter(IPolicyRule.PROP_PREDICATE);
-            if (val != null)
-                ht.put(IPolicyRule.PROP_PREDICATE, val);
-            ht.put(IPolicyRule.PROP_IMPLNAME, implName);
-
-            Vector<String> v = mProcessor.getPolicyImplConfig(implName);
-
-            if (v == null) {
-                // Invalid impl id
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, INVALID_POLICY_IMPL_ID, null, resp);
-                return;
-            }
-            for (Enumeration<String> e = v.elements(); e.hasMoreElements();) {
-                String nv = e.nextElement();
-                int index = nv.indexOf("=");
-                String key = nv.substring(0, index);
-
-                val = req.getParameter(key).trim();
-                if (val != null)
-                    ht.put(key, val);
-            }
-
-            String pwadd = req.getParameter(PW_PASSWORD_CACHE_ADD);
-
-            if (pwadd != null) {
-                putUserPWPair(pwadd);
-            }
-
-            try {
-                mProcessor.addPolicyInstance(id, ht);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(SUCCESS, null, null, resp);
-            } catch (Exception e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, e.toString(), null, resp);
-            }
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-
-    /**
-     * Change ordering of policy instances
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and
-     * extensions
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void changePolicyInstanceOrdering(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String policyOrder =
-                    req.getParameter(Constants.PR_POLICY_ORDER);
-
-            if (policyOrder == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, MISSING_POLICY_ORDERING, null, resp);
-                return;
-            }
-            try {
-                mProcessor.changePolicyInstanceOrdering(policyOrder);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(SUCCESS, null, null, resp);
-            } catch (Exception e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, e.toString(), null, resp);
-            }
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-
-    /**
-     * Modify policy instance
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and
-     * extensions
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void modifyPolicyInstance(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            // Get the policy impl id and class path.
-            String id = req.getParameter(Constants.RS_ID);
-
-            if (id == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, MISSING_POLICY_INST_ID, null, resp);
-                return;
-            }
-
-            // Get the default config params for the implementation.
-            String implName = req.getParameter(IPolicyRule.PROP_IMPLNAME).trim();
-
-            if (implName == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp);
-                return;
-            }
-
-            // We need to fetch parameters: enable, predicate and implname
-            // always, and any additional parameters as required by the
-            // implementation.
-            Hashtable<String, String> ht = new Hashtable<String, String>();
-            String val = req.getParameter(IPolicyRule.PROP_ENABLE).trim();
-
-            if (val == null)
-                val = "true";
-            ht.put(IPolicyRule.PROP_ENABLE, val);
-
-            val = req.getParameter(IPolicyRule.PROP_PREDICATE);
-            if (val != null)
-                ht.put(IPolicyRule.PROP_PREDICATE, val);
-            ht.put(IPolicyRule.PROP_IMPLNAME, implName);
-            Vector<String> v = mProcessor.getPolicyImplConfig(implName);
-
-            if (v == null) {
-                // Invalid impl id
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, INVALID_POLICY_IMPL_ID, null, resp);
-                return;
-            }
-            // XXX
-            for (Enumeration<String> n = req.getParameterNames(); n.hasMoreElements();) {
-                String p = n.nextElement();
-                String l = req.getParameter(p);
-
-                if (l != null)
-                    ht.put(p, l);
-            }
-
-            /*
-             for(Enumeration e = v.elements(); e.hasMoreElements(); )
-             {
-             String nv = (String)e.nextElement();
-             int index = nv.indexOf("=");
-             String key = nv.substring(0, index);
-             val = req.getParameter(key);
-             if (val != null)
-             ht.put(key, val);
-             }
-             */
-
-            try {
-                mProcessor.modifyPolicyInstance(id, ht);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(SUCCESS, null, null, resp);
-            } catch (Exception e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, e.toString(), null, resp);
-            }
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java b/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java
deleted file mode 100644
index 3d25b8b71..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java
+++ /dev/null
@@ -1,2666 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.admin;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.StringTokenizer;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.common.Constants;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.common.OpDef;
-import com.netscape.certsrv.common.ScopeDef;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IPolicyConstraint;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileEx;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.profile.IProfileOutput;
-import com.netscape.certsrv.profile.IProfilePolicy;
-import com.netscape.certsrv.profile.IProfileSubsystem;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.registry.IPluginInfo;
-import com.netscape.certsrv.registry.IPluginRegistry;
-
-/**
- * This class is an administration servlet for policy management.
- *
- * Each service (CA, KRA, RA) should be responsible
- * for registering an instance of this with the remote
- * administration subsystem.
- *
- * @version $Revision$, $Date$
- */
-public class ProfileAdminServlet extends AdminServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 4828203666899891742L;
-
-    public final static String PROP_AUTHORITY = "authority";
-
-    private final static String INFO = "ProfileAdminServlet";
-
-    public final static String PROP_PREDICATE = "predicate";
-    private IPluginRegistry mRegistry = null;
-    private IProfileSubsystem mProfileSub = null;
-
-    // These will be moved to PolicyResources
-    public static String INVALID_POLICY_SCOPE = "Invalid policy administration scope";
-    public static String INVALID_POLICY_IMPL_OP = "Invalid operation for policy implementation management";
-    public static String NYI = "Not Yet Implemented";
-    public static String INVALID_POLICY_IMPL_CONFIG = "Invalid policy implementation configuration";
-    public static String INVALID_POLICY_INSTANCE_CONFIG = "Invalid policy instance configuration";
-    public static String MISSING_POLICY_IMPL_ID = "Missing policy impl id in request";
-    public static String MISSING_POLICY_IMPL_CLASS = "Missing policy impl class in request";
-    public static String INVALID_POLICY_IMPL_ID = "Invalid policy impl id in request";
-    public static String MISSING_POLICY_INST_ID = "Missing policy id in request";
-    public static String POLICY_INST_ID_ALREADY_USED = "policy id already used";
-    public static String INVALID_POLICY_INST_ID = "Invalid policy id in request";
-    public static String COMMA = ",";
-    public static String MISSING_POLICY_ORDERING = "Missing policy ordering";
-    public static String BAD_CONFIGURATION_VAL = "Invalid configuration value.";
-
-    private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE =
-            "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3";
-
-    /**
-     * Constructs administration servlet.
-     */
-    public ProfileAdminServlet() {
-        super();
-    }
-
-    /**
-     * Initializes this servlet.
-     */
-    public void init(ServletConfig config) throws ServletException {
-        super.init(config);
-
-        mRegistry = (IPluginRegistry) CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY);
-        mProfileSub = (IProfileSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_PROFILE);
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Serves HTTP admin request.
-     */
-    public void service(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        super.service(req, resp);
-
-        super.authenticate(req);
-
-        AUTHZ_RES_NAME = "certServer.profile.configuration";
-        String scope = req.getParameter(Constants.OP_SCOPE);
-
-        CMS.debug("ProfileAdminServlet: service scope: " + scope);
-        if (scope.equals(ScopeDef.SC_PROFILE_RULES)) {
-            processProfileRuleMgmt(req, resp);
-        } else if (scope.equals(ScopeDef.SC_PROFILE_POLICIES)) {
-            processProfilePolicy(req, resp);
-        } else if (scope.equals(ScopeDef.SC_PROFILE_DEFAULT_POLICY)) {
-            processPolicyDefaultConfig(req, resp);
-        } else if (scope.equals(ScopeDef.SC_PROFILE_CONSTRAINT_POLICY)) {
-            processPolicyConstraintConfig(req, resp);
-        } else if (scope.equals(ScopeDef.SC_POLICY_IMPLS)) {
-            processPolicyImplMgmt(req, resp);
-        } else if (scope.equals(ScopeDef.SC_PROFILE_INPUT)) {
-            processProfileInput(req, resp);
-        } else if (scope.equals(ScopeDef.SC_PROFILE_OUTPUT)) {
-            processProfileOutput(req, resp);
-        } else if (scope.equals(ScopeDef.SC_PROFILE_INPUT_CONFIG)) {
-            processProfileInputConfig(req, resp);
-        } else if (scope.equals(ScopeDef.SC_PROFILE_OUTPUT_CONFIG)) {
-            processProfileOutputConfig(req, resp);
-        } else
-            sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp);
-    }
-
-    private boolean readAuthorize(HttpServletRequest req,
-            HttpServletResponse resp) throws IOException {
-        mOp = "read";
-        if ((mToken = super.authorize(req)) == null) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                    null, resp);
-            return false;
-        }
-        return true;
-    }
-
-    private boolean modifyAuthorize(HttpServletRequest req,
-            HttpServletResponse resp) throws IOException {
-        mOp = "modify";
-        if ((mToken = super.authorize(req)) == null) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                    null, resp);
-            return false;
-        }
-        return true;
-    }
-
-    public void processProfilePolicy(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        // Get operation type
-        String op = req.getParameter(Constants.OP_TYPE);
-
-        if (op.equals(OpDef.OP_READ)) {
-            if (!readAuthorize(req, resp))
-                return;
-            getProfilePolicy(req, resp);
-        } else if (op.equals(OpDef.OP_ADD)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            addProfilePolicy(req, resp);
-        } else if (op.equals(OpDef.OP_DELETE)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            deleteProfilePolicy(req, resp);
-        }
-    }
-
-    public void processProfileInput(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        // Get operation type
-        String op = req.getParameter(Constants.OP_TYPE);
-
-        if (op.equals(OpDef.OP_READ)) {
-            if (!readAuthorize(req, resp))
-                return;
-            getProfileInput(req, resp);
-        } else if (op.equals(OpDef.OP_ADD)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            addProfileInput(req, resp);
-        } else if (op.equals(OpDef.OP_DELETE)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            deleteProfileInput(req, resp);
-        }
-    }
-
-    public void processProfileOutput(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        // Get operation type
-        String op = req.getParameter(Constants.OP_TYPE);
-
-        if (op.equals(OpDef.OP_READ)) {
-            if (!readAuthorize(req, resp))
-                return;
-            getProfileOutput(req, resp);
-        } else if (op.equals(OpDef.OP_ADD)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            addProfileOutput(req, resp);
-        } else if (op.equals(OpDef.OP_DELETE)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            deleteProfileOutput(req, resp);
-        }
-    }
-
-    public void processProfileInputConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        // Get operation type
-        String op = req.getParameter(Constants.OP_TYPE);
-
-        if (op.equals(OpDef.OP_READ)) {
-            if (!readAuthorize(req, resp))
-                return;
-            getInputConfig(req, resp);
-        } else if (op.equals(OpDef.OP_MODIFY)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            modifyInputConfig(req, resp);
-        }
-    }
-
-    public void processProfileOutputConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        // Get operation type
-        String op = req.getParameter(Constants.OP_TYPE);
-
-        if (op.equals(OpDef.OP_READ)) {
-            if (!readAuthorize(req, resp))
-                return;
-            getOutputConfig(req, resp);
-        } else if (op.equals(OpDef.OP_MODIFY)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            modifyOutputConfig(req, resp);
-        }
-    }
-
-    public void processPolicyDefaultConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        // Get operation type
-        String op = req.getParameter(Constants.OP_TYPE);
-
-        if (op.equals(OpDef.OP_READ)) {
-            if (!readAuthorize(req, resp))
-                return;
-            getPolicyDefaultConfig(req, resp);
-        } else if (op.equals(OpDef.OP_ADD)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            addPolicyDefaultConfig(req, resp);
-        } else if (op.equals(OpDef.OP_MODIFY)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            modifyPolicyDefaultConfig(req, resp);
-        }
-    }
-
-    public void processPolicyConstraintConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        // Get operation type
-        String op = req.getParameter(Constants.OP_TYPE);
-
-        CMS.debug("ProfileAdminServlet: processPolicyConstraintConfig op " + op);
-        if (op.equals(OpDef.OP_READ)) {
-            if (!readAuthorize(req, resp))
-                return;
-            getPolicyConstraintConfig(req, resp);
-        } else if (op.equals(OpDef.OP_ADD)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            addPolicyConstraintConfig(req, resp);
-        } else if (op.equals(OpDef.OP_MODIFY)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            modifyPolicyConstraintConfig(req, resp);
-        }
-    }
-
-    /**
-     * Process Policy Implementation Management.
-     */
-    public void processPolicyImplMgmt(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        // Get operation type
-        String op = req.getParameter(Constants.OP_TYPE);
-
-        if (op.equals(OpDef.OP_SEARCH)) {
-            if (!readAuthorize(req, resp))
-                return;
-            listProfileImpls(req, resp);
-        } else
-            sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
-                    null, resp);
-    }
-
-    public void processProfileRuleMgmt(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        // Get operation type
-        String op = req.getParameter(Constants.OP_TYPE);
-
-        if (op.equals(OpDef.OP_SEARCH)) {
-            if (!readAuthorize(req, resp))
-                return;
-            listProfileInstances(req, resp);
-        } else if (op.equals(OpDef.OP_DELETE)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            deleteProfileInstance(req, resp);
-        } else if (op.equals(OpDef.OP_READ)) {
-            if (!readAuthorize(req, resp))
-                return;
-            getProfileInstanceConfig(req, resp);
-        } else if (op.equals(OpDef.OP_ADD)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            addProfileInstance(req, resp);
-        } else if (op.equals(OpDef.OP_MODIFY)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            modifyProfileInstance(req, resp);
-        } else
-            sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
-                    null, resp);
-    }
-
-    /**
-     * Lists all registered profile impementations
-     */
-    public void listProfileImpls(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-
-        Enumeration<String> impls = mRegistry.getIds("profile");
-        NameValuePairs nvp = new NameValuePairs();
-
-        while (impls.hasMoreElements()) {
-            String id = impls.nextElement();
-            IPluginInfo info = mRegistry.getPluginInfo("profile", id);
-
-            nvp.put(id, info.getClassName() + "," +
-                    info.getDescription(getLocale(req)));
-        }
-        sendResponse(SUCCESS, null, nvp, resp);
-    }
-
-    /**
-     * Add policy profile
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
-     * and cert profile; obsoletes extensions and constraints policies)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void addProfilePolicy(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        CMS.debug("ProfileAdminServlet: in addProfilePolicy");
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String id = req.getParameter(Constants.RS_ID);
-
-            StringTokenizer st = new StringTokenizer(id, ";");
-            String profileId = st.nextToken();
-            String policyId = st.nextToken();
-            String defImpl = st.nextToken();
-            String conImpl = st.nextToken();
-
-            IProfile profile = null;
-
-            try {
-                profile = mProfileSub.getProfile(profileId);
-            } catch (EBaseException e1) {
-                // error
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-
-            if (mProfileSub.isProfileEnable(profileId)) {
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),
-                                "CMS_PROFILE_CREATE_POLICY_FAILED",
-                                "Profile is currently enabled"),
-                        null, resp);
-                return;
-            }
-
-            StringTokenizer ss = new StringTokenizer(policyId, ":");
-            String setId = ss.nextToken();
-            String pId = ss.nextToken();
-
-            try {
-                if (!isValidId(setId)) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req),
-                                    "CMS_PROFILE_CREATE_POLICY_FAILED",
-                                    "Invalid set id " + setId),
-                            null, resp);
-                    return;
-                }
-                if (!isValidId(pId)) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req),
-                                    "CMS_PROFILE_CREATE_POLICY_FAILED",
-                                    "Invalid policy id " + pId),
-                            null, resp);
-                    return;
-                }
-                profile.createProfilePolicy(setId, pId,
-                            defImpl, conImpl);
-            } catch (EBaseException e1) {
-                // error
-                CMS.debug("ProfileAdminServlet: addProfilePolicy " +
-                        e1.toString());
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_POLICY_FAILED",
-                                e1.toString()),
-                        null, resp);
-                return;
-            }
-            NameValuePairs nvp = new NameValuePairs();
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, nvp, resp);
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-
-    /**
-     * Add profile input
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
-     * and cert profile; obsoletes extensions and constraints policies)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void addProfileInput(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String id = req.getParameter(Constants.RS_ID);
-
-            StringTokenizer st = new StringTokenizer(id, ";");
-            String profileId = st.nextToken();
-            String inputId = st.nextToken();
-            String inputImpl = st.nextToken();
-
-            IProfile profile = null;
-
-            try {
-                profile = mProfileSub.getProfile(profileId);
-            } catch (EBaseException e1) {
-                // error
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-
-            Enumeration<String> names = req.getParameterNames();
-            NameValuePairs nvps = new NameValuePairs();
-
-            while (names.hasMoreElements()) {
-                String name = names.nextElement();
-
-                if (name.equals("OP_SCOPE"))
-                    continue;
-                if (name.equals("OP_TYPE"))
-                    continue;
-                if (name.equals("RS_ID"))
-                    continue;
-                nvps.put(name, req.getParameter(name));
-            }
-
-            try {
-                profile.createProfileInput(inputId, inputImpl, nvps);
-            } catch (EBaseException e1) {
-                // error
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_INPUT_FAILED",
-                                e1.toString()),
-                        null, resp);
-
-                return;
-            }
-
-            NameValuePairs nvp = new NameValuePairs();
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, nvp, resp);
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-
-    /**
-     * Add profile output
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
-     * and cert profile; obsoletes extensions and constraints policies)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void addProfileOutput(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String id = req.getParameter(Constants.RS_ID);
-
-            StringTokenizer st = new StringTokenizer(id, ";");
-            String profileId = st.nextToken();
-            String outputId = st.nextToken();
-            String outputImpl = st.nextToken();
-
-            IProfile profile = null;
-
-            try {
-                profile = mProfileSub.getProfile(profileId);
-            } catch (EBaseException e1) {
-                // error
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-
-            Enumeration<String> names = req.getParameterNames();
-            NameValuePairs nvps = new NameValuePairs();
-
-            while (names.hasMoreElements()) {
-                String name = names.nextElement();
-
-                if (name.equals("OP_SCOPE"))
-                    continue;
-                if (name.equals("OP_TYPE"))
-                    continue;
-                if (name.equals("RS_ID"))
-                    continue;
-                nvps.put(name, req.getParameter(name));
-            }
-
-            try {
-                profile.createProfileOutput(outputId, outputImpl,
-                            nvps);
-            } catch (EBaseException e1) {
-                // error
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_OUTPUT_FAILED",
-                                e1.toString()),
-                        null, resp);
-
-                return;
-            }
-
-            NameValuePairs nvp = new NameValuePairs();
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, nvp, resp);
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-
-    /**
-     * Delete policy profile
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
-     * and cert profile; obsoletes extensions and constraints policies)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void deleteProfilePolicy(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String profileId = "";
-            String policyId = "";
-            Enumeration<String> names = req.getParameterNames();
-
-            while (names.hasMoreElements()) {
-                String name = names.nextElement();
-
-                if (name.equals("OP_SCOPE"))
-                    continue;
-                if (name.equals("OP_TYPE"))
-                    continue;
-                if (name.equals("RS_ID"))
-                    profileId = req.getParameter(name);
-                if (name.equals("POLICYID"))
-                    policyId = req.getParameter(name);
-            }
-            IProfile profile = null;
-
-            try {
-                profile = mProfileSub.getProfile(profileId);
-            } catch (EBaseException e1) {
-                // error
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-
-            StringTokenizer ss = new StringTokenizer(policyId, ":");
-            String setId = ss.nextToken();
-            String pId = ss.nextToken();
-
-            try {
-                profile.deleteProfilePolicy(setId, pId);
-            } catch (EBaseException e1) {
-                CMS.debug("ProfileAdminServlet: " + e1.toString());
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-
-            NameValuePairs nvp = new NameValuePairs();
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, nvp, resp);
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-
-    /**
-     * Delete profile input
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
-     * and cert profile; obsoletes extensions and constraints policies)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void deleteProfileInput(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String profileId = "";
-            String inputId = "";
-            Enumeration<String> names = req.getParameterNames();
-
-            while (names.hasMoreElements()) {
-                String name = names.nextElement();
-
-                if (name.equals("OP_SCOPE"))
-                    continue;
-                if (name.equals("OP_TYPE"))
-                    continue;
-                if (name.equals("RS_ID"))
-                    profileId = req.getParameter(name);
-                if (name.equals("INPUTID"))
-                    inputId = req.getParameter(name);
-            }
-            CMS.debug("ProfileAdminServlet: deleteProfileInput profileId -> " + profileId);
-            CMS.debug("ProfileAdminServlet: deleteProfileInput inputId -> " + inputId);
-            IProfile profile = null;
-
-            try {
-                profile = mProfileSub.getProfile(profileId);
-            } catch (EBaseException e1) {
-                // error
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-
-            CMS.debug("deleteProfileInput profile -> " + profile);
-            try {
-                profile.deleteProfileInput(inputId);
-            } catch (EBaseException e1) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-
-            NameValuePairs nvp = new NameValuePairs();
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, nvp, resp);
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-
-    /**
-     * Delete profile output
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
-     * and cert profile; obsoletes extensions and constraints policies)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void deleteProfileOutput(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String profileId = "";
-            String outputId = "";
-            Enumeration<String> names = req.getParameterNames();
-
-            while (names.hasMoreElements()) {
-                String name = names.nextElement();
-
-                if (name.equals("OP_SCOPE"))
-                    continue;
-                if (name.equals("OP_TYPE"))
-                    continue;
-                if (name.equals("RS_ID"))
-                    profileId = req.getParameter(name);
-                if (name.equals("OUTPUTID"))
-                    outputId = req.getParameter(name);
-            }
-            CMS.debug("ProfileAdminServlet: deleteProfileOutput profileId -> " + profileId);
-            CMS.debug("ProfileAdminServlet: deleteProfileOutput outputId -> " + outputId);
-            IProfile profile = null;
-
-            try {
-                profile = mProfileSub.getProfile(profileId);
-            } catch (EBaseException e1) {
-                // error
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-
-            CMS.debug("ProfileAdminServlet: deleteProfileOutput profile -> " + profile);
-            try {
-                profile.deleteProfileOutput(outputId);
-            } catch (EBaseException e1) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-
-            NameValuePairs nvp = new NameValuePairs();
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, nvp, resp);
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-
-    /**
-     * Add default policy profile configuration
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
-     * and cert profile; obsoletes extensions and constraints policies)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void addPolicyDefaultConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String id = req.getParameter(Constants.RS_ID);
-
-            StringTokenizer st = new StringTokenizer(id, ";");
-            String profileId = st.nextToken();
-            String policyId = st.nextToken();
-
-            IProfile profile = null;
-
-            try {
-                profile = mProfileSub.getProfile(profileId);
-            } catch (EBaseException e1) {
-                // error
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-
-            StringTokenizer ss = new StringTokenizer(policyId, ":");
-            String setId = ss.nextToken();
-            String pId = ss.nextToken();
-
-            IProfilePolicy policy = profile.getProfilePolicy(setId, pId);
-            IPolicyDefault def = policy.getDefault();
-
-            Enumeration<String> names = req.getParameterNames();
-
-            while (names.hasMoreElements()) {
-                String name = names.nextElement();
-
-                if (name.equals("OP_SCOPE"))
-                    continue;
-                if (name.equals("OP_TYPE"))
-                    continue;
-                if (name.equals("RS_ID"))
-                    continue;
-                try {
-                    def.setConfig(name, req.getParameter(name));
-
-                } catch (EPropertyException e) {
-
-                    CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception.");
-                    try {
-                        profile.deleteProfilePolicy(setId, pId);
-                    } catch (Exception e11) {
-                    }
-                    sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp);
-                    return;
-                }
-                // defConfig.putString("params." + name, req.getParameter(name));
-            }
-            try {
-                profile.getConfigStore().commit(false);
-            } catch (Exception e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-            NameValuePairs nvp = new NameValuePairs();
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, nvp, resp);
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-
-    /**
-     * Add policy constraints profile configuration
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
-     * and cert profile; obsoletes extensions and constraints policies)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void addPolicyConstraintConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String id = req.getParameter(Constants.RS_ID);
-
-            StringTokenizer st = new StringTokenizer(id, ";");
-            String profileId = st.nextToken();
-            String policyId = st.nextToken();
-
-            IProfile profile = null;
-
-            try {
-                profile = mProfileSub.getProfile(profileId);
-            } catch (EBaseException e1) {
-                // error
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-
-            StringTokenizer ss = new StringTokenizer(policyId, ":");
-            String setId = ss.nextToken();
-            String pId = ss.nextToken();
-
-            IProfilePolicy policy = profile.getProfilePolicy(setId, pId);
-            IPolicyConstraint con = policy.getConstraint();
-
-            Enumeration<String> names = req.getParameterNames();
-
-            while (names.hasMoreElements()) {
-                String name = names.nextElement();
-
-                if (name.equals("OP_SCOPE"))
-                    continue;
-                if (name.equals("OP_TYPE"))
-                    continue;
-                if (name.equals("RS_ID"))
-                    continue;
-
-                try {
-                    con.setConfig(name, req.getParameter(name));
-
-                } catch (EPropertyException e) {
-
-                    CMS.debug("ProfileAdminServlet: addPolicyConstraintsConfig setConfig exception.");
-                    try {
-                        profile.deleteProfilePolicy(setId, pId);
-                    } catch (Exception e11) {
-                    }
-                    sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp);
-                    return;
-                }
-                // conConfig.putString("params." + name, req.getParameter(name));
-            }
-            try {
-                profile.getConfigStore().commit(false);
-            } catch (Exception e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-
-            NameValuePairs nvp = new NameValuePairs();
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, nvp, resp);
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-
-    /**
-     * Modify default policy profile configuration
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
-     * and cert profile; obsoletes extensions and constraints policies)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void modifyPolicyDefaultConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String id = req.getParameter(Constants.RS_ID);
-
-            StringTokenizer st = new StringTokenizer(id, ";");
-            String profileId = st.nextToken();
-            String policyId = st.nextToken();
-
-            IProfile profile = null;
-
-            try {
-                profile = mProfileSub.getProfile(profileId);
-            } catch (EBaseException e1) {
-                // error
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-
-            StringTokenizer ss = new StringTokenizer(policyId, ":");
-            String setId = ss.nextToken();
-            String pId = ss.nextToken();
-            IProfilePolicy policy = profile.getProfilePolicy(setId, pId);
-            IPolicyDefault def = policy.getDefault();
-
-            Enumeration<String> names = req.getParameterNames();
-
-            while (names.hasMoreElements()) {
-                String name = names.nextElement();
-
-                if (name.equals("OP_SCOPE"))
-                    continue;
-                if (name.equals("OP_TYPE"))
-                    continue;
-                if (name.equals("RS_ID"))
-                    continue;
-                try {
-                    def.setConfig(name, req.getParameter(name));
-
-                } catch (EPropertyException e) {
-
-                    CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception.");
-                    sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp);
-                    return;
-                }
-                //  defConfig.putString("params." + name, req.getParameter(name));
-            }
-            try {
-                profile.getConfigStore().commit(false);
-            } catch (Exception e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-            NameValuePairs nvp = new NameValuePairs();
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, nvp, resp);
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-
-    /**
-     * Modify profile input configuration
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
-     * and cert profile; obsoletes extensions and constraints policies)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void modifyInputConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String id = req.getParameter(Constants.RS_ID);
-
-            StringTokenizer st = new StringTokenizer(id, ";");
-            String profileId = st.nextToken();
-            String inputId = st.nextToken();
-
-            IProfile profile = null;
-
-            try {
-                profile = mProfileSub.getProfile(profileId);
-            } catch (EBaseException e1) {
-                // error
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-
-            IProfileInput input = profile.getProfileInput(inputId);
-            IConfigStore inputConfig = input.getConfigStore();
-
-            Enumeration<String> names = req.getParameterNames();
-
-            while (names.hasMoreElements()) {
-                String name = names.nextElement();
-
-                if (name.equals("OP_SCOPE"))
-                    continue;
-                if (name.equals("OP_TYPE"))
-                    continue;
-                if (name.equals("RS_ID"))
-                    continue;
-                inputConfig.putString("params." + name, req.getParameter(name));
-            }
-            try {
-                profile.getConfigStore().commit(false);
-            } catch (Exception e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-            NameValuePairs nvp = new NameValuePairs();
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, nvp, resp);
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-
-    /**
-     * Modify profile output configuration
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
-     * and cert profile; obsoletes extensions and constraints policies)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void modifyOutputConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String id = req.getParameter(Constants.RS_ID);
-
-            StringTokenizer st = new StringTokenizer(id, ";");
-            String profileId = st.nextToken();
-            String outputId = st.nextToken();
-
-            IProfile profile = null;
-
-            try {
-                profile = mProfileSub.getProfile(profileId);
-            } catch (EBaseException e1) {
-                // error
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-
-            IProfileOutput output = profile.getProfileOutput(outputId);
-            IConfigStore outputConfig = output.getConfigStore();
-
-            Enumeration<String> names = req.getParameterNames();
-
-            while (names.hasMoreElements()) {
-                String name = names.nextElement();
-
-                if (name.equals("OP_SCOPE"))
-                    continue;
-                if (name.equals("OP_TYPE"))
-                    continue;
-                if (name.equals("RS_ID"))
-                    continue;
-                outputConfig.putString("params." + name,
-                        req.getParameter(name));
-            }
-            try {
-                profile.getConfigStore().commit(false);
-            } catch (Exception e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-            NameValuePairs nvp = new NameValuePairs();
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, nvp, resp);
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-
-    /**
-     * Modify policy constraints profile configuration
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
-     * and cert profile; obsoletes extensions and constraints policies)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void modifyPolicyConstraintConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String id = req.getParameter(Constants.RS_ID);
-
-            StringTokenizer st = new StringTokenizer(id, ";");
-            String profileId = st.nextToken();
-            String policyId = st.nextToken();
-
-            IProfile profile = null;
-
-            try {
-                profile = mProfileSub.getProfile(profileId);
-            } catch (EBaseException e1) {
-                // error
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-
-            StringTokenizer ss = new StringTokenizer(policyId, ":");
-            String setId = ss.nextToken();
-            String pId = ss.nextToken();
-            IProfilePolicy policy = profile.getProfilePolicy(setId, pId);
-            IPolicyConstraint con = policy.getConstraint();
-
-            Enumeration<String> names = req.getParameterNames();
-
-            CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig policy " + policy + " con " + con);
-            while (names.hasMoreElements()) {
-                String name = names.nextElement();
-
-                if (name.equals("OP_SCOPE"))
-                    continue;
-                if (name.equals("OP_TYPE"))
-                    continue;
-                if (name.equals("RS_ID"))
-                    continue;
-
-                //   CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig name" + name  + " val " + req.getParameter(name));
-                try {
-                    con.setConfig(name, req.getParameter(name));
-
-                } catch (EPropertyException e) {
-
-                    CMS.debug("ProfileAdminServlet: modifyPolicyConstraintsConfig setConfig exception.");
-                    sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp);
-                    return;
-                }
-                //conConfig.putString("params." + name, req.getParameter(name));
-            }
-            try {
-                profile.getConfigStore().commit(false);
-            } catch (Exception e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-
-            NameValuePairs nvp = new NameValuePairs();
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, nvp, resp);
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-
-    public void getPolicyDefaultConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String id = req.getParameter(Constants.RS_ID);
-
-        StringTokenizer st = new StringTokenizer(id, ";");
-        String profileId = st.nextToken();
-        String policyId = st.nextToken();
-
-        IProfile profile = null;
-
-        try {
-            profile = mProfileSub.getProfile(profileId);
-        } catch (EBaseException e1) {
-            CMS.debug("ProfileAdminServlet::getPolicyDefaultConfig() - " +
-                       "profile is null!");
-            throw new ServletException(e1.toString());
-        }
-
-        IProfilePolicy policy = null;
-        IPolicyDefault rule = null;
-
-        StringTokenizer ss = new StringTokenizer(policyId, ":");
-        String setId = ss.nextToken();
-        String pId = ss.nextToken();
-
-        policy = profile.getProfilePolicy(setId, pId);
-        rule = policy.getDefault();
-
-        NameValuePairs nvp = new NameValuePairs();
-        Enumeration<String> names = rule.getConfigNames();
-
-        while (names.hasMoreElements()) {
-            String name = names.nextElement();
-            IDescriptor desc = rule.getConfigDescriptor(getLocale(req), name);
-
-            if (desc == null) {
-                nvp.put(name, ";" + ";" + rule.getConfig(name));
-            } else {
-                nvp.put(name,
-                        desc.getSyntax()
-                                + ";" + ";" + getNonNull(desc.getConstraint()) + ";"
-                                + desc.getDescription(getLocale(req)) + ";" + rule.getConfig(name));
-            }
-        }
-        sendResponse(SUCCESS, null, nvp, resp);
-    }
-
-    public void getPolicyConstraintConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String id = req.getParameter(Constants.RS_ID);
-        String constraintsList = req.getParameter(Constants.PR_CONSTRAINTS_LIST);
-
-        // this one gets called when one of the elements in the default list get
-        // selected, then it returns the list of supported constraintsPolicy
-        if (constraintsList != null) {
-
-        }
-
-        StringTokenizer st = new StringTokenizer(id, ";");
-        String profileId = st.nextToken();
-        String policyId = st.nextToken();
-
-        IProfile profile = null;
-
-        try {
-            profile = mProfileSub.getProfile(profileId);
-        } catch (EBaseException e1) {
-            CMS.debug("ProfileAdminServlet::getPolicyConstraintConfig() - " +
-                       "profile is null!");
-            throw new ServletException(e1.toString());
-        }
-
-        StringTokenizer ss = new StringTokenizer(policyId, ":");
-        String setId = ss.nextToken();
-        String pId = ss.nextToken();
-        IProfilePolicy policy = profile.getProfilePolicy(setId, pId);
-        IPolicyConstraint rule = policy.getConstraint();
-
-        NameValuePairs nvp = new NameValuePairs();
-        Enumeration<String> names = rule.getConfigNames();
-
-        while (names.hasMoreElements()) {
-            String name = names.nextElement();
-            IDescriptor desc = rule.getConfigDescriptor(getLocale(req), name);
-
-            if (desc == null) {
-                nvp.put(name, ";" + rule.getConfig(name));
-            } else {
-                nvp.put(name,
-                        desc.getSyntax()
-                                + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req))
-                                + ";" + rule.getConfig(name));
-            }
-        }
-        sendResponse(SUCCESS, null, nvp, resp);
-    }
-
-    public void getProfilePolicy(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String id = req.getParameter(Constants.RS_ID);
-
-        // only allow profile retrival if it is disabled
-
-        IProfile profile = null;
-
-        try {
-            profile = mProfileSub.getProfile(id);
-        } catch (EBaseException e1) {
-            CMS.debug("ProfileAdminServlet::getProfilePolicy() - " +
-                       "profile is null!");
-            throw new ServletException(e1.toString());
-        }
-
-        NameValuePairs nvp = new NameValuePairs();
-        Enumeration<String> setIds = profile.getProfilePolicySetIds();
-
-        if (!setIds.hasMoreElements()) {
-            // no set id; this is a brand new profile
-            sendResponse(SUCCESS, null, nvp, resp);
-            return;
-        }
-        while (setIds.hasMoreElements()) {
-            String setId = setIds.nextElement();
-            Enumeration<IProfilePolicy> policies = profile.getProfilePolicies(setId);
-
-            while (policies.hasMoreElements()) {
-                IProfilePolicy policy = policies.nextElement();
-                IPolicyDefault def = policy.getDefault();
-                IPolicyConstraint con = policy.getConstraint();
-
-                nvp.put(setId + ":" + policy.getId(),
-                        def.getName(getLocale(req)) + ";" +
-                                con.getName(getLocale(req)));
-            }
-        }
-
-        sendResponse(SUCCESS, null, nvp, resp);
-    }
-
-    public void getProfileOutput(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String id = req.getParameter(Constants.RS_ID);
-        IProfile profile = null;
-
-        try {
-            profile = mProfileSub.getProfile(id);
-        } catch (EBaseException e1) {
-            CMS.debug("ProfileAdminServlet::getProfileOutput() - " +
-                       "profile is null!");
-            throw new ServletException(e1.toString());
-        }
-
-        NameValuePairs nvp = new NameValuePairs();
-        Enumeration<String> outputs = profile.getProfileOutputIds();
-
-        while (outputs.hasMoreElements()) {
-            String outputId = outputs.nextElement();
-            IProfileOutput output = profile.getProfileOutput(outputId);
-
-            nvp.put(outputId, output.getName(getLocale(req)));
-        }
-
-        sendResponse(SUCCESS, null, nvp, resp);
-    }
-
-    public void getProfileInput(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String id = req.getParameter(Constants.RS_ID);
-        IProfile profile = null;
-
-        try {
-            profile = mProfileSub.getProfile(id);
-        } catch (EBaseException e1) {
-            CMS.debug("ProfileAdminServlet::getProfileInput() - " +
-                       "profile is null!");
-            throw new ServletException(e1.toString());
-        }
-
-        NameValuePairs nvp = new NameValuePairs();
-        Enumeration<String> inputs = profile.getProfileInputIds();
-
-        while (inputs.hasMoreElements()) {
-            String inputId = inputs.nextElement();
-            IProfileInput input = profile.getProfileInput(inputId);
-
-            nvp.put(inputId, input.getName(getLocale(req)));
-        }
-
-        sendResponse(SUCCESS, null, nvp, resp);
-    }
-
-    public void getInputConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-
-        String id = req.getParameter(Constants.RS_ID);
-        StringTokenizer st = new StringTokenizer(id, ";");
-        String profileId = st.nextToken();
-        String inputId = st.nextToken();
-        IProfile profile = null;
-
-        try {
-            profile = mProfileSub.getProfile(profileId);
-        } catch (EBaseException e1) {
-            CMS.debug("ProfileAdminServlet::getInputConfig() - " +
-                       "profile is null!");
-            throw new ServletException(e1.toString());
-        }
-
-        IProfileInput profileInput = null;
-        NameValuePairs nvp = new NameValuePairs();
-
-        profileInput = profile.getProfileInput(inputId);
-        Enumeration<String> names = profileInput.getConfigNames();
-
-        while (names.hasMoreElements()) {
-            String name = names.nextElement();
-            IDescriptor desc = profileInput.getConfigDescriptor(
-                    getLocale(req), name);
-            if (desc == null) {
-                nvp.put(name, ";" + ";" + profileInput.getConfig(name));
-            } else {
-                nvp.put(name, desc.getSyntax() + ";" +
-                        getNonNull(desc.getConstraint()) + ";" +
-                        desc.getDescription(getLocale(req)) + ";" +
-                        profileInput.getConfig(name));
-            }
-        }
-
-        sendResponse(SUCCESS, null, nvp, resp);
-    }
-
-    public void getOutputConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-
-        String id = req.getParameter(Constants.RS_ID);
-        StringTokenizer st = new StringTokenizer(id, ";");
-        String profileId = st.nextToken();
-        String outputId = st.nextToken();
-        IProfile profile = null;
-
-        try {
-            profile = mProfileSub.getProfile(profileId);
-        } catch (EBaseException e1) {
-            CMS.debug("ProfileAdminServlet::getOutputConfig() - " +
-                       "profile is null!");
-            throw new ServletException(e1.toString());
-        }
-
-        IProfileOutput profileOutput = null;
-        NameValuePairs nvp = new NameValuePairs();
-
-        profileOutput = profile.getProfileOutput(outputId);
-        Enumeration<String> names = profileOutput.getConfigNames();
-
-        while (names.hasMoreElements()) {
-            String name = names.nextElement();
-            IDescriptor desc = profileOutput.getConfigDescriptor(
-                    getLocale(req), name);
-            if (desc == null) {
-                nvp.put(name, ";" + ";" + profileOutput.getConfig(name));
-            } else {
-                nvp.put(name, desc.getSyntax() + ";" +
-                        getNonNull(desc.getConstraint()) + ";" +
-                        desc.getDescription(getLocale(req)) + ";" +
-                        profileOutput.getConfig(name));
-            }
-        }
-
-        sendResponse(SUCCESS, null, nvp, resp);
-    }
-
-    public void listProfileInstances(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-
-        NameValuePairs nvp = new NameValuePairs();
-        Enumeration<String> e = mProfileSub.getProfileIds();
-
-        while (e.hasMoreElements()) {
-            String profileId = e.nextElement();
-
-            String status = null;
-
-            if (mProfileSub.isProfileEnable(profileId)) {
-                status = "enabled";
-            } else {
-                status = "disabled";
-            }
-
-            // mInstanceId + ";visible;" + enabled
-            nvp.put(profileId, profileId + ";visible;" + status);
-        }
-        sendResponse(SUCCESS, null, nvp, resp);
-    }
-
-    public void getProfileInstanceConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-
-        String id = req.getParameter(Constants.RS_ID);
-        IProfile profile = null;
-
-        try {
-            profile = mProfileSub.getProfile(id);
-        } catch (EBaseException e1) {
-            CMS.debug("ProfileAdminServlet::getProfileInstanceConfig() - " +
-                       "profile is null!");
-            throw new ServletException(e1.toString());
-        }
-
-        NameValuePairs nvp = new NameValuePairs();
-
-        nvp.put("name", profile.getName(getLocale(req)));
-        nvp.put("desc", profile.getDescription(getLocale(req)));
-        nvp.put("visible", Boolean.toString(profile.isVisible()));
-        nvp.put("enable", Boolean.toString(
-                mProfileSub.isProfileEnable(id)));
-
-        String authid = profile.getAuthenticatorId();
-
-        if (authid == null) {
-            nvp.put("auth", "");
-        } else {
-            nvp.put("auth", authid);
-        }
-        CMS.debug("ProfileAdminServlet: authid=" + authid);
-        nvp.put("plugin", mProfileSub.getProfileClassId(id));
-
-        sendResponse(SUCCESS, null, nvp, resp);
-    }
-
-    /**
-     * Delete profile instance
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
-     * and cert profile; obsoletes extensions and constraints policies)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void deleteProfileInstance(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            // Get the policy impl id and class path.
-            String id = req.getParameter(Constants.RS_ID);
-
-            if (id == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, MISSING_POLICY_INST_ID, null, resp);
-                return;
-            }
-
-            String config = null;
-
-            try {
-                config = CMS.getConfigStore().getString("profile." + id + ".config");
-            } catch (EBaseException e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-
-            try {
-                mProfileSub.deleteProfile(id, config);
-            } catch (EProfileException e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, CMS.getUserMessage(getLocale(req), e.toString(), id), null, resp);
-                return;
-            }
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, null, resp);
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-
-    public void
-            putUserPWPair(String combo) {
-        int semicolon;
-
-        semicolon = combo.indexOf(";");
-        String user = combo.substring(0, semicolon);
-        String pw = combo.substring(semicolon + 1);
-
-        CMS.putPasswordCache(user, pw);
-    }
-
-    public boolean isValidId(String id) {
-        for (int i = 0; i < id.length(); i++) {
-            char c = id.charAt(i);
-            if (!Character.isLetterOrDigit(c))
-                return false;
-        }
-        return true;
-    }
-
-    /**
-     * Add profile instance
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
-     * and cert profile; obsoletes extensions and constraints policies)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void addProfileInstance(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            // Get the policy impl id and class path.
-            String id = req.getParameter(Constants.RS_ID);
-
-            if (id == null || id.trim().equals("") || !isValidId(id)) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, MISSING_POLICY_INST_ID, null, resp);
-                return;
-            }
-
-            // see if profile id already used
-            IProfile p = null;
-
-            try {
-                p = mProfileSub.getProfile(id);
-            } catch (EProfileException e1) {
-            }
-            if (p != null) {
-                sendResponse(ERROR, POLICY_INST_ID_ALREADY_USED, null, resp);
-                return;
-            }
-
-            String impl = req.getParameter("impl");
-            String name = req.getParameter("name");
-            String visible = req.getParameter("visible");
-            String auth = req.getParameter("auth");
-            String config = null;
-
-            ISubsystem subsystem = CMS.getSubsystem("ca");
-            String subname = "ca";
-
-            if (subsystem == null)
-                subname = "ra";
-
-            String subpath = "/profiles/";
-
-            try {
-                String version = CMS.getConfigStore().getString("cms.version");
-                if (version.indexOf('.') > -1) {
-                    version = version.substring(0, version.indexOf('.'));
-                }
-                int v = Integer.parseInt(version);
-                if (v >= 10) {
-                    subpath = "/ca/profiles/";
-                }
-                config = CMS.getConfigStore().getString("instanceRoot") + subpath + subname + "/" + id + ".cfg";
-            } catch (EBaseException e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-
-            IPluginInfo info = mRegistry.getPluginInfo("profile", impl);
-
-            IProfile profile = null;
-
-            // create configuration file
-            File configFile = new File(config);
-
-            configFile.createNewFile();
-
-            // create profile
-            try {
-                profile = mProfileSub.createProfile(id, impl,
-                            info.getClassName(),
-                            config);
-                profile.setName(getLocale(req), name);
-                profile.setDescription(getLocale(req), name);
-                if (visible != null && visible.equals("true")) {
-                    profile.setVisible(true);
-                } else {
-                    profile.setVisible(false);
-                }
-                profile.setAuthenticatorId(auth);
-                profile.getConfigStore().commit(false);
-
-                mProfileSub.createProfileConfig(id, impl, config);
-                if (profile instanceof IProfileEx) {
-                    // populates profile specific plugins such as
-                    // policies, inputs and outputs
-                    ((IProfileEx) profile).populate();
-                }
-            } catch (Exception e) {
-                CMS.debug("ProfileAdminServlet: " + e.toString());
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, null, resp);
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-
-    /**
-     * Modify profile instance
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
-     * and cert profile; obsoletes extensions and constraints policies)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     */
-    public void modifyProfileInstance(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            // Get the policy impl id and class path.
-            String id = req.getParameter(Constants.RS_ID);
-
-            IProfile profile = null;
-
-            try {
-                profile = mProfileSub.getProfile(id);
-            } catch (EBaseException e1) {
-                // error
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, null, null, resp);
-                return;
-            }
-            String name = req.getParameter("name");
-            String desc = req.getParameter("desc");
-            String auth = req.getParameter("auth");
-            String visible = req.getParameter("visible");
-
-            // String config = req.getParameter("config");
-
-            profile.setAuthenticatorId(auth);
-            profile.setName(getLocale(req), name);
-            profile.setDescription(getLocale(req), desc);
-            if (visible != null && visible.equals("true")) {
-                profile.setVisible(true);
-            } else {
-                profile.setVisible(false);
-            }
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            try {
-                profile.getConfigStore().commit(false);
-            } catch (Exception e) {
-            }
-
-            sendResponse(SUCCESS, null, null, resp);
-        } catch (IOException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-    }
-
-    protected String getNonNull(String s) {
-        if (s == null)
-            return "";
-        return s;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java b/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java
deleted file mode 100644
index 423fad360..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java
+++ /dev/null
@@ -1,3110 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.admin;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPException;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.ExtendedPluginInfo;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.base.Plugin;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ConfigConstants;
-import com.netscape.certsrv.common.Constants;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.common.OpDef;
-import com.netscape.certsrv.common.ScopeDef;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.ldap.ILdapAuthInfo;
-import com.netscape.certsrv.ldap.ILdapBoundConnFactory;
-import com.netscape.certsrv.ldap.ILdapConnInfo;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.EMapperNotFound;
-import com.netscape.certsrv.publish.EMapperPluginNotFound;
-import com.netscape.certsrv.publish.EPublisherNotFound;
-import com.netscape.certsrv.publish.EPublisherPluginNotFound;
-import com.netscape.certsrv.publish.ERuleNotFound;
-import com.netscape.certsrv.publish.ERulePluginNotFound;
-import com.netscape.certsrv.publish.ILdapMapper;
-import com.netscape.certsrv.publish.ILdapPublisher;
-import com.netscape.certsrv.publish.ILdapRule;
-import com.netscape.certsrv.publish.IPublisherProcessor;
-import com.netscape.certsrv.publish.MapperPlugin;
-import com.netscape.certsrv.publish.MapperProxy;
-import com.netscape.certsrv.publish.PublisherPlugin;
-import com.netscape.certsrv.publish.PublisherProxy;
-import com.netscape.certsrv.publish.RulePlugin;
-import com.netscape.certsrv.security.ICryptoSubsystem;
-import com.netscape.cmsutil.password.IPasswordStore;
-
-/**
- * A class representing an publishing servlet for the
- * Publishing subsystem. This servlet is responsible
- * to serve configuration requests for the Publishing subsystem.
- *
- * @version $Revision$, $Date$
- */
-public class PublisherAdminServlet extends AdminServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 7055088618787207262L;
-
-    public final static String PROP_AUTHORITY = "authority";
-
-    private final static String INFO = "PublisherAdminServlet";
-    public final static String NOMAPPER = "<NONE>";
-    private IPublisherProcessor mProcessor = null;
-    private IAuthority mAuth = null;
-
-    public PublisherAdminServlet() {
-        super();
-    }
-
-    /**
-     * Initializes this servlet.
-     */
-    public void init(ServletConfig config) throws ServletException {
-        super.init(config);
-        String authority = config.getInitParameter(PROP_AUTHORITY);
-
-        if (authority != null)
-            mAuth = (IAuthority) CMS.getSubsystem(authority);
-        if (mAuth != null)
-            if (mAuth instanceof ICertificateAuthority) {
-                mProcessor = ((ICertificateAuthority) mAuth).getPublisherProcessor();
-            } else
-                throw new ServletException(authority + "  does not have publishing processor!");
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Serves HTTP admin request.
-     */
-    public void service(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException {
-        super.service(req, resp);
-
-        CMS.debug("PublisherAdminServlet: in service");
-        String scope = req.getParameter(Constants.OP_SCOPE);
-        String op = req.getParameter(Constants.OP_TYPE);
-
-        if (op == null) {
-            //System.out.println("SRVLT_INVALID_PROTOCOL");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                    null, resp);
-            return;
-        }
-
-        // for the rest
-        try {
-            super.authenticate(req);
-
-            if (op.equals(OpDef.OP_AUTH)) { // for admin authentication only
-                sendResponse(SUCCESS, null, null, resp);
-                return;
-            }
-        } catch (IOException e) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
-                    null, resp);
-            return;
-        }
-        try {
-            AUTHZ_RES_NAME = "certServer.publisher.configuration";
-            if (scope != null) {
-                if (op.equals(OpDef.OP_READ)) {
-                    mOp = "read";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-                    if (scope.equals(ScopeDef.SC_LDAP)) {
-                        getLDAPDest(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) {
-                        getConfig(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_PUBLISHER_RULES)) {
-                        getInstConfig(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_MAPPER_IMPLS)) {
-                        getMapperConfig(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_MAPPER_RULES)) {
-                        getMapperInstConfig(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) {
-                        getRuleConfig(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) {
-                        getExtendedPluginInfo(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_RULE_RULES)) {
-                        getRuleInstConfig(req, resp);
-                        return;
-                    }
-                } else if (op.equals(OpDef.OP_MODIFY)) {
-                    mOp = "modify";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-                    if (scope.equals(ScopeDef.SC_LDAP)) {
-                        setLDAPDest(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_PUBLISHER_RULES)) {
-                        modPublisherInst(req, resp, scope);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_MAPPER_RULES)) {
-                        modMapperInst(req, resp, scope);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_RULE_RULES)) {
-                        modRuleInst(req, resp, scope);
-                        return;
-                    }
-                } else if (op.equals(OpDef.OP_PROCESS)) {
-                    mOp = "modify";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-                    if (scope.equals(ScopeDef.SC_LDAP)) {
-                        testSetLDAPDest(req, resp);
-                        return;
-                    }
-                } else if (op.equals(OpDef.OP_SEARCH)) {
-                    mOp = "read";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-                    if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) {
-                        listPublisherPlugins(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_PUBLISHER_RULES)) {
-                        listPublisherInsts(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_MAPPER_IMPLS)) {
-                        listMapperPlugins(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_MAPPER_RULES)) {
-                        listMapperInsts(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) {
-                        listRulePlugins(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_RULE_RULES)) {
-                        listRuleInsts(req, resp);
-                        return;
-                    }
-                } else if (op.equals(OpDef.OP_ADD)) {
-                    mOp = "modify";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-                    if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) {
-                        addPublisherPlugin(req, resp, scope);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_PUBLISHER_RULES)) {
-                        addPublisherInst(req, resp, scope);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_MAPPER_IMPLS)) {
-                        addMapperPlugin(req, resp, scope);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_MAPPER_RULES)) {
-                        addMapperInst(req, resp, scope);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) {
-                        addRulePlugin(req, resp, scope);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_RULE_RULES)) {
-                        addRuleInst(req, resp, scope);
-                        return;
-                    }
-                } else if (op.equals(OpDef.OP_DELETE)) {
-                    mOp = "modify";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-                    if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) {
-                        delPublisherPlugin(req, resp, scope);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_PUBLISHER_RULES)) {
-                        delPublisherInst(req, resp, scope);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_MAPPER_IMPLS)) {
-                        delMapperPlugin(req, resp, scope);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_MAPPER_RULES)) {
-                        delMapperInst(req, resp, scope);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) {
-                        delRulePlugin(req, resp, scope);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_RULE_RULES)) {
-                        delRuleInst(req, resp, scope);
-                        return;
-                    }
-                } else {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
-                            null, resp);
-                    return;
-                }
-            } else {
-                //System.out.println("SRVLT_INVALID_OP_SCOPE");
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                        null, resp);
-                return;
-            }
-        } catch (EBaseException e) {
-            sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
-            return;
-        }
-        //System.out.println("SRVLT_FAIL_PERFORM 2");
-        sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
-                null, resp);
-        return;
-    }
-
-    private IExtendedPluginInfo getExtendedPluginInfo(IPublisherProcessor
-            p) {
-        Enumeration<String> mappers = p.getMapperInsts().keys();
-        Enumeration<String> publishers = p.getPublisherInsts().keys();
-
-        StringBuffer map = new StringBuffer();
-
-        for (; mappers.hasMoreElements();) {
-            String name = mappers.nextElement();
-
-            if (map.length() == 0) {
-                map.append(name);
-            } else {
-                map.append(",");
-                map.append(name);
-            }
-        }
-        StringBuffer publish = new StringBuffer();
-
-        for (; publishers.hasMoreElements();) {
-            String name = publishers.nextElement();
-
-            publish.append(",");
-            publish.append(name);
-        }
-
-        String epi[] = new String[] {
-                "type;choice(cacert,crl,certs,xcert);The certType of the request",
-                "mapper;choice("
-                        + map.toString()
-                        + ");Use the mapper to find the ldap dn to publish the certificate or crl",
-                "publisher;choice("
-                        + publish.toString()
-                        + ");Use the publisher to publish the certificate or crl a directory etc",
-                "enable;boolean;",
-                "predicate;string;"
-        };
-
-        return new ExtendedPluginInfo(epi);
-    }
-
-    private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) {
-        IExtendedPluginInfo ext_info = null;
-        Object impl = null;
-
-        if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_PUBLISHRULE)) {
-            IPublisherProcessor p_processor = mProcessor;
-
-            // Should get the registered rules from processor
-            // instead of plugin
-            // OLD: impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath());
-            impl = getExtendedPluginInfo(p_processor);
-        } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_MAPPER)) {
-            IPublisherProcessor p_processor = mProcessor;
-            Plugin plugin = p_processor.getMapperPlugins().get(implName
-                    );
-
-            impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath());
-
-        } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_PUBLISHER)) {
-            IPublisherProcessor p_processor = mProcessor;
-            Plugin plugin = p_processor.getPublisherPlugins().get(implName);
-
-            impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath());
-        }
-        if (impl != null) {
-            if (impl instanceof IExtendedPluginInfo) {
-                ext_info = (IExtendedPluginInfo) impl;
-            }
-        }
-
-        NameValuePairs nvps = null;
-
-        if (ext_info == null) {
-            nvps = new NameValuePairs();
-        } else {
-            nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale));
-        }
-
-        return nvps;
-
-    }
-
-    /**
-     * retrieve extended plugin info such as brief description, type info
-     * from policy, authentication,
-     * need to add: listener, mapper and publishing plugins
-     */
-    private void getExtendedPluginInfo(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        String id = req.getParameter(Constants.RS_ID);
-
-        int colon = id.indexOf(':');
-
-        String implType = id.substring(0, colon);
-        String implName = id.substring(colon + 1);
-
-        NameValuePairs params =
-                getExtendedPluginInfo(getLocale(req), implType, implName);
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private void getLDAPDest(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        IConfigStore config = mAuth.getConfigStore();
-        IConfigStore publishcfg = config.getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE);
-        IConfigStore ldapcfg = publishcfg.getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE);
-        IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP);
-
-        Enumeration<String> e = req.getParameterNames();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-
-            if (name.equals(Constants.OP_TYPE))
-                continue;
-            if (name.equals(Constants.RS_ID))
-                continue;
-            if (name.equals(Constants.OP_SCOPE))
-                continue;
-            if (name.equals(Constants.PR_ENABLE))
-                continue;
-            if (name.equals(Constants.PR_PUBLISHING_ENABLE))
-                continue;
-            if (name.equals(Constants.PR_PUBLISHING_QUEUE_ENABLE))
-                continue;
-            if (name.equals(Constants.PR_PUBLISHING_QUEUE_THREADS))
-                continue;
-            if (name.equals(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE))
-                continue;
-            if (name.equals(Constants.PR_PUBLISHING_QUEUE_PRIORITY))
-                continue;
-            if (name.equals(Constants.PR_PUBLISHING_QUEUE_STATUS))
-                continue;
-            if (name.equals(Constants.PR_CERT_NAMES)) {
-                ICryptoSubsystem jss = (ICryptoSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-
-                params.put(name, jss.getAllCerts());
-            } else {
-                String value = ldap.getString(name, "");
-
-                if (value == null || value.equals("")) {
-                    if (name.equals(ILdapBoundConnFactory.PROP_LDAPCONNINFO + "." + ILdapConnInfo.PROP_HOST)) {
-                        value = mConfig.getString(ConfigConstants.PR_MACHINE_NAME, null);
-                    } else if (name.equals(ILdapBoundConnFactory.PROP_LDAPCONNINFO + "." + ILdapConnInfo.PROP_PORT)) {
-                        value = ILdapConnInfo.PROP_PORT_DEFAULT;
-                    } else if (name.equals(ILdapBoundConnFactory.PROP_LDAPAUTHINFO + "." + ILdapAuthInfo.PROP_BINDDN)) {
-                        value = ILdapAuthInfo.PROP_BINDDN_DEFAULT;
-                    }
-                }
-                params.put(name, value);
-            }
-        }
-        params.put(Constants.PR_PUBLISHING_ENABLE,
-                publishcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE));
-        params.put(Constants.PR_PUBLISHING_QUEUE_ENABLE,
-                publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_ENABLE, Constants.TRUE));
-        params.put(Constants.PR_PUBLISHING_QUEUE_THREADS,
-                publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_THREADS, "3"));
-        params.put(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE,
-                publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, "40"));
-        params.put(Constants.PR_PUBLISHING_QUEUE_PRIORITY,
-                publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PRIORITY, "0"));
-        params.put(Constants.PR_PUBLISHING_QUEUE_STATUS,
-                publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_STATUS, "200"));
-        params.put(Constants.PR_ENABLE,
-                ldapcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE));
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private void setLDAPDest(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-
-        //Save New Settings to the config file
-        IConfigStore config = mAuth.getConfigStore();
-        IConfigStore publishcfg = config.getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE);
-        IConfigStore ldapcfg = publishcfg.getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE);
-        IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP);
-
-        //set enable flag
-        publishcfg.putString(IPublisherProcessor.PROP_ENABLE, req.getParameter(Constants.PR_PUBLISHING_ENABLE));
-        String enable = req.getParameter(Constants.PR_ENABLE);
-
-        ldapcfg.putString(IPublisherProcessor.PROP_ENABLE, enable);
-        if (enable.equals("false")) {
-            // need to disable the ldap module here
-            mProcessor.setLdapConnModule(null);
-        }
-
-        //set reset of the parameters
-        Enumeration<String> e = req.getParameterNames();
-        String pwd = null;
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-
-            if (name.equals(Constants.OP_TYPE))
-                continue;
-            if (name.equals(Constants.RS_ID))
-                continue;
-            if (name.equals(Constants.OP_SCOPE))
-                continue;
-            if (name.equals(Constants.PR_ENABLE))
-                continue;
-            if (name.equals(Constants.PR_PUBLISHING_ENABLE))
-                continue;
-            // don't store password in the config file.
-            if (name.equals(Constants.PR_BIND_PASSWD))
-                continue; // old style password read from config.
-            if (name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)) {
-                pwd = req.getParameter(name);
-                continue;
-            }
-            if (name.equals(Constants.PR_PUBLISHING_QUEUE_ENABLE)) {
-                publishcfg.putString(name, req.getParameter(name));
-                continue;
-            }
-            if (name.equals(Constants.PR_PUBLISHING_QUEUE_THREADS)) {
-                publishcfg.putString(name, req.getParameter(name));
-                continue;
-            }
-            if (name.equals(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE)) {
-                publishcfg.putString(name, req.getParameter(name));
-                continue;
-            }
-            if (name.equals(Constants.PR_PUBLISHING_QUEUE_PRIORITY)) {
-                publishcfg.putString(name, req.getParameter(name));
-                continue;
-            }
-            if (name.equals(Constants.PR_PUBLISHING_QUEUE_STATUS)) {
-                publishcfg.putString(name, req.getParameter(name));
-                continue;
-            }
-
-            /* Don't enter the publishing pw into the config store */
-            ldap.putString(name, req.getParameter(name));
-        }
-
-        commit(true);
-
-        /* Do a "PUT" of the new pw to the watchdog"
-         ** do not remove - cfu
-        if (pwd != null)
-            CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd);
-         */
-
-        // support publishing dirsrv with different pwd than internaldb
-        // update passwordFile
-        String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT);
-        IPasswordStore pwdStore = CMS.getPasswordStore();
-        CMS.debug("PublisherAdminServlet: setLDAPDest(): saving password for " + prompt + " to password file");
-        pwdStore.putPassword(prompt, pwd);
-        pwdStore.commit();
-        CMS.debug("PublisherAdminServlet: setLDAPDest(): password saved");
-
-        /* we'll shut down and restart the PublisherProcessor instead
-                // what a hack to  do this without require restart server
-        //        ILdapAuthInfo authInfo = CMS.getLdapAuthInfo();
-                ILdapConnModule connModule = mProcessor.getLdapConnModule();
-                ILdapAuthInfo authInfo = null;
-                if (connModule != null) {
-                    authInfo = connModule.getLdapAuthInfo();
-                }
-
-        //        authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd);
-                if (authInfo != null) {
-                    CMS.debug("PublisherAdminServlet: setLDAPDest(): adding password to memory cache");
-                    authInfo.addPassword(prompt, pwd);
-                } else
-                    CMS.debug("PublisherAdminServlet: setLDAPDest(): authInfo null");
-        */
-
-        try {
-            CMS.debug("PublisherAdminServlet: setLDAPDest(): restarting publishing processor");
-            mProcessor.shutdown();
-            mProcessor.startup();
-            CMS.debug("PublisherAdminServlet: setLDAPDest(): publishing processor restarted");
-        } catch (Exception ex) {
-            // force to save the config even there is error
-            // ignore any exception
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_RES_LDAP", ex.toString()));
-        }
-
-        //XXX See if we can dynamically in B2
-        sendResponse(SUCCESS, null, null, resp);
-    }
-
-    private void testSetLDAPDest(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-
-        CMS.debug("PublisherAdmineServlet: in testSetLDAPDest");
-        //Save New Settings to the config file
-        IConfigStore config = mAuth.getConfigStore();
-        IConfigStore publishcfg = config.getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE);
-        IConfigStore ldapcfg = publishcfg.getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE);
-        IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP);
-
-        //set enable flag
-        publishcfg.putString(IPublisherProcessor.PROP_ENABLE,
-                req.getParameter(Constants.PR_PUBLISHING_ENABLE));
-        String ldapPublish = req.getParameter(Constants.PR_ENABLE);
-
-        ldapcfg.putString(IPublisherProcessor.PROP_ENABLE, ldapPublish);
-        if (ldapPublish.equals("false")) {
-            // need to disable the ldap module here
-            mProcessor.setLdapConnModule(null);
-        }
-
-        //set reset of the parameters
-        Enumeration<String> e = req.getParameterNames();
-        String pwd = null;
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-
-            if (name.equals(Constants.OP_TYPE))
-                continue;
-            if (name.equals(Constants.RS_ID))
-                continue;
-            if (name.equals(Constants.OP_SCOPE))
-                continue;
-            if (name.equals(Constants.PR_ENABLE))
-                continue;
-            if (name.equals(Constants.PR_PUBLISHING_ENABLE))
-                continue;
-            // don't store password in the config file.
-            if (name.equals(Constants.PR_BIND_PASSWD))
-                continue; // old style password read from config.
-            if (name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)) {
-                pwd = req.getParameter(name);
-                continue;
-            }
-            if (name.equals(Constants.PR_PUBLISHING_QUEUE_ENABLE)) {
-                publishcfg.putString(name, req.getParameter(name));
-                continue;
-            }
-            if (name.equals(Constants.PR_PUBLISHING_QUEUE_THREADS)) {
-                publishcfg.putString(name, req.getParameter(name));
-                continue;
-            }
-            if (name.equals(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE)) {
-                publishcfg.putString(name, req.getParameter(name));
-                continue;
-            }
-            if (name.equals(Constants.PR_PUBLISHING_QUEUE_PRIORITY)) {
-                publishcfg.putString(name, req.getParameter(name));
-                continue;
-            }
-            if (name.equals(Constants.PR_PUBLISHING_QUEUE_STATUS)) {
-                publishcfg.putString(name, req.getParameter(name));
-                continue;
-            }
-
-            /* Don't enter the publishing pw into the config store */
-            ldap.putString(name, req.getParameter(name));
-        }
-
-        // test before commit
-        if (publishcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) &&
-                ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) {
-            params.put("title",
-                    "You've attempted to configure CMS to connect" +
-                            " to a LDAP directory. The connection status is" +
-                            " as follows:\n \n");
-            LDAPConnection conn = null;
-            ILdapConnInfo connInfo =
-                    CMS.getLdapConnInfo(ldap.getSubStore(
-                            ILdapBoundConnFactory.PROP_LDAPCONNINFO));
-            //LdapAuthInfo authInfo =
-            //new LdapAuthInfo(ldap.getSubStore(
-            //			   ILdapBoundConnFactory.PROP_LDAPAUTHINFO));
-            String host = connInfo.getHost();
-            int port = connInfo.getPort();
-            boolean secure = connInfo.getSecure();
-            //int authType = authInfo.getAuthType();
-            String authType = ldap.getSubStore(
-                    ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_LDAPAUTHTYPE);
-            int version = connInfo.getVersion();
-            String bindAs = null;
-            String certNickName = null;
-
-            if (authType.equals(ILdapAuthInfo.LDAP_SSLCLIENTAUTH_STR)) {
-                try {
-                    //certNickName = authInfo.getParms()[0];
-                    certNickName =
-                            ldap.getSubStore(
-                                    ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(
-                                    ILdapAuthInfo.PROP_CLIENTCERTNICKNAME);
-                    conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory(
-                                    certNickName));
-                    CMS.debug("Publishing Test certNickName=" + certNickName);
-                    params.put(Constants.PR_CONN_INITED,
-                            "Create ssl LDAPConnection with certificate: " +
-                                    certNickName + dashes(70 - 44 - certNickName.length()) + " Success");
-                } catch (Exception ex) {
-                    params.put(Constants.PR_CONN_INIT_FAIL,
-                            "Create ssl LDAPConnection with certificate: "
-                                    +
-                                    certNickName + dashes(70 - 44 - certNickName.length()) + " failure\n"
-                                    + " exception: " + ex);
-                    params.put(Constants.PR_SAVE_NOT,
-                            "\n \nIf the problem is not fixed then LDAP publishing will fail.\n" +
-                                    "Do you want to save the configuration anyway?");
-                    sendResponse(SUCCESS, null, params, resp);
-                    return;
-                }
-                try {
-                    conn.connect(host, port);
-                    params.put(Constants.PR_CONN_OK,
-                            "Connect to directory server "
-                                    +
-                                    host + " at port " + port +
-                                    dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length())
-                                    + " Success");
-                    params.put(Constants.PR_AUTH_OK,
-                            "Authentication: SSL client authentication" +
-                                    dashes(70 - 41) + " Success" +
-                                    "\nBind to the directory as: " + certNickName +
-                                    dashes(70 - 26 - certNickName.length()) + " Success");
-                } catch (LDAPException ex) {
-                    if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                        // need to intercept this because message from LDAP is
-                        // "DSA is unavailable" which confuses with DSA PKI.
-                        params.put(Constants.PR_CONN_FAIL,
-                                "Connect to directory server " +
-                                        host + " at port " + port +
-                                        dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) +
-                                        " Failure\n" +
-                                        " error: server unavailable");
-                    } else {
-                        params.put(Constants.PR_CONN_FAIL,
-                                "Connect to directory server " +
-                                        host + " at port " + port +
-                                        dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) +
-                                        " Failure");
-                    }
-                    params.put(Constants.PR_SAVE_NOT,
-                            "\n \nIf the problem is not fixed then " +
-                                    "LDAP publishing will fail.\n" +
-                                    "Do you want to save the configuration anyway?");
-                    sendResponse(SUCCESS, null, params, resp);
-                    return;
-                }
-            } else {
-                try {
-                    if (secure) {
-                        conn = new LDAPConnection(
-                                    CMS.getLdapJssSSLSocketFactory());
-                        params.put(Constants.PR_CONN_INITED,
-                                "Create ssl LDAPConnection" +
-                                        dashes(70 - 25) + " Success");
-                    } else {
-                        conn = new LDAPConnection();
-                        params.put(Constants.PR_CONN_INITED,
-                                "Create LDAPConnection" +
-                                        dashes(70 - 21) + " Success");
-                    }
-                } catch (Exception ex) {
-                    params.put(Constants.PR_CONN_INIT_FAIL,
-                            "Create LDAPConnection" +
-                                    dashes(70 - 21) + " Failure\n" +
-                                    "exception: " + ex);
-                    params.put(Constants.PR_SAVE_NOT,
-                            "\n \nIf the problem is not fixed then " +
-                                    "LDAP publishing will fail.\n" +
-                                    "Do you want to save the configuration anyway?");
-                    sendResponse(SUCCESS, null, params, resp);
-                    return;
-                }
-                try {
-                    conn.connect(host, port);
-                    params.put(Constants.PR_CONN_OK,
-                            "Connect to directory server "
-                                    +
-                                    host + " at port " + port +
-                                    dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length())
-                                    + " Success");
-                } catch (LDAPException ex) {
-                    if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                        // need to intercept this because message from LDAP is
-                        // "DSA is unavailable" which confuses with DSA PKI.
-                        params.put(Constants.PR_CONN_FAIL,
-                                "Connect to directory server "
-                                        +
-                                        host + " at port " + port +
-                                        dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length())
-                                        + " Failure" +
-                                        "\nerror: server unavailable");
-                    } else {
-                        params.put(Constants.PR_CONN_FAIL,
-                                "Connect to directory server "
-                                        +
-                                        host + " at port " + port +
-                                        dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length())
-                                        + " Failure" +
-                                        "\nexception: " + ex);
-                    }
-                    params.put(Constants.PR_SAVE_NOT,
-                            "\n \nIf the problem is not fixed then " +
-                                    "LDAP publishing will fail.\n" +
-                                    "Do you want to save the configuration anyway?");
-                    sendResponse(SUCCESS, null, params, resp);
-                    return;
-                }
-                try {
-                    //bindAs = authInfo.getParms()[0];
-                    bindAs = ldap.getSubStore(
-                                ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_BINDDN);
-                    conn.authenticate(version, bindAs, pwd);
-                    params.put(Constants.PR_AUTH_OK,
-                            "Authentication: Basic authentication" +
-                                    dashes(70 - 36) + " Success" +
-                                    "\nBind to the directory as: " + bindAs +
-                                    dashes(70 - 26 - bindAs.length()) + " Success");
-                } catch (LDAPException ex) {
-                    if (ex.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) {
-                        params.put(Constants.PR_AUTH_FAIL,
-                                "Authentication: Basic authentication" +
-                                        dashes(70 - 36) + "Failure" +
-                                        "\nBind to the directory as: " + bindAs +
-                                        dashes(70 - 26 - bindAs.length()) +
-                                        "Failure" + "\nThe object doesn't exist. " +
-                                        "Please correct the value assigned in the" +
-                                        " \"Directory manager DN\" field.");
-                    } else if (ex.getLDAPResultCode() == LDAPException.INVALID_CREDENTIALS) {
-                        params.put(Constants.PR_AUTH_FAIL,
-                                "Authentication: Basic authentication" +
-                                        dashes(70 - 36) + " Failure" +
-                                        "\nBind to the directory as: " + bindAs +
-                                        dashes(70 - 26 - bindAs.length()) +
-                                        " Failure" + "\nInvalid password. " +
-                                        "Please correct the value assigned in the" +
-                                        " \"Password\" field.");
-                    } else {
-                        params.put(Constants.PR_AUTH_FAIL,
-                                "Authentication: Basic authentication" +
-                                        dashes(70 - 36) + " Failure" +
-                                        "\nBind to the directory as: " + bindAs +
-                                        dashes(70 - 26 - bindAs.length()) +
-                                        " Failure");
-                    }
-                    params.put(Constants.PR_SAVE_NOT,
-                            "\n \nIf the problem is not fixed then " +
-                                    "LDAP publishing will fail.\n" +
-                                    "Do you want to save the configuration anyway?");
-                    sendResponse(SUCCESS, null, params, resp);
-                    return;
-                }
-            }
-
-        }
-
-        //commit(true);
-        if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) &&
-                pwd != null) {
-
-            /* Do a "PUT" of the new pw to the watchdog"
-             ** do not remove - cfu
-            CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd);
-             */
-
-            // support publishing dirsrv with different pwd than internaldb
-            // update passwordFile
-            String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT);
-            IPasswordStore pwdStore = CMS.getPasswordStore();
-            CMS.debug("PublisherAdminServlet: testSetLDAPDest(): saving password for " +
-                    prompt + " to password file");
-            pwdStore.putPassword(prompt, pwd);
-            pwdStore.commit();
-            CMS.debug("PublisherAdminServlet: testSetLDAPDest(): password saved");
-            /* we'll shut down and restart the PublisherProcessor instead
-                         // what a hack to  do this without require restart server
-            //        ILdapAuthInfo authInfo = CMS.getLdapAuthInfo();
-                        ILdapConnModule connModule = mProcessor.getLdapConnModule();
-                        ILdapAuthInfo authInfo = null;
-                        if (connModule != null) {
-                            authInfo = connModule.getLdapAuthInfo();
-                        } else
-                            CMS.debug("PublisherAdminServlet: testSetLDAPDest(): connModule null");
-
-            //        authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd);
-                        if (authInfo != null) {
-                            CMS.debug("PublisherAdminServlet: testSetLDAPDest(): adding password to memory cache");
-                            authInfo.addPassword(prompt, pwd);
-                        } else
-                            CMS.debug("PublisherAdminServlet: testSetLDAPDest(): authInfo null");
-            */
-        }
-        //params.add(Constants.PR_SAVE_OK,
-        //		   "\n \nConfiguration changes are now committed.");
-
-        mProcessor.shutdown();
-
-        if (publishcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) {
-            mProcessor.startup();
-            //params.add("restarted", "Publishing is restarted.");
-
-            if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) {
-                ICertAuthority authority = (ICertAuthority) mProcessor.getAuthority();
-
-                if (!(authority instanceof ICertificateAuthority))
-                    return;
-                ICertificateAuthority ca = (ICertificateAuthority) authority;
-
-                // publish ca cert
-                try {
-                    mProcessor.publishCACert(ca.getCACert());
-                    CMS.debug("PublisherAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PUB_CA_CERT"));
-                    params.put("publishCA",
-                            "CA certificate is published.");
-                } catch (Exception ex) {
-                    // exception not thrown - not seen as a fatal error.
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("ADMIN_SRVLT_NO_PUB_CA_CERT", ex.toString()));
-                    params.put("publishCA",
-                            "Failed to publish CA certificate.");
-                    int index = ex.toString().indexOf("Failed to create CA");
-
-                    if (index > -1) {
-                        params.put("createError",
-                                ex.toString().substring(index));
-                    }
-                    mProcessor.shutdown();
-                    // Do you want to enable LDAP publishing anyway
-                    params.put(Constants.PR_SAVE_NOT,
-                            "\n \nIf the problem is not fixed then " +
-                                    "the CA certificate won't be published.\n" +
-                                    "Do you want to enable LDAP publishing anyway?");
-                    sendResponse(SUCCESS, null, params, resp);
-                    return;
-
-                }
-                // publish crl
-                try {
-                    CMS.debug("PublisherAdminServlet: about to update CRL");
-                    ca.publishCRLNow();
-                    CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_PUB_CRL"));
-                    params.put("publishCRL",
-                            "CRL is published.");
-                } catch (Exception ex) {
-                    // exception not thrown - not seen as a fatal error.
-                    log(ILogger.LL_FAILURE,
-                            "Could not publish crl " + ex.toString());
-                    params.put("publishCRL",
-                            "Failed to publish CRL.");
-                    mProcessor.shutdown();
-                    // Do you want to enable LDAP publishing anyway
-                    params.put(Constants.PR_SAVE_NOT,
-                            "\n \nIf the problem is not fixed then " +
-                                    "the CRL won't be published.\n" +
-                                    "Do you want to enable LDAP publishing anyway?");
-                    sendResponse(SUCCESS, null, params, resp);
-                    return;
-                }
-            }
-            commit(true);
-            params.put(Constants.PR_SAVE_OK,
-                    "\n \nConfiguration changes are now committed.");
-            params.put("restarted", "Publishing is restarted.");
-        } else {
-            commit(true);
-            params.put(Constants.PR_SAVE_OK,
-                    "\n \nConfiguration changes are now committed.");
-            params.put("stopped",
-                    "Publishing is stopped.");
-        }
-
-        //XXX See if we can dynamically in B2
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private synchronized void addMapperPlugin(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // is the manager id unique?
-        if (mProcessor.getMapperPlugins().containsKey(id)) {
-            sendResponse(ERROR,
-                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id))
-                            .toString(),
-                    null, resp);
-            return;
-        }
-
-        String classPath = req.getParameter(Constants.PR_MAPPER_CLASS);
-
-        if (classPath == null) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
-            return;
-        }
-
-        IConfigStore destStore = null;
-
-        destStore = mConfig.getSubStore(mAuth.getId() + ".publish.mapper");
-        IConfigStore instancesConfig = destStore.getSubStore("impl");
-
-        // Does the class exist?
-        Class<?> newImpl = null;
-
-        try {
-            newImpl = Class.forName(classPath);
-        } catch (ClassNotFoundException e) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp);
-            return;
-        } catch (IllegalArgumentException e) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp);
-            return;
-        }
-
-        // is the class an ILdapMapper?
-        try {
-            if (ILdapMapper.class.isAssignableFrom(newImpl) == false) {
-                sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null,
-                        resp);
-                return;
-            }
-        } catch (NullPointerException e) { // unlikely, only if newImpl null.
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp);
-            return;
-        }
-
-        IConfigStore substore = instancesConfig.makeSubStore(id);
-
-        substore.put(Constants.PR_MAPPER_CLASS, classPath);
-
-        // commiting
-        try {
-            mConfig.commit(true);
-        } catch (EBaseException e) {
-            //System.out.println("SRVLT_FAIL_COMMIT");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        // add mapper to registry.
-        MapperPlugin plugin = new MapperPlugin(id, classPath);
-
-        mProcessor.getMapperPlugins().put(id, plugin);
-        mProcessor.log(ILogger.LL_INFO,
-                CMS.getLogMessage("ADMIN_SRVLT_MAPPER_ADDED", ""));
-
-        NameValuePairs params = new NameValuePairs();
-
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private boolean isValidID(String id) {
-        if (id == null)
-            return false;
-        for (int i = 0; i < id.length(); i++) {
-            if (!Character.isLetterOrDigit(id.charAt(i)))
-                return false;
-        }
-        return true;
-    }
-
-    private synchronized void addMapperInst(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        if (!isValidID(id)) {
-            sendResponse(ERROR, "Invalid ID '" + id + "'",
-                    null, resp);
-            return;
-        }
-
-        if (mProcessor.getMapperInsts().containsKey(id)) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
-                    null, resp);
-            return;
-        }
-
-        // get required parameters
-        String implname = req.getParameter(
-                Constants.PR_MAPPER_IMPL_NAME);
-
-        if (implname == null) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp);
-            return;
-        }
-
-        // check if implementation exists.
-        MapperPlugin plugin =
-                mProcessor.getMapperPlugins().get(
-                implname);
-
-        if (plugin == null) {
-            sendResponse(
-                    ERROR,
-                    new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND",
-                            implname)).toString(),
-                    null, resp);
-            return;
-        }
-
-        Vector<String> configParams = mProcessor.getMapperDefaultParams(implname);
-
-        IConfigStore destStore = mConfig.getSubStore(mAuth.getId() + ".publish.mapper");
-        IConfigStore instancesConfig = destStore.getSubStore("instance");
-        IConfigStore substore = instancesConfig.makeSubStore(id);
-
-        if (configParams != null) {
-            for (int i = 0; i < configParams.size(); i++) {
-                String kv = configParams.elementAt(i);
-                int index = kv.indexOf('=');
-                String val = req.getParameter(kv.substring(0, index));
-
-                if (val == null) {
-                    substore.put(kv.substring(0, index),
-                            kv.substring(index + 1));
-                } else {
-                    substore.put(kv.substring(0, index),
-                            val);
-                }
-            }
-        }
-        substore.put("pluginName", implname);
-
-        // Instantiate an object for this implementation
-        String className = plugin.getClassPath();
-        ILdapMapper mapperInst = null;
-
-        try {
-            mapperInst = (ILdapMapper) Class.forName(className).newInstance();
-        } catch (ClassNotFoundException e) {
-            // cleanup
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR,
-                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className))
-                            .toString(),
-                    null, resp);
-            return;
-        } catch (InstantiationException e) {
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR,
-                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className))
-                            .toString(),
-                    null, resp);
-            return;
-        } catch (IllegalAccessException e) {
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR,
-                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className))
-                            .toString(),
-                    null, resp);
-            return;
-        }
-
-        // initialize the mapper
-        try {
-            mapperInst.init(substore);
-        } catch (EBaseException e) {
-            // don't commit in this case and cleanup the new substore.
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
-            return;
-        } catch (Throwable e) {
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR, e.toString(), null, resp);
-            return;
-        }
-
-        // commiting
-        try {
-            mConfig.commit(true);
-        } catch (EBaseException e) {
-            // clean up.
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        // inited and commited ok. now add mapper instance to list.
-        mProcessor.getMapperInsts().put(id, new MapperProxy(true, mapperInst));
-
-        mProcessor.log(ILogger.LL_INFO,
-                CMS.getLogMessage("ADMIN_SRVLT_MAPPER_INST_ADDED", id));
-
-        NameValuePairs params = new NameValuePairs();
-
-        params.put(Constants.PR_MAPPER_IMPL_NAME, implname);
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void listMapperPlugins(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<String> e = mProcessor.getMapperPlugins().keys();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-            MapperPlugin value = mProcessor.getMapperPlugins().get(name);
-            // get Description
-            String c = value.getClassPath();
-            String desc = "unknown";
-
-            try {
-                ILdapMapper lp = (ILdapMapper)
-                        Class.forName(c).newInstance();
-
-                desc = lp.getDescription();
-            } catch (Exception exp) {
-                sendResponse(ERROR, exp.toString(), null,
-                        resp);
-                return;
-            }
-            params.put(name, value.getClassPath() + "," + desc);
-        }
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    public String getMapperPluginName(ILdapMapper mapper) {
-        IConfigStore cs = mapper.getConfigStore();
-
-        try {
-            return cs.getString("pluginName", "");
-        } catch (EBaseException e) {
-            return "";
-        }
-    }
-
-    private synchronized void listMapperInsts(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<String> e = mProcessor.getMapperInsts().keys();
-
-        for (; e.hasMoreElements();) {
-            String name = e.nextElement();
-            ILdapMapper value = mProcessor.getMapperInstance(name);
-
-            params.put(name, getMapperPluginName(value) + ";visible");
-        }
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void delMapperInst(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // does a`mapper instance exist?
-        if (mProcessor.getMapperInsts().containsKey(id) == false) {
-            sendResponse(
-                    ERROR,
-                    new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(),
-                    null, resp);
-            return;
-        }
-
-        // only remove from memory
-        // cannot shutdown because we don't keep track of whether it's
-        // being used.
-        mProcessor.getMapperInsts().remove(id);
-
-        // remove the configuration.
-        IConfigStore destStore =
-                mConfig.getSubStore(
-                        mAuth.getId() + ".publish.mapper");
-        IConfigStore instancesConfig = destStore.getSubStore("instance");
-
-        instancesConfig.removeSubStore(id);
-        // commiting
-        try {
-            mConfig.commit(true);
-        } catch (EBaseException e) {
-            //System.out.println("SRVLT_FAIL_COMMIT");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
-            return;
-        }
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void delMapperPlugin(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        if (mProcessor.getMapperPlugins().containsKey(id) == false) {
-            sendResponse(
-                    ERROR,
-                    new EMapperPluginNotFound(CMS
-                            .getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", id)).toString(),
-                    null, resp);
-            return;
-        }
-
-        // first check if any instances from this mapper
-        // DON'T remove mapper if any instance
-        for (Enumeration<String> e = mProcessor.getMapperInsts().keys(); e.hasMoreElements();) {
-            String name = e.nextElement();
-            ILdapMapper mapper = mProcessor.getMapperInstance(name);
-
-            if (id.equals(getMapperPluginName(mapper))) {
-                sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp);
-                return;
-            }
-        }
-
-        // then delete this mapper
-        mProcessor.getMapperPlugins().remove(id);
-
-        IConfigStore destStore =
-                mConfig.getSubStore(
-                        mAuth.getId() + ".publish.mapper");
-        IConfigStore instancesConfig =
-                destStore.getSubStore("impl");
-
-        instancesConfig.removeSubStore(id);
-        // commiting
-        try {
-            mConfig.commit(true);
-        } catch (EBaseException e) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void getMapperConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-
-        String implname = req.getParameter(Constants.RS_ID);
-
-        if (implname == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        Vector<String> configParams = mProcessor.getMapperDefaultParams(implname);
-        NameValuePairs params = new NameValuePairs();
-
-        // implName is always required so always send it.
-        params.put(Constants.PR_MAPPER_IMPL_NAME, "");
-        if (configParams != null) {
-            for (int i = 0; i < configParams.size(); i++) {
-                String kv = configParams.elementAt(i);
-                int index = kv.indexOf('=');
-
-                params.put(kv.substring(0, index),
-                        kv.substring(index + 1));
-            }
-        }
-        sendResponse(0, null, params, resp);
-        return;
-    }
-
-    private synchronized void getMapperInstConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // does mapper instance exist?
-        if (mProcessor.getMapperInsts().containsKey(id) == false) {
-            sendResponse(
-                    ERROR,
-                    new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(),
-                    null, resp);
-            return;
-        }
-
-        ILdapMapper mapperInst = mProcessor.getMapperInstance(id);
-        Vector<String> configParams = mapperInst.getInstanceParams();
-        NameValuePairs params = new NameValuePairs();
-
-        params.put(Constants.PR_MAPPER_IMPL_NAME,
-                getMapperPluginName(mapperInst));
-        // implName is always required so always send it.
-        if (configParams != null) {
-            for (int i = 0; i < configParams.size(); i++) {
-                String kv = configParams.elementAt(i);
-                int index = kv.indexOf('=');
-
-                params.put(kv.substring(0, index),
-                        kv.substring(index + 1));
-            }
-        }
-
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void modMapperInst(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // Does the manager instance exist?
-        if (!mProcessor.getMapperInsts().containsKey(id)) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
-                    null, resp);
-            return;
-        }
-
-        // get new implementation (same or different.)
-        String implname = req.getParameter(Constants.PR_MAPPER_IMPL_NAME);
-
-        if (implname == null) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp);
-            return;
-        }
-        // get plugin for implementation
-        MapperPlugin plugin =
-                mProcessor.getMapperPlugins().get(implname);
-
-        if (plugin == null) {
-            sendResponse(
-                    ERROR,
-                    new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND",
-                            implname)).toString(),
-                    null, resp);
-            return;
-        }
-
-        // save old instance substore params in case new one fails.
-
-        ILdapMapper oldinst =
-                mProcessor.getMapperInstance(id);
-        Vector<String> oldConfigParms = oldinst.getInstanceParams();
-        NameValuePairs saveParams = new NameValuePairs();
-
-        // implName is always required so always include it it.
-        saveParams.put("pluginName", implname);
-        if (oldConfigParms != null) {
-            for (int i = 0; i < oldConfigParms.size(); i++) {
-                String kv = oldConfigParms.elementAt(i);
-                int index = kv.indexOf('=');
-
-                saveParams.put(kv.substring(0, index),
-                        kv.substring(index + 1));
-            }
-        }
-
-        // on to the new instance.
-
-        // remove old substore.
-
-        IConfigStore destStore =
-                mConfig.getSubStore(mAuth.getId() +
-                        ".publish.mapper");
-        IConfigStore instancesConfig = destStore.getSubStore("instance");
-
-        // create new substore.
-
-        Vector<String> configParams = mProcessor.getMapperInstanceParams(id);
-
-        instancesConfig.removeSubStore(id);
-
-        IConfigStore substore = instancesConfig.makeSubStore(id);
-
-        substore.put("pluginName", implname);
-        if (configParams != null) {
-            for (int i = 0; i < configParams.size(); i++) {
-                String kv = configParams.elementAt(i);
-                int index = kv.indexOf('=');
-                String key = kv.substring(0, index);
-                String val = req.getParameter(key);
-
-                if (val != null) {
-                    substore.put(key, val);
-                }
-            }
-        }
-
-        // Instantiate an object for new implementation
-
-        String className = plugin.getClassPath();
-        ILdapMapper newMgrInst = null;
-
-        try {
-            newMgrInst = (ILdapMapper)
-                    Class.forName(className).newInstance();
-        } catch (ClassNotFoundException e) {
-            // cleanup
-            restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR,
-                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className))
-                            .toString(),
-                    null, resp);
-            return;
-        } catch (InstantiationException e) {
-            restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR,
-                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className))
-                            .toString(),
-                    null, resp);
-            return;
-        } catch (IllegalAccessException e) {
-            restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR,
-                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className))
-                            .toString(),
-                    null, resp);
-            return;
-        }
-        // initialize the mapper
-
-        try {
-            newMgrInst.init(substore);
-        } catch (EBaseException e) {
-            // don't commit in this case and cleanup the new substore.
-            restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR, e.toString(getLocale(req)), null,
-                    resp);
-            return;
-        } catch (Throwable e) {
-            restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR, e.toString(), null,
-                    resp);
-            return;
-        }
-
-        // initialized ok.  commiting
-        try {
-            mConfig.commit(true);
-        } catch (EBaseException e) {
-            // clean up.
-            restore(instancesConfig, id, saveParams);
-            //System.out.println("SRVLT_FAIL_COMMIT");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        // commited ok. replace instance.
-
-        mProcessor.getMapperInsts().put(id, new MapperProxy(true, newMgrInst));
-
-        mProcessor.log(ILogger.LL_INFO,
-                CMS.getLogMessage("ADMIN_SRVLT_MAPPER_REPLACED", id));
-        NameValuePairs params = new NameValuePairs();
-
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void addRulePlugin(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // is the rule id unique?
-        if (mProcessor.getRulePlugins().containsKey(id)) {
-            sendResponse(
-                    ERROR,
-                    new ELdapException(CMS.getUserMessage("CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(getLocale(req)),
-                    null, resp);
-            return;
-        }
-
-        String classPath = req.getParameter(Constants.PR_RULE_CLASS);
-
-        if (classPath == null) {
-            sendResponse(ERROR, CMS.getUserMessage("CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
-            return;
-        }
-
-        IConfigStore destStore = null;
-
-        destStore = mConfig.getSubStore(
-                    mAuth.getId() + ".publish.rule");
-        IConfigStore instancesConfig = destStore.getSubStore("impl");
-
-        // Does the class exist?
-        Class<?> newImpl = null;
-
-        try {
-            newImpl = Class.forName(classPath);
-        } catch (ClassNotFoundException e) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp);
-            return;
-        } catch (IllegalArgumentException e) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp);
-            return;
-        }
-
-        // is the class an ILdapRule?
-        try {
-            if (ILdapRule.class.isAssignableFrom(newImpl) == false) {
-                sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null,
-                        resp);
-                return;
-            }
-        } catch (NullPointerException e) { // unlikely, only if newImpl null.
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp);
-            return;
-        }
-
-        IConfigStore substore = instancesConfig.makeSubStore(id);
-
-        substore.put(Constants.PR_RULE_CLASS, classPath);
-
-        // commiting
-        try {
-            mConfig.commit(true);
-        } catch (EBaseException e) {
-            //System.out.println("SRVLT_FAIL_COMMIT");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        // add rule to registry.
-        RulePlugin plugin = new RulePlugin(id, classPath);
-
-        mProcessor.getRulePlugins().put(id, plugin);
-        mProcessor.log(ILogger.LL_INFO,
-                CMS.getLogMessage("ADMIN_SRVLT_RULE_PLUG_ADDED", id));
-
-        NameValuePairs params = new NameValuePairs();
-
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void addRuleInst(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-        if (!isValidID(id)) {
-            sendResponse(ERROR, "Invalid ID '" + id + "'",
-                    null, resp);
-            return;
-        }
-
-        if (mProcessor.getRuleInsts().containsKey(id)) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
-                    null, resp);
-            return;
-        }
-
-        // get required parameters
-        String implname = req.getParameter(
-                Constants.PR_RULE_IMPL_NAME);
-
-        if (implname == null) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp);
-            return;
-        }
-
-        // check if implementation exists.
-        RulePlugin plugin =
-                mProcessor.getRulePlugins().get(implname);
-
-        if (plugin == null) {
-            sendResponse(
-                    ERROR,
-                    new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req),
-                            "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
-                    null, resp);
-            return;
-        }
-
-        Vector<String> configParams = mProcessor.getRuleDefaultParams(implname);
-
-        IConfigStore destStore =
-                mConfig.getSubStore(mAuth.getId()
-                        + ".publish.rule");
-        IConfigStore instancesConfig =
-                destStore.getSubStore("instance");
-        IConfigStore substore = instancesConfig.makeSubStore(id);
-
-        if (configParams != null) {
-            for (int i = 0; i < configParams.size(); i++) {
-                String kv = configParams.elementAt(i);
-                int index = kv.indexOf('=');
-                String val = req.getParameter(kv.substring(0, index));
-
-                if (val == null) {
-                    substore.put(kv.substring(0, index),
-                            kv.substring(index + 1));
-                } else {
-                    if (val.equals(NOMAPPER))
-                        val = "";
-                    substore.put(kv.substring(0, index),
-                            val);
-                }
-            }
-        }
-        substore.put("pluginName", implname);
-
-        // Instantiate an object for this implementation
-        String className = plugin.getClassPath();
-        ILdapRule ruleInst = null;
-
-        try {
-            ruleInst = (ILdapRule) Class.forName(className).newInstance();
-        } catch (ClassNotFoundException e) {
-            // cleanup
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR,
-                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className))
-                            .toString(),
-                    null, resp);
-            return;
-        } catch (InstantiationException e) {
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR,
-                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className))
-                            .toString(),
-                    null, resp);
-            return;
-        } catch (IllegalAccessException e) {
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR,
-                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className))
-                            .toString(),
-                    null, resp);
-            return;
-        }
-
-        // initialize the rule
-        try {
-            ruleInst.init(mProcessor, substore);
-            ruleInst.setInstanceName(id);
-        } catch (EBaseException e) {
-            // don't commit in this case and cleanup the new substore.
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
-            return;
-        } catch (Throwable e) {
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR, e.toString(), null, resp);
-            return;
-        }
-
-        // commiting
-        try {
-            mConfig.commit(true);
-        } catch (EBaseException e) {
-            // clean up.
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
-            return;
-        }
-        // inited and commited ok. now add manager instance to list.
-        mProcessor.getRuleInsts().put(id, ruleInst);
-
-        mProcessor.log(ILogger.LL_INFO,
-                CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_ADDED", id));
-
-        NameValuePairs params = new NameValuePairs();
-
-        params.put(Constants.PR_RULE_IMPL_NAME, implname);
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void listRulePlugins(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<String> e = mProcessor.getRulePlugins().keys();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-            RulePlugin value = mProcessor.getRulePlugins().get(name);
-            // get Description
-            String c = value.getClassPath();
-            String desc = "unknown";
-
-            try {
-                ILdapRule lp = (ILdapRule)
-                        Class.forName(c).newInstance();
-
-                desc = lp.getDescription();
-            } catch (Exception exp) {
-            }
-            params.put(name, value.getClassPath() + "," + desc);
-        }
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void listRuleInsts(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<String> e = mProcessor.getRuleInsts().keys();
-
-        for (; e.hasMoreElements();) {
-            String name = e.nextElement();
-            ILdapRule value = mProcessor.getRuleInsts().get(name);
-            String enabled = value.enabled() ? "enabled" : "disabled";
-
-            params.put(name, value.getInstanceName() + ";visible;" + enabled);
-        }
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    public String getRulePluginName(ILdapRule rule) {
-        IConfigStore cs = rule.getConfigStore();
-
-        try {
-            return cs.getString("pluginName", "");
-        } catch (EBaseException e) {
-            return "";
-        }
-    }
-
-    private synchronized void delRulePlugin(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // does rule exist?
-        if (mProcessor.getRulePlugins().containsKey(id) == false) {
-            sendResponse(ERROR,
-                    new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id))
-                            .toString(),
-                    null, resp);
-            return;
-        }
-
-        // first check if any instances from this rule
-        // DON'T remove rule if any instance
-        for (Enumeration<ILdapRule> e = mProcessor.getRuleInsts().elements(); e.hasMoreElements();) {
-            ILdapRule rule = e.nextElement();
-
-            if (id.equals(getRulePluginName(rule))) {
-                sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp);
-                return;
-            }
-        }
-
-        // then delete this rule
-        mProcessor.getRulePlugins().remove(id);
-
-        IConfigStore destStore =
-                mConfig.getSubStore(
-                        mAuth.getId() + ".rule");
-        IConfigStore instancesConfig = destStore.getSubStore("impl");
-
-        instancesConfig.removeSubStore(id);
-        // commiting
-        try {
-            mConfig.commit(true);
-        } catch (EBaseException e) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void delRuleInst(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // prevent deletion of admin and agent.
-
-        // does rule instance exist?
-        if (mProcessor.getRuleInsts().containsKey(id) == false) {
-            sendResponse(ERROR,
-                    new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(),
-                    null, resp);
-            return;
-        }
-
-        // only remove from memory
-        // cannot shutdown because we don't keep track of whether it's
-        // being used.
-        mProcessor.getRuleInsts().remove(id);
-
-        // remove the configuration.
-        IConfigStore destStore =
-                mConfig.getSubStore(
-                        mAuth.getId() + ".publish.rule");
-        IConfigStore instancesConfig = destStore.getSubStore("instance");
-
-        instancesConfig.removeSubStore(id);
-        // commiting
-        try {
-            mConfig.commit(true);
-        } catch (EBaseException e) {
-            //System.out.println("SRVLT_FAIL_COMMIT");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
-            return;
-        }
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void getRuleConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-        String implname = req.getParameter(Constants.RS_ID);
-
-        if (implname == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        Vector<String> configParams = mProcessor.getRuleDefaultParams(implname);
-        NameValuePairs params = new NameValuePairs();
-
-        // implName is always required so always send it.
-        params.put(Constants.PR_RULE_IMPL_NAME, "");
-        if (configParams != null) {
-            for (int i = 0; i < configParams.size(); i++) {
-                String kv = configParams.elementAt(i);
-                int index = kv.indexOf('=');
-
-                params.put(kv.substring(0, index),
-                        kv.substring(index + 1));
-            }
-        }
-        sendResponse(0, null, params, resp);
-        return;
-    }
-
-    private synchronized void getRuleInstConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // does rule instance exist?
-        if (mProcessor.getRuleInsts().containsKey(id) == false) {
-            sendResponse(ERROR,
-                    new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(),
-                    null, resp);
-            return;
-        }
-
-        ILdapRule ruleInst = mProcessor.getRuleInsts().get(id);
-        Vector<String> configParams = ruleInst.getInstanceParams();
-        NameValuePairs params = new NameValuePairs();
-
-        params.put(Constants.PR_RULE_IMPL_NAME,
-                getRulePluginName(ruleInst));
-        // implName is always required so always send it.
-        if (configParams != null) {
-            for (int i = 0; i < configParams.size(); i++) {
-                String kv = configParams.elementAt(i);
-                int index = kv.indexOf('=');
-
-                params.put(kv.substring(0, index),
-                        kv.substring(index + 1));
-            }
-        }
-
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void modRuleInst(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // Does the manager instance exist?
-        if (!mProcessor.getRuleInsts().containsKey(id)) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
-                    null, resp);
-            return;
-        }
-
-        // get new implementation (same or different.)
-        String implname = req.getParameter(Constants.PR_RULE_IMPL_NAME);
-
-        if (implname == null) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp);
-            return;
-        }
-
-        // get plugin for implementation
-        RulePlugin plugin =
-                mProcessor.getRulePlugins().get(implname);
-
-        if (plugin == null) {
-            sendResponse(ERROR,
-                    //new ERulePluginNotFound(implname).toString(getLocale(req)),
-                    "",
-                    null, resp);
-            return;
-        }
-
-        // save old instance substore params in case new one fails.
-
-        ILdapRule oldinst =
-                mProcessor.getRuleInsts().get(id);
-        Vector<String> oldConfigParms = oldinst.getInstanceParams();
-        NameValuePairs saveParams = new NameValuePairs();
-
-        // implName is always required so always include it it.
-        saveParams.put("pluginName", implname);
-        if (oldConfigParms != null) {
-            for (int i = 0; i < oldConfigParms.size(); i++) {
-                String kv = oldConfigParms.elementAt(i);
-                int index = kv.indexOf('=');
-
-                saveParams.put(kv.substring(0, index),
-                        kv.substring(index + 1));
-            }
-        }
-
-        // on to the new instance.
-
-        // remove old substore.
-
-        IConfigStore destStore =
-                mConfig.getSubStore(
-                        mAuth.getId() + ".publish.rule");
-        IConfigStore instancesConfig = destStore.getSubStore("instance");
-
-        // create new substore.
-
-        Vector<String> configParams = mProcessor.getRuleDefaultParams(implname);
-
-        instancesConfig.removeSubStore(id);
-
-        IConfigStore substore = instancesConfig.makeSubStore(id);
-
-        substore.put("pluginName", implname);
-        if (configParams != null) {
-            for (int i = 0; i < configParams.size(); i++) {
-                String kv = configParams.elementAt(i);
-                int index = kv.indexOf('=');
-                String key = kv.substring(0, index);
-                String val = req.getParameter(key);
-
-                if (val == null) {
-                    substore.put(key,
-                            kv.substring(index + 1));
-                } else {
-                    if (val.equals(NOMAPPER))
-                        val = "";
-                    substore.put(key, val);
-                }
-            }
-        }
-
-        // Instantiate an object for new implementation
-
-        String className = plugin.getClassPath();
-        ILdapRule newRuleInst = null;
-
-        try {
-            newRuleInst = (ILdapRule) Class.forName(className).newInstance();
-        } catch (ClassNotFoundException e) {
-            // cleanup
-            restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR,
-                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className))
-                            .toString(),
-                    null, resp);
-            return;
-        } catch (InstantiationException e) {
-            restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR,
-                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className))
-                            .toString(),
-                    null, resp);
-            return;
-        } catch (IllegalAccessException e) {
-            restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR,
-                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className))
-                            .toString(),
-                    null, resp);
-            return;
-        }
-
-        // initialize the rule
-
-        try {
-            newRuleInst.init(mProcessor, substore);
-        } catch (EBaseException e) {
-            // don't commit in this case and cleanup the new substore.
-            restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
-            return;
-        } catch (Throwable e) {
-            restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR, e.toString(), null, resp);
-            return;
-        }
-
-        // initialized ok.  commiting
-        try {
-            mConfig.commit(true);
-        } catch (EBaseException e) {
-            // clean up.
-            restore(instancesConfig, id, saveParams);
-            //System.out.println("SRVLT_FAIL_COMMIT");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        // commited ok. replace instance.
-
-        mProcessor.getRuleInsts().put(id, newRuleInst);
-
-        mProcessor.log(ILogger.LL_INFO,
-                CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_REP", id));
-        NameValuePairs params = new NameValuePairs();
-
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void addPublisherPlugin(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // is the manager id unique?
-        if (mProcessor.getPublisherPlugins().containsKey(id)) {
-            sendResponse(ERROR,
-                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id))
-                            .toString(),
-                    null, resp);
-            return;
-        }
-
-        String classPath = req.getParameter(Constants.PR_PUBLISHER_CLASS);
-
-        if (classPath == null) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
-            return;
-        }
-
-        IConfigStore destStore = null;
-
-        destStore = mConfig.getSubStore(
-                    mAuth.getId() + ".publish.publisher");
-        IConfigStore instancesConfig = destStore.getSubStore("impl");
-
-        // Does the class exist?
-        Class<?> newImpl = null;
-
-        try {
-            newImpl = Class.forName(classPath);
-        } catch (ClassNotFoundException e) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp);
-            return;
-        } catch (IllegalArgumentException e) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp);
-            return;
-        }
-
-        // is the class an ILdapPublisher?
-        try {
-            if (ILdapPublisher.class.isAssignableFrom(newImpl) == false) {
-                sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null,
-                        resp);
-                return;
-            }
-        } catch (NullPointerException e) { // unlikely, only if newImpl null.
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp);
-            return;
-        }
-
-        IConfigStore substore = instancesConfig.makeSubStore(id);
-
-        substore.put(Constants.PR_PUBLISHER_CLASS, classPath);
-
-        // commiting
-        try {
-            mConfig.commit(true);
-        } catch (EBaseException e) {
-            //System.out.println("SRVLT_FAIL_COMMIT");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        // add publisher to registry.
-        PublisherPlugin plugin = new PublisherPlugin(id, classPath);
-
-        mProcessor.getPublisherPlugins().put(id, plugin);
-        mProcessor.log(ILogger.LL_INFO,
-                CMS.getLogMessage("ADMIN_SRVLT_PUB_PLUG_ADDED", id));
-
-        NameValuePairs params = new NameValuePairs();
-
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void addPublisherInst(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        if (!isValidID(id)) {
-            sendResponse(ERROR, "Invalid ID '" + id + "'",
-                    null, resp);
-            return;
-        }
-
-        if (mProcessor.getPublisherInsts().containsKey(id)) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
-                    null, resp);
-            return;
-        }
-
-        // get required parameters
-        String implname = req.getParameter(
-                Constants.PR_PUBLISHER_IMPL_NAME);
-
-        if (implname == null) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp);
-            return;
-        }
-
-        // check if implementation exists.
-        PublisherPlugin plugin =
-                mProcessor.getPublisherPlugins().get(implname);
-
-        if (plugin == null) {
-            sendResponse(
-                    ERROR,
-                    new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req),
-                            "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
-                    null, resp);
-            return;
-        }
-
-        Vector<String> configParams = mProcessor.getPublisherDefaultParams(implname);
-
-        IConfigStore destStore =
-                mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
-        IConfigStore instancesConfig = destStore.getSubStore("instance");
-        IConfigStore substore = instancesConfig.makeSubStore(id);
-
-        if (configParams != null) {
-            for (int i = 0; i < configParams.size(); i++) {
-                String kv = configParams.elementAt(i);
-                int index = kv.indexOf('=');
-                String val = null;
-
-                if (index == -1) {
-                    val = req.getParameter(kv);
-                } else {
-                    val = req.getParameter(kv.substring(0, index));
-                }
-                if (val == null) {
-                    if (index == -1) {
-                        substore.put(kv, "");
-                    } else {
-                        substore.put(kv.substring(0, index),
-                                kv.substring(index + 1));
-                    }
-                } else {
-                    if (index == -1) {
-                        substore.put(kv, val);
-                    } else {
-                        substore.put(kv.substring(0, index),
-                                val);
-                    }
-                }
-            }
-        }
-        substore.put("pluginName", implname);
-
-        // Instantiate an object for this implementation
-        String className = plugin.getClassPath();
-        ILdapPublisher publisherInst = null;
-
-        try {
-            publisherInst = (ILdapPublisher) Class.forName(className).newInstance();
-        } catch (ClassNotFoundException e) {
-            // cleanup
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR,
-                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className))
-                            .toString(),
-                    null, resp);
-            return;
-        } catch (InstantiationException e) {
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR,
-                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className))
-                            .toString(),
-                    null, resp);
-            return;
-        } catch (IllegalAccessException e) {
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR,
-                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className))
-                            .toString(),
-                    null, resp);
-            return;
-        }
-
-        // initialize the publisher
-        try {
-            publisherInst.init(substore);
-        } catch (EBaseException e) {
-            // don't commit in this case and cleanup the new substore.
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
-            return;
-        } catch (Throwable e) {
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR, e.toString(), null, resp);
-            return;
-        }
-
-        // commiting
-        try {
-            mConfig.commit(true);
-        } catch (EBaseException e) {
-            // clean up.
-            instancesConfig.removeSubStore(id);
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        // inited and commited ok. now add manager instance to list.
-        mProcessor.getPublisherInsts().put(id, new PublisherProxy(true, publisherInst));
-
-        mProcessor.log(ILogger.LL_INFO,
-                CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_ADDED", id));
-
-        NameValuePairs params = new NameValuePairs();
-
-        params.put(Constants.PR_PUBLISHER_IMPL_NAME, implname);
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void listPublisherPlugins(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<String> e = mProcessor.getPublisherPlugins().keys();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-            PublisherPlugin value = mProcessor.getPublisherPlugins().get(name);
-            // get Description
-            String c = value.getClassPath();
-            String desc = "unknown";
-
-            try {
-                ILdapPublisher lp = (ILdapPublisher)
-                        Class.forName(c).newInstance();
-
-                desc = lp.getDescription();
-            } catch (Exception exp) {
-            }
-            params.put(name, value.getClassPath() + "," + desc);
-        }
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    public String getPublisherPluginName(ILdapPublisher pub) {
-        IConfigStore cs = pub.getConfigStore();
-
-        try {
-            return cs.getString("pluginName", "");
-        } catch (EBaseException e) {
-            return "";
-        }
-    }
-
-    private synchronized void listPublisherInsts(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<String> e = mProcessor.getPublisherInsts().keys();
-
-        for (; e.hasMoreElements();) {
-            String name = e.nextElement();
-            ILdapPublisher value = mProcessor.getPublisherInstance(name);
-
-            if (value == null)
-                continue;
-            params.put(name, getPublisherPluginName(value) + ";visible");
-        }
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void delPublisherPlugin(HttpServletRequest req,
-            HttpServletResponse resp, String scope) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // does publisher exist?
-        if (mProcessor.getPublisherPlugins().containsKey(id) == false) {
-            sendResponse(
-                    ERROR,
-                    new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req),
-                            "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)).toString(),
-                    null, resp);
-            return;
-        }
-
-        // first check if any instances from this publisher
-        // DON'T remove publisher if any instance
-        for (Enumeration<String> e = mProcessor.getPublisherInsts().keys(); e.hasMoreElements();) {
-            String name = e.nextElement();
-            ILdapPublisher publisher =
-                    mProcessor.getPublisherInstance(name);
-
-            if (id.equals(getPublisherPluginName(publisher))) {
-                sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp);
-                return;
-            }
-        }
-
-        // then delete this publisher
-        mProcessor.getPublisherPlugins().remove(id);
-
-        IConfigStore destStore =
-                mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
-        IConfigStore instancesConfig = destStore.getSubStore("impl");
-
-        instancesConfig.removeSubStore(id);
-        // commiting
-        try {
-            mConfig.commit(true);
-        } catch (EBaseException e) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    private synchronized void delPublisherInst(HttpServletRequest req,
-            HttpServletResponse resp, String scope) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // prevent deletion of admin and agent.
-
-        // does publisher instance exist?
-        if (mProcessor.getPublisherInsts().containsKey(id) == false) {
-            sendResponse(ERROR,
-                    new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id))
-                            .toString(),
-                    null, resp);
-            return;
-        }
-
-        // only remove from memory
-        // cannot shutdown because we don't keep track of whether it's
-        // being used.
-        mProcessor.getPublisherInsts().remove(id);
-
-        // remove the configuration.
-        IConfigStore destStore =
-                mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
-        IConfigStore instancesConfig = destStore.getSubStore("instance");
-
-        instancesConfig.removeSubStore(id);
-        // commiting
-        try {
-            mConfig.commit(true);
-        } catch (EBaseException e) {
-            //System.out.println("SRVLT_FAIL_COMMIT");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
-            return;
-        }
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    /**
-     * used for getting the required configuration parameters (with
-     * possible default values) for a particular plugin
-     * implementation name specified in the RS_ID. Actually, there is
-     * no logic in here to set any default value here...there's no
-     * default value for any parameter in this publishing subsystem
-     * at this point. Later, if we do have one (or some), it can be
-     * added. The interface remains the same.
-     */
-    private synchronized void getConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException, EBaseException {
-
-        String implname = req.getParameter(Constants.RS_ID);
-
-        if (implname == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        Vector<String> configParams = mProcessor.getPublisherDefaultParams(implname);
-        NameValuePairs params = new NameValuePairs();
-
-        // implName is always required so always send it.
-        params.put(Constants.PR_PUBLISHER_IMPL_NAME, "");
-        if (configParams != null) {
-            for (int i = 0; i < configParams.size(); i++) {
-                String kv = configParams.elementAt(i);
-                int index = kv.indexOf('=');
-
-                if (index == -1) {
-                    params.put(kv, "");
-                } else {
-                    params.put(kv.substring(0, index),
-                            kv.substring(index + 1));
-                }
-            }
-        }
-        sendResponse(0, null, params, resp);
-        return;
-    }
-
-    private synchronized void getInstConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // does publisher instance exist?
-        if (mProcessor.getPublisherInsts().containsKey(id) == false) {
-            sendResponse(ERROR,
-                    new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id))
-                            .toString(),
-                    null, resp);
-            return;
-        }
-
-        ILdapPublisher publisherInst = mProcessor.getPublisherInstance(id);
-        Vector<String> configParams = publisherInst.getInstanceParams();
-        NameValuePairs params = new NameValuePairs();
-
-        params.put(Constants.PR_PUBLISHER_IMPL_NAME,
-                getPublisherPluginName(publisherInst));
-        // implName is always required so always send it.
-        if (configParams != null) {
-            for (int i = 0; i < configParams.size(); i++) {
-                String kv = configParams.elementAt(i);
-                int index = kv.indexOf('=');
-
-                params.put(kv.substring(0, index),
-                        kv.substring(index + 1));
-            }
-        }
-
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    /**
-     * Modify publisher instance.
-     * This will actually create a new instance with new configuration
-     * parameters and replace the old instance, if the new instance
-     * created and initialized successfully.
-     * The old instance is left running. so this is very expensive.
-     * Restart of server recommended.
-     */
-    private synchronized void modPublisherInst(HttpServletRequest req,
-            HttpServletResponse resp, String scope)
-            throws ServletException, IOException, EBaseException {
-
-        // expensive operation.
-
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        // Does the manager instance exist?
-        if (!mProcessor.getPublisherInsts().containsKey(id)) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
-                    null, resp);
-            return;
-        }
-
-        // get new implementation (same or different.)
-        String implname = req.getParameter(Constants.PR_PUBLISHER_IMPL_NAME);
-
-        if (implname == null) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp);
-            return;
-        }
-
-        // get plugin for implementation
-        PublisherPlugin plugin =
-                mProcessor.getPublisherPlugins().get(implname);
-
-        if (plugin == null) {
-            sendResponse(
-                    ERROR,
-                    new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req),
-                            "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
-                    null, resp);
-            return;
-        }
-
-        // save old instance substore params in case new one fails.
-
-        ILdapPublisher oldinst = mProcessor.getPublisherInstance(id);
-        Vector<String> oldConfigParms = oldinst.getInstanceParams();
-        NameValuePairs saveParams = new NameValuePairs();
-        String pubType = "";
-
-        // implName is always required so always include it it.
-        saveParams.put("pluginName", implname);
-        if (oldConfigParms != null) {
-            for (int i = 0; i < oldConfigParms.size(); i++) {
-                String kv = oldConfigParms.elementAt(i);
-                int index = kv.indexOf('=');
-                if (index > -1) {
-                    if (kv.substring(0, index).equalsIgnoreCase("caObjectClass")) {
-                        pubType = "cacert";
-                    } else if (kv.substring(0, index).equalsIgnoreCase("crlObjectClass")) {
-                        pubType = "crl";
-                    }
-
-                    saveParams.put(kv.substring(0, index),
-                            kv.substring(index + 1));
-                }
-            }
-        }
-
-        // on to the new instance.
-
-        // remove old substore.
-
-        IConfigStore destStore =
-                mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
-        IConfigStore instancesConfig = destStore.getSubStore("instance");
-
-        // get objects added and deleted
-        if (pubType.equals("cacert")) {
-            saveParams.put("caObjectClassAdded", instancesConfig.getString(id + ".caObjectClassAdded", ""));
-            saveParams.put("caObjectClassDeleted", instancesConfig.getString(id + ".caObjectClassDeleted", ""));
-        } else if (pubType.equals("crl")) {
-            saveParams.put("crlObjectClassAdded", instancesConfig.getString(id + ".crlObjectClassAdded", ""));
-            saveParams.put("crlObjectClassDeleted", instancesConfig.getString(id + ".crlObjectClassDeleted", ""));
-        }
-
-        // create new substore.
-
-        Vector<String> configParams = mProcessor.getPublisherInstanceParams(id);
-
-        instancesConfig.removeSubStore(id);
-
-        IConfigStore substore = instancesConfig.makeSubStore(id);
-
-        substore.put("pluginName", implname);
-        if (configParams != null) {
-            for (int i = 0; i < configParams.size(); i++) {
-                String kv = configParams.elementAt(i);
-                int index = kv.indexOf('=');
-                String key = kv.substring(0, index);
-                String val = req.getParameter(key);
-
-                if (val != null) {
-                    substore.put(key, val);
-                }
-            }
-        }
-
-        // process any changes to the ldap object class definitions
-        if (pubType.equals("cacert")) {
-            processChangedOC(saveParams, substore, "caObjectClass");
-            substore.put("pubtype", "cacert");
-        }
-
-        if (pubType.equals("crl")) {
-            processChangedOC(saveParams, substore, "crlObjectClass");
-            substore.put("pubtype", "crl");
-        }
-
-        // Instantiate an object for new implementation
-
-        String className = plugin.getClassPath();
-        ILdapPublisher newMgrInst = null;
-
-        try {
-            newMgrInst = (ILdapPublisher) Class.forName(className).newInstance();
-        } catch (ClassNotFoundException e) {
-            // cleanup
-            restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR,
-                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className))
-                            .toString(),
-                    null, resp);
-            return;
-        } catch (InstantiationException e) {
-            restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR,
-                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className))
-                            .toString(),
-                    null, resp);
-            return;
-        } catch (IllegalAccessException e) {
-            restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR,
-                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className))
-                            .toString(),
-                    null, resp);
-            return;
-        }
-
-        // initialize the publisher
-
-        try {
-            newMgrInst.init(substore);
-        } catch (EBaseException e) {
-            // don't commit in this case and cleanup the new substore.
-            restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
-            return;
-        } catch (Throwable e) {
-            restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR, e.toString(), null, resp);
-            return;
-        }
-
-        // initialized ok.  commiting
-        try {
-            mConfig.commit(true);
-        } catch (EBaseException e) {
-            // clean up.
-            restore(instancesConfig, id, saveParams);
-            //System.out.println("SRVLT_FAIL_COMMIT");
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        // commited ok. replace instance.
-
-        mProcessor.getPublisherInsts().put(id, new PublisherProxy(true, newMgrInst));
-
-        mProcessor.log(ILogger.LL_INFO,
-                CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_REP", id));
-
-        NameValuePairs params = new NameValuePairs();
-
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    // convenience function - takes list1, list2.  Returns what is in list1
-    // but not in list2
-    private String[] getExtras(String[] list1, String[] list2) {
-        Vector<String> extras = new Vector<String>();
-        for (int i = 0; i < list1.length; i++) {
-            boolean match = false;
-            for (int j = 0; j < list2.length; j++) {
-                if ((list1[i].trim()).equalsIgnoreCase(list2[j].trim())) {
-                    match = true;
-                    break;
-                }
-            }
-            if (!match)
-                extras.add(list1[i].trim());
-        }
-
-        return extras.toArray(new String[extras.size()]);
-    }
-
-    // convenience function - takes list1, list2.  Concatenates the two
-    // lists removing duplicates
-    private String[] joinLists(String[] list1, String[] list2) {
-        Vector<String> sum = new Vector<String>();
-        for (int i = 0; i < list1.length; i++) {
-            sum.add(list1[i]);
-        }
-
-        for (int i = 0; i < list2.length; i++) {
-            boolean match = false;
-            for (int j = 0; j < list1.length; j++) {
-                if ((list2[i].trim()).equalsIgnoreCase(list1[j].trim())) {
-                    match = true;
-                    break;
-                }
-            }
-            if (!match)
-                sum.add(list2[i].trim());
-        }
-
-        return sum.toArray(new String[sum.size()]);
-    }
-
-    // convenience funtion. Takes a string array and delimiter
-    // and returns a String with the concatenation
-    private static String join(String[] s, String delimiter) {
-        if (s.length == 0)
-            return "";
-
-        StringBuffer buffer = new StringBuffer(s[0]);
-        if (s.length > 1) {
-            for (int i = 1; i < s.length; i++) {
-                buffer.append(delimiter + s[i].trim());
-            }
-        }
-        return buffer.toString();
-    }
-
-    private void processChangedOC(NameValuePairs saveParams, IConfigStore newstore, String objName) {
-        String newOC = null, oldOC = null;
-        String oldAdded = null, oldDeleted = null;
-
-        try {
-            newOC = newstore.getString(objName);
-        } catch (Exception e) {
-        }
-
-        oldOC = saveParams.get(objName);
-        oldAdded = saveParams.get(objName + "Added");
-        oldDeleted = saveParams.get(objName + "Deleted");
-
-        if ((oldOC == null) || (newOC == null))
-            return;
-        if (oldOC.equalsIgnoreCase(newOC))
-            return;
-
-        String[] oldList = oldOC.split(",");
-        String[] newList = newOC.split(",");
-        String[] deletedList = getExtras(oldList, newList);
-        String[] addedList = getExtras(newList, oldList);
-
-        // CMS.debug("addedList = " + join(addedList, ","));
-        // CMS.debug("deletedList = " + join(deletedList, ","));
-
-        if ((addedList.length == 0) && (deletedList.length == 0))
-            return; // no changes
-
-        if (oldAdded != null) {
-            // CMS.debug("oldAdded is " + oldAdded);
-            String[] oldAddedList = oldAdded.split(",");
-            addedList = joinLists(addedList, oldAddedList);
-        }
-
-        if (oldDeleted != null) {
-            // CMS.debug("oldDeleted is " + oldDeleted);
-            String[] oldDeletedList = oldDeleted.split(",");
-            deletedList = joinLists(deletedList, oldDeletedList);
-        }
-
-        String[] addedList1 = getExtras(addedList, deletedList);
-        String[] deletedList1 = getExtras(deletedList, addedList);
-
-        //create the final strings and write to config
-        String addedListStr = join(addedList1, ",");
-        String deletedListStr = join(deletedList1, ",");
-
-        CMS.debug("processChangedOC: added list is " + addedListStr);
-        CMS.debug("processChangedOC: deleted list is " + deletedListStr);
-
-        newstore.put(objName + "Added", addedListStr);
-        newstore.put(objName + "Deleted", deletedListStr);
-    }
-
-    // convenience routine.
-    private static void restore(IConfigStore store,
-            String id, NameValuePairs saveParams) {
-        store.removeSubStore(id);
-        IConfigStore rstore = store.makeSubStore(id);
-
-        for (String key : saveParams.keySet()) {
-            String value = saveParams.get(key);
-
-            if (value != null)
-                rstore.put(key, value);
-        }
-    }
-
-    private String dashes(int len) {
-        String dashes = "...................................................";
-
-        if (len <= 0)
-            return "";
-        String new1 = dashes.substring(0, len);
-
-        return new1;
-    }
-
-    /**
-     * logs an entry in the log file.
-     */
-    public void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM,
-                ILogger.S_LDAP, level, "PublishingAdminServlet: " + msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java b/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java
deleted file mode 100644
index 763f421fb..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java
+++ /dev/null
@@ -1,575 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.admin;
-
-import java.io.IOException;
-import java.util.Enumeration;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.common.Constants;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.common.OpDef;
-import com.netscape.certsrv.common.ScopeDef;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-import com.netscape.certsrv.request.IRequestListener;
-
-/**
- * A class representings an administration servlet for Registration
- * Authority. This servlet is responsible to serve RA
- * administrative operations such as configuration parameter
- * updates.
- *
- * @version $Revision$, $Date$
- */
-public class RAAdminServlet extends AdminServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 8417319111438832435L;
-
-    protected static final String PROP_ENABLED = "enabled";
-
-    /*==========================================================
-     * variables
-     *==========================================================*/
-    private final static String INFO = "RAAdminServlet";
-    private IRegistrationAuthority mRA = null;
-
-    /*==========================================================
-     * constructors
-     *==========================================================*/
-
-    /**
-     * Constructs RA servlet.
-     */
-    public RAAdminServlet() {
-        super();
-    }
-
-    /*==========================================================
-     * public methods
-     *==========================================================*/
-
-    /**
-     * Initializes this servlet.
-     */
-    public void init(ServletConfig config) throws ServletException {
-        super.init(config);
-        mRA = (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Serves HTTP request. Each request is authenticated to
-     * the authenticate manager.
-     */
-    public void service(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException {
-        super.service(req, resp);
-
-        //get all operational flags
-        String op = req.getParameter(Constants.OP_TYPE);
-        String scope = req.getParameter(Constants.OP_SCOPE);
-
-        //check operational flags
-        if ((op == null) || (scope == null)) {
-            sendResponse(1, "Invalid Protocol", null, resp);
-            return;
-        }
-
-        //authenticate the user
-        super.authenticate(req);
-
-        //perform services
-        try {
-            AUTHZ_RES_NAME = "certServer.ra.configuration";
-            if (op.equals(OpDef.OP_READ)) {
-                mOp = "read";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_GENERAL)) {
-                    readGeneralConfig(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_CONNECTOR)) {
-                    getConnectorConfig(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) {
-                    getNotificationReqCompConfig(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) {
-                    getNotificationRevCompConfig(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) {
-                    getNotificationRIQConfig(req, resp);
-                    return;
-                } else {
-                    sendResponse(1, "Unknown operation", null, resp);
-                    return;
-                }
-            } else if (op.equals(OpDef.OP_MODIFY)) {
-                mOp = "modify";
-                if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
-                    return;
-                }
-                if (scope.equals(ScopeDef.SC_GENERAL)) {
-                    modifyGeneralConfig(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_CONNECTOR)) {
-                    setConnectorConfig(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) {
-                    setNotificationReqCompConfig(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) {
-                    setNotificationRevCompConfig(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) {
-                    setNotificationRIQConfig(req, resp);
-                    return;
-                } else {
-                    sendResponse(1, "Unknown operation", null, resp);
-                    return;
-                }
-            }
-        } catch (Exception e) {
-            //System.out.println("XXX >>>" + e.toString() + "<<<");
-            sendResponse(1, "Unknown operation", null, resp);
-        }
-
-        return;
-    }
-
-    /*==========================================================
-     * private methods
-     *==========================================================*/
-
-    /*
-     * handle getting completion (cert issued) notification config info
-     */
-    private void getNotificationCompConfig(HttpServletRequest req,
-            HttpServletResponse resp, IConfigStore rc) throws ServletException,
-            IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-        Enumeration<String> e = req.getParameterNames();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-
-            if (name.equals(Constants.OP_TYPE))
-                continue;
-            if (name.equals(Constants.RS_ID))
-                continue;
-            if (name.equals(Constants.OP_SCOPE))
-                continue;
-            if (name.equals(Constants.PR_ENABLE))
-                continue;
-            params.put(name, rc.getString(name, ""));
-        }
-
-        params.put(Constants.PR_ENABLE,
-                rc.getString(PROP_ENABLED, Constants.FALSE));
-        //System.out.println("Send: "+params.toString());
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private void getNotificationReqCompConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        IConfigStore config = mRA.getConfigStore();
-        IConfigStore nc =
-                config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
-
-        IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE);
-
-        getNotificationCompConfig(req, resp, rc);
-
-    }
-
-    private void getNotificationRevCompConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        IConfigStore config = mRA.getConfigStore();
-        IConfigStore nc =
-                config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
-
-        IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE);
-
-        getNotificationCompConfig(req, resp, rc);
-
-    }
-
-    /*
-     * handle getting request in queue notification config info
-     */
-    private void getNotificationRIQConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-
-        IConfigStore config = mRA.getConfigStore();
-        IConfigStore nc =
-                config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
-
-        IConfigStore riq = nc.getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE);
-
-        Enumeration<String> e = req.getParameterNames();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-
-            if (name.equals(Constants.OP_TYPE))
-                continue;
-            if (name.equals(Constants.RS_ID))
-                continue;
-            if (name.equals(Constants.OP_SCOPE))
-                continue;
-            if (name.equals(Constants.PR_ENABLE))
-                continue;
-            params.put(name, riq.getString(name, ""));
-        }
-
-        params.put(Constants.PR_ENABLE,
-                riq.getString(PROP_ENABLED, Constants.FALSE));
-        //System.out.println("Send: "+params.toString());
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    /*
-     * handle setting request in queue notification config info
-     */
-    private void setNotificationRIQConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        IConfigStore config = mRA.getConfigStore();
-        IConfigStore nc =
-                config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
-
-        IConfigStore riq = nc.getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE);
-
-        //set rest of the parameters
-        Enumeration<String> e = req.getParameterNames();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-
-            if (name.equals(Constants.OP_TYPE))
-                continue;
-            if (name.equals(Constants.RS_ID))
-                continue;
-            if (name.equals(Constants.OP_SCOPE))
-                continue;
-            if (name.equals(Constants.PR_ENABLE))
-                continue;
-            String val = req.getParameter(name);
-
-            riq.putString(name, val);
-            mRA.getRequestInQListener().set(name, val);
-        }
-
-        // set enable flag
-        String enabledString = req.getParameter(Constants.PR_ENABLE);
-
-        riq.putString(PROP_ENABLED, enabledString);
-        mRA.getRequestInQListener().set(PROP_ENABLED, enabledString);
-
-        commit(true);
-
-        sendResponse(SUCCESS, null, null, resp);
-    }
-
-    /*
-     * handle setting request complete notification config info
-     */
-    private void setNotificationCompConfig(HttpServletRequest req,
-            HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException,
-            IOException, EBaseException {
-        //set rest of the parameters
-        Enumeration<String> e = req.getParameterNames();
-
-        while (e.hasMoreElements()) {
-            String name = e.nextElement();
-
-            if (name.equals(Constants.OP_TYPE))
-                continue;
-            if (name.equals(Constants.RS_ID))
-                continue;
-            if (name.equals(Constants.OP_SCOPE))
-                continue;
-            if (name.equals(Constants.PR_ENABLE))
-                continue;
-            String val = req.getParameter(name);
-
-            rc.putString(name, val);
-            thisListener.set(name, val);
-        }
-
-        // set enable flag
-        String enabledString = req.getParameter(Constants.PR_ENABLE);
-
-        rc.putString(PROP_ENABLED, enabledString);
-        thisListener.set(PROP_ENABLED, enabledString);
-
-        commit(true);
-
-        sendResponse(SUCCESS, null, null, resp);
-    }
-
-    private void setNotificationReqCompConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        IConfigStore config = mRA.getConfigStore();
-        IConfigStore nc =
-                config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
-
-        IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE);
-
-        setNotificationCompConfig(req, resp, rc, mRA.getCertIssuedListener());
-
-    }
-
-    private void setNotificationRevCompConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        IConfigStore config = mRA.getConfigStore();
-        IConfigStore nc =
-                config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
-
-        IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE);
-
-        setNotificationCompConfig(req, resp, rc, mRA.getCertRevokedListener());
-    }
-
-    private void getConnectorConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        IConfigStore raConfig = mRA.getConfigStore();
-        IConfigStore connectorConfig = raConfig.getSubStore("connector");
-        IConfigStore caConnectorConfig = null;
-
-        if (isCAConnector(req)) {
-            caConnectorConfig = connectorConfig.getSubStore("CA");
-        } else if (isRAConnector(req)) {
-            caConnectorConfig = connectorConfig.getSubStore("RA");
-        } else if (isKRAConnector(req)) {
-            caConnectorConfig = connectorConfig.getSubStore("KRA");
-        }
-
-        /*
-         Enumeration enum = req.getParameterNames();
-         NameValuePairs params = new NameValuePairs();
-         while (enum.hasMoreElements()) {
-         String key = (String)enum.nextElement();
-         if (key.equals("RS_ID")) {
-         String val = req.getParameter(key);
-         if (val.equals("CA Connector"))
-         }
-         }
-         */
-
-        Enumeration<String> enum1 = req.getParameterNames();
-        NameValuePairs params = new NameValuePairs();
-
-        if (caConnectorConfig != null) {
-            while (enum1.hasMoreElements()) {
-                String name = enum1.nextElement();
-
-                if (name.equals(Constants.RS_ID))
-                    continue;
-                if (name.equals(Constants.OP_SCOPE))
-                    continue;
-                if (name.equals(Constants.OP_TYPE))
-                    continue;
-
-                params.put(name, caConnectorConfig.getString(name, ""));
-            }
-        }
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    private void setConnectorConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        IConfigStore raConfig = mRA.getConfigStore();
-        IConfigStore connectorConfig = raConfig.getSubStore("connector");
-        IConfigStore caConnectorConfig = null;
-        //       String nickname = raConfig.getString("certNickname", "");
-
-        if (isCAConnector(req)) {
-            caConnectorConfig = connectorConfig.getSubStore("CA");
-        } else if (isRAConnector(req)) {
-            caConnectorConfig = connectorConfig.getSubStore("RA");
-        } else if (isKRAConnector(req)) {
-            caConnectorConfig = connectorConfig.getSubStore("KRA");
-        }
-
-        Enumeration<String> enum1 = req.getParameterNames();
-
-        if (caConnectorConfig != null) {
-            while (enum1.hasMoreElements()) {
-                String name = enum1.nextElement();
-
-                if (name.equals(Constants.OP_TYPE))
-                    continue;
-                if (name.equals(Constants.RS_ID))
-                    continue;
-                if (name.equals(Constants.OP_SCOPE))
-                    continue;
-                /*
-                                if (name.equals("nickName")) {
-                                    caConnectorConfig.putString(name, nickname);
-                                    continue;
-                                }
-                */
-                caConnectorConfig.putString(name, req.getParameter(name));
-            }
-        }
-
-        commit(true);
-        sendResponse(RESTART, null, null, resp);
-    }
-
-    private boolean isCAConnector(HttpServletRequest req) {
-
-        Enumeration<String> enum1 = req.getParameterNames();
-
-        while (enum1.hasMoreElements()) {
-            String key = enum1.nextElement();
-
-            if (key.equals("RS_ID")) {
-                String val = req.getParameter(key);
-
-                if (val.equals("Certificate Manager Connector"))
-                    return true;
-                else
-                    return false;
-            }
-        }
-        return false;
-    }
-
-    private boolean isRAConnector(HttpServletRequest req) {
-
-        Enumeration<String> enum1 = req.getParameterNames();
-
-        while (enum1.hasMoreElements()) {
-            String key = enum1.nextElement();
-
-            if (key.equals("RS_ID")) {
-                String val = req.getParameter(key);
-
-                if (val.equals("Registration Manager Connector"))
-                    return true;
-                else
-                    return false;
-            }
-        }
-        return false;
-    }
-
-    private boolean isKRAConnector(HttpServletRequest req) {
-
-        Enumeration<String> enum1 = req.getParameterNames();
-
-        while (enum1.hasMoreElements()) {
-            String key = enum1.nextElement();
-
-            if (key.equals("RS_ID")) {
-                String val = req.getParameter(key);
-
-                if (val.equals("Data Recovery Manager Connector"))
-                    return true;
-                else
-                    return false;
-            }
-        }
-        return false;
-    }
-
-    //reading the RA general information
-    private void readGeneralConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-
-        /*
-         ISubsystem eeGateway =
-         SubsystemRegistry.getInstance().get("eeGateway");
-         String value = "false";
-         if (eeGateway != null) {
-         IConfigStore eeConfig = eeGateway.getConfigStore();
-         if (eeConfig != null)
-         value = eeConfig.getString("enabled", "true");
-         }
-         params.add(Constants.PR_EE_ENABLED, value);
-         */
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    //mdify RA General Information
-    private void modifyGeneralConfig(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        /*
-         ISubsystem eeGateway =
-         SubsystemRegistry.getInstance().get("eeGateway");
-         IConfigStore eeConfig = null;
-         if (eeGateway != null)
-         eeConfig = eeGateway.getConfigStore();
-
-         Enumeration enum = req.getParameterNames();
-         while (enum.hasMoreElements()) {
-         String key = (String)enum.nextElement();
-         if (key.equals(Constants.PR_EE_ENABLED)) {
-         if (eeConfig != null)
-         eeConfig.putString("enabled",
-         req.getParameter(Constants.PR_EE_ENABLED));
-         }
-         }
-
-         */
-        sendResponse(RESTART, null, null, resp);
-        commit(true);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java b/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java
deleted file mode 100644
index 4d47d318f..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java
+++ /dev/null
@@ -1,365 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.admin;
-
-import java.io.IOException;
-import java.util.Enumeration;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.common.Constants;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.common.OpDef;
-import com.netscape.certsrv.common.ScopeDef;
-import com.netscape.certsrv.profile.IPolicyConstraint;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.property.IConfigTemplate;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.registry.IPluginInfo;
-import com.netscape.certsrv.registry.IPluginRegistry;
-
-/**
- * This implements the administration servlet for registry subsystem.
- *
- * @version $Revision$, $Date$
- */
-public class RegistryAdminServlet extends AdminServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 2104924641665675578L;
-
-    public final static String PROP_AUTHORITY = "authority";
-
-    private final static String INFO = "RegistryAdminServlet";
-
-    public final static String PROP_PREDICATE = "predicate";
-    private IPluginRegistry mRegistry = null;
-
-    // These will be moved to PolicyResources
-    public static String INVALID_POLICY_SCOPE = "Invalid policy administration scope";
-    public static String INVALID_POLICY_IMPL_OP = "Invalid operation for policy implementation management";
-    public static String NYI = "Not Yet Implemented";
-    public static String INVALID_POLICY_IMPL_CONFIG = "Invalid policy implementation configuration";
-    public static String INVALID_POLICY_INSTANCE_CONFIG = "Invalid policy instance configuration";
-    public static String MISSING_POLICY_IMPL_ID = "Missing policy impl id in request";
-    public static String MISSING_POLICY_IMPL_CLASS = "Missing policy impl class in request";
-    public static String INVALID_POLICY_IMPL_ID = "Invalid policy impl id in request";
-    public static String MISSING_POLICY_INST_ID = "Missing policy impl id in request";
-    public static String INVALID_POLICY_INST_ID = "Invalid policy impl id in request";
-    public static String COMMA = ",";
-    public static String MISSING_POLICY_ORDERING = "Missing policy ordering";
-
-    /**
-     * Constructs administration servlet.
-     */
-    public RegistryAdminServlet() {
-        super();
-    }
-
-    /**
-     * Initializes this servlet.
-     */
-    public void init(ServletConfig config) throws ServletException {
-        super.init(config);
-        mRegistry = (IPluginRegistry) CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY);
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Serves HTTP admin request.
-     */
-    public void service(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        super.service(req, resp);
-
-        super.authenticate(req);
-
-        AUTHZ_RES_NAME = "certServer.registry.configuration";
-        String scope = req.getParameter(Constants.OP_SCOPE);
-        String op = req.getParameter(Constants.OP_TYPE);
-
-        if (scope.equals(ScopeDef.SC_SUPPORTED_CONSTRAINTPOLICIES)) {
-            if (op.equals(OpDef.OP_READ))
-                if (!readAuthorize(req, resp))
-                    return;
-            getSupportedConstraintPolicies(req, resp);
-        } else {
-            processImplMgmt(req, resp);
-        }
-    }
-
-    private boolean readAuthorize(HttpServletRequest req,
-            HttpServletResponse resp) throws IOException {
-        mOp = "read";
-        if ((mToken = super.authorize(req)) == null) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                    null, resp);
-            return false;
-        }
-        return true;
-    }
-
-    private boolean modifyAuthorize(HttpServletRequest req,
-            HttpServletResponse resp) throws IOException {
-        mOp = "modify";
-        if ((mToken = super.authorize(req)) == null) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                    null, resp);
-            return false;
-        }
-        return true;
-    }
-
-    /**
-     * Process Policy Implementation Management.
-     */
-    public void processImplMgmt(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-        // Get operation type
-        String op = req.getParameter(Constants.OP_TYPE);
-
-        if (op.equals(OpDef.OP_SEARCH)) {
-            if (!readAuthorize(req, resp))
-                return;
-            listImpls(req, resp);
-        } else if (op.equals(OpDef.OP_READ)) {
-            if (!readAuthorize(req, resp))
-                return;
-            getProfileImplConfig(req, resp);
-        } else if (op.equals(OpDef.OP_DELETE)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            deleteImpl(req, resp);
-        } else if (op.equals(OpDef.OP_ADD)) {
-            if (!modifyAuthorize(req, resp))
-                return;
-            addImpl(req, resp);
-        } else
-            sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
-                    null, resp);
-    }
-
-    public void addImpl(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-
-        // Get the policy impl id.
-        String id = req.getParameter(Constants.RS_ID);
-        String scope = req.getParameter(Constants.OP_SCOPE);
-        String classPath = req.getParameter(Constants.PR_POLICY_CLASS);
-        String desc = req.getParameter(Constants.PR_POLICY_DESC);
-
-        if (id == null) {
-            sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp);
-            return;
-        }
-
-        NameValuePairs nvp = new NameValuePairs();
-
-        IPluginInfo info = mRegistry.createPluginInfo(id, desc, classPath);
-        try {
-            mRegistry.addPluginInfo(scope, id, info);
-        } catch (Exception e) {
-            CMS.debug(e.toString());
-        }
-
-        sendResponse(SUCCESS, null, nvp, resp);
-    }
-
-    public void deleteImpl(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-
-        // Get the policy impl id.
-        String id = req.getParameter(Constants.RS_ID);
-        String scope = req.getParameter(Constants.OP_SCOPE);
-
-        if (id == null) {
-            sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp);
-            return;
-        }
-
-        IPluginInfo info = mRegistry.getPluginInfo(scope, id);
-
-        if (info == null) {
-            sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp);
-            return;
-        }
-
-        NameValuePairs nvp = new NameValuePairs();
-
-        try {
-            mRegistry.removePluginInfo(scope, id);
-        } catch (Exception e) {
-            CMS.debug(e.toString());
-        }
-
-        sendResponse(SUCCESS, null, nvp, resp);
-    }
-
-    /**
-     * Lists all registered profile impementations
-     */
-    public void listImpls(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-
-        String scope = req.getParameter(Constants.OP_SCOPE);
-        Enumeration<String> impls = mRegistry.getIds(scope);
-        NameValuePairs nvp = new NameValuePairs();
-
-        while (impls.hasMoreElements()) {
-            String id = impls.nextElement();
-            IPluginInfo info = mRegistry.getPluginInfo(scope, id);
-
-            nvp.put(id, info.getClassName() + "," +
-                    info.getDescription(getLocale(req)) + "," + info.getName(getLocale(req)));
-        }
-
-        sendResponse(SUCCESS, null, nvp, resp);
-    }
-
-    public void getSupportedConstraintPolicies(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException, IOException {
-        String id = req.getParameter(Constants.RS_ID);
-
-        if (id == null) {
-            sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp);
-            return;
-        }
-        NameValuePairs nvp = new NameValuePairs();
-
-        try {
-            IPluginInfo info = mRegistry.getPluginInfo("defaultPolicy", id);
-            String className = info.getClassName();
-            IPolicyDefault policyDefaultClass = (IPolicyDefault)
-                    Class.forName(className).newInstance();
-
-            if (policyDefaultClass != null) {
-                Enumeration<String> impls = mRegistry.getIds("constraintPolicy");
-
-                while (impls.hasMoreElements()) {
-                    String constraintID = impls.nextElement();
-                    IPluginInfo constraintInfo = mRegistry.getPluginInfo(
-                            "constraintPolicy", constraintID);
-                    IPolicyConstraint policyConstraintClass = (IPolicyConstraint)
-                            Class.forName(constraintInfo.getClassName()).newInstance();
-
-                    CMS.debug("RegistryAdminServlet: getSUpportedConstraint " + constraintInfo.getClassName());
-
-                    if (policyConstraintClass.isApplicable(policyDefaultClass)) {
-                        CMS.debug("RegistryAdminServlet: getSUpportedConstraint isApplicable "
-                                + constraintInfo.getClassName());
-                        nvp.put(constraintID,
-                                constraintInfo.getClassName()
-                                        + "," +
-                                        constraintInfo.getDescription(getLocale(req)) + ","
-                                        + constraintInfo.getName(getLocale(req)));
-                    }
-                }
-            }
-        } catch (Exception ex) {
-            CMS.debug("RegistyAdminServlet: getSupportConstraintPolicies: " + ex.toString());
-            CMS.debug(ex);
-        }
-        sendResponse(SUCCESS, null, nvp, resp);
-    }
-
-    public void getProfileImplConfig(HttpServletRequest req,
-            HttpServletResponse resp)
-            throws ServletException, IOException {
-
-        // Get the policy impl id.
-        String id = req.getParameter(Constants.RS_ID);
-        String scope = req.getParameter(Constants.OP_SCOPE);
-
-        if (id == null) {
-            sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp);
-            return;
-        }
-
-        IPluginInfo info = mRegistry.getPluginInfo(scope, id);
-
-        if (info == null) {
-            sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp);
-            return;
-        }
-
-        NameValuePairs nvp = new NameValuePairs();
-
-        String className = info.getClassName();
-        IConfigTemplate template = null;
-
-        try {
-            template = (IConfigTemplate)
-                    Class.forName(className).newInstance();
-        } catch (Exception e) {
-        }
-        if (template != null) {
-            Enumeration<String> names = template.getConfigNames();
-
-            if (names != null) {
-                while (names.hasMoreElements()) {
-                    String name = names.nextElement();
-                    CMS.debug("RegistryAdminServlet: getProfileImpl descriptor " + name);
-                    IDescriptor desc = template.getConfigDescriptor(getLocale(req), name);
-
-                    if (desc != null) {
-                        try {
-                            String value =
-                                    getNonNull(desc.getSyntax())
-                                            + ";" + getNonNull(desc.getConstraint()) + ";"
-                                            + desc.getDescription(getLocale(req)) + ";"
-                                            + getNonNull(desc.getDefaultValue());
-
-                            CMS.debug("RegistryAdminServlet: getProfileImpl " + value);
-                            nvp.put(name, value);
-                        } catch (Exception e) {
-
-                            CMS.debug("RegistryAdminServlet: getProfileImpl skipped descriptor for " + name);
-                        }
-                    } else {
-                        CMS.debug("RegistryAdminServlet: getProfileImpl cannot find descriptor for " + name);
-                    }
-                }
-            }
-        }
-        sendResponse(SUCCESS, null, nvp, resp);
-    }
-
-    protected String getNonNull(String s) {
-        if (s == null)
-            return "";
-        return s;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java b/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java
deleted file mode 100644
index 50df221f9..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java
+++ /dev/null
@@ -1,98 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-
-package com.netscape.cms.servlet.admin;
-
-import java.security.cert.CertificateEncodingException;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.Request;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.base.ResourceNotFoundException;
-import com.netscape.certsrv.cert.CertData;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.security.ITransportKeyUnit;
-import com.netscape.certsrv.system.SystemCertResource;
-import com.netscape.cms.servlet.base.PKIService;
-
-/**
- * This is the class used to list, retrieve and modify system certificates for all Java subsystems.
- *
- * @author alee
- *
- */
-public class SystemCertService extends PKIService implements SystemCertResource {
-
-    @Context
-    private UriInfo uriInfo;
-
-    @Context
-    private HttpHeaders headers;
-
-    @Context
-    private Request request;
-
-    @Context
-    private HttpServletRequest servletRequest;
-
-    public SystemCertService() {
-        CMS.debug("SystemCertService.<init>()");
-    }
-
-    /**
-     * Used to retrieve the transport certificate
-     */
-    public Response getTransportCert() {
-        CertData cert = null;
-        IKeyRecoveryAuthority kra = null;
-
-        // auth and authz
-
-        kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra");
-        if (kra == null) {
-            // no KRA
-            throw new ResourceNotFoundException("KRA subsystem not found.");
-        }
-
-        ITransportKeyUnit tu = kra.getTransportKeyUnit();
-        if (tu == null) {
-            CMS.debug("getTransportCert: transport key unit is null");
-            throw new PKIException("No transport key unit.");
-        }
-        org.mozilla.jss.crypto.X509Certificate transportCert = tu.getCertificate();
-        if (transportCert == null) {
-            CMS.debug("getTransportCert: transport cert is null");
-            throw new PKIException("Transport cert not found.");
-        }
-        try {
-            cert = createCertificateData(transportCert);
-        } catch (CertificateEncodingException e) {
-            CMS.debug("getTransportCert: certificate encoding exception with transport cert");
-            e.printStackTrace();
-            throw new PKIException("Unable to encode transport cert");
-        }
-        return sendConditionalGetResponse(DEFAULT_LONG_CACHE_LIFETIME, cert, request);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/UserService.java b/base/common/src/com/netscape/cms/servlet/admin/UserService.java
deleted file mode 100644
index c14605c54..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/UserService.java
+++ /dev/null
@@ -1,1101 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-
-package com.netscape.cms.servlet.admin;
-
-import java.io.UnsupportedEncodingException;
-import java.net.URI;
-import java.net.URLDecoder;
-import java.net.URLEncoder;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.Enumeration;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Request;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriInfo;
-
-import netscape.ldap.LDAPException;
-import netscape.security.pkcs.PKCS7;
-import netscape.security.x509.X509CertImpl;
-
-import org.apache.commons.lang.StringUtils;
-import org.jboss.resteasy.plugins.providers.atom.Link;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.InternalCertificate;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.BadRequestDataException;
-import com.netscape.certsrv.base.BadRequestException;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.ForbiddenException;
-import com.netscape.certsrv.base.ICertPrettyPrint;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.base.ResourceNotFoundException;
-import com.netscape.certsrv.base.UserNotFoundException;
-import com.netscape.certsrv.common.OpDef;
-import com.netscape.certsrv.common.ScopeDef;
-import com.netscape.certsrv.dbs.certdb.CertId;
-import com.netscape.certsrv.group.GroupMemberData;
-import com.netscape.certsrv.ldap.LDAPExceptionConverter;
-import com.netscape.certsrv.logging.IAuditor;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.password.IPasswordCheck;
-import com.netscape.certsrv.user.UserCertCollection;
-import com.netscape.certsrv.user.UserCertData;
-import com.netscape.certsrv.user.UserCollection;
-import com.netscape.certsrv.user.UserData;
-import com.netscape.certsrv.user.UserMembershipCollection;
-import com.netscape.certsrv.user.UserMembershipData;
-import com.netscape.certsrv.user.UserResource;
-import com.netscape.certsrv.usrgrp.EUsrGrpException;
-import com.netscape.certsrv.usrgrp.IGroup;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cms.servlet.base.PKIService;
-import com.netscape.cmsutil.ldap.LDAPUtil;
-import com.netscape.cmsutil.util.Cert;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * @author Endi S. Dewata
- */
-public class UserService extends PKIService implements UserResource {
-
-    @Context
-    private UriInfo uriInfo;
-
-    @Context
-    private HttpHeaders headers;
-
-    @Context
-    private Request request;
-
-    @Context
-    private HttpServletRequest servletRequest;
-
-    public final static int DEFAULT_SIZE = 20;
-
-    public final static String BACK_SLASH = "\\";
-    public final static String SYSTEM_USER = "$System$";
-
-    public IUGSubsystem userGroupManager = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
-
-    public UserData createUserData(IUser user) throws Exception {
-
-        UserData userData = new UserData();
-
-        String id = user.getUserID();
-        if (!StringUtils.isEmpty(id)) userData.setID(id);
-
-        String fullName = user.getFullName();
-        if (!StringUtils.isEmpty(fullName)) userData.setFullName(fullName);
-
-        String userID = URLEncoder.encode(id, "UTF-8");
-        URI uri = uriInfo.getBaseUriBuilder().path(UserResource.class).path("{userID}").build(userID);
-        userData.setLink(new Link("self", uri));
-
-        return userData;
-    }
-
-    /**
-     * Searches for users in LDAP directory.
-     *
-     * Request/Response Syntax:
-     * http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#user-admin
-     */
-    @Override
-    public UserCollection findUsers(String filter, Integer start, Integer size) {
-        try {
-            filter = StringUtils.isEmpty(filter) ? "*" : "*"+LDAPUtil.escapeFilter(filter)+"*";
-            start = start == null ? 0 : start;
-            size = size == null ? DEFAULT_SIZE : size;
-
-            Enumeration<IUser> users = userGroupManager.findUsers(filter);
-
-            UserCollection response = new UserCollection();
-
-            int i = 0;
-
-            // skip to the start of the page
-            for ( ; i<start && users.hasMoreElements(); i++) users.nextElement();
-
-            // return entries up to the page size
-            for ( ; i<start+size && users.hasMoreElements(); i++) {
-                IUser user = users.nextElement();
-                response.addUser(createUserData(user));
-            }
-
-            // count the total entries
-            for ( ; users.hasMoreElements(); i++) users.nextElement();
-
-            if (start > 0) {
-                URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", Math.max(start-size, 0)).build();
-                response.addLink(new Link("prev", uri));
-            }
-
-            if (start+size < i) {
-                URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", start+size).build();
-                response.addLink(new Link("next", uri));
-            }
-
-            return response;
-
-        } catch (Exception e) {
-            throw new PKIException(getUserMessage("CMS_INTERNAL_ERROR", headers));
-        }
-    }
-
-    /**
-     * List user information. Certificates covered in a separate
-     * protocol for findUserCerts(). List of group memberships are
-     * also provided.
-     *
-     * Request/Response Syntax:
-     * http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#user-admin
-     */
-    @Override
-    public UserData getUser(String userID) {
-        try {
-            if (userID == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-
-                throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID", headers));
-            }
-
-            IUser user;
-
-            try {
-                user = userGroupManager.getUser(userID);
-            } catch (Exception e) {
-                throw new PKIException(getUserMessage("CMS_INTERNAL_ERROR", headers));
-            }
-
-            if (user == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
-
-                throw new UserNotFoundException(userID);
-            }
-
-            UserData userData = createUserData(user);
-
-            String email = user.getEmail();
-            if (!StringUtils.isEmpty(email)) userData.setEmail(email);
-
-            String phone = user.getPhone();
-            if (!StringUtils.isEmpty(phone)) userData.setPhone(phone);
-
-            String state = user.getState();
-            if (!StringUtils.isEmpty(state)) userData.setState(state);
-
-            String type = user.getUserType();
-            if (!StringUtils.isEmpty(type)) userData.setType(type);
-
-            List<String> profiles = user.getTpsProfiles();
-            if (profiles != null) {
-                StringBuilder sb = new StringBuilder();
-                String prefix = "";
-                for (String profile: profiles) {
-                    sb.append(prefix);
-                    prefix = ",";
-                    sb.append(profile);
-                }
-
-                userData.setAttribute(ATTR_TPS_PROFILES, sb.toString());
-            }
-
-            return userData;
-
-        } catch (PKIException e) {
-            throw e;
-
-        } catch (Exception e) {
-            throw new PKIException(e.getMessage());
-        }
-    }
-
-    /**
-     * Adds a new user to LDAP server
-     * <P>
-     *
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#user-admin
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
-     * users/groups)
-     * </ul>
-     */
-
-    @Override
-    public Response addUser(UserData userData) {
-
-        IConfigStore cs = CMS.getConfigStore();
-        String userID = userData.getID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            if (userID == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID", headers));
-            }
-
-            if (userID.indexOf(BACK_SLASH) != -1) {
-                // backslashes (BS) are not allowed
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_RS_ID_BS"));
-                throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_RS_ID_BS", headers));
-            }
-
-            if (userID.equals(SYSTEM_USER)) {
-                // backslashes (BS) are not allowed
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_SPECIAL_ID", userID));
-                throw new ForbiddenException(getUserMessage("CMS_ADMIN_SRVLT_SPECIAL_ID", headers, userID));
-            }
-
-            IUser user = userGroupManager.createUser(userID);
-
-            String fname = userData.getFullName();
-            if (fname == null || fname.length() == 0) {
-                String msg = getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", headers, "full name");
-
-                log(ILogger.LL_FAILURE, msg);
-                throw new BadRequestDataException(msg);
-
-            } else {
-                user.setFullName(fname);
-            }
-
-            String email = userData.getEmail();
-            if (email != null) {
-                user.setEmail(email);
-            } else {
-                user.setEmail("");
-            }
-
-            String pword = userData.getPassword();
-            if (pword != null && !pword.equals("")) {
-                IPasswordCheck passwdCheck = CMS.getPasswordChecker();
-
-                if (!passwdCheck.isGoodPassword(pword)) {
-                    throw new EUsrGrpException(passwdCheck.getReason(pword));
-                }
-
-                user.setPassword(pword);
-            } else {
-                user.setPassword("");
-            }
-
-            String phone = userData.getPhone();
-            if (phone != null) {
-                user.setPhone(phone);
-            } else {
-                user.setPhone("");
-            }
-
-            String type = userData.getType();
-            if (type != null) {
-                user.setUserType(type);
-            } else {
-                user.setUserType("");
-            }
-
-            String state = userData.getState();
-            if (state != null) {
-                user.setState(state);
-            }
-
-            String tpsProfiles = userData.getAttribute(ATTR_TPS_PROFILES);
-            String csType = cs.getString("cs.type");
-            if (tpsProfiles != null) {
-                if (!csType.equals("TPS")) {
-                    throw new BadRequestDataException("Cannot set tpsProfiles on a non-TPS subsystem");
-                }
-                String[] profiles = tpsProfiles.split(",");
-                user.setTpsProfiles(Arrays.asList(profiles));
-            }
-
-            try {
-                userGroupManager.addUser(user);
-
-                auditAddUser(userID, userData, ILogger.SUCCESS);
-
-                // read the data back
-                userData = getUser(userID);
-
-                return Response
-                        .created(userData.getLink().getHref())
-                        .entity(userData)
-                        .type(MediaType.APPLICATION_XML)
-                        .build();
-
-            } catch (EUsrGrpException e) {
-                log(ILogger.LL_FAILURE, e.toString());
-
-                if (user.getUserID() == null) {
-                    throw new BadRequestDataException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", headers, "uid"));
-                } else {
-                    throw new PKIException(e.getMessage(), e);
-                }
-
-            } catch (LDAPException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ADD_USER_FAIL", e.toString()));
-                throw LDAPExceptionConverter.toPKIException(e);
-
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE, e.toString());
-                throw new PKIException(e.getMessage(), e);
-            }
-
-        } catch (PKIException e) {
-            auditAddUser(userID, userData, ILogger.FAILURE);
-            throw e;
-
-        } catch (EBaseException e) {
-            auditAddUser(userID, userData, ILogger.FAILURE);
-            throw new PKIException(e.getMessage());
-        }
-    }
-
-    /**
-     * Modifies an existing user in local scope.
-     * <P>
-     *
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#user-admin
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
-     * users/groups)
-     * </ul>
-     */
-    @Override
-    public Response modifyUser(String userID, UserData userData) {
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            if (userID == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID", headers));
-            }
-
-            IUser user = userGroupManager.createUser(userID);
-
-            String fullName = userData.getFullName();
-            if (fullName != null) {
-                user.setFullName(fullName);
-            }
-
-            String email = userData.getEmail();
-            if (email != null) {
-                user.setEmail(email);
-            }
-
-            String pword = userData.getPassword();
-            if (pword != null && !pword.equals("")) {
-                IPasswordCheck passwdCheck = CMS.getPasswordChecker();
-
-                if (!passwdCheck.isGoodPassword(pword)) {
-                    throw new EUsrGrpException(passwdCheck.getReason(pword));
-                }
-
-                user.setPassword(pword);
-            }
-
-            String phone = userData.getPhone();
-            if (phone != null) {
-                user.setPhone(phone);
-            }
-
-            String state = userData.getState();
-            if (state != null) {
-                user.setState(state);
-            }
-
-            String tpsProfiles = userData.getAttribute(ATTR_TPS_PROFILES);
-            String csType = cs.getString("cs.type");
-            if (tpsProfiles != null) {
-                if (!csType.equals("TPS")) {
-                    throw new BadRequestDataException("Cannot set tpsProfiles on a non-TPS subsystem");
-                }
-                String[] profiles = tpsProfiles.split(",");
-                user.setTpsProfiles(Arrays.asList(profiles));
-            }
-
-            try {
-                userGroupManager.modifyUser(user);
-
-                auditModifyUser(userID, userData, ILogger.SUCCESS);
-
-                // read the data back
-                userData = getUser(userID);
-
-                return Response
-                        .ok(userData)
-                        .type(MediaType.APPLICATION_XML)
-                        .build();
-
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE, e.toString());
-                throw new PKIException(getUserMessage("CMS_USRGRP_USER_MOD_FAILED", headers));
-            }
-
-        } catch (PKIException e) {
-            auditModifyUser(userID, userData, ILogger.FAILURE);
-            throw e;
-
-        } catch (EBaseException e) {
-            auditModifyUser(userID, userData, ILogger.FAILURE);
-            throw new PKIException(e.getMessage());
-        }
-    }
-
-    /**
-     * removes a user. user not removed if belongs to any group
-     * (Administrators should remove the user from "uniquemember" of
-     * any group he/she belongs to before trying to remove the user
-     * itself.
-     * <P>
-     *
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#user-admin
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
-     * users/groups)
-     * </ul>
-     */
-    @Override
-    public void removeUser(String userID) {
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            if (userID == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID", headers));
-            }
-
-            // get list of groups, and see if uid belongs to any
-            Enumeration<IGroup> groups;
-
-            try {
-                groups = userGroupManager.findGroups("*");
-
-            } catch (Exception e) {
-                throw new PKIException(getUserMessage("CMS_INTERNAL_ERROR", headers));
-            }
-
-            try {
-                while (groups.hasMoreElements()) {
-                    IGroup group = groups.nextElement();
-                    if (!group.isMember(userID)) continue;
-
-                    userGroupManager.removeUserFromGroup(group, userID);
-                }
-
-                // comes out clean of group membership...now remove user
-                userGroupManager.removeUser(userID);
-
-                auditDeleteUser(userID, ILogger.SUCCESS);
-
-            } catch (Exception e) {
-                throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_FAIL_USER_RMV", headers));
-            }
-
-        } catch (PKIException e) {
-            auditDeleteUser(userID, ILogger.FAILURE);
-            throw e;
-        }
-    }
-
-    public UserCertData createUserCertData(String userID, X509Certificate cert) throws Exception {
-
-        UserCertData userCertData = new UserCertData();
-
-        userCertData.setVersion(cert.getVersion());
-        userCertData.setSerialNumber(new CertId(cert.getSerialNumber()));
-        userCertData.setIssuerDN(cert.getIssuerDN().toString());
-        userCertData.setSubjectDN(cert.getSubjectDN().toString());
-
-        userID = URLEncoder.encode(userID, "UTF-8");
-        String certID = URLEncoder.encode(userCertData.getID(), "UTF-8");
-        URI uri = uriInfo.getBaseUriBuilder()
-                .path(UserResource.class)
-                .path("{userID}/certs/{certID}")
-                .build(userID, certID);
-        userCertData.setLink(new Link("self", uri));
-
-        return userCertData;
-    }
-
-    /**
-     * List user certificate(s)
-     *
-     * Request/Response Syntax:
-     * http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#user-admin
-     */
-    @Override
-    public UserCertCollection findUserCerts(String userID, Integer start, Integer size) {
-        try {
-            start = start == null ? 0 : start;
-            size = size == null ? DEFAULT_SIZE : size;
-
-            if (userID == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID", headers));
-            }
-
-            IUser user = null;
-
-            try {
-                user = userGroupManager.getUser(userID);
-            } catch (Exception e) {
-                throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST", headers));
-            }
-
-            if (user == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
-                throw new UserNotFoundException(userID);
-            }
-
-            UserCertCollection response = new UserCertCollection();
-
-            X509Certificate[] certs = user.getX509Certificates();
-            if (certs != null) {
-                for (int i=start; i<start+size && i<certs.length; i++) {
-                    X509Certificate cert = certs[i];
-                    response.addCert(createUserCertData(userID, cert));
-                }
-
-                if (start > 0) {
-                    URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", Math.max(start-size, 0)).build();
-                    response.addLink(new Link("prev", uri));
-                }
-
-                if (start+size < certs.length) {
-                    URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", start+size).build();
-                    response.addLink(new Link("next", uri));
-                }
-            }
-
-            return response;
-
-        } catch (PKIException e) {
-            throw e;
-
-        } catch (Exception e) {
-            throw new PKIException(e.getMessage());
-        }
-    }
-
-    @Override
-    public UserCertData getUserCert(String userID, String certID) {
-        try {
-            if (userID == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-
-                throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID", headers));
-            }
-
-            IUser user = null;
-
-            try {
-                user = userGroupManager.getUser(userID);
-            } catch (Exception e) {
-                throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST", headers));
-            }
-
-            if (user == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
-                throw new UserNotFoundException(userID);
-            }
-
-            X509Certificate[] certs = user.getX509Certificates();
-
-            if (certs == null) {
-                throw new ResourceNotFoundException("No certificates found for " + userID);
-            }
-
-            try {
-                certID = URLDecoder.decode(certID, "UTF-8");
-            } catch (Exception e) {
-                throw new PKIException(e.getMessage());
-            }
-
-            for (X509Certificate cert : certs) {
-
-                UserCertData userCertData = createUserCertData(userID, cert);
-
-                if (!userCertData.getID().equals(certID)) continue;
-
-                ICertPrettyPrint print = CMS.getCertPrettyPrint(cert);
-                userCertData.setPrettyPrint(print.toString(getLocale(headers)));
-
-                // add base64 encoding
-                String base64 = CMS.getEncodedCert(cert);
-                userCertData.setEncoded(base64);
-
-                return userCertData;
-            }
-
-            throw new ResourceNotFoundException("No certificates found for " + userID);
-
-        } catch (PKIException e) {
-            throw e;
-
-        } catch (Exception e) {
-            throw new PKIException(e.getMessage());
-        }
-    }
-
-    /**
-     * Adds a certificate to a user
-     * <P>
-     *
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#user-admin
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
-     * users/groups)
-     * </ul>
-     */
-    @Override
-    public Response addUserCert(String userID, UserCertData userCertData) {
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            if (userID == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID", headers));
-            }
-
-            IUser user = userGroupManager.createUser(userID);
-
-            String encoded = userCertData.getEncoded();
-            encoded = Cert.normalizeCertStrAndReq(encoded);
-            encoded = Cert.stripBrackets(encoded);
-
-            // no cert is a success
-            if (encoded == null) {
-                auditAddUserCert(userID, userCertData, ILogger.SUCCESS);
-                return Response.ok().build();
-            }
-
-            // only one cert added per operation
-            X509Certificate cert = null;
-
-            // Base64 decode cert
-            byte binaryCert[] = Utils.base64decode(encoded);
-
-            try {
-                cert = new X509CertImpl(binaryCert);
-
-            } catch (CertificateException e) {
-                // ignore
-            }
-
-            if (cert == null) {
-                // cert chain direction
-                boolean assending = true;
-
-                // could it be a pkcs7 blob?
-                CMS.debug("UserCertResourceService: " + CMS.getLogMessage("ADMIN_SRVLT_IS_PK_BLOB"));
-
-                try {
-                    CryptoManager manager = CryptoManager.getInstance();
-
-                    PKCS7 pkcs7 = new PKCS7(binaryCert);
-
-                    X509Certificate p7certs[] = pkcs7.getCertificates();
-
-                    if (p7certs.length == 0) {
-                        throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR", headers));
-                    }
-
-                    // fix for 370099 - cert ordering can not be assumed
-                    // find out the ordering ...
-
-                    // self-signed and alone? take it. otherwise test
-                    // the ordering
-                    if (p7certs[0].getSubjectDN().toString().equals(
-                            p7certs[0].getIssuerDN().toString()) &&
-                            (p7certs.length == 1)) {
-                        cert = p7certs[0];
-                        CMS.debug("UserCertResourceService: " + CMS.getLogMessage("ADMIN_SRVLT_SINGLE_CERT_IMPORT"));
-
-                    } else if (p7certs[0].getIssuerDN().toString().equals(p7certs[1].getSubjectDN().toString())) {
-                        cert = p7certs[0];
-                        CMS.debug("UserCertResourceService: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_CHAIN_ACEND_ORD"));
-
-                    } else if (p7certs[1].getIssuerDN().toString().equals(p7certs[0].getSubjectDN().toString())) {
-                        assending = false;
-                        CMS.debug("UserCertResourceService: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_CHAIN_DESC_ORD"));
-                        cert = p7certs[p7certs.length - 1];
-
-                    } else {
-                        // not a chain, or in random order
-                        CMS.debug("UserCertResourceService: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_BAD_CHAIN"));
-                        throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR", headers));
-                    }
-
-                    CMS.debug("UserCertResourceService: "
-                            + CMS.getLogMessage("ADMIN_SRVLT_CHAIN_STORED_DB", String.valueOf(p7certs.length)));
-
-                    int j = 0;
-                    int jBegin = 0;
-                    int jEnd = 0;
-
-                    if (assending == true) {
-                        jBegin = 1;
-                        jEnd = p7certs.length;
-                    } else {
-                        jBegin = 0;
-                        jEnd = p7certs.length - 1;
-                    }
-
-                    // store the chain into cert db, except for the user cert
-                    for (j = jBegin; j < jEnd; j++) {
-                        CMS.debug("UserCertResourceService: "
-                                + CMS.getLogMessage("ADMIN_SRVLT_CERT_IN_CHAIN", String.valueOf(j),
-                                        String.valueOf(p7certs[j].getSubjectDN())));
-                        org.mozilla.jss.crypto.X509Certificate leafCert =
-                                manager.importCACertPackage(p7certs[j].getEncoded());
-
-                        if (leafCert == null) {
-                            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NULL"));
-                        } else {
-                            CMS.debug("UserCertResourceService: " + CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NON_NULL"));
-                        }
-
-                        if (leafCert instanceof InternalCertificate) {
-                            ((InternalCertificate) leafCert).setSSLTrust(
-                                    InternalCertificate.VALID_CA |
-                                            InternalCertificate.TRUSTED_CA |
-                                            InternalCertificate.TRUSTED_CLIENT_CA);
-                        } else {
-                            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NOT_INTERNAL_CERT",
-                                    String.valueOf(p7certs[j].getSubjectDN())));
-                        }
-                    }
-
-                    /*
-                    } catch (CryptoManager.UserCertConflictException e) {
-                        // got a "user cert" in the chain, most likely the CA
-                        // cert of this instance, which has a private key.  Ignore
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", e.toString()));
-                    */
-                } catch (PKIException e) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", e.toString()));
-                    throw e;
-                } catch (Exception e) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", e.toString()));
-                    throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR", headers));
-                }
-            }
-
-            try {
-                CMS.debug("UserCertResourceService: " + CMS.getLogMessage("ADMIN_SRVLT_BEFORE_VALIDITY"));
-                cert.checkValidity(); // throw exception if fails
-
-                user.setX509Certificates(new X509Certificate[] { cert });
-                userGroupManager.addUserCert(user);
-
-                auditAddUserCert(userID, userCertData, ILogger.SUCCESS);
-
-                // read the data back
-
-                userCertData.setVersion(cert.getVersion());
-                userCertData.setSerialNumber(new CertId(cert.getSerialNumber()));
-                userCertData.setIssuerDN(cert.getIssuerDN().toString());
-                userCertData.setSubjectDN(cert.getSubjectDN().toString());
-                String certID = userCertData.getID();
-
-                userCertData = getUserCert(userID, URLEncoder.encode(certID, "UTF-8"));
-
-                return Response
-                        .created(userCertData.getLink().getHref())
-                        .entity(userCertData)
-                        .type(MediaType.APPLICATION_XML)
-                        .build();
-
-            } catch (CertificateExpiredException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ADD_CERT_EXPIRED",
-                        String.valueOf(cert.getSubjectDN())));
-                throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_EXPIRED", headers));
-
-            } catch (CertificateNotYetValidException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID",
-                        String.valueOf(cert.getSubjectDN())));
-                throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID", headers));
-
-            } catch (LDAPException e) {
-                if (e.getLDAPResultCode() == LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
-                    throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_CERT_EXISTS", headers));
-                } else {
-                    throw new PKIException(getUserMessage("CMS_USRGRP_USER_MOD_FAILED", headers));
-                }
-            }
-
-        } catch (PKIException e) {
-            auditAddUserCert(userID, userCertData, ILogger.FAILURE);
-            throw e;
-
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE, e.toString());
-            auditAddUserCert(userID, userCertData, ILogger.FAILURE);
-            throw new PKIException(getUserMessage("CMS_USRGRP_USER_MOD_FAILED", headers));
-        }
-    }
-
-    /**
-     * Removes a certificate for a user
-     * <P>
-     *
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#user-admin
-     * <P>
-     *
-     * In this method, "certDN" is actually a combination of version, serialNumber, issuerDN, and SubjectDN.
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
-     * users/groups)
-     * </ul>
-     */
-    @Override
-    public void removeUserCert(String userID, String certID) {
-
-        try {
-            certID = URLDecoder.decode(certID, "UTF-8");
-        } catch (Exception e) {
-            throw new PKIException(e.getMessage());
-        }
-
-        UserCertData userCertData = new UserCertData();
-        userCertData.setID(certID);
-        removeUserCert(userID, userCertData);
-    }
-
-    public void removeUserCert(String userID, UserCertData userCertData) {
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            if (userID == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID", headers));
-            }
-
-            IUser user = userGroupManager.createUser(userID);
-            String certID = userCertData.getID();
-
-            // no certDN is a success
-            if (certID == null) {
-                auditDeleteUserCert(userID, userCertData, ILogger.SUCCESS);
-                return;
-            }
-
-            user.setCertDN(certID);
-
-            userGroupManager.removeUserCert(user);
-
-            auditDeleteUserCert(userID, userCertData, ILogger.SUCCESS);
-
-        } catch (PKIException e) {
-            auditDeleteUserCert(userID, userCertData, ILogger.FAILURE);
-            throw e;
-
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE, e.toString());
-            auditDeleteUserCert(userID, userCertData, ILogger.FAILURE);
-            throw new PKIException(getUserMessage("CMS_USRGRP_USER_MOD_FAILED", headers));
-        }
-    }
-
-
-    public UserMembershipData createUserMembershipData(String userID, String groupID) throws UnsupportedEncodingException {
-
-        UserMembershipData userMembershipData = new UserMembershipData();
-        userMembershipData.setID(groupID);
-        userMembershipData.setUserID(userID);
-
-        URI uri = uriInfo.getBaseUriBuilder()
-                .path(UserResource.class)
-                .path("{userID}/memberships/{groupID}")
-                .build(
-                        URLEncoder.encode(userID, "UTF-8"),
-                        URLEncoder.encode(groupID, "UTF-8"));
-
-        userMembershipData.setLink(new Link("self", uri));
-
-        return userMembershipData;
-    }
-
-    @Override
-    public UserMembershipCollection findUserMemberships(String userID, Integer start, Integer size) {
-        try {
-            start = start == null ? 0 : start;
-            size = size == null ? DEFAULT_SIZE : size;
-
-            if (userID == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-                throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID", headers));
-            }
-
-            IUser user = userGroupManager.getUser(userID);
-
-            if (user == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
-                throw new UserNotFoundException(userID);
-            }
-
-            UserMembershipCollection response = new UserMembershipCollection();
-
-            Enumeration<IGroup> groups = userGroupManager.findGroupsByUser(user.getUserDN());
-
-            int i = 0;
-
-            // skip to the start of the page
-            for ( ; i<start && groups.hasMoreElements(); i++) groups.nextElement();
-
-            // return entries up to the page size
-            for ( ; i<start+size && groups.hasMoreElements(); i++) {
-                IGroup group = groups.nextElement();
-                response.addMembership(createUserMembershipData(userID, group.getName()));
-            }
-
-            // count the total entries
-            for ( ; groups.hasMoreElements(); i++) groups.nextElement();
-
-            if (start > 0) {
-                URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", Math.max(start-size, 0)).build();
-                response.addLink(new Link("prev", uri));
-            }
-
-            if (start+size < i) {
-                URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", start+size).build();
-                response.addLink(new Link("next", uri));
-            }
-
-            return response;
-
-        } catch (PKIException e) {
-            throw e;
-
-        } catch (Exception e) {
-            throw new PKIException(e.getMessage(), e);
-        }
-    }
-
-    @Override
-    public Response addUserMembership(String userID, String groupID) {
-        try {
-            GroupMemberData groupMemberData = new GroupMemberData();
-            groupMemberData.setID(userID);
-            groupMemberData.setGroupID(groupID);
-
-            GroupMemberProcessor processor = new GroupMemberProcessor(getLocale(headers));
-            processor.setUriInfo(uriInfo);
-            processor.addGroupMember(groupMemberData);
-
-            UserMembershipData userMembershipData = createUserMembershipData(userID, groupID);
-
-            return Response
-                    .created(userMembershipData.getLink().getHref())
-                    .entity(userMembershipData)
-                    .type(MediaType.APPLICATION_XML)
-                    .build();
-
-        } catch (PKIException e) {
-            throw e;
-
-        } catch (Exception e) {
-            throw new PKIException(e.getMessage(), e);
-        }
-    }
-
-    @Override
-    public void removeUserMembership(String userID, String groupID) {
-        try {
-            GroupMemberProcessor processor = new GroupMemberProcessor(getLocale(headers));
-            processor.setUriInfo(uriInfo);
-            processor.removeGroupMember(groupID, userID);
-
-        } catch (PKIException e) {
-            throw e;
-
-        } catch (Exception e) {
-            throw new PKIException(e.getMessage(), e);
-        }
-    }
-
-    public void log(int level, String message) {
-        log(ILogger.S_USRGRP, level, message);
-    }
-
-    public void auditAddUser(String id, UserData userData, String status) {
-        auditUser(OpDef.OP_ADD, id, getParams(userData), status);
-    }
-
-    public void auditModifyUser(String id, UserData userData, String status) {
-        auditUser(OpDef.OP_MODIFY, id, getParams(userData), status);
-    }
-
-    public void auditDeleteUser(String id, String status) {
-        auditUser(OpDef.OP_DELETE, id, null, status);
-    }
-
-    public void auditAddUserCert(String id, UserCertData userCertData, String status) {
-        auditUserCert(OpDef.OP_ADD, id, getParams(userCertData), status);
-    }
-
-    public void auditDeleteUserCert(String id, UserCertData userCertData, String status) {
-        auditUserCert(OpDef.OP_DELETE, id, getParams(userCertData), status);
-    }
-
-    public void auditUser(String type, String id, Map<String, String> params, String status) {
-        audit(IAuditor.LOGGING_SIGNED_AUDIT_CONFIG_ROLE, ScopeDef.SC_USERS, type, id, params, status);
-    }
-
-    public void auditUserCert(String type, String id, Map<String, String> params, String status) {
-        audit(IAuditor.LOGGING_SIGNED_AUDIT_CONFIG_ROLE, ScopeDef.SC_USER_CERTS, type, id, params, status);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java b/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
deleted file mode 100644
index 2cd337123..000000000
--- a/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
+++ /dev/null
@@ -1,2313 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.admin;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Certificate;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.ldap.LDAPException;
-import netscape.security.pkcs.PKCS7;
-import netscape.security.x509.X509CertImpl;
-
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.InternalCertificate;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authorization.IAuthzSubsystem;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.ICertPrettyPrint;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.common.Constants;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.common.OpDef;
-import com.netscape.certsrv.common.ScopeDef;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.password.IPasswordCheck;
-import com.netscape.certsrv.usrgrp.EUsrGrpException;
-import com.netscape.certsrv.usrgrp.IGroup;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cmsutil.util.Cert;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * A class representing an administration servlet for
- * User/Group Manager. It communicates with client
- * SDK to allow remote administration of User/Group
- * manager.
- *
- * This servlet will be registered to remote
- * administration subsystem by usrgrp manager.
- *
- * @version $Revision$, $Date$
- */
-public class UsrGrpAdminServlet extends AdminServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -4341817607402387714L;
-    private final static String INFO = "UsrGrpAdminServlet";
-    private final static String RES_CA_GROUP = "certServer.ca.group";
-    private final static String RES_RA_GROUP = "certServer.ra.group";
-    private final static String RES_KRA_GROUP = "certServer.kra.group";
-    private final static String RES_OCSP_GROUP = "certServer.ocsp.group";
-    private final static String RES_TKS_GROUP = "certServer.tks.group";
-    private final static String SYSTEM_USER = "$System$";
-    //	private final static String RES_GROUP = "root.common.goldfish";
-
-    private final static String BACK_SLASH = "\\";
-
-    private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
-            "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
-
-    private IUGSubsystem mMgr = null;
-
-    private static String[] mMultiRoleGroupEnforceList = null;
-    private final static String MULTI_ROLE_ENABLE = "multiroles.enable";
-    private final static String MULTI_ROLE_ENFORCE_GROUP_LIST = "multiroles.false.groupEnforceList";
-
-    /**
-     * Constructs User/Group manager servlet.
-     */
-    public UsrGrpAdminServlet() {
-        super();
-        mAuthz = (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ);
-    }
-
-    /**
-     * Initializes this servlet.
-     */
-    public void init(ServletConfig config) throws ServletException {
-        super.init(config);
-        mMgr = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Serves incoming User/Group management request.
-     */
-    public void service(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException {
-        super.service(req, resp);
-
-        String scope = super.getParameter(req, Constants.OP_SCOPE);
-        String op = super.getParameter(req, Constants.OP_TYPE);
-
-        if (op == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL"));
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                    null, resp);
-            return;
-        }
-
-        Locale clientLocale = super.getLocale(req);
-
-        try {
-            super.authenticate(req);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"));
-
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
-                    null, resp);
-            return;
-        }
-
-        // authorization
-        // temporary test before servlets are exposed with authtoken
-        /*
-         SessionContext sc = SessionContext.getContext();
-         AuthToken authToken = (AuthToken) sc.get(SessionContext.AUTH_TOKEN);
-
-         AuthzToken authzTok = null;
-         CMS.debug("UserGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_SUB"));
-         // hardcoded for now .. just testing
-         try {
-         authzTok = mAuthz.authorize("DirAclAuthz", authToken, RES_GROUP, "read");
-         } catch (EBaseException e) {
-         log(ILogger.LL_FAILURE,  CMS.getLogMessage("ADMIN_SRVLT_AUTH_CALL_FAIL",e.toString()));
-         }
-         if (AuthzToken.AUTHZ_STATUS_FAIL.equals(authzTok.get(AuthzToken.TOKEN_AUTHZ_STATUS))) {
-         // audit would have been needed here if this weren't just a test...
-
-         log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"));
-
-         sendResponse(ERROR,
-         MessageFormatter.getLocalizedString(
-         getLocale(req),
-         AdminResources.class.getName(),
-         AdminResources.SRVLT_FAIL_AUTHS),
-         null, resp);
-         return;
-         }
-         */
-
-        try {
-            ISubsystem subsystem = CMS.getSubsystem("ca");
-            if (subsystem != null)
-                AUTHZ_RES_NAME = RES_CA_GROUP;
-            subsystem = CMS.getSubsystem("ra");
-            if (subsystem != null)
-                AUTHZ_RES_NAME = RES_RA_GROUP;
-            subsystem = CMS.getSubsystem("kra");
-            if (subsystem != null)
-                AUTHZ_RES_NAME = RES_KRA_GROUP;
-            subsystem = CMS.getSubsystem("ocsp");
-            if (subsystem != null)
-                AUTHZ_RES_NAME = RES_OCSP_GROUP;
-            subsystem = CMS.getSubsystem("tks");
-            if (subsystem != null)
-                AUTHZ_RES_NAME = RES_TKS_GROUP;
-            if (scope != null) {
-                if (scope.equals(ScopeDef.SC_USER_TYPE)) {
-                    mOp = "read";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-
-                    getUserType(req, resp);
-                    return;
-                }
-
-                if (op.equals(OpDef.OP_READ)) {
-                    mOp = "read";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-                    if (scope.equals(ScopeDef.SC_GROUPS)) {
-                        findGroup(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_USERS)) {
-                        findUser(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_USER_CERTS)) {
-                        findUserCerts(req, resp, clientLocale);
-                        return;
-                    }
-                } else if (op.equals(OpDef.OP_MODIFY)) {
-                    mOp = "modify";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-                    if (scope.equals(ScopeDef.SC_GROUPS)) {
-                        modifyGroup(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_USERS)) {
-                        modifyUser(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_USER_CERTS)) {
-                        modifyUserCert(req, resp);
-                        return;
-                    }
-                } else if (op.equals(OpDef.OP_ADD)) {
-                    mOp = "modify";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-                    if (scope.equals(ScopeDef.SC_GROUPS)) {
-                        addGroup(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_USERS)) {
-                        addUser(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_USER_CERTS)) {
-                        addUserCert(req, resp);
-                        return;
-                    }
-                } else if (op.equals(OpDef.OP_DELETE)) {
-                    mOp = "modify";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-                    if (scope.equals(ScopeDef.SC_GROUPS)) {
-                        removeGroup(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_USERS)) {
-                        removeUser(req, resp);
-                        return;
-                    }
-                } else if (op.equals(OpDef.OP_SEARCH)) {
-                    mOp = "read";
-                    if ((mToken = super.authorize(req)) == null) {
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
-                        return;
-                    }
-                    if (scope.equals(ScopeDef.SC_GROUPS)) {
-                        findGroups(req, resp);
-                        return;
-                    } else if (scope.equals(ScopeDef.SC_USERS)) {
-                        findUsers(req, resp);
-                        return;
-                    } else {
-                        log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE"));
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                                null, resp);
-                        return;
-                    }
-                }
-            } // if
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, e.toString());
-            sendResponse(ERROR, e.toString(getLocale(req)),
-                    null, resp);
-            return;
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE, e.toString());
-            log(ILogger.LL_FAILURE, CMS.getLogMessage(" ADMIN_SRVLT_FAIL_PERFORM"));
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
-                    null, resp);
-            return;
-        }
-    }
-
-    private void getUserType(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        String id = super.getParameter(req, Constants.RS_ID);
-        IUser user = mMgr.getUser(id);
-        String val = user.getUserType();
-
-        if (val == null || val.equals(""))
-            val = "noType";
-        NameValuePairs params = new NameValuePairs();
-
-        params.put(Constants.PR_USER_TYPE, val);
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    /**
-     * Searches for users in LDAP directory. List uids only
-     *
-     * Request/Response Syntax:
-     * http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#user-admin
-     */
-    private synchronized void findUsers(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        NameValuePairs params = new NameValuePairs();
-
-        Enumeration<IUser> e = null;
-
-        try {
-            e = mMgr.listUsers("*");
-        } catch (Exception ex) {
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
-            return;
-        }
-
-        StringBuffer sb = new StringBuffer();
-        int i = 0;
-
-        while (e.hasMoreElements()) {
-            IUser user = e.nextElement();
-
-            if (i > 0) {
-                sb.append(";");
-                sb.append(user.getUserID());
-                sb.append(":");
-                sb.append(user.getFullName());
-            } else {
-                sb.append(user.getUserID());
-                sb.append(":");
-                sb.append(user.getFullName());
-            }
-            i++;
-        }
-        params.put("userInfo", sb.toString());
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    /**
-     * List user information. Certificates covered in a separate
-     * protocol for findUserCerts(). List of group memberships are
-     * also provided.
-     *
-     * Request/Response Syntax:
-     * http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#user-admin
-     */
-    private synchronized void findUser(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        //get id first
-        String id = super.getParameter(req, Constants.RS_ID);
-
-        if (id == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        NameValuePairs params = new NameValuePairs();
-
-        IUser user = null;
-
-        try {
-            user = mMgr.getUser(id);
-        } catch (Exception e) {
-            e.printStackTrace();
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
-            return;
-        }
-
-        if (user != null) {
-            params.put(Constants.PR_USER_FULLNAME, user.getFullName());
-            params.put(Constants.PR_USER_EMAIL, user.getEmail());
-            params.put(Constants.PR_USER_PHONE, user.getPhone());
-            params.put(Constants.PR_USER_STATE, user.getState());
-
-            // get list of groups, and get a list of those that this
-            //			uid belongs to
-            Enumeration<IGroup> e = null;
-
-            try {
-                e = mMgr.findGroups("*");
-            } catch (Exception ex) {
-                ex.printStackTrace();
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
-                return;
-            }
-
-            StringBuffer grpString = new StringBuffer();
-
-            while (e.hasMoreElements()) {
-                IGroup group = e.nextElement();
-
-                if (group.isMember(id) == true) {
-                    if (grpString.length() != 0) {
-                        grpString.append(",");
-                    }
-                    grpString.append(group.getGroupID());
-                }
-            }
-
-            params.put(Constants.PR_USER_GROUP, grpString.toString());
-
-            sendResponse(SUCCESS, null, params, resp);
-            return;
-        }
-
-        log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
-
-        sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
-        return;
-    }
-
-    /**
-     * List user certificate(s)
-     *
-     * Request/Response Syntax:
-     * http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#user-admin
-     */
-    private synchronized void findUserCerts(HttpServletRequest req,
-            HttpServletResponse resp, Locale clientLocale)
-            throws ServletException,
-            IOException, EBaseException {
-
-        //get id first
-        String id = super.getParameter(req, Constants.RS_ID);
-
-        if (id == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        NameValuePairs params = new NameValuePairs();
-
-        IUser user = null;
-
-        try {
-            user = mMgr.getUser(id);
-        } catch (Exception e) {
-            e.printStackTrace();
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
-            return;
-        }
-
-        if (user == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
-
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
-            return;
-        }
-
-        X509Certificate[] certs =
-                user.getX509Certificates();
-
-        if (certs != null) {
-            for (int i = 0; i < certs.length; i++) {
-                ICertPrettyPrint print = CMS.getCertPrettyPrint(certs[i]);
-
-                // add base64 encoding
-                String base64 = CMS.getEncodedCert(certs[i]);
-
-                // pretty print certs
-                params.put(getCertificateString(certs[i]),
-                        print.toString(clientLocale) + "\n" + base64);
-            }
-            sendResponse(SUCCESS, null, params, resp);
-            return;
-        }
-
-        sendResponse(SUCCESS, null, params, resp);
-        return;
-    }
-
-    /**
-     * Converts certificate into string format.
-     */
-    protected String getCertificateString(X509Certificate cert) {
-        if (cert == null) {
-            return null;
-        }
-
-        // note that it did not represent a certificate fully
-        return cert.getVersion() + ";" + cert.getSerialNumber().toString() +
-                ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN();
-    }
-
-    /**
-     * Searchess for groups in LDAP server
-     *
-     * Request/Response Syntax:
-     * http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#group
-     */
-    private synchronized void findGroups(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-
-        Enumeration<IGroup> e = null;
-
-        try {
-            e = mMgr.listGroups("*");
-        } catch (Exception ex) {
-            ex.printStackTrace();
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
-            return;
-        }
-
-        while (e.hasMoreElements()) {
-            IGroup group = e.nextElement();
-            String desc = group.getDescription();
-
-            if (desc != null) {
-                params.put(group.getGroupID(), desc);
-            } else {
-                params.put(group.getGroupID(), "");
-            }
-        }
-
-        sendResponse(SUCCESS, null, params, resp);
-    }
-
-    /**
-     * finds a group
-     * Request/Response Syntax:
-     * http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#user-admin
-     */
-    private synchronized void findGroup(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-        NameValuePairs params = new NameValuePairs();
-
-        //get id first
-        String id = super.getParameter(req, Constants.RS_ID);
-
-        if (id == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
-            return;
-        }
-
-        Enumeration<IGroup> e = null;
-
-        try {
-            e = mMgr.findGroups(id);
-        } catch (Exception ex) {
-            ex.printStackTrace();
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
-            return;
-        }
-
-        if (e.hasMoreElements()) {
-            IGroup group = e.nextElement();
-
-            params.put(Constants.PR_GROUP_GROUP, group.getGroupID());
-            params.put(Constants.PR_GROUP_DESC,
-                    group.getDescription());
-
-            Enumeration<String> members = group.getMemberNames();
-            StringBuffer membersString = new StringBuffer();
-
-            if (members != null) {
-                while (members.hasMoreElements()) {
-                    if (membersString.length() != 0) {
-                        membersString.append(", ");
-                    }
-
-                    String mn = members.nextElement();
-
-                    membersString.append(mn);
-                }
-            }
-
-            params.put(Constants.PR_GROUP_USER, membersString.toString());
-
-            sendResponse(SUCCESS, null, params, resp);
-            return;
-        } else {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
-
-            sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"), null, resp);
-            return;
-
-        }
-    }
-
-    /**
-     * Adds a new user to LDAP server
-     * <P>
-     *
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#user-admin
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
-     * users/groups)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private synchronized void addUser(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String id = super.getParameter(req, Constants.RS_ID);
-
-            if (id == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-
-            if (id.indexOf(BACK_SLASH) != -1) {
-                // backslashes (BS) are not allowed
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_RS_ID_BS"));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_RS_ID_BS"),
-                        null, resp);
-                return;
-            }
-
-            if (id.equals(SYSTEM_USER)) {
-                // backslashes (BS) are not allowed
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_SPECIAL_ID", id));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_SPECIAL_ID", id),
-                        null, resp);
-                return;
-            }
-
-            IUser user = mMgr.createUser(id);
-            String fname = super.getParameter(req, Constants.PR_USER_FULLNAME);
-
-            if ((fname == null) || (fname.length() == 0)) {
-                String msg = CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED_1", "full name");
-
-                log(ILogger.LL_FAILURE, msg);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, msg, null, resp);
-                return;
-            } else
-                user.setFullName(fname);
-
-            String email = super.getParameter(req, Constants.PR_USER_EMAIL);
-
-            if (email != null) {
-                user.setEmail(email);
-            } else {
-                user.setEmail("");
-            }
-            String pword = super.getParameter(req, Constants.PR_USER_PASSWORD);
-
-            if (pword != null && !pword.equals("")) {
-                IPasswordCheck passwdCheck = CMS.getPasswordChecker();
-
-                if (!passwdCheck.isGoodPassword(pword)) {
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-
-                    throw new EUsrGrpException(passwdCheck.getReason(pword));
-
-                    //UsrGrpResources.BAD_PASSWD);
-                }
-
-                user.setPassword(pword);
-            } else {
-                user.setPassword("");
-            }
-            String phone = super.getParameter(req, Constants.PR_USER_PHONE);
-
-            if (phone != null) {
-                user.setPhone(phone);
-            } else {
-                user.setPhone("");
-            }
-            String userType = super.getParameter(req, Constants.PR_USER_TYPE);
-
-            if (userType != null) {
-                user.setUserType(userType);
-            } else {
-                user.setUserType("");
-            }
-            String userState = super.getParameter(req, Constants.PR_USER_STATE);
-
-            if (userState != null) {
-                user.setState(userState);
-            }
-
-            try {
-                mMgr.addUser(user);
-
-                // if group is specified, add user to group
-                String groupName = super.getParameter(req,
-                        Constants.PR_USER_GROUP);
-
-                if (groupName != null) {
-                    Enumeration<IGroup> e = null;
-
-                    try {
-                        e = mMgr.findGroups(groupName);
-                    } catch (Exception ex) {
-                        ex.printStackTrace();
-
-                        // store a message in the signed audit log file
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditParams(req));
-
-                        audit(auditMessage);
-
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
-                        return;
-                    }
-
-                    if (e.hasMoreElements()) {
-                        IGroup group = e.nextElement();
-
-                        group.addMemberName(id);
-                        try {
-                            mMgr.modifyGroup(group);
-                        } catch (Exception ex) {
-                            log(ILogger.LL_FAILURE, ex.toString());
-
-                            // store a message in the signed audit log file
-                            auditMessage = CMS.getLogMessage(
-                                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                                        auditSubjectID,
-                                        ILogger.FAILURE,
-                                        auditParams(req));
-
-                            audit(auditMessage);
-
-                            sendResponse(ERROR,
-                                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
-                            return;
-                        }
-                    }
-                    // for audit log
-                    SessionContext sContext = SessionContext.getContext();
-                    String adminId = (String) sContext.get(SessionContext.USER_ID);
-
-                    mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-                            AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
-                            new Object[] { adminId, id, groupName }
-                            );
-                }
-
-                NameValuePairs params = new NameValuePairs();
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(SUCCESS, null, params, resp);
-                return;
-            } catch (EUsrGrpException e) {
-                log(ILogger.LL_FAILURE, e.toString());
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                if (user.getUserID() == null) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED_1", "uid"), null, resp);
-                } else {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
-                }
-                return;
-            } catch (LDAPException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ADD_USER_FAIL", e.toString()));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
-                return;
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE, e.toString());
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
-                return;
-            }
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    /**
-     * Adds a certificate to a user
-     * <P>
-     *
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#user-admin
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
-     * users/groups)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private synchronized void addUserCert(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String id = super.getParameter(req, Constants.RS_ID);
-
-            if (id == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-
-            IUser user = mMgr.createUser(id);
-            String certS = super.getParameter(req, Constants.PR_USER_CERT);
-            String certsString = Cert.stripBrackets(certS);
-
-            // no cert is a success
-            if (certsString == null) {
-                NameValuePairs params = new NameValuePairs();
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(SUCCESS, null, params, resp);
-                return;
-            }
-
-            // only one cert added per operation
-            X509Certificate certs[] = null;
-
-            // Base64 decode cert
-
-            try {
-                byte bCert[] = Utils.base64decode(certsString);
-                X509Certificate cert = new X509CertImpl(bCert);
-
-                certs = new X509Certificate[1];
-                certs[0] = cert;
-            } catch (CertificateException e) {
-                // cert chain direction
-                boolean assending = true;
-
-                // could it be a pkcs7 blob?
-                CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_IS_PK_BLOB"));
-                byte p7Cert[] = Utils.base64decode(certsString);
-
-                try {
-                    CryptoManager manager = CryptoManager.getInstance();
-
-                    PKCS7 pkcs7 = new PKCS7(p7Cert);
-
-                    X509Certificate p7certs[] = pkcs7.getCertificates();
-
-                    if (p7certs.length == 0) {
-                        // store a message in the signed audit log file
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditParams(req));
-
-                        audit(auditMessage);
-
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
-                        return;
-                    }
-                    // fix for 370099 - cert ordering can not be assumed
-                    // find out the ordering ...
-                    certs = new X509Certificate[p7Cert.length];
-
-                    // self-signed and alone? take it. otherwise test
-                    // the ordering
-                    if (p7certs[0].getSubjectDN().toString().equals(
-                            p7certs[0].getIssuerDN().toString()) &&
-                            (p7certs.length == 1)) {
-                        certs[0] = p7certs[0];
-                        CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_SINGLE_CERT_IMPORT"));
-                    } else if (p7certs[0].getIssuerDN().toString().equals(p7certs[1].getSubjectDN().toString())) {
-                        certs[0] = p7certs[0];
-                        CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_CHAIN_ACEND_ORD"));
-                    } else if (p7certs[1].getIssuerDN().toString().equals(p7certs[0].getSubjectDN().toString())) {
-                        assending = false;
-                        CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_CHAIN_DESC_ORD"));
-                        certs[0] = p7certs[p7certs.length - 1];
-                    } else {
-                        // not a chain, or in random order
-                        CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_BAD_CHAIN"));
-
-                        // store a message in the signed audit log file
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditParams(req));
-
-                        audit(auditMessage);
-
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
-                        return;
-                    }
-
-                    CMS.debug("UsrGrpAdminServlet: "
-                            + CMS.getLogMessage("ADMIN_SRVLT_CHAIN_STORED_DB", String.valueOf(p7certs.length)));
-
-                    int j = 0;
-                    int jBegin = 0;
-                    int jEnd = 0;
-
-                    if (assending == true) {
-                        jBegin = 1;
-                        jEnd = p7certs.length;
-                    } else {
-                        jBegin = 0;
-                        jEnd = p7certs.length - 1;
-                    }
-                    // store the chain into cert db, except for the user cert
-                    for (j = jBegin; j < jEnd; j++) {
-                        CMS.debug("UsrGrpAdminServlet: "
-                                + CMS.getLogMessage("ADMIN_SRVLT_CERT_IN_CHAIN", String.valueOf(j),
-                                        String.valueOf(p7certs[j].getSubjectDN())));
-                        org.mozilla.jss.crypto.X509Certificate leafCert =
-                                null;
-
-                        leafCert =
-                                manager.importCACertPackage(p7certs[j].getEncoded());
-
-                        if (leafCert == null) {
-                            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NULL"));
-                        } else {
-                            CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NON_NULL"));
-                        }
-
-                        if (leafCert instanceof InternalCertificate) {
-                            ((InternalCertificate) leafCert).setSSLTrust(
-                                    InternalCertificate.VALID_CA |
-                                            InternalCertificate.TRUSTED_CA |
-                                            InternalCertificate.TRUSTED_CLIENT_CA);
-                        } else {
-                            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NOT_INTERNAL_CERT",
-                                    String.valueOf(p7certs[j].getSubjectDN())));
-                        }
-                    }
-
-                    /*
-                     } catch (CryptoManager.UserCertConflictException ex) {
-                     // got a "user cert" in the chain, most likely the CA
-                    // cert of this instance, which has a private key.  Ignore
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", ex.toString()));
-                    */
-                } catch (Exception ex) {
-                    //-----
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", ex.toString()));
-
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
-                    return;
-                }
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_O_ERROR", e.toString()));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_O_ERROR"), null, resp);
-                return;
-            }
-
-            try {
-                CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_BEFORE_VALIDITY"));
-                certs[0].checkValidity(); // throw exception if fails
-
-                user.setX509Certificates(certs);
-                mMgr.addUserCert(user);
-                NameValuePairs params = new NameValuePairs();
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(SUCCESS, null, params, resp);
-                return;
-
-            } catch (CertificateExpiredException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ADD_CERT_EXPIRED",
-                        String.valueOf(certs[0].getSubjectDN())));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_EXPIRED"), null, resp);
-                return;
-            } catch (CertificateNotYetValidException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID",
-                        String.valueOf(certs[0].getSubjectDN())));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"), null, resp);
-                return;
-
-            } catch (LDAPException e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                if (e.getLDAPResultCode() == LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp);
-                } else {
-                    sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
-                }
-                return;
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE, e.toString());
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
-                return;
-            }
-            // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    /**
-     * Removes a certificate for a user
-     * <P>
-     *
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#user-admin
-     * <P>
-     *
-     * In this method, "certDN" is actually a combination of version, serialNumber, issuerDN, and SubjectDN.
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
-     * users/groups)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private synchronized void modifyUserCert(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String id = super.getParameter(req, Constants.RS_ID);
-
-            if (id == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-
-            IUser user = mMgr.createUser(id);
-            String certDN = super.getParameter(req, Constants.PR_USER_CERT);
-
-            // no certDN is a success
-            if (certDN == null) {
-                NameValuePairs params = new NameValuePairs();
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(SUCCESS, null, params, resp);
-                return;
-            }
-
-            user.setCertDN(certDN);
-            try {
-                mMgr.removeUserCert(user);
-                NameValuePairs params = new NameValuePairs();
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(SUCCESS, null, params, resp);
-                return;
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE, e.toString());
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
-                return;
-            }
-            // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    /**
-     * removes a user. user not removed if belongs to any group
-     * (Administrators should remove the user from "uniquemember" of
-     * any group he/she belongs to before trying to remove the user
-     * itself.
-     * <P>
-     *
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#user-admin
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
-     * users/groups)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private synchronized void removeUser(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            //get id first
-            String id = super.getParameter(req, Constants.RS_ID);
-            boolean mustDelete = false;
-            int index = 0;
-
-            if ((index = id.lastIndexOf(":true")) != -1) {
-                id = id.substring(0, index);
-                mustDelete = true;
-            }
-
-            if (id == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-            // get list of groups, and see if uid belongs to any
-            Enumeration<IGroup> e = null;
-
-            try {
-                e = mMgr.findGroups("*");
-            } catch (Exception ex) {
-                ex.printStackTrace();
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
-                return;
-            }
-
-            while (e.hasMoreElements()) {
-                IGroup group = e.nextElement();
-
-                if (group.isMember(id) == true) {
-                    if (mustDelete) {
-                        mMgr.removeUserFromGroup(group, id);
-                    } else {
-                        // store a message in the signed audit log file
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditParams(req));
-
-                        audit(auditMessage);
-
-                        sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV_G"),
-                                null, resp);
-                        return;
-                    }
-                }
-            }
-
-            // comes out clean of group membership...now remove user
-            try {
-                mMgr.removeUser(id);
-                NameValuePairs params = new NameValuePairs();
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(SUCCESS, null, params, resp);
-                return;
-            } catch (Exception ex) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV"), null, resp);
-                return;
-            }
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    /**
-     * Adds a new group in local scope.
-     * <P>
-     *
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#group
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
-     * users/groups)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private synchronized void addGroup(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            //get id first
-            String id = super.getParameter(req, Constants.RS_ID);
-
-            if (id == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-
-            IGroup group = mMgr.createGroup(id);
-            String members = super.getParameter(req,
-                    Constants.PR_GROUP_USER);
-            String desc = super.getParameter(req,
-                    Constants.PR_GROUP_DESC);
-
-            if (desc != null) {
-                group.set("description", desc);
-            } else {
-                group.set("description", "");
-            }
-
-            if (members != null) {
-                StringTokenizer st = new StringTokenizer(members, ",");
-
-                while (st.hasMoreTokens()) {
-                    group.addMemberName(st.nextToken());
-                }
-            }
-
-            // allow adding a group with no members
-            try {
-                mMgr.addGroup(group);
-                NameValuePairs params = new NameValuePairs();
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(SUCCESS, null, params, resp);
-                return;
-            } catch (Exception e) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_ADD_FAILED"),
-                        null, resp);
-                return;
-            }
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    /**
-     * removes a group
-     * <P>
-     *
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#group
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
-     * users/groups)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private synchronized void removeGroup(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            //get id first
-            String id = super.getParameter(req, Constants.RS_ID);
-
-            if (id == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-
-            // if fails, let the exception fall through
-            mMgr.removeGroup(id);
-            NameValuePairs params = new NameValuePairs();
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            sendResponse(SUCCESS, null, params, resp);
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    /**
-     * modifies a group
-     * <P>
-     *
-     * last person of the super power group "Certificate Server Administrators" can never be removed.
-     * <P>
-     *
-     * http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#group
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
-     * users/groups)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private synchronized void modifyGroup(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            //get id first
-            String id = super.getParameter(req, Constants.RS_ID);
-
-            if (id == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-
-            IGroup group = mMgr.createGroup(id);
-
-            String desc = super.getParameter(req,
-                    Constants.PR_GROUP_DESC);
-
-            if (desc != null) {
-                group.set("description", desc);
-            }
-
-            String members = super.getParameter(req, Constants.PR_GROUP_USER);
-
-            if (members != null) {
-                StringTokenizer st = new StringTokenizer(members, ",");
-
-                String groupName = group.getName();
-                boolean multiRole = true;
-
-                try {
-                    multiRole = mConfig.getBoolean(MULTI_ROLE_ENABLE);
-                } catch (Exception eee) {
-                }
-                while (st.hasMoreTokens()) {
-                    String memberName = st.nextToken();
-                    if (multiRole) {
-                        group.addMemberName(memberName);
-                    } else {
-                        if (isGroupInMultiRoleEnforceList(groupName)) {
-                            if (!isDuplicate(groupName, memberName)) {
-                                group.addMemberName(memberName);
-                            } else {
-                                // store a message in the signed audit log file
-                                auditMessage = CMS.getLogMessage(
-                                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                                            auditSubjectID,
-                                            ILogger.FAILURE,
-                                            auditParams(req));
-
-                                audit(auditMessage);
-
-                                throw new EBaseException(CMS.getUserMessage("CMS_BASE_DUPLICATE_ROLES", memberName));
-                            }
-                        } else {
-                            group.addMemberName(memberName);
-                        }
-                    }
-                }
-            }
-
-            // allow adding a group with no members, except "Certificate
-            // Server Administrators"
-            try {
-                mMgr.modifyGroup(group);
-                NameValuePairs params = new NameValuePairs();
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(SUCCESS, null, params, resp);
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE, e.toString());
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_MODIFY_FAILED"),
-                        null, resp);
-                return;
-            }
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    private boolean isGroupInMultiRoleEnforceList(String groupName) {
-        String groupList = null;
-
-        if (groupName == null || groupName.equals("")) {
-            return true;
-        }
-        if (mMultiRoleGroupEnforceList == null) {
-            try {
-                groupList = mConfig.getString(MULTI_ROLE_ENFORCE_GROUP_LIST);
-            } catch (Exception e) {
-            }
-
-            if (groupList != null && !groupList.equals("")) {
-                mMultiRoleGroupEnforceList = groupList.split(",");
-                for (int j = 0; j < mMultiRoleGroupEnforceList.length; j++) {
-                    mMultiRoleGroupEnforceList[j] = mMultiRoleGroupEnforceList[j].trim();
-                }
-            }
-        }
-
-        if (mMultiRoleGroupEnforceList == null)
-            return true;
-
-        for (int i = 0; i < mMultiRoleGroupEnforceList.length; i++) {
-            if (groupName.equals(mMultiRoleGroupEnforceList[i])) {
-                return true;
-            }
-        }
-        return false;
-    }
-
-    private boolean isDuplicate(String groupName, String memberName) {
-        Enumeration<IGroup> groups = null;
-
-        // Let's not mess with users that are already a member of this group
-        boolean isMember = false;
-        try {
-            isMember = mMgr.isMemberOf(memberName, groupName);
-        } catch (Exception e) {
-        }
-
-        if (isMember == true) {
-            return false;
-        }
-        try {
-            groups = mMgr.listGroups("*");
-            while (groups.hasMoreElements()) {
-                IGroup group = groups.nextElement();
-                String name = group.getName();
-                Enumeration<IGroup> g = mMgr.findGroups(name);
-                IGroup g1 = g.nextElement();
-                if (!name.equals(groupName)) {
-                    if (isGroupInMultiRoleEnforceList(name)) {
-                        Enumeration<String> members = g1.getMemberNames();
-                        while (members.hasMoreElements()) {
-                            String m1 = members.nextElement();
-                            if (m1.equals(memberName))
-                                return true;
-                        }
-                    }
-                }
-            }
-        } catch (Exception e) {
-        }
-
-        return false;
-    }
-
-    /**
-     * Modifies an existing user in local scope.
-     * <P>
-     *
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
-     * ui/admin-protocol-definition.html#user-admin
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
-     * users/groups)
-     * </ul>
-     *
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @exception ServletException a servlet error has occurred
-     * @exception IOException an input/output error has occurred
-     * @exception EBaseException an error has occurred
-     */
-    private synchronized void modifyUser(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException {
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            //get id first
-            String id = super.getParameter(req, Constants.RS_ID);
-
-            if (id == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                        null, resp);
-                return;
-            }
-
-            IUser user = mMgr.createUser(id);
-            String fname = super.getParameter(req, Constants.PR_USER_FULLNAME);
-
-            if ((fname == null) || (fname.length() == 0)) {
-                String msg =
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED", "full name");
-
-                log(ILogger.LL_FAILURE, msg);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR, msg, null, resp);
-                return;
-            } else
-                user.setFullName(fname);
-
-            String email = super.getParameter(req, Constants.PR_USER_EMAIL);
-
-            if (email != null) {
-                user.setEmail(email);
-            }
-            String pword = super.getParameter(req, Constants.PR_USER_PASSWORD);
-
-            if ((pword != null) && (!pword.equals(""))) {
-                IPasswordCheck passwdCheck = CMS.getPasswordChecker();
-
-                if (!passwdCheck.isGoodPassword(pword)) {
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams(req));
-
-                    audit(auditMessage);
-
-                    throw new EUsrGrpException(passwdCheck.getReason(pword));
-
-                    //UsrGrpResources.BAD_PASSWD);
-                }
-
-                user.setPassword(pword);
-            }
-            String phone = super.getParameter(req, Constants.PR_USER_PHONE);
-
-            if (phone != null) {
-                user.setPhone(phone);
-            }
-
-            String userState = super.getParameter(req, Constants.PR_USER_STATE);
-            if (userState != null) {
-                user.setState(userState);
-            }
-
-            try {
-                mMgr.modifyUser(user);
-                NameValuePairs params = new NameValuePairs();
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(SUCCESS, null, params, resp);
-                return;
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE, e.toString());
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
-
-                audit(auditMessage);
-
-                sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
-                return;
-            }
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        } catch (IOException eAudit2) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit2;
-            // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
-        }
-    }
-
-    private void log(int level, String msg) {
-        if (mLogger == null)
-            return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_USRGRP,
-                level, "UsrGrpAdminServlet: " + msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
deleted file mode 100644
index 56a37b34d..000000000
--- a/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
+++ /dev/null
@@ -1,2264 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.base;
-
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.io.PrintStream;
-import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.Random;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.pkcs.ContentInfo;
-import netscape.security.pkcs.PKCS7;
-import netscape.security.pkcs.SignerInfo;
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.CRLExtensions;
-import netscape.security.x509.CRLReasonExtension;
-import netscape.security.x509.CertificateChain;
-import netscape.security.x509.RevocationReason;
-import netscape.security.x509.RevokedCertImpl;
-import netscape.security.x509.X509CertImpl;
-
-import org.w3c.dom.Node;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.apps.ICommandQueue;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.IAuthzSubsystem;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.usrgrp.IGroup;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.cms.servlet.common.AuthCredentials;
-import com.netscape.cms.servlet.common.CMSFileLoader;
-import com.netscape.cms.servlet.common.CMSGateway;
-import com.netscape.cms.servlet.common.CMSLoadTemplate;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-import com.netscape.cms.servlet.common.GenErrorTemplateFiller;
-import com.netscape.cms.servlet.common.GenPendingTemplateFiller;
-import com.netscape.cms.servlet.common.GenRejectedTemplateFiller;
-import com.netscape.cms.servlet.common.GenSuccessTemplateFiller;
-import com.netscape.cms.servlet.common.GenSvcPendingTemplateFiller;
-import com.netscape.cms.servlet.common.GenUnexpectedErrorTemplateFiller;
-import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-import com.netscape.cms.servlet.common.ServletUtils;
-import com.netscape.cmsutil.util.Utils;
-import com.netscape.cmsutil.xml.XMLObject;
-
-/**
- * This is the base class of all CS servlet.
- *
- * @version $Revision$, $Date$
- */
-public abstract class CMSServlet extends HttpServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = -3886300199374147160L;
-    // servlet init params
-    // xxxx todo:Should enforce init param value checking!
-    public final static String SUCCESS = "0";
-    public final static String FAILURE = "1";
-    public final static String AUTH_FAILURE = "2";
-
-    public final static String PROP_ID = "ID";
-    public final static String PROP_AUTHORITY = "authority";
-    public final static String PROP_AUTHORITYID = "authorityId";
-    public final static String PROP_AUTHMGR = "AuthMgr";
-    public final static String PROP_CLIENTAUTH = "GetClientCert";
-    public final static String PROP_RESOURCEID = "resourceID";
-
-    public final static String AUTHZ_SRC_LDAP = "ldap";
-    public final static String AUTHZ_SRC_TYPE = "sourceType";
-    public final static String AUTHZ_CONFIG_STORE = "authz";
-    public final static String AUTHZ_SRC_XML = "web.xml";
-    public final static String PROP_AUTHZ_MGR = "AuthzMgr";
-    public final static String PROP_ACL = "ACLinfo";
-    public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz";
-    public final static String AUTHZ_MGR_LDAP = "DirAclAuthz";
-    private final static String HDR_LANG = "accept-language";
-
-    // final error message - if error and exception templates don't work
-    // send out this text string directly to output.
-
-    public final static String PROP_FINAL_ERROR_MSG = "finalErrorMsg";
-    public final static String ERROR_MSG_TOKEN = "$ERROR_MSG";
-    public final static String FINAL_ERROR_MSG =
-            "<HTML>\n" +
-                    "<BODY BGCOLOR=white>\n" +
-                    "<P>\n" +
-                    "The Certificate System has encountered " +
-                    "an unrecoverable error.\n" +
-                    "<P>\n" +
-                    "Error Message:<BR>\n" +
-                    "<I>$ERROR_MSG</I>\n" +
-                    "<P>\n" +
-                    "Please contact your local administrator for assistance.\n" +
-                    "</BODY>\n" +
-                    "</HTML>\n";
-
-    // properties from configuration.
-
-    protected final static String PROP_UNAUTHORIZED_TEMPLATE = "unauthorizedTemplate";
-    protected final static String UNAUTHORIZED_TEMPLATE = "/GenUnauthorized.template";
-    protected final static String PROP_SUCCESS_TEMPLATE = "successTemplate";
-    protected final static String SUCCESS_TEMPLATE = "/GenSuccess.template";
-    protected final static String PROP_PENDING_TEMPLATE = "pendingTemplate";
-    protected final static String PENDING_TEMPLATE = "/GenPending.template";
-    protected final static String PROP_SVC_PENDING_TEMPLATE = "svcpendingTemplate";
-    protected final static String SVC_PENDING_TEMPLATE = "/GenSvcPending.template";
-    protected final static String PROP_REJECTED_TEMPLATE = "rejectedTemplate";
-    protected final static String REJECTED_TEMPLATE = "/GenRejected.template";
-    protected final static String PROP_ERROR_TEMPLATE = "errorTemplate";
-    protected final static String ERROR_TEMPLATE = "/GenError.template";
-    protected final static String PROP_EXCEPTION_TEMPLATE = "unexpectedErrorTemplate";
-    protected final static String EXCEPTION_TEMPLATE = "/GenUnexpectedError.template";
-
-    private final static String PROP_UNAUTHOR_TEMPLATE_FILLER = "unauthorizedTemplateFiller";
-    protected final static String PROP_SUCCESS_TEMPLATE_FILLER = "successTemplateFiller";
-    private final static String PROP_ERROR_TEMPLATE_FILLER = "errorTemplateFiller";
-    private final static String PROP_PENDING_TEMPLATE_FILLER = "pendingTemplateFiller";
-    private final static String PROP_SVC_PENDING_TEMPLATE_FILLER = "svcpendingTemplateFiller";
-    private final static String PROP_REJECTED_TEMPLATE_FILLER = "rejectedTemplateFiller";
-    private final static String PROP_EXCEPTION_TEMPLATE_FILLER = "exceptionTemplateFiller";
-
-    protected final static String RA_AGENT_GROUP = "Registration Manager Agents";
-    protected final static String CA_AGENT_GROUP = "Certificate Manager Agents";
-    protected final static String KRA_AGENT_GROUP = "Data Recovery Manager Agents";
-    protected final static String OCSP_AGENT_GROUP = "Online Certificate Status Manager Agents";
-    protected final static String TRUSTED_RA_GROUP = "Trusted Managers";
-    protected final static String ADMIN_GROUP = "Administrators";
-
-    // default http params NOT to save in request.(config values added to list )
-    private static final String PROP_DONT_SAVE_HTTP_PARAMS = "dontSaveHttpParams";
-    private static final String[] DONT_SAVE_HTTP_PARAMS = { "pwd", "password", "passwd",
-            "challengePassword", "confirmChallengePassword" };
-
-    // default http headers to save in request. (config values added to list)
-    private static final String PROP_SAVE_HTTP_HEADERS = "saveHttpHeaders";
-    private static final String[] SAVE_HTTP_HEADERS = { "accept-language", "user-agent", };
-
-    // request prefixes to distinguish from other request attributes.
-    public static final String PFX_HTTP_HEADER = "HTTP_HEADER";
-    public static final String PFX_HTTP_PARAM = "HTTP_PARAM";
-    public static final String PFX_AUTH_TOKEN = "AUTH_TOKEN";
-
-    /* input http params */
-    protected final static String AUTHMGR_PARAM = "authenticator";
-
-    /* fixed credential passed to auth managers */
-    protected final static String CERT_AUTH_CRED = "sslClientCert";
-
-    public static final String CERT_ATTR =
-            "javax.servlet.request.X509Certificate";
-
-    // members.
-
-    protected ServletConfig servletConfig;
-
-    protected boolean mRenderResult = true;
-    protected String mFinalErrorMsg = FINAL_ERROR_MSG;
-    protected Hashtable<Integer, CMSLoadTemplate> mTemplates = new Hashtable<Integer, CMSLoadTemplate>();
-
-    protected ServletConfig mServletConfig = null;
-    protected ServletContext mServletContext = null;
-    private CMSFileLoader mFileLoader = null;
-
-    protected Vector<String> mDontSaveHttpParams = new Vector<String>();
-    protected Vector<String> mSaveHttpHeaders = new Vector<String>();
-
-    protected String mId = null;
-    protected IConfigStore mConfig = null;
-
-    // the authority, RA, CA, KRA this servlet is serving.
-    protected IAuthority mAuthority = null;
-    protected ICertificateAuthority certAuthority;
-    protected IRequestQueue mRequestQueue = null;
-
-    // system logger.
-    protected ILogger mLogger = CMS.getLogger();
-    protected int mLogCategory = ILogger.S_OTHER;
-    private MessageDigest mSHADigest = null;
-
-    protected String mGetClientCert = "false";
-    protected String mAuthMgr = null;
-    protected IAuthzSubsystem mAuthz = null;
-
-    protected String mAclMethod = null;
-    protected String mAuthzResourceName = null;
-
-    protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
-    protected String mOutputTemplatePath = null;
-    private IUGSubsystem mUG = (IUGSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_UG);
-
-    private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
-            "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
-    private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
-            "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
-    private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL =
-            "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4";
-    private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS =
-            "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4";
-    private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME =
-            "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
-
-    public CMSServlet() {
-    }
-
-    public static Hashtable<String, String> toHashtable(HttpServletRequest req) {
-        Hashtable<String, String> httpReqHash = new Hashtable<String, String>();
-        Enumeration<?> names = req.getParameterNames();
-
-        while (names.hasMoreElements()) {
-            String name = (String) names.nextElement();
-
-            httpReqHash.put(name, req.getParameter(name));
-        }
-        return httpReqHash;
-    }
-
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-
-        this.servletConfig = sc;
-
-        mAuthz = (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ);
-        mId = sc.getInitParameter(PROP_ID);
-
-        try {
-            mAclMethod = ServletUtils.initializeAuthz(sc, mAuthz, mId);
-        } catch (ServletException e) {
-            log(ILogger.LL_FAILURE, e.toString());
-            throw e;
-        }
-
-        mConfig = CMS.getConfigStore().getSubStore(CMSGateway.PROP_CMSGATEWAY);
-        mServletConfig = sc;
-        mServletContext = sc.getServletContext();
-        mFileLoader = new CMSFileLoader();
-
-        mGetClientCert = sc.getInitParameter(PROP_CLIENTAUTH);
-        mAuthMgr = sc.getInitParameter(PROP_AUTHMGR);
-        mAuthzResourceName = sc.getInitParameter(PROP_RESOURCEID);
-        mOutputTemplatePath = sc.getInitParameter("templatePath");
-
-        String authority = sc.getInitParameter(PROP_AUTHORITY);
-        if (authority == null) {
-            authority = sc.getInitParameter(PROP_AUTHORITYID);
-        }
-
-        if (authority != null) {
-            mAuthority = (IAuthority) CMS.getSubsystem(authority);
-            if (mAuthority instanceof ICertificateAuthority)
-                certAuthority = (ICertificateAuthority) mAuthority;
-        }
-        if (mAuthority != null)
-            mRequestQueue = mAuthority.getRequestQueue();
-
-        // set default templates.
-        setDefaultTemplates(sc);
-
-        // for logging to the right authority category.
-        if (mAuthority == null) {
-            mLogCategory = ILogger.S_OTHER;
-        } else {
-            if (mAuthority instanceof ICertificateAuthority)
-                mLogCategory = ILogger.S_CA;
-            else if (mAuthority instanceof IRegistrationAuthority)
-                mLogCategory = ILogger.S_RA;
-            else if (mAuthority instanceof IKeyRecoveryAuthority)
-                mLogCategory = ILogger.S_KRA;
-            else
-                mLogCategory = ILogger.S_OTHER;
-        }
-
-        try {
-            // get final error message.
-            // used when templates can't even be loaded.
-            String eMsg =
-                    sc.getInitParameter(PROP_FINAL_ERROR_MSG);
-
-            if (eMsg != null)
-                mFinalErrorMsg = eMsg;
-
-            // get any configured templates.
-            Enumeration<CMSLoadTemplate> templs = mTemplates.elements();
-
-            while (templs.hasMoreElements()) {
-                CMSLoadTemplate templ = templs.nextElement();
-
-                if (templ == null || templ.mPropName == null) {
-                    continue;
-                }
-                String tName =
-                        sc.getInitParameter(templ.mPropName);
-
-                if (tName != null)
-                    templ.mTemplateName = tName;
-                String fillerName =
-                        sc.getInitParameter(templ.mFillerPropName);
-
-                if (fillerName != null) {
-                    ICMSTemplateFiller filler = newFillerObject(fillerName);
-
-                    if (filler != null)
-                        templ.mFiller = filler;
-                }
-            }
-
-            // get http params NOT to store in a IRequest and
-            // get http headers TO store in a IRequest.
-            getDontSaveHttpParams(sc);
-            getSaveHttpHeaders(sc);
-        } catch (Exception e) {
-            // should never occur since we provide defaults above.
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS",
-                            e.toString()));
-            throw new ServletException(e.toString());
-        }
-
-        try {
-            mSHADigest = MessageDigest.getInstance("SHA1");
-        } catch (NoSuchAlgorithmException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS",
-                            e.toString()));
-            throw new ServletException(e.toString());
-        }
-    }
-
-    public String getId() {
-        return mId;
-    }
-
-    public String getAuthMgr() {
-        return mAuthMgr;
-    }
-
-    public boolean isClientCertRequired() {
-        if (mGetClientCert != null && mGetClientCert.equals("true"))
-            return true;
-        else
-            return false;
-    }
-
-    public void outputHttpParameters(HttpServletRequest httpReq) {
-        CMS.debug("CMSServlet:service() uri = " + httpReq.getRequestURI());
-        Enumeration<?> paramNames = httpReq.getParameterNames();
-        while (paramNames.hasMoreElements()) {
-            String pn = (String) paramNames.nextElement();
-            // added this facility so that password can be hidden,
-            // all sensitive parameters should be prefixed with
-            // __ (double underscores); however, in the event that
-            // a security parameter slips through, we perform multiple
-            // additional checks to insure that it is NOT displayed
-            if (pn.startsWith("__") ||
-                    pn.endsWith("password") ||
-                    pn.endsWith("passwd") ||
-                    pn.endsWith("pwd") ||
-                    pn.equalsIgnoreCase("admin_password_again") ||
-                    pn.equalsIgnoreCase("directoryManagerPwd") ||
-                    pn.equalsIgnoreCase("bindpassword") ||
-                    pn.equalsIgnoreCase("bindpwd") ||
-                    pn.equalsIgnoreCase("passwd") ||
-                    pn.equalsIgnoreCase("password") ||
-                    pn.equalsIgnoreCase("pin") ||
-                    pn.equalsIgnoreCase("pwd") ||
-                    pn.equalsIgnoreCase("pwdagain") ||
-                    pn.startsWith("p12Password") ||
-                    pn.equalsIgnoreCase("uPasswd")) {
-                CMS.debug("CMSServlet::service() param name='" + pn +
-                        "' value='(sensitive)'");
-            } else {
-                CMS.debug("CMSServlet::service() param name='" + pn +
-                        "' value='" + httpReq.getParameter(pn) + "'");
-            }
-        }
-    }
-
-    public void service(HttpServletRequest httpReq,
-            HttpServletResponse httpResp)
-            throws ServletException, IOException {
-
-        boolean running_state = CMS.isInRunningState();
-
-        if (!running_state)
-            throw new IOException(
-                    "CS server is not ready to serve.");
-
-        try {
-            if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) {
-                String currentName = Thread.currentThread().getName();
-
-                Thread.currentThread().setName(currentName + "-" + httpReq.getServletPath());
-            }
-        } catch (Exception e) {
-        }
-
-        httpReq.setCharacterEncoding("UTF-8");
-
-        if (CMS.debugOn()) {
-            outputHttpParameters(httpReq);
-        }
-        CMS.debug("CMSServlet: " + mId + " start to service.");
-
-        // get a cms request
-        CMSRequest cmsRequest = newCMSRequest();
-
-        // set argblock
-        cmsRequest.setHttpParams(CMS.createArgBlock("http-request-params", toHashtable(httpReq)));
-
-        // set http request
-        cmsRequest.setHttpReq(httpReq);
-
-        // set http response
-        cmsRequest.setHttpResp(httpResp);
-
-        // set servlet config.
-        cmsRequest.setServletConfig(mServletConfig);
-
-        // set servlet context.
-        cmsRequest.setServletContext(mServletContext);
-
-        IArgBlock httpArgs = cmsRequest.getHttpParams();
-
-        // authenticator value from http overrides the value in web.xml.
-        String authMgr_http = httpArgs.getValueAsString(AUTHMGR_PARAM, null);
-
-        if (authMgr_http != null) {
-            mAuthMgr = authMgr_http;
-        } else {
-            mAuthMgr = mServletConfig.getInitParameter(PROP_AUTHMGR);
-        }
-
-        // process request.
-        ICommandQueue iCommandQueue = CMS.getCommandQueue();
-
-        try {
-            if (iCommandQueue.registerProcess(cmsRequest, this) == false) {
-                cmsRequest.setStatus(ICMSRequest.ERROR);
-                renderResult(cmsRequest);
-                SessionContext.releaseContext();
-                return;
-            }
-            long startTime = CMS.getCurrentDate().getTime();
-            process(cmsRequest);
-            renderResult(cmsRequest);
-            Date endDate = CMS.getCurrentDate();
-            long endTime = endDate.getTime();
-            if (CMS.debugOn()) {
-                CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate="
-                        + endDate + " id=" + mId + " time=" + (endTime - startTime));
-            }
-            iCommandQueue.unRegisterProccess(cmsRequest, this);
-        } catch (EBaseException e) {
-            iCommandQueue.unRegisterProccess(cmsRequest, this);
-            // ByteArrayOutputStream os = new ByteArrayOutputStream(); for debugging only
-            // PrintStream ps = new PrintStream(os);
-            //e.printStackTrace(ps);
-            log(e.toString());
-            renderException(cmsRequest, e);
-        } catch (Exception ex) {
-            iCommandQueue.unRegisterProccess(cmsRequest, this);
-            ByteArrayOutputStream os = new ByteArrayOutputStream();
-            PrintStream ps = new PrintStream(os);
-
-            ex.printStackTrace(ps);
-            log(os.toString());
-            renderFinalError(cmsRequest, ex);
-        }
-
-        // destroy SessionContext
-        SessionContext.releaseContext();
-
-        return;
-    }
-
-    /**
-     * Create a new CMSRequest object. This should be overriden by servlets
-     * implementing different types of request
-     *
-     * @return a new CMSRequest object
-     */
-    protected CMSRequest newCMSRequest() {
-        return new CMSRequest();
-    }
-
-    /**
-     * process an HTTP request. Servlets must override this with their
-     * own implementation
-     *
-     * @throws EBaseException if the servlet was unable to satisfactorily
-     *             process the request
-     */
-    protected void process(CMSRequest cmsRequest)
-            throws EBaseException {
-    }
-
-    /**
-     * Output a template.
-     * If an error occurs while outputing the template the exception template
-     * is used to display the error.
-     *
-     * @param cmsReq the CS request
-     */
-    protected void renderResult(CMSRequest cmsReq)
-            throws IOException {
-
-        if (!mRenderResult)
-            return;
-        Integer status = cmsReq.getStatus();
-
-        CMSLoadTemplate ltempl = mTemplates.get(status);
-
-        if (ltempl == null || ltempl.mTemplateName == null) {
-            // result is previously outputed.
-            return;
-        }
-        ICMSTemplateFiller filler = ltempl.mFiller;
-
-        renderTemplate(cmsReq, ltempl.mTemplateName, filler);
-    }
-
-    private static final String PRESERVED = "preserved";
-    public static final String TEMPLATE_NAME = "templateName";
-
-    protected void outputArgBlockAsXML(XMLObject xmlObj, Node parent,
-                                       String argBlockName, IArgBlock argBlock) {
-        Node argBlockContainer = xmlObj.createContainer(parent, argBlockName);
-
-        if (argBlock != null) {
-            Enumeration<String> names = argBlock.getElements();
-            while (names.hasMoreElements()) {
-                String name = names.nextElement();
-                String val = argBlock.get(name).toString();
-                val = val.trim();
-                xmlObj.addItemToContainer(argBlockContainer, name, val);
-            }
-        }
-    }
-
-    protected void outputXML(HttpServletResponse httpResp, CMSTemplateParams params) {
-        XMLObject xmlObj = null;
-        try {
-            xmlObj = new XMLObject();
-
-            Node root = xmlObj.createRoot("xml");
-            outputArgBlockAsXML(xmlObj, root, "header", params.getHeader());
-            outputArgBlockAsXML(xmlObj, root, "fixed", params.getFixed());
-
-            Enumeration<IArgBlock> records = params.queryRecords();
-            Node recordsNode = xmlObj.createContainer(root, "records");
-            if (records != null) {
-                while (records.hasMoreElements()) {
-                    IArgBlock record = records.nextElement();
-                    outputArgBlockAsXML(xmlObj, recordsNode, "record", record);
-                }
-            }
-
-            byte[] cb = xmlObj.toByteArray();
-            OutputStream os = httpResp.getOutputStream();
-            httpResp.setContentType("application/xml");
-            httpResp.setContentLength(cb.length);
-            os.write(cb);
-            os.flush();
-        } catch (Exception e) {
-            CMS.debug("failed in outputing XML " + e);
-        }
-    }
-
-    protected void renderTemplate(
-            CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-            throws IOException {
-        try {
-            IArgBlock httpParams = cmsReq.getHttpParams();
-
-            Locale[] locale = new Locale[1];
-            CMSTemplate template =
-                    getTemplate(templateName, cmsReq.getHttpReq(), locale);
-            CMSTemplateParams templateParams = null;
-
-            if (filler != null) {
-                templateParams = filler.getTemplateParams(
-                            cmsReq, mAuthority, locale[0], null);
-            }
-
-            // just output arg blocks as XML
-            CMS.debug("CMSServlet.java: renderTemplate");
-            String xmlOutput = cmsReq.getHttpReq().getParameter("xml");
-            if (xmlOutput != null && xmlOutput.equals("true")) {
-                CMS.debug("CMSServlet.java: xml parameter detected, returning xml");
-                outputXML(cmsReq.getHttpResp(), templateParams);
-                return;
-            }
-
-            if (httpParams != null) {
-                String httpTemplateName =
-                        httpParams.getValueAsString(
-                                TEMPLATE_NAME, null);
-
-                if (httpTemplateName != null) {
-                    templateName = httpTemplateName;
-                }
-            }
-
-            if (templateParams == null)
-                templateParams = new CMSTemplateParams(null, null);
-
-            // #359630
-            // inject preserved http parameter into the template
-            if (httpParams != null) {
-                String preserved = httpParams.getValueAsString(
-                        PRESERVED, null);
-
-                if (preserved != null) {
-                    IArgBlock fixed = templateParams.getFixed();
-
-                    if (fixed != null) {
-                        fixed.set(PRESERVED, preserved);
-                    }
-                }
-            }
-
-            ByteArrayOutputStream bos = new ByteArrayOutputStream();
-
-            template.renderOutput(bos, templateParams);
-            cmsReq.getHttpResp().setContentType("text/html");
-            cmsReq.getHttpResp().setContentLength(bos.size());
-            bos.writeTo(cmsReq.getHttpResp().getOutputStream());
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", templateName, e.toString()));
-            renderException(cmsReq,
-                    new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
-            return;
-        }
-    }
-
-    /**
-     * Output exception (unexpected error) template
-     * This is different from other templates in that if an exception occurs
-     * while rendering the exception a message is printed out directly.
-     * If the message gets an error an IOException is thrown.
-     * In others if an exception occurs while rendering the template the
-     * exception template (this) is called.
-     * <p>
-     *
-     * @param cmsReq the CS request to pass to template filler if any.
-     * @param e the unexpected exception
-     */
-    protected void renderException(CMSRequest cmsReq, EBaseException e)
-            throws IOException {
-        try {
-            Locale[] locale = new Locale[1];
-            CMSLoadTemplate loadTempl =
-                    mTemplates.get(ICMSRequest.EXCEPTION);
-            CMSTemplate template = getTemplate(loadTempl.mTemplateName,
-                    cmsReq.getHttpReq(), locale);
-            ICMSTemplateFiller filler = loadTempl.mFiller;
-            CMSTemplateParams templateParams = null;
-
-            // When an exception occurs the exit is non-local which probably
-            // will leave the requestStatus value set to something other
-            // than CMSRequest.EXCEPTION, so force the requestStatus to
-            // EXCEPTION since it must be that if we're here.
-            cmsReq.setStatus(ICMSRequest.EXCEPTION);
-
-            if (filler != null) {
-                templateParams = filler.getTemplateParams(
-                            cmsReq, mAuthority, locale[0], e);
-            }
-            if (templateParams == null) {
-                templateParams = new CMSTemplateParams(null, CMS.createArgBlock());
-            }
-            if (e != null) {
-                templateParams.getFixed().set(
-                        ICMSTemplateFiller.EXCEPTION, e.toString(locale[0]));
-            }
-
-            // just output arg blocks as XML
-            CMS.debug("CMSServlet.java: renderTemplate");
-            String xmlOutput = cmsReq.getHttpReq().getParameter("xml");
-            if (xmlOutput != null && xmlOutput.equals("true")) {
-                CMS.debug("CMSServlet.java: xml parameter detected, returning xml");
-                outputXML(cmsReq.getHttpResp(), templateParams);
-                return;
-            }
-
-            ByteArrayOutputStream bos = new ByteArrayOutputStream();
-
-            template.renderOutput(bos, templateParams);
-            cmsReq.getHttpResp().setContentType("text/html");
-            cmsReq.getHttpResp().setContentLength(bos.size());
-            bos.writeTo(cmsReq.getHttpResp().getOutputStream());
-        } catch (Exception ex) {
-            renderFinalError(cmsReq, ex);
-        }
-    }
-
-    public void renderFinalError(CMSRequest cmsReq, Exception ex)
-            throws IOException {
-        // this template is the last resort for all other unexpected
-        // errors in other templates so we can only output text.
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        httpResp.setContentType("text/html");
-        ServletOutputStream out = httpResp.getOutputStream();
-
-        // replace $ERRORMSG with exception message if included.
-        String finalErrMsg = mFinalErrorMsg;
-        int tokenIdx = mFinalErrorMsg.indexOf(ERROR_MSG_TOKEN);
-
-        if (tokenIdx != -1) {
-            finalErrMsg =
-                    mFinalErrorMsg.substring(0, tokenIdx) +
-                            ex.toString() +
-                            mFinalErrorMsg.substring(
-                                    tokenIdx + ERROR_MSG_TOKEN.length());
-        }
-        out.println(finalErrMsg);
-        return;
-    }
-
-    /**
-     * Invalidates a SSL Session. So client auth will happen again.
-     */
-    protected static void invalidateSSLSession(HttpServletRequest httpReq) {
-
-        /*
-         try {
-         s = (SSLSocket) ((HTTPRequest) httpReq).getConnection().getSocket();
-         } catch (ClassCastException e) {
-         CMS.getLogger().log(
-         ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_WARN,
-         CMS.getLogMessage("CMSGW_SSL_NO_INVALIDATE"));
-         // ignore.
-         return;
-         }
-         try {
-         s.invalidateSession();
-         s.resetHandshake();
-         }catch (SocketException se) {
-         }
-         */
-        return;
-    }
-
-    /**
-     * construct a authentication credentials to pass into authentication
-     * manager.
-     */
-    public static AuthCredentials getAuthCreds(
-            IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert)
-            throws EBaseException {
-        // get credentials from http parameters.
-        String[] reqCreds = authMgr.getRequiredCreds();
-        AuthCredentials creds = new AuthCredentials();
-
-        for (int i = 0; i < reqCreds.length; i++) {
-            String reqCred = reqCreds[i];
-
-            if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) {
-                // cert could be null;
-                creds.set(reqCred, new X509Certificate[] { clientCert }
-                        );
-            } else {
-                String value = argBlock.getValueAsString(reqCred);
-
-                creds.set(reqCred, value); // value could be null;
-            }
-        }
-        // Inserted by bskim
-        creds.setArgBlock(argBlock);
-        // Insert end
-        return creds;
-    }
-
-    /**
-     * get ssl client authenticated certificate
-     */
-    protected X509Certificate getSSLClientCertificate(HttpServletRequest httpReq) throws EBaseException {
-
-        X509Certificate cert = null;
-
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO,
-                CMS.getLogMessage("CMSGW_GETTING_SSL_CLIENT_CERT"));
-
-        // iws60 support Java Servlet Spec V2.2, attribute
-        // javax.servlet.request.X509Certificate now contains array
-        // of X509Certificates instead of one X509Certificate object
-        X509Certificate[] allCerts = (X509Certificate[]) httpReq.getAttribute(CERT_ATTR);
-
-        if (allCerts == null || allCerts.length == 0) {
-            throw new EBaseException("You did not provide a valid certificate for this operation");
-        }
-
-        cert = allCerts[0];
-
-        if (cert == null) {
-            // just don't have a cert.
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL"));
-            return null;
-        }
-
-        // convert to sun's x509 cert interface.
-        try {
-            byte[] certEncoded = cert.getEncoded();
-
-            cert = new X509CertImpl(certEncoded);
-        } catch (CertificateEncodingException e) {
-            mLogger.log(
-                    ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_ENCODE", e.getMessage()));
-            return null;
-        } catch (CertificateException e) {
-            mLogger.log(
-                    ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_DECODE", e.getMessage()));
-            return null;
-        }
-        return cert;
-    }
-
-    /**
-     * get a template based on result status.
-     */
-    protected CMSTemplate getTemplate(
-            String templateName, HttpServletRequest httpReq, Locale[] locale)
-            throws EBaseException, IOException {
-        // this converts to system dependent file seperator char.
-        if (mServletConfig == null) {
-            CMS.debug("CMSServlet:getTemplate() - mServletConfig is null!");
-            return null;
-        }
-        if (mServletConfig.getServletContext() == null) {
-        }
-        if (templateName == null) {
-        }
-        String realpath =
-                mServletConfig.getServletContext().getRealPath("/" + templateName);
-
-        if (realpath == null) {
-            mLogger.log(
-                    ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", templateName));
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-        }
-
-        File realpathFile = new File(realpath);
-        File templateFile =
-                getLangFile(httpReq, realpathFile, locale);
-        String charSet = httpReq.getCharacterEncoding();
-
-        if (charSet == null) {
-            charSet = "UTF8";
-        }
-        CMSTemplate template =
-                (CMSTemplate) mFileLoader.getCMSFile(templateFile, charSet);
-
-        return template;
-    }
-
-    /**
-     * log according to authority category.
-     */
-    protected void log(int event, int level, String msg) {
-        mLogger.log(event, mLogCategory, level,
-                "Servlet " + mId + ": " + msg);
-    }
-
-    protected void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level,
-                "Servlet " + mId + ": " + msg);
-    }
-
-    /**
-     * get http parameters not to save from configuration.
-     */
-    protected void getDontSaveHttpParams(ServletConfig sc) {
-        String dontSaveParams = null;
-
-        try {
-            for (int i = 0; i < DONT_SAVE_HTTP_PARAMS.length; i++) {
-                mDontSaveHttpParams.addElement(DONT_SAVE_HTTP_PARAMS[i]);
-            }
-            dontSaveParams = sc.getInitParameter(
-                        PROP_DONT_SAVE_HTTP_PARAMS);
-            if (dontSaveParams != null) {
-                StringTokenizer params =
-                        new StringTokenizer(dontSaveParams, ",");
-
-                while (params.hasMoreTokens()) {
-                    String param = params.nextToken();
-
-                    mDontSaveHttpParams.addElement(param);
-                }
-            }
-        } catch (Exception e) {
-            // should never happen
-            log(ILogger.LL_WARN,
-                    CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", PROP_DONT_SAVE_HTTP_PARAMS, e.toString()));
-            // default just in case.
-            for (int i = 0; i < DONT_SAVE_HTTP_PARAMS.length; i++) {
-                mDontSaveHttpParams.addElement(DONT_SAVE_HTTP_PARAMS[i]);
-            }
-            return;
-        }
-    }
-
-    /**
-     * get http headers to save from configuration.
-     */
-    protected void getSaveHttpHeaders(ServletConfig sc) {
-        try {
-            // init save http headers. default will always be saved.
-            for (int i = 0; i < SAVE_HTTP_HEADERS.length; i++) {
-                mSaveHttpHeaders.addElement(SAVE_HTTP_HEADERS[i]);
-            }
-
-            // now get from config file if there's more.
-            String saveHeaders =
-                    sc.getInitParameter(PROP_SAVE_HTTP_HEADERS);
-
-            if (saveHeaders != null) {
-                StringTokenizer headers =
-                        new StringTokenizer(saveHeaders, ",");
-
-                while (headers.hasMoreTokens()) {
-                    String hdr = headers.nextToken();
-
-                    mSaveHttpHeaders.addElement(hdr);
-                }
-            }
-        } catch (Exception e) {
-            // should never happen
-            log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", PROP_SAVE_HTTP_HEADERS, e.toString()));
-            return;
-        }
-    }
-
-    /**
-     * save http headers in a IRequest.
-     */
-    protected void saveHttpHeaders(
-            HttpServletRequest httpReq, IRequest req)
-            throws EBaseException {
-        Hashtable<String, String> headers = new Hashtable<String, String>();
-        Enumeration<String> hdrs = mSaveHttpHeaders.elements();
-
-        while (hdrs.hasMoreElements()) {
-            String hdr = hdrs.nextElement();
-            String val = httpReq.getHeader(hdr);
-
-            if (val != null) {
-                headers.put(hdr, val);
-            }
-        }
-        req.setExtData(IRequest.HTTP_HEADERS, headers);
-    }
-
-    /**
-     * save http headers in a IRequest.
-     */
-    protected void saveHttpParams(
-            IArgBlock httpParams, IRequest req) {
-        Hashtable<String, String> saveParams = new Hashtable<String, String>();
-
-        Enumeration<String> names = httpParams.elements();
-
-        while (names.hasMoreElements()) {
-            String name = names.nextElement();
-            Enumeration<String> params = mDontSaveHttpParams.elements();
-            boolean dosave = true;
-
-            while (params.hasMoreElements()) {
-                String param = params.nextElement();
-
-                if (name.equalsIgnoreCase(param)) {
-                    dosave = false;
-                    break;
-                }
-            }
-            if (dosave) {
-                // kmccarth
-                // fear not - service() calls toHashtable() which only
-                // retrieves string values.
-                // TODO - when we can use JDK5 features we should typecast
-                // the params until they get here
-                saveParams.put(name, (String) httpParams.get(name));
-            }
-        }
-        req.setExtData(IRequest.HTTP_PARAMS, saveParams);
-    }
-
-    /**
-     * handy routine for getting a cert record given a serial number.
-     */
-    protected ICertRecord getCertRecord(BigInteger serialNo) {
-        if (mAuthority == null ||
-                !(mAuthority instanceof ICertificateAuthority)) {
-            log(ILogger.LL_WARN,
-                    CMS.getLogMessage("CMSGW_NON_CERT_AUTH"));
-            return null;
-        }
-        ICertificateRepository certdb =
-                ((ICertificateAuthority) mAuthority).getCertificateRepository();
-
-        if (certdb == null) {
-            log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_CERT_DB_NULL", mAuthority.toString()));
-            return null;
-        }
-        ICertRecord certRecord = null;
-
-        try {
-            certRecord = certdb.readCertificateRecord(serialNo);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString()));
-            return null;
-        }
-        return certRecord;
-    }
-
-    /**
-     * handy routine for validating if a cert is from this CA.
-     * mAuthority must be a CA.
-     */
-    protected boolean isCertFromCA(X509Certificate cert) {
-        BigInteger serialno = cert.getSerialNumber();
-        X509CertImpl certInDB = (X509CertImpl) getX509Certificate(serialno);
-
-        if (certInDB == null || !certInDB.equals(cert))
-            return false;
-        return true;
-    }
-
-    /**
-     * handy routine for checking if a list of certs is from this CA.
-     * mAuthortiy must be a CA.
-     */
-    protected boolean areCertsFromCA(X509Certificate[] certs) {
-        for (int i = certs.length - 1; i >= 0; i--) {
-            if (!isCertFromCA(certs[i]))
-                return false;
-        }
-        return true;
-    }
-
-    /**
-     * handy routine for getting a certificate from the certificate
-     * repository. mAuthority must be a CA.
-     */
-    protected X509Certificate getX509Certificate(BigInteger serialNo) {
-        if (mAuthority == null ||
-                !(mAuthority instanceof ICertificateAuthority)) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_NOT_CERT_AUTH"));
-            return null;
-        }
-        ICertificateRepository certdb =
-                ((ICertificateAuthority) mAuthority).getCertificateRepository();
-
-        if (certdb == null) {
-            log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_CERT_DB_NULL", mAuthority.toString()));
-            return null;
-        }
-        X509Certificate cert = null;
-
-        try {
-            cert = certdb.getX509Certificate(serialNo);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString()));
-            return null;
-        }
-        return cert;
-    }
-
-    /**
-     * instantiate a new filler from a class name,
-     *
-     * @return null if can't be instantiated, new instance otherwise.
-     */
-    protected ICMSTemplateFiller newFillerObject(String fillerClass) {
-        ICMSTemplateFiller filler = null;
-
-        try {
-            filler = (ICMSTemplateFiller)
-                    Class.forName(fillerClass).newInstance();
-        } catch (Exception e) {
-            if ((e instanceof RuntimeException)) {
-                throw (RuntimeException) e;
-            } else {
-                log(ILogger.LL_WARN,
-                        CMS.getLogMessage("CMSGW_CANT_LOAD_FILLER", fillerClass, e.toString()));
-                return null;
-            }
-        }
-        return filler;
-    }
-
-    /**
-     * set default templates.
-     * subclasses can override, and should override at least the success
-     * template
-     */
-    protected void setDefaultTemplates(ServletConfig sc) {
-        // Subclasses should override these for diff templates and params in
-        // their constructors.
-        // Set a template name to null to not use these standard ones.
-        // When template name is set to null nothing will be displayed.
-        // Servlet is assumed to have rendered its own output.
-        // The only exception is the unexpected error template where the
-        // default one will always be used if template name is null.
-        String successTemplate = null;
-        String errorTemplate = null;
-        String unauthorizedTemplate = null;
-        String pendingTemplate = null;
-        String svcpendingTemplate = null;
-        String rejectedTemplate = null;
-        String unexpectedErrorTemplate = null;
-
-        String gateway = sc.getInitParameter("interface");
-        String authority = sc.getInitParameter(PROP_AUTHORITY);
-        if (authority == null) {
-            authority = sc.getInitParameter("authorityId");
-        }
-
-        try {
-            successTemplate = sc.getInitParameter(
-                        PROP_SUCCESS_TEMPLATE);
-            if (successTemplate == null) {
-                successTemplate = SUCCESS_TEMPLATE;
-                if (gateway != null)
-                    //successTemplate = "/"+gateway+successTemplate;
-                    successTemplate = "/" + gateway + successTemplate;
-            }
-
-            errorTemplate = sc.getInitParameter(
-                        PROP_ERROR_TEMPLATE);
-            if (errorTemplate == null) {
-                errorTemplate = ERROR_TEMPLATE;
-                if (gateway != null)
-                    //errorTemplate = "/"+gateway+errorTemplate;
-                    errorTemplate = "/" + gateway + errorTemplate;
-            }
-
-            unauthorizedTemplate = sc.getInitParameter(
-                        PROP_UNAUTHORIZED_TEMPLATE);
-            if (unauthorizedTemplate == null) {
-                unauthorizedTemplate = UNAUTHORIZED_TEMPLATE;
-                if (gateway != null)
-                    //unauthorizedTemplate = "/"+gateway+unauthorizedTemplate;
-                    unauthorizedTemplate = "/" + gateway + unauthorizedTemplate;
-            }
-
-            pendingTemplate = sc.getInitParameter(
-                        PROP_PENDING_TEMPLATE);
-            if (pendingTemplate == null) {
-                pendingTemplate = PENDING_TEMPLATE;
-                if (gateway != null)
-                    //pendingTemplate = "/"+gateway+pendingTemplate;
-                    pendingTemplate = "/" + gateway + pendingTemplate;
-            }
-
-            svcpendingTemplate = sc.getInitParameter(
-                        PROP_SVC_PENDING_TEMPLATE);
-            if (svcpendingTemplate == null) {
-                svcpendingTemplate = SVC_PENDING_TEMPLATE;
-                if (gateway != null)
-                    //svcpendingTemplate = "/"+gateway+svcpendingTemplate;
-                    svcpendingTemplate = "/" + gateway + svcpendingTemplate;
-            }
-
-            rejectedTemplate = sc.getInitParameter(
-                        PROP_REJECTED_TEMPLATE);
-            if (rejectedTemplate == null) {
-                rejectedTemplate = REJECTED_TEMPLATE;
-                if (gateway != null)
-                    //rejectedTemplate = "/"+gateway+rejectedTemplate;
-                    rejectedTemplate = "/" + gateway + rejectedTemplate;
-            }
-
-            unexpectedErrorTemplate = sc.getInitParameter(
-                        PROP_EXCEPTION_TEMPLATE);
-            if (unexpectedErrorTemplate == null) {
-                unexpectedErrorTemplate = EXCEPTION_TEMPLATE;
-                if (gateway != null)
-                    //unexpectedErrorTemplate = "/"+gateway+unexpectedErrorTemplate;
-                    unexpectedErrorTemplate = "/" + gateway + unexpectedErrorTemplate;
-            }
-        } catch (Exception e) {
-            // this should never happen.
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
-                            mId));
-        }
-
-        mTemplates.put(
-                ICMSRequest.UNAUTHORIZED,
-                new CMSLoadTemplate(
-                        PROP_UNAUTHORIZED_TEMPLATE, PROP_UNAUTHOR_TEMPLATE_FILLER,
-                        unauthorizedTemplate, null));
-        mTemplates.put(
-                ICMSRequest.SUCCESS,
-                new CMSLoadTemplate(
-                        PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER,
-                        successTemplate, new GenSuccessTemplateFiller()));
-        mTemplates.put(
-                ICMSRequest.PENDING,
-                new CMSLoadTemplate(
-                        PROP_PENDING_TEMPLATE, PROP_PENDING_TEMPLATE_FILLER,
-                        pendingTemplate, new GenPendingTemplateFiller()));
-        mTemplates.put(
-                ICMSRequest.SVC_PENDING,
-                new CMSLoadTemplate(
-                        PROP_SVC_PENDING_TEMPLATE, PROP_SVC_PENDING_TEMPLATE_FILLER,
-                        svcpendingTemplate, new GenSvcPendingTemplateFiller()));
-        mTemplates.put(
-                ICMSRequest.REJECTED,
-                new CMSLoadTemplate(
-                        PROP_REJECTED_TEMPLATE, PROP_REJECTED_TEMPLATE_FILLER,
-                        rejectedTemplate, new GenRejectedTemplateFiller()));
-        mTemplates.put(
-                ICMSRequest.ERROR,
-                new CMSLoadTemplate(
-                        PROP_ERROR_TEMPLATE, PROP_ERROR_TEMPLATE_FILLER,
-                        errorTemplate, new GenErrorTemplateFiller()));
-        mTemplates.put(
-                ICMSRequest.EXCEPTION,
-                new CMSLoadTemplate(
-                        PROP_EXCEPTION_TEMPLATE, PROP_EXCEPTION_TEMPLATE_FILLER,
-                        unexpectedErrorTemplate, new GenUnexpectedErrorTemplateFiller()));
-    }
-
-    /**
-     * handy routine to check if client is navigator based on user-agent.
-     */
-    public static boolean clientIsNav(HttpServletRequest httpReq) {
-        String useragent = httpReq.getHeader("user-agent");
-
-        if (useragent.startsWith("Mozilla") &&
-                useragent.indexOf("MSIE") == -1)
-            return true;
-        return false;
-    }
-
-    /**
-     * handy routine to check if client is msie based on user-agent.
-     */
-    public static boolean clientIsMSIE(HttpServletRequest httpReq) {
-        String useragent = httpReq.getHeader("user-agent");
-
-        if (useragent != null && useragent.indexOf("MSIE") != -1)
-            return true;
-        return false;
-    }
-
-    /**
-     * handy routine to check if client is cartman based on hidden http input
-     * set using cartman JS. (no other way to tell)
-     */
-    private static String CMMF_RESPONSE = "cmmfResponse";
-
-    public static boolean doCMMFResponse(IArgBlock httpParams) {
-        if (httpParams.getValueAsBoolean(CMMF_RESPONSE, false))
-            return true;
-        else
-            return false;
-    }
-
-    private static final String IMPORT_CERT = "importCert";
-    private static final String IMPORT_CHAIN = "importCAChain";
-    private static final String IMPORT_CERT_MIME_TYPE = "importCertMimeType";
-    // default mime type
-    private static final String NS_X509_USER_CERT = "application/x-x509-user-cert";
-    private static final String NS_X509_EMAIL_CERT = "application/x-x509-email-cert";
-
-    // CMC mime types
-    public static final String SIMPLE_ENROLLMENT_REQUEST = "application/pkcs10";
-    public static final String SIMPLE_ENROLLMENT_RESPONSE = "application/pkcs7-mime";
-    public static final String FULL_ENROLLMENT_REQUEST = "application/pkcs7-mime";
-    public static final String FULL_ENROLLMENT_RESPONSE = "application/pkcs7-mime";
-
-    /**
-     * handy routine to check if client want full enrollment response
-     */
-    public static String FULL_RESPONSE = "fullResponse";
-
-    public static boolean doFullResponse(IArgBlock httpParams) {
-        if (httpParams.getValueAsBoolean(FULL_RESPONSE, false))
-            return true;
-        else
-            return false;
-    }
-
-    /**
-     * @return false if import cert directly set to false.
-     * @return true if import cert directly is true and import cert.
-     */
-    protected boolean checkImportCertToNav(
-            HttpServletResponse httpResp, IArgBlock httpParams, X509CertImpl cert)
-            throws EBaseException {
-        if (!httpParams.getValueAsBoolean(IMPORT_CERT, false)) {
-            return false;
-        }
-        boolean importCAChain =
-                httpParams.getValueAsBoolean(IMPORT_CHAIN, true);
-        // XXX Temporary workaround because of problem with passing Mime type
-        boolean emailCert =
-                httpParams.getValueAsBoolean("emailCert", false);
-        String importMimeType = (emailCert) ?
-                httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_EMAIL_CERT) :
-                httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT);
-
-        //		String importMimeType =
-        //			httpParams.getValueAsString(
-        //				IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT);
-        importCertToNav(httpResp, cert, importMimeType, importCAChain);
-        return true;
-    }
-
-    /**
-     * handy routine to import cert to old navigator in nav mime type.
-     */
-    public void importCertToNav(
-            HttpServletResponse httpResp, X509CertImpl cert,
-            String contentType, boolean importCAChain)
-            throws EBaseException {
-        ServletOutputStream out = null;
-        byte[] encoding = null;
-
-        CMS.debug("CMSServlet: importCertToNav " +
-                       "contentType=" + contentType + " " +
-                       "importCAChain=" + importCAChain);
-        try {
-            out = httpResp.getOutputStream();
-            // CA chain.
-            if (importCAChain) {
-                CertificateChain caChain = null;
-                X509Certificate[] caCerts = null;
-                PKCS7 p7 = null;
-
-                caChain = ((ICertAuthority) mAuthority).getCACertChain();
-                caCerts = caChain.getChain();
-
-                // set user + CA cert chain in pkcs7
-                X509CertImpl[] userChain =
-                        new X509CertImpl[caCerts.length + 1];
-
-                userChain[0] = cert;
-                int m = 1, n = 0;
-
-                for (; n < caCerts.length; m++, n++) {
-                    userChain[m] = (X509CertImpl) caCerts[n];
-
-                    /*
-                     System.out.println(
-                     m+"th Cert "+userChain[m].toString());
-                     */
-                }
-                p7 = new PKCS7(new AlgorithmId[0],
-                            new ContentInfo(new byte[0]),
-                            userChain,
-                            new SignerInfo[0]);
-                ByteArrayOutputStream bos = new ByteArrayOutputStream();
-
-                p7.encodeSignedData(bos, false);
-                encoding = bos.toByteArray();
-                CMS.debug("CMServlet: return P7 " + CMS.BtoA(encoding));
-            } else {
-                encoding = cert.getEncoded();
-                CMS.debug("CMServlet: return Certificate " + CMS.BtoA(encoding));
-            }
-            httpResp.setContentType(contentType);
-            out.write(encoding);
-        } catch (IOException e) {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_RET_CERT_IMPORT_ERR", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_ERROR_RETURNING_CERT"));
-        } catch (CertificateEncodingException e) {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_NO_ENCODED_IMP_CERT", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
-        }
-    }
-
-    protected static void saveAuthToken(IAuthToken token, IRequest req) {
-        if (token != null && req != null)
-            req.setExtData(IRequest.AUTH_TOKEN, token);
-
-        // # 56230 - expose auth token parameters to the policy predicate
-        if (token != null && req != null) {
-            Enumeration<String> e = token.getElements();
-            while (e.hasMoreElements()) {
-                String n = e.nextElement();
-                String[] x1 = token.getInStringArray(n);
-                if (x1 != null) {
-                    for (int i = 0; i < x1.length; i++) {
-                        CMS.debug("Setting " + IRequest.AUTH_TOKEN + "-" + n +
-                                "(" + i + ")=" + x1[i]);
-                        req.setExtData(IRequest.AUTH_TOKEN + "-" + n + "(" + i + ")",
-                                x1[i]);
-                    }
-                } else {
-                    String x = token.getInString(n);
-                    if (x != null) {
-                        CMS.debug("Setting " + IRequest.AUTH_TOKEN + "-" + n + "=" + x);
-                        req.setExtData(IRequest.AUTH_TOKEN + "-" + n, x);
-                    }
-                }
-            } // while
-        } // if
-    }
-
-    protected IAuthToken getAuthToken(IRequest req) {
-        return req.getExtDataInAuthToken(IRequest.AUTH_TOKEN);
-    }
-
-    protected static boolean connectionIsSSL(HttpServletRequest httpReq) {
-        return httpReq.isSecure();
-    }
-
-    /**
-     * handy routine for getting agent's relative path
-     */
-    protected String getRelPath(IAuthority authority) {
-        if (authority instanceof ICertificateAuthority)
-            return "ca/";
-        else if (authority instanceof IRegistrationAuthority)
-            return "ra/";
-        else if (authority instanceof IKeyRecoveryAuthority)
-            return "kra/";
-        else
-            return "/";
-    }
-
-    /**
-     * A system certificate such as the CA signing certificate
-     * should not be allowed to delete.
-     * The main purpose is to avoid revoking the self signed
-     * CA certificate accidentially.
-     */
-    protected boolean isSystemCertificate(BigInteger serialNo) {
-        if (!(mAuthority instanceof ICertificateAuthority)) {
-            return false;
-        }
-        X509Certificate caCert =
-                ((ICertificateAuthority) mAuthority).getCACert();
-        if (caCert != null) {
-            /* only check this if we are self-signed */
-            if (caCert.getSubjectDN().equals(caCert.getIssuerDN())) {
-                if (caCert.getSerialNumber().equals(serialNo)) {
-                    return true;
-                }
-            }
-        }
-        return false;
-    }
-
-    /**
-     * make a CRL entry from a serial number and revocation reason.
-     *
-     * @return a RevokedCertImpl that can be entered in a CRL.
-     */
-    protected RevokedCertImpl formCRLEntry(
-            BigInteger serialNo, RevocationReason reason)
-            throws EBaseException {
-        CRLReasonExtension reasonExt = new CRLReasonExtension(reason);
-        CRLExtensions crlentryexts = new CRLExtensions();
-
-        try {
-            crlentryexts.set(CRLReasonExtension.NAME, reasonExt);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_CRL_REASON", reason.toString(), e.toString()));
-            throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON"));
-        }
-        RevokedCertImpl crlentry =
-                new RevokedCertImpl(serialNo, CMS.getCurrentDate(), crlentryexts);
-
-        return crlentry;
-    }
-
-    /**
-     * check if a certificate (serial number) is revoked on a CA.
-     *
-     * @return true if cert is marked revoked in the CA's database.
-     * @return false if cert is not marked revoked.
-     */
-    protected boolean certIsRevoked(BigInteger serialNum)
-            throws EBaseException {
-        ICertRecord certRecord = getCertRecord(serialNum);
-
-        if (certRecord == null) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_BAD_CERT_SER_NUM", String.valueOf(serialNum)));
-            throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_INVALID_CERT"));
-        }
-        if (certRecord.getStatus().equals(ICertRecord.STATUS_REVOKED))
-            return true;
-        return false;
-    }
-
-    public static String generateSalt() {
-        Random rnd = new Random();
-        String salt = new Integer(rnd.nextInt()).toString();
-        return salt;
-    }
-
-    protected String hashPassword(String pwd) {
-        String salt = generateSalt();
-        byte[] pwdDigest = mSHADigest.digest((salt + pwd).getBytes());
-        String b64E = Utils.base64encode(pwdDigest);
-
-        return "{SHA}" + salt + ";" + b64E;
-    }
-
-    /**
-     * @param req http servlet request
-     * @param realpathFile the file to get.
-     * @param locale array of at least one to be filled with locale found.
-     */
-    public static File getLangFile(
-            HttpServletRequest req, File realpathFile, Locale[] locale)
-            throws IOException {
-        File file = null;
-        String acceptLang = req.getHeader("accept-language");
-
-        if (acceptLang != null && !acceptLang.equals("")) {
-            StringTokenizer tokenizer = new StringTokenizer(acceptLang, ",");
-            int numLangs = tokenizer.countTokens();
-
-            if (numLangs > 0) {
-                // languages are searched in order.
-                String parent = realpathFile.getParent();
-
-                if (parent == null) {
-                    parent = "." + File.separatorChar;
-                }
-                String name = realpathFile.getName();
-
-                if (name == null) { // filename should never be null.
-                    throw new IOException("file has no name");
-                }
-                int i;
-
-                for (i = 0; i < numLangs; i++) {
-                    String lang = null;
-                    String token = tokenizer.nextToken();
-
-                    int semicolon = token.indexOf(';');
-
-                    if (semicolon == -1) {
-                        lang = token.trim();
-                    } else {
-                        if (semicolon < 2)
-                            continue; // protocol error.
-                        lang = token.substring(0, semicolon).trim();
-                    }
-                    // if browser locale is the same as default locale,
-                    // use the default form. (is this the right thing to do ?)
-                    Locale l = getLocale(lang);
-
-                    if (Locale.getDefault().equals(l)) {
-                        locale[0] = l;
-                        file = realpathFile;
-                        break;
-                    }
-
-                    String langfilepath =
-                            parent + File.separatorChar +
-                                    lang + File.separatorChar + name;
-
-                    file = new File(langfilepath);
-                    if (file.exists()) {
-                        locale[0] = getLocale(lang);
-                        break;
-                    }
-                }
-                // if no file for lang was found use default
-                if (i == numLangs) {
-                    file = realpathFile;
-                    locale[0] = Locale.getDefault();
-                }
-            }
-        } else {
-            // use default if accept-language is not availabe
-            file = realpathFile;
-            locale[0] = Locale.getDefault();
-        }
-        return file;
-    }
-
-    public static Locale getLocale(String lang) {
-        int dash = lang.indexOf('-');
-
-        if (dash == -1)
-            return new Locale(lang, "");
-        else
-            return new Locale(lang.substring(0, dash), lang.substring(dash + 1));
-    }
-
-    public IAuthToken authenticate(CMSRequest req)
-            throws EBaseException {
-        return authenticate(req, mAuthMgr);
-    }
-
-    public IAuthToken authenticate(HttpServletRequest httpReq)
-            throws EBaseException {
-        return authenticate(httpReq, mAuthMgr);
-    }
-
-    public IAuthToken authenticate(CMSRequest req, String authMgrName)
-            throws EBaseException {
-        IAuthToken authToken = authenticate(req.getHttpReq(),
-                authMgrName);
-
-        saveAuthToken(authToken, req.getIRequest());
-        return authToken;
-    }
-
-    /**
-     * Authentication
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication fails (in case of SSL-client auth, only
-     * webserver env can pick up the SSL violation; CS authMgr can pick up cert mis-match, so this event is used)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication succeeded
-     * </ul>
-     *
-     * @exception EBaseException an error has occurred
-     */
-    public IAuthToken authenticate(HttpServletRequest httpReq, String authMgrName)
-            throws EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = ILogger.UNIDENTIFIED;
-        String auditAuthMgrID = ILogger.UNIDENTIFIED;
-        String auditUID = ILogger.UNIDENTIFIED;
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            String getClientCert = mGetClientCert;
-
-            IArgBlock httpArgs = CMS.createArgBlock(toHashtable(httpReq));
-            SessionContext ctx = SessionContext.getContext();
-            String ip = httpReq.getRemoteAddr();
-            CMS.debug("IP: " + ip);
-
-            if (ip != null) {
-                ctx.put(SessionContext.IPADDRESS, ip);
-            }
-            if (authMgrName != null) {
-                CMS.debug("AuthMgrName: " + authMgrName);
-                ctx.put(SessionContext.AUTH_MANAGER_ID, authMgrName);
-            }
-            // put locale into session context
-            ctx.put(SessionContext.LOCALE, getLocale(httpReq));
-
-            //
-            // check ssl client authentication if specified.
-            //
-            X509Certificate clientCert = null;
-
-            if (getClientCert != null && getClientCert.equals("true")) {
-                CMS.debug("CMSServlet: retrieving SSL certificate");
-                clientCert = getSSLClientCertificate(httpReq);
-            }
-
-            //
-            // check authentication by auth manager if any.
-            //
-            if (authMgrName == null) {
-
-                // Fixed Blackflag Bug #613900:  Since this code block does
-                // NOT actually constitute an authentication failure, but
-                // rather the case in which a given servlet has been correctly
-                // configured to NOT require an authentication manager, the
-                // audit message called LOGGING_SIGNED_AUDIT_AUTH_FAIL has
-                // been removed.
-
-                CMS.debug("CMSServlet: no authMgrName");
-                return null;
-            } else {
-                // save the "Subject DN" of this certificate in case it
-                // must be audited as an authentication failure
-                if (clientCert == null) {
-                    CMS.debug("CMSServlet: no client certificate found");
-                } else {
-                    String certUID = clientCert.getSubjectDN().getName();
-                    CMS.debug("CMSServlet: certUID=" + certUID);
-
-                    if (certUID != null) {
-                        certUID = certUID.trim();
-
-                        if (!(certUID.equals(""))) {
-                            // reset the "auditUID"
-                            auditUID = certUID;
-                        }
-                    }
-                }
-
-                // reset the "auditAuthMgrID"
-                auditAuthMgrID = authMgrName;
-            }
-            AuthToken authToken = CMSGateway.checkAuthManager(httpReq,
-                    httpArgs,
-                    clientCert,
-                    authMgrName);
-            if (authToken == null) {
-                return null;
-            }
-            String userid = authToken.getInString(IAuthToken.USER_ID);
-
-            CMS.debug("CMSServlet: userid=" + userid);
-
-            if (userid != null) {
-                ctx.put(SessionContext.USER_ID, userid);
-            }
-
-            // reset the "auditSubjectID"
-            auditSubjectID = auditSubjectID();
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_AUTH_SUCCESS,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditAuthMgrID);
-
-            audit(auditMessage);
-
-            return authToken;
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_AUTH_FAIL,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditAuthMgrID,
-                        auditUID);
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        }
-    }
-
-    public AuthzToken authorize(String authzMgrName, String resource, IAuthToken authToken,
-            String exp) throws EBaseException {
-        AuthzToken authzToken = null;
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditGroupID = auditGroupID();
-        String auditACLResource = resource;
-        String auditOperation = "enroll";
-
-        try {
-            authzToken = mAuthz.authorize(authzMgrName, authToken, exp);
-            if (authzToken != null) {
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditACLResource,
-                            auditOperation);
-
-                audit(auditMessage);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditGroupID);
-
-                audit(auditMessage);
-            } else {
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditACLResource,
-                            auditOperation);
-
-                audit(auditMessage);
-
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditGroupID);
-
-                audit(auditMessage);
-            }
-            return authzToken;
-        } catch (Exception e) {
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditACLResource,
-                        auditOperation);
-
-            audit(auditMessage);
-
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditGroupID);
-
-            audit(auditMessage);
-            throw new EBaseException(e.toString());
-        }
-    }
-
-    /**
-     * Authorize must occur after Authenticate
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization has failed
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization is successful
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a role (in current CS that's when one
-     * accesses a role port)
-     * </ul>
-     *
-     * @param authzMgrName string representing the name of the authorization
-     *            manager
-     * @param authToken the authentication token
-     * @param resource a string representing the ACL resource id as defined in
-     *            the ACL resource list
-     * @param operation a string representing one of the operations as defined
-     *            within the ACL statement (e. g. - "read" for an ACL statement containing
-     *            "(read,write)")
-     * @exception EBaseException an error has occurred
-     * @return the authorization token
-     */
-    public AuthzToken authorize(String authzMgrName, IAuthToken authToken,
-            String resource, String operation)
-            throws EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditGroupID = auditGroupID();
-        String auditID = auditSubjectID;
-        String auditACLResource = resource;
-        String auditOperation = operation;
-
-        SessionContext auditContext = SessionContext.getExistingContext();
-        String authManagerId = null;
-
-        if (auditContext != null) {
-            authManagerId = (String) auditContext.get(SessionContext.AUTH_MANAGER_ID);
-
-            if (authManagerId != null && authManagerId.equals("TokenAuth")) {
-                if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
-                        auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
-                    CMS.debug("CMSServlet: in authorize... TokenAuth auditSubjectID unavailable, changing to auditGroupID");
-                    auditID = auditGroupID;
-                }
-            }
-        }
-
-        // "normalize" the "auditACLResource" value
-        if (auditACLResource != null) {
-            auditACLResource = auditACLResource.trim();
-        }
-
-        // "normalize" the "auditOperation" value
-        if (auditOperation != null) {
-            auditOperation = auditOperation.trim();
-        }
-
-        if (authzMgrName == null) {
-            // Fixed Blackflag Bug #613900:  Since this code block does
-            // NOT actually constitute an authorization failure, but
-            // rather the case in which a given servlet has been correctly
-            // configured to NOT require an authorization manager, the
-            // audit message called LOGGING_SIGNED_AUDIT_AUTHZ_FAIL and
-            // the audit message called LOGGING_SIGNED_AUDIT_ROLE_ASSUME
-            // (marked as a failure) have been removed.
-
-            return null;
-        }
-
-        try {
-            AuthzToken authzTok = mAuthz.authorize(authzMgrName,
-                    authToken,
-                    resource,
-                    operation);
-
-            if (authzTok != null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditACLResource,
-                            auditOperation);
-
-                audit(auditMessage);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
-                            auditID,
-                            ILogger.SUCCESS,
-                            auditGroups(auditSubjectID));
-
-                audit(auditMessage);
-            } else {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditACLResource,
-                            auditOperation);
-
-                audit(auditMessage);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
-                            auditID,
-                            ILogger.FAILURE,
-                            auditGroups(auditSubjectID));
-
-                audit(auditMessage);
-            }
-
-            return authzTok;
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditACLResource,
-                        auditOperation);
-
-            audit(auditMessage);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
-                        auditID,
-                        ILogger.FAILURE,
-                        auditGroups(auditSubjectID));
-
-            audit(auditMessage);
-
-            return null;
-        } catch (Exception eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditACLResource,
-                        auditOperation);
-
-            audit(auditMessage);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditGroups(auditSubjectID));
-
-            audit(auditMessage);
-
-            return null;
-        }
-    }
-
-    /**
-     * Signed Audit Log
-     *
-     * This method is inherited by all extended "CMSServlet"s,
-     * and is called to store messages to the signed audit log.
-     * <P>
-     *
-     * @param msg signed audit log message
-     */
-    protected void audit(String msg) {
-        // in this case, do NOT strip preceding/trailing whitespace
-        // from passed-in String parameters
-
-        if (mSignedAuditLogger == null) {
-            return;
-        }
-
-        mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-                null,
-                ILogger.S_SIGNED_AUDIT,
-                ILogger.LL_SECURITY,
-                msg);
-    }
-
-    /**
-     * Signed Audit Log Subject ID
-     *
-     * This method is inherited by all extended "CMSServlet"s,
-     * and is called to obtain the "SubjectID" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @return id string containing the signed audit log message SubjectID
-     */
-    protected String auditSubjectID() {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        CMS.debug("CMSServlet: in auditSubjectID");
-        String subjectID = null;
-
-        // Initialize subjectID
-        SessionContext auditContext = SessionContext.getExistingContext();
-
-        CMS.debug("CMSServlet: auditSubjectID auditContext " + auditContext);
-        if (auditContext != null) {
-            subjectID = (String)
-                    auditContext.get(SessionContext.USER_ID);
-
-            CMS.debug("CMSServlet auditSubjectID: subjectID: " + subjectID);
-            if (subjectID != null) {
-                subjectID = subjectID.trim();
-            } else {
-                subjectID = ILogger.NONROLEUSER;
-            }
-        } else {
-            subjectID = ILogger.UNIDENTIFIED;
-        }
-
-        return subjectID;
-    }
-
-    /**
-     * Signed Audit Log Group ID
-     *
-     * This method is inherited by all extended "CMSServlet"s,
-     * and is called to obtain the "gid" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @return id string containing the signed audit log message SubjectID
-     */
-    protected String auditGroupID() {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        CMS.debug("CMSServlet: in auditGroupID");
-        String groupID = null;
-
-        // Initialize groupID
-        SessionContext auditContext = SessionContext.getExistingContext();
-
-        CMS.debug("CMSServlet: auditGroupID auditContext " + auditContext);
-        if (auditContext != null) {
-            groupID = (String)
-                    auditContext.get(SessionContext.GROUP_ID);
-
-            CMS.debug("CMSServlet auditGroupID: groupID: " + groupID);
-            if (groupID != null) {
-                groupID = groupID.trim();
-            } else {
-                groupID = ILogger.NONROLEUSER;
-            }
-        } else {
-            groupID = ILogger.UNIDENTIFIED;
-        }
-
-        return groupID;
-    }
-
-    /**
-     * Signed Audit Groups
-     *
-     * This method is called to extract all "groups" associated
-     * with the "auditSubjectID()".
-     * <P>
-     *
-     * @param SubjectID string containing the signed audit log message SubjectID
-     * @return a delimited string of groups associated
-     *         with the "auditSubjectID()"
-     */
-    private String auditGroups(String SubjectID) {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        if ((SubjectID == null) ||
-                (SubjectID.equals(ILogger.UNIDENTIFIED))) {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        Enumeration<IGroup> groups = null;
-
-        try {
-            groups = mUG.findGroups("*");
-        } catch (Exception e) {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        StringBuffer membersString = new StringBuffer();
-
-        while (groups.hasMoreElements()) {
-            IGroup group = groups.nextElement();
-
-            if (group.isMember(SubjectID) == true) {
-                if (membersString.length() != 0) {
-                    membersString.append(", ");
-                }
-
-                membersString.append(group.getGroupID());
-            }
-        }
-
-        if (membersString.length() != 0) {
-            return membersString.toString();
-        } else {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader(HDR_LANG);
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                        UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-
-    protected void outputResult(HttpServletResponse httpResp,
-            String contentType, byte[] content) {
-        try {
-            OutputStream os = httpResp.getOutputStream();
-
-            httpResp.setContentType(contentType);
-            httpResp.setContentLength(content.length);
-            os.write(content);
-            os.flush();
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
-            return;
-        }
-    }
-
-    protected void outputError(HttpServletResponse httpResp, String errorString) {
-        outputError(httpResp, FAILURE, errorString, null);
-    }
-
-    protected void outputError(HttpServletResponse httpResp, String errorString, String requestId) {
-        outputError(httpResp, FAILURE, errorString, null);
-    }
-
-    protected void outputError(HttpServletResponse httpResp, String status, String errorString, String requestId) {
-        XMLObject xmlObj = null;
-        try {
-            xmlObj = new XMLObject();
-            Node root = xmlObj.createRoot("XMLResponse");
-            xmlObj.addItemToContainer(root, "Status", status);
-            xmlObj.addItemToContainer(root, "Error", errorString);
-            if (requestId != null) {
-                xmlObj.addItemToContainer(root, "RequestId", requestId);
-            }
-            byte[] cb = xmlObj.toByteArray();
-
-            OutputStream os = httpResp.getOutputStream();
-            httpResp.setContentType("application/xml");
-            httpResp.setContentLength(cb.length);
-            os.write(cb);
-            os.flush();
-            return;
-        } catch (Exception ee) {
-            CMS.debug("Failed to send XML output to the server.");
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", ee.toString()));
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java b/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
deleted file mode 100644
index 8e3a4b5ba..000000000
--- a/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
+++ /dev/null
@@ -1,127 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.base;
-
-import java.io.File;
-import java.io.IOException;
-import java.io.PrintWriter;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.cms.realm.PKIRealm;
-import com.netscape.cms.tomcat.ProxyRealm;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * This servlet is started by the web server at startup, and
- * it starts the CMS framework.
- *
- * @version $Revision$, $Date$
- */
-public class CMSStartServlet extends HttpServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 515623839479425172L;
-    public final static String PROP_CMS_CFG = "cfgPath";
-
-    public void init(ServletConfig config) throws ServletException {
-        super.init(config);
-        String path = config.getInitParameter(PROP_CMS_CFG);
-
-        File f = new File(path);
-        String old_path = "";
-        if (!f.exists()) {
-            int index = path.lastIndexOf("CS.cfg");
-            if (index != -1) {
-                old_path = path.substring(0, index) + "CMS.cfg";
-            }
-            File f1 = new File(old_path);
-            if (f1.exists()) {
-                // The following block of code moves "CMS.cfg" to "CS.cfg".
-                try {
-                    if (Utils.isNT()) {
-                        // NT is very picky on the path
-                        Utils.exec("copy " +
-                                    f1.getAbsolutePath().replace('/', '\\') +
-                                    " " +
-                                    f.getAbsolutePath().replace('/', '\\'));
-                    } else {
-                        // Create a copy of the original file which
-                        // preserves the original file permissions.
-                        Utils.exec("cp -p " + f1.getAbsolutePath() + " " +
-                                    f.getAbsolutePath());
-                    }
-
-                    // Remove the original file if and only if
-                    // the backup copy was successful.
-                    if (f.exists()) {
-                        if (!f1.delete()) {
-                            CMS.debug("CMSStartServlet: init: Cannot delete file : " + old_path);
-                        }
-
-                        // Make certain that the new file has
-                        // the correct permissions.
-                        if (!Utils.isNT()) {
-                            Utils.exec("chmod 00660 " + f.getAbsolutePath());
-                        }
-                    }
-                } catch (Exception e) {
-                }
-            }
-        }
-
-        try {
-            CMS.start(path);
-        } catch (EBaseException e) {
-        }
-
-        // Register realm for this subsystem
-        String context = getServletContext().getContextPath();
-        if (context.startsWith("/")) context = context.substring(1);
-        ProxyRealm.registerRealm(context, new PKIRealm());
-    }
-
-    public void doGet(HttpServletRequest req, HttpServletResponse res)
-            throws ServletException, IOException {
-        res.setContentType("text/html");
-
-        PrintWriter out = res.getWriter();
-
-        out.print("<html>");
-        out.print("<head><title>CMS is started!</title></head>");
-        out.print("<body>");
-        out.print("<h1>CMS is started!</h1>");
-        out.print("</body></html>");
-    }
-
-    public String getServletInfo() {
-        return "CMS startup servlet";
-    }
-
-    public void destroy() {
-        CMS.shutdown();
-        super.destroy();
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java b/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java
deleted file mode 100644
index 52b1258eb..000000000
--- a/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java
+++ /dev/null
@@ -1,96 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.base;
-
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * This is the servlet that displays the html page for the corresponding input id.
- *
- * @version $Revision$, $Date$
- */
-public class DisplayHtmlServlet extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = -4343458180370708327L;
-    public final static String PROP_TEMPLATE = "template";
-    public final static String PROP_HTML_PATH = "htmlPath";
-
-    private String mHTMLPath = null;
-
-    public DisplayHtmlServlet() {
-        super();
-    }
-
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mHTMLPath = sc.getInitParameter(PROP_HTML_PATH);
-        mTemplates.remove(ICMSRequest.SUCCESS);
-    }
-
-    /**
-     * Serves HTTP request.
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        CMS.debug("DisplayHtmlServlet about to service ");
-        authenticate(cmsReq);
-        try {
-            String realpath =
-                    mServletConfig.getServletContext().getRealPath("/" + mHTMLPath);
-
-            if (realpath == null) {
-                mLogger.log(
-                        ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", mHTMLPath));
-                throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-            }
-            File file = new File(realpath);
-            long flen = file.length();
-            byte[] bin = new byte[(int) flen];
-            FileInputStream ins = new FileInputStream(file);
-
-            int len = 0;
-            if (ins.available() > 0) {
-                len = ins.read(bin);
-            }
-            ByteArrayOutputStream bos = new ByteArrayOutputStream();
-            bos.write(bin, 0, len);
-            bos.writeTo(cmsReq.getHttpResp().getOutputStream());
-            ins.close();
-            bos.close();
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", mHTMLPath, e.toString()));
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java b/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java
deleted file mode 100644
index 357c901c3..000000000
--- a/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java
+++ /dev/null
@@ -1,332 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.base;
-
-import java.io.IOException;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.StringTokenizer;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthMgrPlugin;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-
-/**
- * Return some javascript to the request which contains the list of
- * dynamic data in the CMS system.
- * <p>
- * This allows the requestor (browser) to make decisions about what to present in the UI, depending on how CMS is
- * configured
- *
- * @version $Revision$, $Date$
- */
-public class DynamicVariablesServlet extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 7246774978153039460L;
-    public final static String PROP_ACCESS = "ServletAccess";
-    public final static String PROP_AUTHMGR = "AuthMgr";
-    public final static String PROP_CLIENTAUTH = "GetClientCert";
-
-    public final static String PROP_AUTHORITY = "authority";
-    public final static String PROP_CLONING = "cloning";
-
-    private final static String INFO = "dynamicVariables";
-
-    private static final String PROP_DYNVAR = "dynamicVariables";
-    private static final String PROP_CRLURL = "cloneMasterCrlUrl";
-    private static final String VAR_SERVERDATE_STRING = "serverdate()";
-    private static final Integer VAR_SERVERDATE = Integer.valueOf(1);
-
-    private static final String VAR_SUBSYSTEMNAME_STRING = "subsystemname()";
-    private static final Integer VAR_SUBSYSTEMNAME = Integer.valueOf(2);
-    private String VAR_SUBSYSTEMNAME_VALUE = null;
-
-    private static final String VAR_HTTP_STRING = "http()";
-    private static final Integer VAR_HTTP = Integer.valueOf(3);
-
-    private static final String VAR_AUTHMGRS_STRING = "authmgrs()";
-    private static final Integer VAR_AUTHMGRS = Integer.valueOf(4);
-
-    private static final String VAR_CLA_CRL_URL_STRING = "clacrlurl()";
-    private static final Integer VAR_CLA_CRL_URL = Integer.valueOf(6);
-
-    private String mAuthMgrCacheString = "";
-    private long mAuthMgrCacheTime = 0;
-    private final int AUTHMGRCACHE = 10; //number of seconds to cache list of
-    // authmanagers for
-    private Hashtable<Integer, String> dynvars = null;
-    @SuppressWarnings("unused")
-    private String mGetClientCert = "false";
-    private String mAuthMgr = null;
-
-    @SuppressWarnings("unused")
-    private ServletConfig mServletCfg;
-    private ServletContext mServletCtx = null;
-    private static String mCrlurl = "";
-    static {
-        IConfigStore config = CMS.getConfigStore().getSubStore(PROP_CLONING);
-
-        try {
-            mCrlurl =
-                    config.getString(PROP_CRLURL, "");
-        } catch (EBaseException e) {
-        }
-    }
-
-    public DynamicVariablesServlet() {
-        super();
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Reads the following variables from the servlet config:
-     * <ul>
-     * <li><strong>AuthMgr</strong> - the authentication manager to use to authenticate the request
-     * <li><strong>GetClientCert</strong> - whether to request client auth for this request
-     * <li><strong>authority</strong> - the authority (ca, ra, drm) to return to the client
-     * <li><strong>dynamicVariables</strong> - a string of the form:
-     * serverdate=serverdate(),subsystemname=subsystemname(), http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl()
-     * </ul>
-     * The dynamicVariables string is parsed by splitting on commas.
-     * When services, the HTTP request provides a piece of javascript
-     * code as follows.
-     * <p>
-     * Each sub expression "lhs=rhs()" forms a javascript statement of the form <i>lhs=xxx;</i> Where lhs is xxx is the
-     * result of 'evaluating' the rhs. The possible values for the rhs() function are:
-     * <ul>
-     * <li><strong>serverdate()</strong> - the timestamp of the server (used to ensure that the client clock is set
-     * correctly)
-     * <li><strong>subsystemname()</strong>
-     * <li><strong>http()</strong> - "true" or "false" - is this an http connection (as opposed to https)
-     * <li>authmgrs() - a comma separated list of authentication managers
-     * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA. This is defined in the CMS
-     * configuration parameter 'cloning.cloneMasterCrlUrl'
-     * </ul>
-     *
-     * @see javax.servlet.Servlet#init(ServletConfig)
-     */
-
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mAuthMgr = sc.getInitParameter(PROP_AUTHMGR);
-        mGetClientCert = sc.getInitParameter(PROP_CLIENTAUTH);
-        mServletCfg = sc;
-
-        mServletCtx = sc.getServletContext();
-
-        VAR_SUBSYSTEMNAME_VALUE = sc.getInitParameter(PROP_AUTHORITY);
-
-        try {
-            String dynvarconfig = sc.getInitParameter(PROP_DYNVAR);
-            StringTokenizer s = new StringTokenizer(dynvarconfig, ",");
-
-            dynvars = new Hashtable<Integer, String>();
-
-            while (s.hasMoreTokens()) {
-                String token = s.nextToken();
-
-                int i = token.indexOf('=');
-                String varname = token.substring(0, i);
-                String varvalue = token.substring(i + 1);
-
-                Integer varcode = null;
-
-                if (varvalue.equalsIgnoreCase(VAR_SERVERDATE_STRING)) {
-                    varcode = VAR_SERVERDATE;
-                } else if (varvalue.equalsIgnoreCase(VAR_SUBSYSTEMNAME_STRING)) {
-                    varcode = VAR_SUBSYSTEMNAME;
-                } else if (varvalue.equalsIgnoreCase(VAR_HTTP_STRING)) {
-                    varcode = VAR_HTTP;
-                } else if (varvalue.equalsIgnoreCase(VAR_AUTHMGRS_STRING)) {
-                    varcode = VAR_AUTHMGRS;
-                } else if (varvalue.equalsIgnoreCase(VAR_CLA_CRL_URL_STRING)) {
-                    varcode = VAR_CLA_CRL_URL;
-                } else {
-                    throw new ServletException("bad configuration parameter in " + PROP_DYNVAR);
-                }
-                if (varcode != null) {
-                    dynvars.put(varcode, varname);
-                }
-            }
-        } catch (Exception e) {
-            dynvars = null;
-        }
-    }
-
-    public void service(HttpServletRequest httpReq,
-            HttpServletResponse httpResp)
-            throws ServletException, IOException {
-        boolean running_state = CMS.isInRunningState();
-
-        if (!running_state)
-            throw new IOException(
-                    "CMS server is not ready to serve.");
-
-        if (mAuthMgr != null) {
-            try {
-                authenticate(httpReq);
-            } catch (EBaseException e) {
-                mServletCtx.log(CMS.getLogMessage("CMSGW_FILE_NO_ACCESS", e.toString()));
-                httpResp.sendError(HttpServletResponse.SC_FORBIDDEN);
-                return;
-            }
-        }
-
-        httpResp.setContentType("application/x-javascript");
-        httpResp.setHeader("Pragma", "no-cache");
-
-        try {
-            ServletOutputStream os = httpResp.getOutputStream();
-
-            if (os != null) {
-                if (dynvars != null) {
-                    Enumeration<Integer> k = dynvars.keys();
-
-                    while (k.hasMoreElements()) {
-                        String toBeWritten;
-                        Integer varcode = k.nextElement();
-
-                        if (varcode.equals(VAR_SERVERDATE)) {
-                            toBeWritten = dynvars.get(varcode) +
-                                    "=" +
-                                    getServerDate() +
-                                    ";\n";
-
-                            os.print(toBeWritten);
-                        }
-
-                        if (varcode.equals(VAR_SUBSYSTEMNAME)) {
-                            if (getSubsystemName() != null) {
-                                toBeWritten = dynvars.get(varcode) +
-                                        "=" + "\"" +
-                                        getSubsystemName() + "\"" +
-                                        ";\n";
-                                os.print(toBeWritten);
-                            }
-                        }
-
-                        if (varcode.equals(VAR_HTTP)) {
-                            if (getHttp(httpReq) != null) {
-                                toBeWritten = dynvars.get(varcode) +
-                                        "=" + "\"" +
-                                        getHttp(httpReq) + "\"" +
-                                        ";\n";
-                                os.print(toBeWritten);
-                            }
-                        }
-
-                        if (varcode.equals(VAR_CLA_CRL_URL)) {
-                            if (getImportCrlUrl() != null) {
-                                toBeWritten = dynvars.get(varcode) +
-                                        "=" + "\"" +
-                                        getImportCrlUrl() + "\"" +
-                                        ";\n";
-                                os.print(toBeWritten);
-                            }
-                        }
-
-                        if (varcode.equals(VAR_AUTHMGRS)) {
-                            toBeWritten = "";
-                            IAuthSubsystem as = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-                            Enumeration<IAuthManager> ame = as.getAuthManagers();
-
-                            Date d = CMS.getCurrentDate();
-                            long now = d.getTime();
-
-                            if (now > (mAuthMgrCacheTime + 1000 * AUTHMGRCACHE)) {
-                                int i = 0;
-
-                                StringBuffer sb = new StringBuffer();
-                                while (ame.hasMoreElements()) {
-                                    IAuthManager am = ame.nextElement();
-                                    String amName = am.getImplName();
-
-                                    AuthMgrPlugin ap = as.getAuthManagerPluginImpl(amName);
-
-                                    if (ap.isVisible()) {
-                                        sb.append("authmanager[");
-                                        sb.append(i);
-                                        sb.append("]=\"");
-                                        sb.append(amName);
-                                        sb.append("\";\n");
-                                        i++;
-                                    }
-                                }
-                                toBeWritten = sb.toString();
-                                mAuthMgrCacheString = toBeWritten;
-                                mAuthMgrCacheTime = now;
-                            } else {
-                                toBeWritten = mAuthMgrCacheString;
-                            }
-                            if (toBeWritten.length() != 0) {
-                                os.print("authmanager = new Array();\n");
-                                os.print(toBeWritten);
-                            }
-                        }
-
-                    }
-                }
-                os.close();
-            }
-
-        } catch (IOException e) {
-            throw new ServletException("couldn't get outputstream");
-        }
-    }
-
-    private String getServerDate() {
-        Date d = new Date();
-        String now = Long.toString(d.getTime());
-
-        return now;
-    }
-
-    private String getSubsystemName() {
-        return VAR_SUBSYSTEMNAME_VALUE;
-    }
-
-    private String getHttp(HttpServletRequest httpReq) {
-        if (httpReq.isSecure())
-            return "false";
-        else
-            return "true";
-    }
-
-    private String getImportCrlUrl() {
-        return mCrlurl;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/base/GetStats.java b/base/common/src/com/netscape/cms/servlet/base/GetStats.java
deleted file mode 100644
index 5fbed7bbc..000000000
--- a/base/common/src/com/netscape/cms/servlet/base/GetStats.java
+++ /dev/null
@@ -1,185 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.base;
-
-import java.io.IOException;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.util.IStatsSubsystem;
-import com.netscape.certsrv.util.StatsEvent;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Retrieve information.
- *
- * @version $Revision$, $Date$
- */
-public class GetStats extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = -3336253558044271816L;
-    private final static String TPL_FILE = "getStats.template";
-    private String mFormPath = null;
-
-    public GetStats() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template
-     * file "getOCSPInfo.template" to render the result page.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        // override success to display own output.
-
-        // coming from agent
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-    }
-
-    /**
-     * Process the HTTP request.
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq)
-            throws EBaseException {
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "read");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, httpReq, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
-        StatsEvent st = statsSub.getMainStatsEvent();
-
-        String op = httpReq.getParameter("op");
-        if (op != null && op.equals("clear")) {
-            statsSub.resetCounters();
-        }
-
-        header.addStringValue("startTime", statsSub.getStartTime().toString());
-        header.addStringValue("curTime", (new Date()).toString());
-        parse(argSet, st, 0);
-
-        try {
-            ServletOutputStream out = httpResp.getOutputStream();
-
-            httpResp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-        }
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-        return;
-    }
-
-    public String getSep(int level) {
-        StringBuffer s = new StringBuffer();
-        for (int i = 0; i < level; i++) {
-            s.append("-");
-        }
-        return s.toString();
-    }
-
-    public void parse(CMSTemplateParams argSet, StatsEvent st, int level) {
-        Enumeration<String> names = st.getSubEventNames();
-        while (names.hasMoreElements()) {
-            String name = names.nextElement();
-            StatsEvent subSt = st.getSubEvent(name);
-
-            IArgBlock rarg = CMS.createArgBlock();
-            rarg.addStringValue("name", getSep(level) + " " + subSt.getName());
-            rarg.addLongValue("noOfOp", subSt.getNoOfOperations());
-            rarg.addLongValue("timeTaken", subSt.getTimeTaken());
-            rarg.addLongValue("max", subSt.getMax());
-            rarg.addLongValue("min", subSt.getMin());
-            rarg.addLongValue("percentage", subSt.getPercentage());
-            rarg.addLongValue("avg", subSt.getAvg());
-            rarg.addLongValue("stddev", subSt.getStdDev());
-            argSet.addRepeatRecord(rarg);
-
-            parse(argSet, subSt, level + 1);
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java b/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java
deleted file mode 100644
index c81005b3b..000000000
--- a/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java
+++ /dev/null
@@ -1,111 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.base;
-
-import java.io.IOException;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.common.CMSGateway;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.ECMSGWException;
-import com.netscape.cms.servlet.common.IndexTemplateFiller;
-
-/**
- * This is the servlet that builds the index page in
- * various ports.
- *
- * @version $Revision$, $Date$
- */
-public class IndexServlet extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = -8632685610380549L;
-
-    public final static String PROP_TEMPLATE = "template";
-
-    private final static String INFO = "indexServlet";
-
-    private String mTemplateName = null;
-
-    public IndexServlet() {
-        super();
-    }
-
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mTemplateName = sc.getInitParameter(PROP_TEMPLATE);
-
-        /*
-         mTemplates.put(CMSRequest.SUCCESS,
-         new CMSLoadTemplate(
-         PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER,
-         mTemplateName, new IndexTemplateFiller()));
-         */
-        mTemplates.remove(ICMSRequest.SUCCESS);
-    }
-
-    public CMSRequest newCMSRequest() {
-        return new CMSRequest();
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Serves HTTP request.
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        if (CMSGateway.getEnableAdminEnroll() &&
-                mAuthority != null &&
-                mAuthority instanceof ICertificateAuthority) {
-            try {
-                cmsReq.getHttpResp().sendRedirect("/ca/adminEnroll.html");
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_FAIL_REDIRECT_ADMIN_ENROLL", e.toString()));
-                throw new ECMSGWException(
-                        CMS.getLogMessage("CMSGW_ERROR_REDIRECTING_ADMINENROLL1",
-                                e.toString()));
-            }
-            return;
-        } else {
-            try {
-                renderTemplate(
-                        cmsReq, mTemplateName, new IndexTemplateFiller());
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_FAIL_RENDER_TEMPLATE", mTemplateName, e.toString()));
-                throw new ECMSGWException(
-                        CMS.getLogMessage("CMSG_ERROR_DISPLAY_TEMPLATE"));
-            }
-        }
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/base/PKIService.java b/base/common/src/com/netscape/cms/servlet/base/PKIService.java
deleted file mode 100644
index 23e540f0e..000000000
--- a/base/common/src/com/netscape/cms/servlet/base/PKIService.java
+++ /dev/null
@@ -1,153 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.base;
-
-import java.lang.reflect.Method;
-import java.security.cert.CertificateEncodingException;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-
-import javax.ws.rs.FormParam;
-import javax.ws.rs.core.CacheControl;
-import javax.ws.rs.core.EntityTag;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.Request;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.ResponseBuilder;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.cert.CertData;
-import com.netscape.certsrv.logging.IAuditor;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * Base class for CMS RESTful resources
- *
- * @author alee
- *
- */
-public class PKIService {
-
-    public static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----";
-    public static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----";
-
-    // caching parameters
-    public static final int DEFAULT_LONG_CACHE_LIFETIME = 1000;
-
-    public ILogger logger = CMS.getLogger();
-    public IAuditor auditor = CMS.getAuditor();
-
-    public Response createOKResponse(Object object) {
-        return Response.ok(object).build();
-    }
-
-    public Response sendConditionalGetResponse(int ctime, Object object, Request request) {
-        CacheControl cc = new CacheControl();
-        cc.setMaxAge(ctime);
-        EntityTag tag = new EntityTag(Integer.toString(object.hashCode()));
-
-        ResponseBuilder builder = request.evaluatePreconditions(tag);
-        if (builder != null) {
-            builder.cacheControl(cc);
-            return builder.build();
-        }
-
-        builder = Response.ok(object);
-        builder.cacheControl(cc);
-        builder.tag(tag);
-        return builder.build();
-    }
-
-    public CertData createCertificateData(org.mozilla.jss.crypto.X509Certificate cert)
-            throws CertificateEncodingException {
-        CertData data = new CertData();
-        String b64 = HEADER + CMS.BtoA(cert.getEncoded()) + TRAILER;
-        data.setEncoded(b64);
-        return data;
-    }
-
-    public Locale getLocale(HttpHeaders headers) {
-
-        if (headers == null) return Locale.getDefault();
-
-        List<Locale> locales = headers.getAcceptableLanguages();
-        if (locales == null || locales.isEmpty()) return Locale.getDefault();
-
-        return locales.get(0);
-    }
-
-    public String getUserMessage(String messageId, HttpHeaders headers, String... params) {
-        return CMS.getUserMessage(getLocale(headers), messageId, params);
-    }
-
-    public void log(int source, int level, String message) {
-
-        if (logger == null) return;
-
-        logger.log(ILogger.EV_SYSTEM,
-                null,
-                source,
-                level,
-                getClass().getSimpleName() + ": " + message);
-    }
-
-    public void audit(String message, String scope, String type, String id, Map<String, String> params, String status) {
-
-        if (auditor == null) return;
-
-        String auditMessage = CMS.getLogMessage(
-                message,
-                auditor.getSubjectID(),
-                status,
-                auditor.getParamString(scope, type, id, params));
-
-        auditor.log(auditMessage);
-    }
-
-    /**
-     * Get the values of the fields annotated with @FormParam.
-     */
-    public Map<String, String> getParams(Object object) {
-
-        Map<String, String> map = new HashMap<String, String>();
-
-        // for each fields in the object
-        for (Method method : object.getClass().getMethods()) {
-            FormParam element = method.getAnnotation(FormParam.class);
-            if (element == null) continue;
-
-            String name = element.value();
-
-            try {
-                // get the value from the object
-                Object value = method.invoke(object);
-
-                // put the value in the map
-                map.put(name, value == null ? null : value.toString());
-
-            } catch (Exception e) {
-                // ignore inaccessible fields
-                e.printStackTrace();
-            }
-        }
-
-        return map;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java b/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java
deleted file mode 100644
index 4b1b48108..000000000
--- a/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java
+++ /dev/null
@@ -1,90 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.base;
-
-import java.io.IOException;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.w3c.dom.Node;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cmsutil.xml.XMLObject;
-
-/**
- * This servlet returns port information.
- *
- * @version $Revision$, $Date$
- */
-public class PortsServlet extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -3750153734073658934L;
-
-    public PortsServlet() {
-    }
-
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        // override these to output directly ourselves.
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        mTemplates.remove(ICMSRequest.ERROR);
-    }
-
-    /**
-     * Serves HTTP request.
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        // process query if authentication is successful
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        String secure = req.getParameter("secure");
-        String port = null;
-
-        if (secure.equals("true"))
-            port = CMS.getEESSLPort();
-        else
-            port = CMS.getEENonSSLPort();
-
-        try {
-            XMLObject xmlObj = null;
-            xmlObj = new XMLObject();
-
-            Node root = xmlObj.createRoot("XMLResponse");
-            xmlObj.addItemToContainer(root, "Status", SUCCESS);
-            xmlObj.addItemToContainer(root, "Port", port);
-            byte[] cb = xmlObj.toByteArray();
-            outputResult(resp, "application/xml", cb);
-        } catch (Exception e) {
-            CMS.debug("Failed to send the XML output");
-        }
-    }
-
-    protected void renderResult(CMSRequest cmsReq) throws IOException {
-        // do nothing, ie, it will not return the default javascript.
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java b/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java
deleted file mode 100644
index 315d330a9..000000000
--- a/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java
+++ /dev/null
@@ -1,247 +0,0 @@
-/* CMS_SDK_LICENSE_TEXT */
-
-package com.netscape.cms.servlet.base;
-
-import java.io.IOException;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-
-/**
- * This is a servlet that proxies request to another servlet.
- *
- * SERVLET REDIRECTION
- * Specify the URL of a servlet to forward the request to
- * destServlet: /ee/ca/newservlet
- *
- * PARAMETER MAPPING
- * In the servlet configuration (as an init-param in web.xml) you
- * can optionally specify a value for the parameter 'parameterMap'
- * which contains a list of HTTP parameters which should be
- * translated to new names.
- *
- * parameterMap: name1->newname1,name2->newname2
- *
- * Optionally, names can be set to static values:
- *
- * parameterMap: name1->name2=value
- *
- * Examples:
- * Consider the following HTTP input parameters:
- * vehicle:car make:ford model:explorer
- *
- * The following config strings will have this effect:
- * parameterMap: make->manufacturer,model->name=expedition,->suv=true
- * output: vehicle:car manufactuer:ford model:expedition suv:true
- *
- * @version $Revision$, $Date$
- */
-public class ProxyServlet extends HttpServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -2535349161521094539L;
-    private String mDest = null;
-    private String mDestContext = null;
-    private String mSrcContext = null;
-    private String mAppendPathInfo = null;
-    private Vector<String> mMatchStrings = new Vector<String>();
-    private String mDestServletOnNoMatch = null;
-    private String mAppendPathInfoOnNoMatch = null;
-    private Map<String, String> mParamMap = new HashMap<String, String>();
-    private Map<String, String[]> mParamValue = new HashMap<String, String[]>();
-
-    public ProxyServlet() {
-    }
-
-    private void parseParamTable(String s) {
-        if (s == null)
-            return;
-
-        String[] params = s.split(",");
-        for (int i = 0; i < params.length; i++) {
-            String p = params[i];
-            if (p != null) {
-                String[] paramNames = p.split("->");
-                if (paramNames.length != 2) {
-                }
-                String from = paramNames[0];
-                String to = paramNames[1];
-                if (from != null && to != null) {
-                    String[] splitTo = to.split("=");
-                    String toName = splitTo[0];
-                    if (from.length() > 0) {
-                        mParamMap.put(from, toName);
-                    }
-                    if (splitTo.length == 2) {
-                        String toValue = splitTo[1];
-                        String toValues[] = new String[1];
-                        toValues[0] = toValue;
-                        mParamValue.put(toName, toValues);
-                    }
-                }
-            }
-        }
-    }
-
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        String mMatchStrs = sc.getInitParameter("matchURIStrings");
-        if (mMatchStrs != null && (!mMatchStrs.equals(""))) {
-            StringTokenizer st = new StringTokenizer(mMatchStrs, ",");
-            while (st.hasMoreTokens()) {
-                mMatchStrings.addElement(st.nextToken());
-            }
-        }
-        mDestServletOnNoMatch = sc.getInitParameter("destServletOnNoMatch");
-        mDestContext = sc.getInitParameter("destContext");
-        mDest = sc.getInitParameter("destServlet");
-        mSrcContext = sc.getInitParameter("srcContext");
-        mAppendPathInfo = sc.getInitParameter("appendPathInfo");
-        mAppendPathInfoOnNoMatch = sc.getInitParameter("appendPathInfoOnNoMatch");
-        String map = sc.getInitParameter("parameterMap");
-        if (map != null) {
-            parseParamTable(map);
-        }
-    }
-
-    public void service(HttpServletRequest req, HttpServletResponse res) throws
-            IOException, ServletException {
-        RequestDispatcher dispatcher = null;
-        String dest = mDest;
-        String uri = req.getRequestURI();
-
-        // check if match strings are specified. If it is, we need
-        // to deal with the alternate dest
-        if (mMatchStrings.size() != 0) {
-            boolean matched = false;
-            for (int i = 0; i < mMatchStrings.size(); i++) {
-                String t = mMatchStrings.elementAt(i);
-                if (uri.indexOf(t) != -1) {
-                    matched = true;
-                }
-            }
-            if (!matched) {
-                dest = mDestServletOnNoMatch;
-                // append Path info for OCSP request in Get method
-                if (mAppendPathInfoOnNoMatch != null &&
-                        !mAppendPathInfoOnNoMatch.equals("")) {
-                    dest = dest + uri.replace(mAppendPathInfoOnNoMatch, "");
-                }
-            }
-        }
-        if (dest == null || dest.equals("")) {
-            // mapping everything
-            dest = uri;
-            dest = dest.replaceFirst(mSrcContext, "");
-        }
-        if (mAppendPathInfo != null && !mAppendPathInfo.equals("")) {
-            dest = dest + uri.replace(mAppendPathInfo, "");
-        }
-        if (mDestContext != null && !mDestContext.equals("")) {
-            dispatcher = getServletContext().getContext(mDestContext).getRequestDispatcher(dest);
-        } else {
-            dispatcher = req.getRequestDispatcher(dest);
-        }
-
-        // If a parameter map was specified
-        if (mParamMap != null && !mParamMap.isEmpty()) {
-            // Make a new wrapper with the new parameters
-            ProxyWrapper r = new ProxyWrapper(req);
-            r.setParameterMapAndValue(mParamMap, mParamValue);
-            req = r;
-        }
-
-        dispatcher.forward(req, res);
-    }
-}
-
-class ProxyWrapper extends HttpServletRequestWrapper {
-    private Map<String, String> mMap = null;
-    private Map<String, String[]> mValueMap = null;
-
-    public ProxyWrapper(HttpServletRequest req) {
-        super(req);
-    }
-
-    public void setParameterMapAndValue(Map<String, String> m, Map<String, String[]> v) {
-        if (m != null)
-            mMap = m;
-        if (v != null)
-            mValueMap = v;
-    }
-
-    public Map<String, String[]> getParameterMap() {
-        try {
-            // If we haven't specified any parameter mapping, just
-            // use the regular implementation
-            if (mMap == null)
-                return super.getParameterMap();
-            else {
-                // Make a new Map for us to put stuff in
-                Map<String, String[]> n = new HashMap<String, String[]>();
-                // get the HTTP parameters the user supplied.
-                Map<String, String[]> m = super.getParameterMap();
-                Set<Map.Entry<String, String[]>> s = m.entrySet();
-                Iterator<Map.Entry<String, String[]>> i = s.iterator();
-                while (i.hasNext()) {
-                    Map.Entry<String, String[]> me = i.next();
-                    String name = me.getKey();
-                    String[] values = me.getValue();
-                    String newname = null;
-                    if (name != null) {
-                        newname = mMap.get(name);
-                    }
-
-                    // No mapping specified, just use existing name/value
-                    if (newname == null || mValueMap == null) {
-                        n.put(name, values);
-                    } else { // new name specified
-                        Object o = mValueMap.get(newname);
-                        // check if new (static) value specified
-                        if (o == null) {
-                            n.put(newname, values);
-                        } else {
-                            String newvalues[] = mValueMap.get(newname);
-                            n.put(newname, newvalues);
-                        }
-                    }
-                }
-                // Now, deal with static values set in the config
-                // which weren't set in the HTTP request
-                Set<Map.Entry<String, String[]>> s2 = mValueMap.entrySet();
-                Iterator<Map.Entry<String, String[]>> i2 = s2.iterator();
-                // Cycle through all the static values
-                while (i2.hasNext()) {
-                    Map.Entry<String, String[]> me2 = i2.next();
-                    String name2 = me2.getKey();
-                    if (n.get(name2) == null) {
-                        String[] values2 = me2.getValue();
-                        // If the parameter is not set in the map
-                        // Set it now
-                        n.put(name2, values2);
-                    }
-                }
-
-                return n;
-            }
-        } catch (NullPointerException npe) {
-            CMS.debug(npe);
-            return null;
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/base/RESTServlet.java b/base/common/src/com/netscape/cms/servlet/base/RESTServlet.java
deleted file mode 100644
index 050c0920a..000000000
--- a/base/common/src/com/netscape/cms/servlet/base/RESTServlet.java
+++ /dev/null
@@ -1,47 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2013 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-
-package com.netscape.cms.servlet.base;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-
-public class RESTServlet extends HttpServlet {
-
-    private static final long serialVersionUID = -466592331169846158L;
-
-    public void service(HttpServletRequest request, HttpServletResponse response)
-            throws ServletException, IOException {
-        CMS.debug("RESTServlet: Attempt to access REST services using " + request.getRequestURI());
-        CMS.debug("RESTServlet: sending 501 (not implemented)");
-
-        String error =
-            "The REST services are not available because this server is a legacy \n" +
-            "Dogtag 9 server. To access the REST services this server must be \n" +
-            "migrated into a new Dogtag 10 server.";
-
-        response.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, error);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java b/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java
deleted file mode 100644
index 24210f377..000000000
--- a/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java
+++ /dev/null
@@ -1,287 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.base;
-
-import java.io.IOException;
-import java.util.Date;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-
-/**
- * Displays detailed information about java VM internals, including
- * current JVM memory usage, and detailed information about each
- * thread.
- * <p>
- * Also allows user to trigger a new garbage collection
- *
- * @version $Revision$, $Date$
- */
-public class SystemInfoServlet extends HttpServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -438134935001530607L;
-
-    public SystemInfoServlet() {
-    }
-
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-    }
-
-    /**
-     * service the request, returning HTML to the client.
-     * This method has different behaviour depending on the
-     * value of the 'op' HTTP parameter.
-     * <UL>
-     * <LI>op = <i>undefined</i> - display a menu with links to the other functionality of this servlet
-     * <li>op = gc - tell the JVM that we want to do a garbage collection and to run finalizers (@see
-     * java.lang.Runtime.getRuntime#gc() )
-     * <li>op = general - display information about memory, and other JVM informatino
-     * <li>op = thread - display details about each thread.
-     * </UL>
-     *
-     * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse)
-     */
-    public void service(HttpServletRequest request,
-            HttpServletResponse response)
-            throws ServletException, IOException {
-        String op = request.getParameter("op");
-
-        response.setContentType("text/html");
-        if (op == null) {
-            mainMenu(request, response);
-        } else if (op.equals("gc")) {
-            gc(request, response);
-        } else if (op.equals("general")) {
-            general(request, response);
-        } else if (op.equals("thread")) {
-            thread(request, response);
-        }
-    }
-
-    private void mainMenu(HttpServletRequest request,
-            HttpServletResponse response)
-            throws ServletException, IOException {
-        response.getWriter().println("<HTML>");
-        response.getWriter().println("<H1>");
-        response.getWriter().println("<a href=" + request.getServletPath() + ">");
-        response.getWriter().println("Main");
-        response.getWriter().println("</a>");
-        response.getWriter().println("</H1>");
-        response.getWriter().println("<p>");
-        response.getWriter().println("<table>");
-        response.getWriter().println("<tr>");
-        response.getWriter().println("<td>");
-        response.getWriter().println("<li>");
-        response.getWriter().println("<a href=" + request.getServletPath() + "?op=general>");
-        response.getWriter().println("General");
-        response.getWriter().println("</a>");
-        response.getWriter().println("</td>");
-        response.getWriter().println("</tr>");
-        response.getWriter().println("<tr>");
-        response.getWriter().println("<td>");
-        response.getWriter().println("<li>");
-        response.getWriter().println("<a href=" + request.getServletPath() + "?op=gc>");
-        response.getWriter().println("Garbage Collection");
-        response.getWriter().println("</a>");
-        response.getWriter().println("</td>");
-        response.getWriter().println("</tr>");
-        response.getWriter().println("<tr>");
-        response.getWriter().println("<td>");
-        response.getWriter().println("<li>");
-        response.getWriter().println("<a href=" + request.getServletPath() + "?op=thread>");
-        response.getWriter().println("Thread Listing");
-        response.getWriter().println("</a>");
-        response.getWriter().println("</td>");
-        response.getWriter().println("</tr>");
-        response.getWriter().println("</table>");
-        response.getWriter().println("</HTML>");
-    }
-
-    private void gc(HttpServletRequest request,
-            HttpServletResponse response)
-            throws ServletException, IOException {
-        java.lang.Runtime.getRuntime().gc();
-        java.lang.Runtime.getRuntime().runFinalization();
-        response.getWriter().println("<HTML>");
-        response.getWriter().println("<H1>");
-        response.getWriter().println("<a href=" + request.getServletPath() + ">");
-        response.getWriter().println("Main");
-        response.getWriter().println("</a>");
-        response.getWriter().println(" : ");
-        response.getWriter().println("Garbage Collection");
-        response.getWriter().println("</H1>");
-        response.getWriter().println("<p>");
-        response.getWriter().println("The garbage collector has been executed.");
-        response.getWriter().println("</HTML>");
-    }
-
-    private void general(HttpServletRequest request,
-            HttpServletResponse response)
-            throws ServletException, IOException {
-        response.getWriter().println("<HTML>");
-        response.getWriter().println("<H1>");
-        response.getWriter().println("<a href=" + request.getServletPath() + ">");
-        response.getWriter().println("Main");
-        response.getWriter().println("</a>");
-        response.getWriter().println(" : ");
-        response.getWriter().println("General");
-        response.getWriter().println("</H1>");
-        response.getWriter().println("<p>");
-        response.getWriter().println("<table>");
-        response.getWriter().println("<tr>");
-        response.getWriter().println("<td>");
-        response.getWriter().println("Server Started Time:");
-        response.getWriter().println("</td>");
-        response.getWriter().println("<td>");
-        response.getWriter().println(new Date(CMS.getStartupTime()));
-        response.getWriter().println("</td>");
-        response.getWriter().println("</tr>");
-        response.getWriter().println("<tr>");
-        response.getWriter().println("<td>");
-        response.getWriter().println("Current Time:");
-        response.getWriter().println("</td>");
-        response.getWriter().println("<td>");
-        response.getWriter().println(new Date());
-        response.getWriter().println("</td>");
-        response.getWriter().println("</tr>");
-        response.getWriter().println("<tr>");
-        response.getWriter().println("<td>");
-        response.getWriter().println("Available Processors:");
-        response.getWriter().println("</td>");
-        response.getWriter().println("<td>");
-        response.getWriter().println(Runtime.getRuntime().availableProcessors());
-        response.getWriter().println("</td>");
-        response.getWriter().println("</tr>");
-        response.getWriter().println("<tr>");
-        response.getWriter().println("<td>");
-        response.getWriter().println("Active Threads:");
-        response.getWriter().println("</td>");
-        response.getWriter().println("<td>");
-        response.getWriter().println(Thread.activeCount());
-        response.getWriter().println("</td>");
-        response.getWriter().println("</tr>");
-        response.getWriter().println("<tr>");
-        response.getWriter().println("<td>");
-        response.getWriter().println("Max Memory (in Bytes):");
-        response.getWriter().println("</td>");
-        response.getWriter().println("<td>");
-        response.getWriter().println(Runtime.getRuntime().maxMemory());
-        response.getWriter().println("</td>");
-        response.getWriter().println("</tr>");
-        response.getWriter().println("<tr>");
-        response.getWriter().println("<td>");
-        response.getWriter().println("Total Memory (in Bytes):");
-        response.getWriter().println("</td>");
-        response.getWriter().println("<td>");
-        response.getWriter().println(Runtime.getRuntime().totalMemory());
-        response.getWriter().println("</td>");
-        response.getWriter().println("</tr>");
-        response.getWriter().println("<tr>");
-        response.getWriter().println("<td>");
-        response.getWriter().println("Free Memory (in Bytes):");
-        response.getWriter().println("</td>");
-        response.getWriter().println("<td>");
-        response.getWriter().println(Runtime.getRuntime().freeMemory());
-        response.getWriter().println("</td>");
-        response.getWriter().println("</tr>");
-        response.getWriter().println("<tr>");
-        response.getWriter().println("<td>");
-        response.getWriter().println("Free Memory / Total Memory:");
-        response.getWriter().println("</td>");
-        response.getWriter().println("<td>");
-        response.getWriter().println(
-                (Runtime.getRuntime().freeMemory() * 100) / Runtime.getRuntime().totalMemory() + "%");
-        response.getWriter().println("</td>");
-        response.getWriter().println("</tr>");
-        response.getWriter().println("</table>");
-        response.getWriter().println("</HTML>");
-    }
-
-    private void thread(HttpServletRequest request,
-            HttpServletResponse response)
-            throws ServletException, IOException {
-        response.getWriter().println("</table>");
-        response.getWriter().println("<HTML>");
-        response.getWriter().println("<H1>");
-        response.getWriter().println("<a href=" + request.getServletPath() + ">");
-        response.getWriter().println("Main");
-        response.getWriter().println("</a>");
-        response.getWriter().println(" : ");
-        response.getWriter().println("Thread Listing");
-        response.getWriter().println("</H1>");
-        response.getWriter().println("<p>");
-        response.getWriter().println("<table width=100% border=1>");
-        response.getWriter().println("<tr>");
-        response.getWriter().println("<td>");
-        response.getWriter().println("<b>");
-        response.getWriter().println("#");
-        response.getWriter().println("</b>");
-        response.getWriter().println("</td>");
-        response.getWriter().println("<td>");
-        response.getWriter().println("<b>");
-        response.getWriter().println("Name");
-        response.getWriter().println("</b>");
-        response.getWriter().println("</td>");
-        response.getWriter().println("<td>");
-        response.getWriter().println("<b>");
-        response.getWriter().println("Priority");
-        response.getWriter().println("</b>");
-        response.getWriter().println("</td>");
-        response.getWriter().println("<td>");
-        response.getWriter().println("<b>");
-        response.getWriter().println("isDaemon");
-        response.getWriter().println("</b>");
-        response.getWriter().println("</td>");
-        response.getWriter().println("</tr>");
-        int active = Thread.activeCount();
-        Thread threads[] = new Thread[active];
-        int c = Thread.enumerate(threads);
-
-        for (int i = 0; i < c; i++) {
-            response.getWriter().println("<tr>");
-            response.getWriter().println("<td>");
-            response.getWriter().println(i);
-            response.getWriter().println("</td>");
-            response.getWriter().println("<td>");
-            response.getWriter().println(threads[i].getName());
-            response.getWriter().println("</td>");
-            response.getWriter().println("<td>");
-            response.getWriter().println(threads[i].getPriority());
-            response.getWriter().println("</td>");
-            response.getWriter().println("<td>");
-            if (threads[i].isDaemon()) {
-                response.getWriter().println("true");
-            } else {
-                response.getWriter().println("false");
-            }
-            response.getWriter().println("</td>");
-            response.getWriter().println("</tr>");
-        }
-        response.getWriter().println("</table>");
-        response.getWriter().println("</HTML>");
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/base/UserInfo.java b/base/common/src/com/netscape/cms/servlet/base/UserInfo.java
deleted file mode 100644
index b509409da..000000000
--- a/base/common/src/com/netscape/cms/servlet/base/UserInfo.java
+++ /dev/null
@@ -1,90 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.base;
-
-/**
- * This class represents information about the client e.g. version,
- * langauge, vendor.
- *
- * @version $Revision$, $Date$
- */
-public class UserInfo {
-    public final static String MSIE = "MSIE";
-    public final static String MOZILLA = "Mozilla";
-
-    /**
-     * Constructs a user information object.
-     */
-    public UserInfo() {
-    }
-
-    /**
-     * Returns the user language.
-     *
-     * @param s user language info from the browser
-     * @return user language
-     */
-    public static String getUserLanguage(String s) {
-        // Does this contain a country code?
-        int pos = s.indexOf("-");
-
-        if (pos != -1) {
-            // Yes it does
-            return s.substring(0, pos);
-        }
-        return s;
-    }
-
-    /**
-     * Returns the user country.
-     *
-     * @param s user language info from the browser
-     * @return user country
-     */
-    public static String getUserCountry(String s) {
-        // Does this contain a country code?
-        int pos = s.indexOf("-");
-
-        if (pos != -1) {
-            // Yes it does
-            return s.substring(pos + 1);
-        }
-        return "";
-    }
-
-    /**
-     * Returns the users agent.
-     *
-     * @param s user language info from the browser
-     * @return user agent
-     */
-    public static String getUserAgent(String s) {
-        // Check for MSIE
-        if (s.indexOf(MSIE) != -1) {
-            return MSIE;
-        }
-
-        // Check for Netscape i.e. Mozilla
-        if (s.indexOf(MOZILLA) != -1) {
-            return MOZILLA;
-        }
-
-        // Don't know agent. Return empty string.
-        return "";
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java b/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java
deleted file mode 100644
index 71c10ead9..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java
+++ /dev/null
@@ -1,1074 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.CertificateException;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.CRLExtensions;
-import netscape.security.x509.CRLReasonExtension;
-import netscape.security.x509.InvalidityDateExtension;
-import netscape.security.x509.RevocationReason;
-import netscape.security.x509.RevokedCertImpl;
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.EMissingCredential;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.ca.ICRLIssuingPoint;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertRecordList;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.IPublisherProcessor;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * Revoke a certificate with a CMC-formatted revocation request
- *
- * @version $Revision$, $Date$
- */
-public class CMCRevReqServlet extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 4731070386698127770L;
-    public final static String GETCERTS_FOR_CHALLENGE_REQUEST = "getCertsForChallenge";
-    public static final String TOKEN_CERT_SERIAL = "certSerialToRevoke";
-    // revocation templates.
-    private final static String TPL_FILE = "revocationResult.template";
-    public static final String CRED_CMC = "cmcRequest";
-
-    private ICertificateRepository mCertDB = null;
-    private String mFormPath = null;
-    private IRequestQueue mQueue = null;
-    private IPublisherProcessor mPublisherProcessor = null;
-    private String mRequestID = null;
-    private final static String REVOKE = "revoke";
-    private final static String ON_HOLD = "on-hold";
-    private final static int ON_HOLD_REASON = 6;
-    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
-            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
-    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
-            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
-
-    // http params
-    public static final String SERIAL_NO = TOKEN_CERT_SERIAL;
-    public static final String REASON_CODE = "reasonCode";
-    public static final String CHALLENGE_PHRASE = "challengePhrase";
-
-    // request attributes
-    public static final String SERIALNO_ARRAY = "serialNoArray";
-
-    public CMCRevReqServlet() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-
-        super.init(sc);
-
-        String authorityId = mAuthority.getId();
-
-        mFormPath = "/" + authorityId + "/" + TPL_FILE;
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        if (mAuthority instanceof ICertificateAuthority) {
-            mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository();
-        }
-
-        if (mAuthority instanceof ICertAuthority) {
-            mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor();
-        }
-        mQueue = mAuthority.getRequestQueue();
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-    }
-
-    /**
-     * Process the HTTP request.
-     *
-     * <ul>
-     * <li>http.param cmcRequest the base-64 encoded CMC request
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq) throws EBaseException {
-
-        String cmcAgentSerialNumber = null;
-        IArgBlock httpParams = cmsReq.getHttpParams();
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        CMS.debug("**** mFormPath = " + mFormPath);
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock ctx = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-
-        String cmc = (String) httpParams.get(CRED_CMC);
-        if (cmc == null) {
-            throw new EMissingCredential(
-                    CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC));
-        }
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-        try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "revoke");
-        } catch (Exception e) {
-            // do nothing for now
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        //IAuthToken authToken = getAuthToken(cmsReq);
-        //Object subject = authToken.get(CMCAuth.TOKEN_CERT_SERIAL);
-        //Object uid = authToken.get("uid");
-        //===========================
-        String authMgr = AuditFormat.NOAUTH;
-        BigInteger[] serialNoArray = null;
-
-        if (authToken != null) {
-            serialNoArray = authToken.getInBigIntegerArray(TOKEN_CERT_SERIAL);
-        }
-
-        Integer reasonCode = Integer.valueOf(0);
-        if (authToken != null) {
-            reasonCode = authToken.getInInteger(REASON_CODE);
-        }
-
-        String comments = "";
-        Date invalidityDate = null;
-        String revokeAll = null;
-        int verifiedRecordCount = 0;
-        int totalRecordCount = 0;
-
-        if (serialNoArray != null) {
-            totalRecordCount = serialNoArray.length;
-            verifiedRecordCount = serialNoArray.length;
-        }
-
-        X509CertImpl[] certs = null;
-
-        //for audit log.
-        String initiative = null;
-
-        if (mAuthMgr != null && mAuthMgr.equals("CMCAuth")) {
-            // request is from agent
-            if (authToken != null) {
-                authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
-                String agentID = authToken.getInString("userid");
-
-                initiative = AuditFormat.FROMAGENT + " agentID: " + agentID +
-                        " authenticated by " + authMgr;
-            }
-        } else {
-            initiative = AuditFormat.FROMUSER;
-        }
-
-        if ((serialNoArray != null) && (serialNoArray.length > 0)) {
-            if (mAuthority instanceof ICertificateAuthority) {
-                certs = new X509CertImpl[serialNoArray.length];
-
-                for (int i = 0; i < serialNoArray.length; i++) {
-                    certs[i] =
-                            ((ICertificateAuthority) mAuthority).getCertificateRepository().getX509Certificate(
-                                    serialNoArray[i]);
-                }
-
-            } else if (mAuthority instanceof IRegistrationAuthority) {
-                IRequest getCertsChallengeReq = null;
-
-                getCertsChallengeReq = mQueue.newRequest(
-                            GETCERTS_FOR_CHALLENGE_REQUEST);
-                getCertsChallengeReq.setExtData(SERIALNO_ARRAY, serialNoArray);
-                mQueue.processRequest(getCertsChallengeReq);
-                RequestStatus status = getCertsChallengeReq.getRequestStatus();
-
-                if (status == RequestStatus.COMPLETE) {
-                    certs = getCertsChallengeReq.getExtDataInCertArray(IRequest.OLD_CERTS);
-                    header.addStringValue("request", getCertsChallengeReq.getRequestId().toString());
-                    mRequestID = getCertsChallengeReq.getRequestId().toString();
-                } else {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD"));
-                }
-            }
-
-            header.addIntegerValue("totalRecordCount", serialNoArray.length);
-            header.addIntegerValue("verifiedRecordCount", serialNoArray.length);
-
-            for (int i = 0; i < serialNoArray.length; i++) {
-                IArgBlock rarg = CMS.createArgBlock();
-
-                rarg.addBigIntegerValue("serialNumber",
-                        serialNoArray[i], 16);
-                rarg.addStringValue("subject",
-                        certs[i].getSubjectDN().toString());
-                rarg.addLongValue("validNotBefore",
-                        certs[i].getNotBefore().getTime() / 1000);
-                rarg.addLongValue("validNotAfter",
-                        certs[i].getNotAfter().getTime() / 1000);
-                //argSet.addRepeatRecord(rarg);
-            }
-
-            revokeAll = "(|(certRecordId=" + serialNoArray[0].toString() + "))";
-            cmcAgentSerialNumber = authToken.getInString(IAuthManager.CRED_SSL_CLIENT_CERT);
-            process(argSet, header, reasonCode.intValue(), invalidityDate, initiative, req, resp,
-                    verifiedRecordCount, revokeAll, totalRecordCount,
-                    comments, locale[0], cmcAgentSerialNumber);
-
-        } else {
-            header.addIntegerValue("totalRecordCount", 0);
-            header.addIntegerValue("verifiedRecordCount", 0);
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            if ((serialNoArray == null) || (serialNoArray.length == 0)) {
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                EBaseException ee = new EBaseException("No matched certificate is found");
-
-                cmsReq.setError(ee);
-            } else {
-                String xmlOutput = req.getParameter("xml");
-                if (xmlOutput != null && xmlOutput.equals("true")) {
-                    outputXML(resp, argSet);
-                } else {
-                    resp.setContentType("text/html");
-                    form.renderOutput(out, argSet);
-                    cmsReq.setStatus(ICMSRequest.SUCCESS);
-                }
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-        }
-    }
-
-    /**
-     * Process cert status change request using the Certificate Management
-     * protocol using CMS (CMC)
-     * <P>
-     *
-     * (Certificate Request - an "EE" cert status change request)
-     * <P>
-     *
-     * (Certificate Request Processed - an "EE" cert status change request)
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. -
-     * "revocation") is made (before approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is
-     * changed (revoked, expired, on-hold, off-hold)
-     * </ul>
-     *
-     * @param argSet CMS template parameters
-     * @param header argument block
-     * @param reason revocation reason (0 - Unspecified, 1 - Key compromised,
-     *            2 - CA key compromised; should not be used, 3 - Affiliation changed,
-     *            4 - Certificate superceded, 5 - Cessation of operation, or
-     *            6 - Certificate is on hold)
-     * @param invalidityDate certificate validity date
-     * @param initiative string containing the audit format
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @param verifiedRecordCount number of verified records
-     * @param revokeAll string containing information on all of the
-     *            certificates to be revoked
-     * @param totalRecordCount total number of records (verified and unverified)
-     * @param comments string containing certificate comments
-     * @param locale the system locale
-     * @exception EBaseException an error has occurred
-     */
-    private void process(CMSTemplateParams argSet, IArgBlock header,
-            int reason, Date invalidityDate,
-            String initiative,
-            HttpServletRequest req,
-            HttpServletResponse resp,
-            int verifiedRecordCount,
-            String revokeAll,
-            int totalRecordCount,
-            String comments,
-            Locale locale, String cmcAgentSerialNumber)
-            throws EBaseException {
-        String eeSerialNumber = null;
-        if (cmcAgentSerialNumber != null) {
-            eeSerialNumber = cmcAgentSerialNumber;
-        } else {
-            X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req);
-            if (sslCert != null) {
-                eeSerialNumber = sslCert.getSerialNumber().toString();
-            }
-        }
-
-        boolean auditRequest = true;
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditRequesterID = auditRequesterID(req);
-        String auditSerialNumber = auditSerialNumber(eeSerialNumber);
-        String auditRequestType = auditRequestType(reason);
-        RequestStatus auditApprovalStatus = null;
-        String auditReasonNum = String.valueOf(reason);
-
-        try {
-            int count = 0;
-            Vector<X509CertImpl> oldCertsV = new Vector<X509CertImpl>();
-            Vector<RevokedCertImpl> revCertImplsV = new Vector<RevokedCertImpl>();
-
-            // Construct a CRL reason code extension.
-            RevocationReason revReason = RevocationReason.fromInt(reason);
-            header.addIntegerValue("reasonCode", reason);
-            if (revReason != null) {
-                header.addStringValue("reason", revReason.toString());
-            } else {
-                header.addStringValue("error", "Invalid revocation reason: "+reason);
-            }
-            CRLReasonExtension crlReasonExtn = new CRLReasonExtension(revReason);
-
-            // Construct a CRL invalidity date extension.
-            InvalidityDateExtension invalidityDateExtn = null;
-
-            if (invalidityDate != null) {
-                invalidityDateExtn = new InvalidityDateExtension(invalidityDate);
-            }
-
-            // Construct a CRL extension for this request.
-            CRLExtensions entryExtn = new CRLExtensions();
-
-            if (crlReasonExtn != null) {
-                entryExtn.set(crlReasonExtn.getName(), crlReasonExtn);
-            }
-            if (invalidityDateExtn != null) {
-                entryExtn.set(invalidityDateExtn.getName(), invalidityDateExtn);
-            }
-
-            if (mAuthority instanceof ICertificateAuthority) {
-                ICertRecordList list = mCertDB.findCertRecordsInList(
-                        revokeAll, null, totalRecordCount);
-                Enumeration<ICertRecord> e = list.getCertRecords(0, totalRecordCount - 1);
-
-                while (e != null && e.hasMoreElements()) {
-                    ICertRecord rec = e.nextElement();
-                    X509CertImpl cert = rec.getCertificate();
-                    IArgBlock rarg = CMS.createArgBlock();
-
-                    rarg.addBigIntegerValue("serialNumber",
-                            cert.getSerialNumber(), 16);
-
-                    if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) &&
-                        (revReason == null || revReason != RevocationReason.REMOVE_FROM_CRL)) {
-                        rarg.addStringValue("error", "Certificate " +
-                                cert.getSerialNumber().toString() +
-                                " is already revoked.");
-                    } else {
-                        oldCertsV.addElement(cert);
-
-                        RevokedCertImpl revCertImpl =
-                                new RevokedCertImpl(cert.getSerialNumber(),
-                                        CMS.getCurrentDate(), entryExtn);
-
-                        revCertImplsV.addElement(revCertImpl);
-                        count++;
-                        rarg.addStringValue("error", null);
-                    }
-                    argSet.addRepeatRecord(rarg);
-                }
-
-            } else if (mAuthority instanceof IRegistrationAuthority) {
-                String reqIdStr = null;
-
-                if (mRequestID != null && mRequestID.length() > 0)
-                    reqIdStr = mRequestID;
-                Vector<String> serialNumbers = new Vector<String>();
-
-                if (revokeAll != null && revokeAll.length() > 0) {
-                    for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i =
-                            revokeAll.indexOf('=', i)) {
-                        if (i > -1) {
-                            i++;
-                            while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') {
-                                i++;
-                            }
-                            String legalDigits = "0123456789";
-                            int j = i;
-
-                            while (j < revokeAll.length() &&
-                                    legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
-                                j++;
-                            }
-                            if (j > i) {
-                                serialNumbers.addElement(revokeAll.substring(i, j));
-                            }
-                        }
-                    }
-                }
-                if (reqIdStr != null && reqIdStr.length() > 0 && serialNumbers.size() > 0) {
-                    IRequest certReq = mRequestQueue.findRequest(new RequestId(reqIdStr));
-                    X509CertImpl[] certs = certReq.getExtDataInCertArray(IRequest.OLD_CERTS);
-
-                    for (int i = 0; i < certs.length; i++) {
-                        boolean addToList = false;
-
-                        for (int j = 0; j < serialNumbers.size(); j++) {
-                            if (certs[i].getSerialNumber().toString().equals(
-                                    serialNumbers.elementAt(j))) {
-                                addToList = true;
-                                break;
-                            }
-                        }
-                        if (addToList) {
-                            IArgBlock rarg = CMS.createArgBlock();
-
-                            rarg.addBigIntegerValue("serialNumber",
-                                    certs[i].getSerialNumber(), 16);
-                            oldCertsV.addElement(certs[i]);
-
-                            RevokedCertImpl revCertImpl =
-                                    new RevokedCertImpl(certs[i].getSerialNumber(),
-                                            CMS.getCurrentDate(), entryExtn);
-
-                            revCertImplsV.addElement(revCertImpl);
-                            count++;
-                            rarg.addStringValue("error", null);
-                            argSet.addRepeatRecord(rarg);
-                        }
-                    }
-                } else {
-                    String b64eCert = req.getParameter("b64eCertificate");
-
-                    if (b64eCert != null) {
-                        byte[] certBytes = Utils.base64decode(b64eCert);
-                        X509CertImpl cert = new X509CertImpl(certBytes);
-                        IArgBlock rarg = CMS.createArgBlock();
-
-                        rarg.addBigIntegerValue("serialNumber",
-                                cert.getSerialNumber(), 16);
-                        oldCertsV.addElement(cert);
-
-                        RevokedCertImpl revCertImpl =
-                                new RevokedCertImpl(cert.getSerialNumber(),
-                                        CMS.getCurrentDate(), entryExtn);
-
-                        revCertImplsV.addElement(revCertImpl);
-                        count++;
-                        rarg.addStringValue("error", null);
-                        argSet.addRepeatRecord(rarg);
-                    }
-                }
-            }
-
-            header.addIntegerValue("totalRecordCount", count);
-
-            X509CertImpl[] oldCerts = new X509CertImpl[count];
-            RevokedCertImpl[] revCertImpls = new RevokedCertImpl[count];
-            BigInteger[] certSerialNumbers = new BigInteger[count];
-
-            for (int i = 0; i < count; i++) {
-                oldCerts[i] = oldCertsV.elementAt(i);
-                revCertImpls[i] = revCertImplsV.elementAt(i);
-                certSerialNumbers[i] = oldCerts[i].getSerialNumber();
-            }
-
-            IRequest revReq = null;
-            if (revReason != null && revReason == RevocationReason.REMOVE_FROM_CRL) {
-                revReq = mQueue.newRequest(IRequest.UNREVOCATION_REQUEST);
-            } else {
-                revReq = mQueue.newRequest(IRequest.REVOCATION_REQUEST);
-            }
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditRequesterID,
-                        auditSerialNumber,
-                        auditRequestType);
-
-            audit(auditMessage);
-
-            revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
-            if (revReason != null && revReason == RevocationReason.REMOVE_FROM_CRL) {
-                revReq.setExtData(IRequest.REQ_TYPE, IRequest.UNREVOCATION_REQUEST);
-                revReq.setExtData(IRequest.OLD_SERIALS, certSerialNumbers);
-            } else {
-                revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
-                revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST);
-                revReq.setExtData(IRequest.REVOKED_REASON, reason);
-                revReq.setExtData(IRequest.OLD_CERTS, oldCerts);
-                if (comments != null) {
-                    revReq.setExtData(IRequest.REQUESTOR_COMMENTS, comments);
-                }
-            }
-
-            // change audit processing from "REQUEST" to "REQUEST_PROCESSED"
-            // to distinguish which type of signed audit log message to save
-            // as a failure outcome in case an exception occurs
-            auditRequest = false;
-
-            mQueue.processRequest(revReq);
-
-            // retrieve the request status
-            auditApprovalStatus = revReq.getRequestStatus();
-
-            RequestStatus stat = revReq.getRequestStatus();
-
-            if (stat == RequestStatus.COMPLETE) {
-                // audit log the error
-                Integer result = revReq.getExtDataInInteger(IRequest.RESULT);
-
-                if (result.equals(IRequest.RES_ERROR)) {
-                    String[] svcErrors =
-                            revReq.getExtDataInStringArray(IRequest.SVCERRORS);
-
-                    if (svcErrors != null && svcErrors.length > 0) {
-                        for (int i = 0; i < svcErrors.length; i++) {
-                            String err = svcErrors[i];
-
-                            if (err != null) {
-                                //cmsReq.setErrorDescription(err);
-                                for (int j = 0; j < count; j++) {
-                                    if (oldCerts[j] != null) {
-                                        mLogger.log(ILogger.EV_AUDIT,
-                                                ILogger.S_OTHER,
-                                                AuditFormat.LEVEL,
-                                                AuditFormat.DOREVOKEFORMAT,
-                                                new Object[] {
-                                                        revReq.getRequestId(),
-                                                        initiative,
-                                                        "completed with error: " +
-                                                                err,
-                                                        oldCerts[j].getSubjectDN(),
-                                                        oldCerts[j].getSerialNumber().toString(16),
-                                                        RevocationReason.fromInt(reason).toString() }
-                                                );
-                                    }
-                                }
-                            }
-                        }
-                    }
-                    return;
-                }
-
-                // audit log the success.
-                for (int j = 0; j < count; j++) {
-                    if (oldCerts[j] != null) {
-                        mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.DOREVOKEFORMAT,
-                                new Object[] {
-                                        revReq.getRequestId(),
-                                        initiative,
-                                        "completed",
-                                        oldCerts[j].getSubjectDN(),
-                                        oldCerts[j].getSerialNumber().toString(16),
-                                        RevocationReason.fromInt(reason).toString() }
-                                );
-                    }
-                }
-
-                header.addStringValue("revoked", "yes");
-
-                Integer updateCRLResult =
-                        revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
-
-                if (updateCRLResult != null) {
-                    header.addStringValue("updateCRL", "yes");
-                    if (updateCRLResult.equals(IRequest.RES_SUCCESS)) {
-                        header.addStringValue("updateCRLSuccess", "yes");
-                    } else {
-                        header.addStringValue("updateCRLSuccess", "no");
-                        String crlError =
-                                revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
-
-                        if (crlError != null)
-                            header.addStringValue("updateCRLError",
-                                    crlError);
-                    }
-                    // let known crl publishing status too.
-                    Integer publishCRLResult =
-                            revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
-
-                    if (publishCRLResult != null) {
-                        if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
-                            header.addStringValue("publishCRLSuccess", "yes");
-                        } else {
-                            header.addStringValue("publishCRLSuccess", "no");
-                            String publError =
-                                    revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
-
-                            if (publError != null)
-                                header.addStringValue("publishCRLError",
-                                        publError);
-                        }
-                    }
-                }
-                if (mAuthority instanceof ICertificateAuthority) {
-                    // let known update and publish status of all crls.
-                    Enumeration<ICRLIssuingPoint> otherCRLs =
-                            ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
-
-                    while (otherCRLs.hasMoreElements()) {
-                        ICRLIssuingPoint crl = otherCRLs.nextElement();
-                        String crlId = crl.getId();
-
-                        if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
-                            continue;
-                        String updateStatusStr = crl.getCrlUpdateStatusStr();
-                        Integer updateResult = revReq.getExtDataInInteger(updateStatusStr);
-
-                        if (updateResult != null) {
-                            if (updateResult.equals(IRequest.RES_SUCCESS)) {
-                                CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER",
-                                        updateStatusStr));
-                                header.addStringValue(updateStatusStr, "yes");
-                            } else {
-                                String updateErrorStr = crl.getCrlUpdateErrorStr();
-
-                                CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
-                                        updateStatusStr));
-                                header.addStringValue(updateStatusStr, "no");
-                                String error =
-                                        revReq.getExtDataInString(updateErrorStr);
-
-                                if (error != null)
-                                    header.addStringValue(updateErrorStr,
-                                            error);
-                            }
-                            String publishStatusStr = crl.getCrlPublishStatusStr();
-                            Integer publishResult =
-                                    revReq.getExtDataInInteger(publishStatusStr);
-
-                            if (publishResult == null)
-                                continue;
-                            if (publishResult.equals(IRequest.RES_SUCCESS)) {
-                                header.addStringValue(publishStatusStr, "yes");
-                            } else {
-                                String publishErrorStr =
-                                        crl.getCrlPublishErrorStr();
-
-                                header.addStringValue(publishStatusStr, "no");
-                                String error =
-                                        revReq.getExtDataInString(publishErrorStr);
-
-                                if (error != null)
-                                    header.addStringValue(
-                                            publishErrorStr, error);
-                            }
-                        }
-                    }
-                }
-
-                if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
-                    header.addStringValue("dirEnabled", "yes");
-                    Integer[] ldapPublishStatus =
-                            revReq.getExtDataInIntegerArray("ldapPublishStatus");
-                    int certsToUpdate = 0;
-                    int certsUpdated = 0;
-
-                    if (ldapPublishStatus != null) {
-                        certsToUpdate = ldapPublishStatus.length;
-                        for (int i = 0; i < certsToUpdate; i++) {
-                            if (ldapPublishStatus[i] == IRequest.RES_SUCCESS) {
-                                certsUpdated++;
-                            }
-                        }
-                    }
-                    header.addIntegerValue("certsUpdated", certsUpdated);
-                    header.addIntegerValue("certsToUpdate", certsToUpdate);
-
-                    // add crl publishing status.
-                    String publError =
-                            revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
-
-                    if (publError != null) {
-                        header.addStringValue("crlPublishError",
-                                publError);
-                    }
-                } else {
-                    header.addStringValue("dirEnabled", "no");
-                }
-                header.addStringValue("error", null);
-
-            } else if (stat == RequestStatus.PENDING) {
-                header.addStringValue("error", "Request Pending");
-                header.addStringValue("revoked", "pending");
-                // audit log the pending
-                for (int j = 0; j < count; j++) {
-                    if (oldCerts[j] != null) {
-                        mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.DOREVOKEFORMAT,
-                                new Object[] {
-                                        revReq.getRequestId(),
-                                        initiative,
-                                        "pending",
-                                        oldCerts[j].getSubjectDN(),
-                                        oldCerts[j].getSerialNumber().toString(16),
-                                        RevocationReason.fromInt(reason).toString() }
-                                );
-                    }
-                }
-
-            } else {
-                Vector<String> errors = revReq.getExtDataInStringVector(IRequest.ERRORS);
-                StringBuffer errorStr = new StringBuffer();
-
-                if (errors != null && errors.size() > 0) {
-                    for (int ii = 0; ii < errors.size(); ii++) {
-                        errorStr.append(errors.elementAt(ii));
-                        ;
-                    }
-                }
-                header.addStringValue("error", errorStr.toString());
-                header.addStringValue("revoked", "no");
-                // audit log the error
-                for (int j = 0; j < count; j++) {
-                    if (oldCerts[j] != null) {
-                        mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.DOREVOKEFORMAT,
-                                new Object[] {
-                                        revReq.getRequestId(),
-                                        initiative,
-                                        stat.toString(),
-                                        oldCerts[j].getSubjectDN(),
-                                        oldCerts[j].getSerialNumber().toString(16),
-                                        RevocationReason.fromInt(reason).toString() }
-                                );
-                    }
-                }
-            }
-
-            // store a message in the signed audit log file
-            // if and only if "auditApprovalStatus" is
-            // "complete", "revoked", or "canceled"
-            if (auditApprovalStatus == RequestStatus.COMPLETE ||
-                    auditApprovalStatus == RequestStatus.REJECTED ||
-                    auditApprovalStatus == RequestStatus.CANCELED) {
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditRequesterID,
-                        auditSerialNumber,
-                        auditRequestType,
-                        auditReasonNum,
-                        auditApprovalStatus == null ? ILogger.SIGNED_AUDIT_EMPTY_VALUE : auditApprovalStatus.toString());
-
-                audit(auditMessage);
-            }
-
-        } catch (CertificateException e) {
-            if (auditRequest) {
-                // store a "CERT_STATUS_CHANGE_REQUEST" failure
-                // message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequesterID,
-                        auditSerialNumber,
-                        auditRequestType);
-
-                audit(auditMessage);
-            } else {
-                // store a "CERT_STATUS_CHANGE_REQUEST_PROCESSED" failure
-                // message in the signed audit log file
-                // if and only if "auditApprovalStatus" is
-                // "complete", "revoked", or "canceled"
-                if (auditApprovalStatus == RequestStatus.COMPLETE ||
-                        auditApprovalStatus == RequestStatus.REJECTED ||
-                        auditApprovalStatus == RequestStatus.CANCELED) {
-                    auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRequesterID,
-                            auditSerialNumber,
-                            auditRequestType,
-                            auditReasonNum,
-                            auditApprovalStatus == null ? ILogger.SIGNED_AUDIT_EMPTY_VALUE : auditApprovalStatus.toString());
-
-                    audit(auditMessage);
-                }
-            }
-
-            log(ILogger.LL_FAILURE, "error " + e);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, "error " + e);
-
-            if (auditRequest) {
-                // store a "CERT_STATUS_CHANGE_REQUEST" failure
-                // message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequesterID,
-                        auditSerialNumber,
-                        auditRequestType);
-
-                audit(auditMessage);
-            } else {
-                // store a "CERT_STATUS_CHANGE_REQUEST_PROCESSED" failure
-                // message in the signed audit log file
-                // if and only if "auditApprovalStatus" is
-                // "complete", "revoked", or "canceled"
-                if (auditApprovalStatus == RequestStatus.COMPLETE ||
-                        auditApprovalStatus == RequestStatus.REJECTED ||
-                        auditApprovalStatus == RequestStatus.CANCELED) {
-                    auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRequesterID,
-                            auditSerialNumber,
-                            auditRequestType,
-                            auditReasonNum,
-                            auditApprovalStatus == null ? ILogger.SIGNED_AUDIT_EMPTY_VALUE : auditApprovalStatus.toString());
-
-                    audit(auditMessage);
-                }
-            }
-
-            throw e;
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString()));
-
-            if (auditRequest) {
-                // store a "CERT_STATUS_CHANGE_REQUEST" failure
-                // message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequesterID,
-                        auditSerialNumber,
-                        auditRequestType);
-
-                audit(auditMessage);
-            } else {
-                // store a "CERT_STATUS_CHANGE_REQUEST_PROCESSED" failure
-                // message in the signed audit log file
-                // if and only if "auditApprovalStatus" is
-                // "complete", "revoked", or "canceled"
-                if (auditApprovalStatus == RequestStatus.COMPLETE ||
-                        auditApprovalStatus == RequestStatus.REJECTED ||
-                        auditApprovalStatus == RequestStatus.CANCELED) {
-                    auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRequesterID,
-                            auditSerialNumber,
-                            auditRequestType,
-                            auditReasonNum,
-                            auditApprovalStatus == null ? ILogger.SIGNED_AUDIT_EMPTY_VALUE : auditApprovalStatus.toString());
-
-                    audit(auditMessage);
-                }
-            }
-
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
-        } catch (Exception e) {
-            if (auditRequest) {
-                // store a "CERT_STATUS_CHANGE_REQUEST" failure
-                // message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequesterID,
-                        auditSerialNumber,
-                        auditRequestType);
-
-                audit(auditMessage);
-            } else {
-                // store a "CERT_STATUS_CHANGE_REQUEST_PROCESSED" failure
-                // message in the signed audit log file
-                // if and only if "auditApprovalStatus" is
-                // "complete", "revoked", or "canceled"
-                if (auditApprovalStatus == RequestStatus.COMPLETE ||
-                        auditApprovalStatus == RequestStatus.REJECTED ||
-                        auditApprovalStatus == RequestStatus.CANCELED) {
-                    auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRequesterID,
-                            auditSerialNumber,
-                            auditRequestType,
-                            auditReasonNum,
-                            auditApprovalStatus == null ? ILogger.SIGNED_AUDIT_EMPTY_VALUE : auditApprovalStatus.toString());
-
-                    audit(auditMessage);
-                }
-            }
-
-            e.printStackTrace();
-        }
-
-        return;
-    }
-
-    /**
-     * Signed Audit Log Requester ID
-     *
-     * This method is called to obtain the "RequesterID" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @param req HTTP request
-     * @return id string containing the signed audit log message RequesterID
-     */
-    private String auditRequesterID(HttpServletRequest req) {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        String requesterID = null;
-
-        // Obtain the requesterID
-        requesterID = req.getParameter("requestId");
-
-        if (requesterID != null) {
-            requesterID = requesterID.trim();
-        } else {
-            requesterID = ILogger.UNIDENTIFIED;
-        }
-
-        return requesterID;
-    }
-
-    /**
-     * Signed Audit Log Serial Number
-     *
-     * This method is called to obtain the serial number of the certificate
-     * whose status is to be changed for a signed audit log message.
-     * <P>
-     *
-     * @param eeSerialNumber a string containing the un-normalized serialNumber
-     * @return id string containing the signed audit log message RequesterID
-     */
-    private String auditSerialNumber(String eeSerialNumber) {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        String serialNumber = null;
-
-        // Normalize the serialNumber
-        if (eeSerialNumber != null) {
-            serialNumber = eeSerialNumber.trim();
-
-            // convert it to hexadecimal
-            serialNumber = "0x"
-                    + Integer.toHexString(
-                            Integer.valueOf(serialNumber).intValue());
-        } else {
-            serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        return serialNumber;
-    }
-
-    /**
-     * Signed Audit Log Request Type
-     *
-     * This method is called to obtain the "Request Type" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @param reason an integer denoting the revocation reason
-     * @return string containing REVOKE or ON_HOLD
-     */
-    private String auditRequestType(int reason) {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        String requestType = null;
-
-        // Determine the revocation type based upon the revocation reason
-        if (reason == ON_HOLD_REASON) {
-            requestType = ON_HOLD;
-        } else {
-            requestType = REVOKE;
-        }
-
-        return requestType;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertEnrollmentRequestFactory.java b/base/common/src/com/netscape/cms/servlet/cert/CertEnrollmentRequestFactory.java
deleted file mode 100644
index 7a26e8e21..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/CertEnrollmentRequestFactory.java
+++ /dev/null
@@ -1,52 +0,0 @@
-//--- BEGIN COPYRIGHT BLOCK ---
-//This program is free software; you can redistribute it and/or modify
-//it under the terms of the GNU General Public License as published by
-//the Free Software Foundation; version 2 of the License.
-//
-//This program is distributed in the hope that it will be useful,
-//but WITHOUT ANY WARRANTY; without even the implied warranty of
-//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-//GNU General Public License for more details.
-//
-//You should have received a copy of the GNU General Public License along
-//with this program; if not, write to the Free Software Foundation, Inc.,
-//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-//(C) 2012 Red Hat, Inc.
-//All rights reserved.
-//--- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.util.Enumeration;
-import java.util.Locale;
-
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.cert.CertEnrollmentRequest;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.profile.ProfileInput;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.profile.ProfileInputFactory;
-
-public class CertEnrollmentRequestFactory {
-
-    public static CertEnrollmentRequest create(CMSRequest cmsReq, IProfile profile, Locale locale)
-            throws EProfileException {
-        IArgBlock params = cmsReq.getHttpParams();
-
-        CertEnrollmentRequest ret = new CertEnrollmentRequest();
-        ret.setProfileId(profile.getId());
-
-        // populate profile inputs
-        Enumeration<String> inputIds = profile.getProfileInputIds();
-        while (inputIds.hasMoreElements()) {
-            IProfileInput input = profile.getProfileInput(inputIds.nextElement());
-            ProfileInput addInput = ProfileInputFactory.create(input, params, locale);
-            ret.addInput(addInput);
-        }
-
-        return ret;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/CertProcessor.java
deleted file mode 100644
index 8ffa65d9b..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/CertProcessor.java
+++ /dev/null
@@ -1,350 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.math.BigInteger;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Locale;
-
-import javax.servlet.http.HttpServletRequest;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.cert.CertEnrollmentRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.EDeferException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileAuthenticator;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.profile.ProfileAttribute;
-import com.netscape.certsrv.profile.ProfileInput;
-import com.netscape.certsrv.request.INotify;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.processors.Processor;
-import com.netscape.cmsutil.ldap.LDAPUtil;
-
-public class CertProcessor extends Processor {
-
-    public CertProcessor(String id, Locale locale) throws EPropertyNotFound, EBaseException {
-        super(id, locale);
-    }
-
-    protected void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator,
-            IProfileContext ctx) {
-        Enumeration<String> authIds = authenticator.getValueNames();
-
-        if (authIds != null) {
-            CMS.debug("CertRequestSubmitter:setCredentialsIntoContext() authNames not null");
-            while (authIds.hasMoreElements()) {
-                String authName = authIds.nextElement();
-
-                CMS.debug("CertRequestSubmitter:setCredentialsIntoContext() authName:" +
-                        authName);
-                if (request.getParameter(authName) != null) {
-                    CMS.debug("CertRequestSubmitter:setCredentialsIntoContext() authName found in request");
-                    ctx.set(authName, request.getParameter(authName));
-                } else {
-                    CMS.debug("CertRequestSubmitter:setCredentialsIntoContext() authName not found in request");
-                }
-            }
-        } else {
-            CMS.debug("CertRequestSubmitter:setCredentialsIntoContext() authIds` null");
-        }
-    }
-
-    private void setInputsIntoRequest(CertEnrollmentRequest data, IProfile profile, IRequest req) {
-        // put profile inputs into a local map
-        HashMap<String, String> dataInputs = new HashMap<String, String>();
-        for (ProfileInput input : data.getInputs()) {
-            for (ProfileAttribute attr: input.getAttrs()) {
-                dataInputs.put(attr.getName(), attr.getValue());
-            }
-        }
-
-        // iterate over inputs in profile
-        Enumeration<String> inputIds = profile.getProfileInputIds();
-        if (inputIds != null) {
-            while (inputIds.hasMoreElements()) {
-                String inputId = inputIds.nextElement();
-                IProfileInput profileInput = profile.getProfileInput(inputId);
-                Enumeration<String> inputNames = profileInput.getValueNames();
-
-                if (inputNames != null) {
-                    while (inputNames.hasMoreElements()) {
-                        String inputName = inputNames.nextElement();
-                        if (dataInputs.containsKey(inputName)) {
-                            // special characters in subject names parameters must be escaped
-                            if (inputName.matches("^sn_.*")) {
-                                req.setExtData(inputName,
-                                        LDAPUtil.escapeRDNValue(dataInputs.get(inputName)));
-                            } else {
-                                req.setExtData(inputName, dataInputs.get(inputName));
-                            }
-                        }
-                    }
-                }
-            }
-        }
-    }
-
-    /*
-     * fill input info from orig request to the renew request.
-     * This is expected to be used by renewal where the request
-     * is retrieved from request record
-     */
-    private void setInputsIntoRequest(IRequest request, IProfile profile, IRequest req, Locale locale) {
-        // passing inputs into request
-        Enumeration<String> inputIds = profile.getProfileInputIds();
-
-        if (inputIds != null) {
-            while (inputIds.hasMoreElements()) {
-                String inputId = inputIds.nextElement();
-                IProfileInput profileInput = profile.getProfileInput(inputId);
-                Enumeration<String> inputNames = profileInput.getValueNames();
-
-                while (inputNames.hasMoreElements()) {
-                    String inputName = inputNames.nextElement();
-                    String inputValue = "";
-                    CMS.debug("CertRequestSubmitter: setInputsIntoRequest() getting input name= " + inputName);
-                    try {
-                        inputValue = profileInput.getValue(inputName, locale, request);
-                    } catch (Exception e) {
-                        CMS.debug("CertRequestSubmitter: setInputsIntoRequest() getvalue() failed: " + e.toString());
-                    }
-
-                    if (inputValue != null) {
-                        CMS.debug("CertRequestSubmitter: setInputsIntoRequest() setting value in ctx:" + inputValue);
-                        req.setExtData(inputName, inputValue);
-                    } else {
-                        CMS.debug("CertRequestSubmitter: setInputsIntoRequest() value null");
-                    }
-                }
-            }
-        }
-
-    }
-
-    protected String codeToReason(Locale locale, String errorCode) {
-        if (errorCode == null) return null;
-        if (errorCode.equals("1")) {
-            return CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR");
-        } else if (errorCode.equals("2")) {
-            return CMS.getUserMessage(locale, "CMS_PROFILE_DEFERRED");
-        } else if (errorCode.equals("3")) {
-            return CMS.getUserMessage(locale, "CMS_PROFILE_REJECTED");
-        }
-        return null;
-    }
-
-    protected String submitRequests(Locale locale, IProfile profile, IAuthToken authToken, IRequest[] reqs) {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditRequesterID = ILogger.UNIDENTIFIED;
-        String auditInfoCertValue = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        String errorCode = null;
-        String errorReason = null;
-
-        for (IRequest req : reqs) {
-            try {
-                // reset the "auditRequesterID"
-                auditRequesterID = auditRequesterID(req);
-
-                // print request debug
-                if (req != null) {
-                    Enumeration<String> reqKeys = req.getExtDataKeys();
-                    while (reqKeys.hasMoreElements()) {
-                        String reqKey = reqKeys.nextElement();
-                        String reqVal = req.getExtDataInString(reqKey);
-                        if (reqVal != null) {
-                            CMS.debug("CertRequestSubmitter: key=$request." + reqKey + "$ value=" + reqVal);
-                        }
-                    }
-                }
-
-                profile.submit(authToken, req);
-                req.setRequestStatus(RequestStatus.COMPLETE);
-
-                // reset the "auditInfoCertValue"
-                auditInfoCertValue = auditInfoCertValue(req);
-
-                if (auditInfoCertValue != null) {
-                    if (!(auditInfoCertValue.equals(
-                            ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
-                        // store a message in the signed audit log file
-                        auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.SUCCESS,
-                                auditRequesterID,
-                                ILogger.SIGNED_AUDIT_ACCEPTANCE,
-                                auditInfoCertValue);
-
-                        audit(auditMessage);
-                    }
-                }
-            } catch (EDeferException e) {
-                // return defer message to the user
-                req.setRequestStatus(RequestStatus.PENDING);
-                // need to notify
-                INotify notify = profile.getRequestQueue().getPendingNotify();
-                if (notify != null) {
-                    notify.notify(req);
-                }
-
-                CMS.debug("CertRequestSubmitter: submit " + e.toString());
-                errorCode = "2";
-                errorReason = CMS.getUserMessage(locale, "CMS_PROFILE_DEFERRED", e.toString());
-
-                // do NOT store a message in the signed audit log file
-                // as this errorCode indicates that a process has been
-                // deferred for manual acceptance/cancellation/rejection
-            } catch (ERejectException e) {
-                // return error to the user
-                req.setRequestStatus(RequestStatus.REJECTED);
-                CMS.debug("CertRequestSubmitter: submit " + e.toString());
-                errorCode = "3";
-                errorReason = CMS.getUserMessage(locale, "CMS_PROFILE_REJECTED", e.toString());
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequesterID,
-                        ILogger.SIGNED_AUDIT_REJECTION,
-                        errorReason);
-
-                audit(auditMessage);
-            } catch (Throwable e) {
-                // return error to the user
-                e.printStackTrace();
-                CMS.debug("CertRequestSubmitter: submit " + e.toString());
-                errorCode = "1";
-                errorReason = CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR");
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequesterID,
-                        ILogger.SIGNED_AUDIT_REJECTION,
-                        errorReason);
-
-                audit(auditMessage);
-            }
-
-            try {
-                if (errorCode == null) {
-                    profile.getRequestQueue().markAsServiced(req);
-                } else {
-                    profile.getRequestQueue().updateRequest(req);
-                }
-            } catch (EBaseException e) {
-                e.printStackTrace();
-                CMS.debug("CertRequestSubmitter: updateRequest " + e.toString());
-            }
-        }
-        return errorCode;
-    }
-
-    protected void populateRequests(CertEnrollmentRequest data, boolean isRenewal,
-            Locale locale, Date origNotAfter, String origSubjectDN, IRequest origReq, String profileId,
-            IProfile profile, IProfileContext ctx, IProfileAuthenticator authenticator, IAuthToken authToken,
-            IRequest[] reqs) throws EBaseException {
-        for (IRequest req : reqs) {
-            boolean fromRA = false;
-            String uid = "";
-
-            // adding parameters to request
-            if (isRenewal) {
-                setInputsIntoRequest(origReq, profile, req, locale);
-                req.setExtData("origNotAfter", BigInteger.valueOf(origNotAfter.getTime()));
-                req.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, origSubjectDN);
-                req.setRequestType("renewal");
-            } else {
-                setInputsIntoRequest(data, profile, req);
-            }
-
-            // serial auth token into request
-            if (authToken != null) {
-                Enumeration<String> tokenNames = authToken.getElements();
-                while (tokenNames.hasMoreElements()) {
-                    String tokenName = tokenNames.nextElement();
-                    String[] tokenVals = authToken.getInStringArray(tokenName);
-                    if (tokenVals != null) {
-                        for (int i = 0; i < tokenVals.length; i++) {
-                            req.setExtData(ARG_AUTH_TOKEN + "." + tokenName + "[" + i + "]", tokenVals[i]);
-                        }
-                    } else {
-                        String tokenVal = authToken.getInString(tokenName);
-                        if (tokenVal != null) {
-                            req.setExtData(ARG_AUTH_TOKEN + "." + tokenName, tokenVal);
-                            // if RA agent, auto assign the request
-                            if (tokenName.equals("uid"))
-                                uid = tokenVal;
-                            if (tokenName.equals("group") && tokenVal.equals("Registration Manager Agents")) {
-                                fromRA = true;
-                            }
-                        }
-                    }
-                }
-            }
-
-            if (fromRA) {
-                CMS.debug("CertRequestSubmitter: request from RA: " + uid);
-                req.setExtData(ARG_REQUEST_OWNER, uid);
-            }
-
-            // put profile framework parameters into the request
-            req.setExtData(ARG_PROFILE, "true");
-            req.setExtData(ARG_PROFILE_ID, profileId);
-            if (isRenewal)
-                req.setExtData(ARG_RENEWAL_PROFILE_ID, data.getProfileId());
-            req.setExtData(ARG_PROFILE_APPROVED_BY, profile.getApprovedBy());
-            String setId = profile.getPolicySetId(req);
-
-            if (setId == null) {
-                // no profile set found
-                CMS.debug("CertRequestSubmitter: no profile policy set found");
-                throw new EBaseException(CMS.getUserMessage(locale, "CMS_PROFILE_NO_POLICY_SET_FOUND"));
-            }
-
-            CMS.debug("CertRequestSubmitter profileSetid=" + setId);
-            req.setExtData(ARG_PROFILE_SET_ID, setId);
-            req.setExtData(ARG_PROFILE_REMOTE_HOST, data.getRemoteHost());
-            req.setExtData(ARG_PROFILE_REMOTE_ADDR, data.getRemoteAddr());
-
-            CMS.debug("CertRequestSubmitter: request " + req.getRequestId().toString());
-
-            CMS.debug("CertRequestSubmitter: populating request inputs");
-            // give authenticator a chance to populate the request
-            if (authenticator != null) {
-                authenticator.populate(authToken, req);
-            }
-            profile.populateInput(ctx, req);
-            profile.populate(req);
-        }
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertRequestDAO.java b/base/common/src/com/netscape/cms/servlet/cert/CertRequestDAO.java
deleted file mode 100644
index d4785e957..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/CertRequestDAO.java
+++ /dev/null
@@ -1,206 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2011 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-import java.util.Random;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.core.UriInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.cert.CertEnrollmentRequest;
-import com.netscape.certsrv.cert.CertRequestInfo;
-import com.netscape.certsrv.cert.CertRequestInfos;
-import com.netscape.certsrv.cert.CertReviewResponse;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileSubsystem;
-import com.netscape.certsrv.request.CMSRequestInfo;
-import com.netscape.certsrv.request.CMSRequestInfos;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestNotFoundException;
-import com.netscape.cms.servlet.processors.Processor;
-import com.netscape.cms.servlet.request.CMSRequestDAO;
-
-/**
- * @author alee
- *
- */
-public class CertRequestDAO extends CMSRequestDAO {
-    private IRequestQueue queue;
-    private ICertificateAuthority ca;
-    IProfileSubsystem ps;
-    private Random random = null;
-
-    public static final String ATTR_SERIALNO = "serialNumber";
-
-    public CertRequestDAO() {
-        super("ca");
-        ca = (ICertificateAuthority) CMS.getSubsystem("ca");
-        queue = ca.getRequestQueue();
-        if (ca.noncesEnabled()) {
-            random = new Random();
-        }
-        ps = (IProfileSubsystem) CMS.getSubsystem(IProfileSubsystem.ID);
-    }
-
-    /**
-     * Finds list of requests matching the specified search filter.
-     *
-     * If the filter corresponds to a VLV search, then that search is executed and the pageSize
-     * and start parameters are used. Otherwise, the maxResults and maxTime parameters are
-     * used in the regularly indexed search.
-     *
-     * @param filter - ldap search filter
-     * @param start - start position for VLV search
-     * @param pageSize - page size for VLV search
-     * @param maxResults - max results to be returned in normal search
-     * @param maxTime - max time for normal search
-     * @param uriInfo - uri context of request
-     * @return collection of key request info
-     * @throws EBaseException
-     */
-
-    @SuppressWarnings("unchecked")
-    public CertRequestInfos listRequests(String filter, RequestId start, int pageSize, int maxResults, int maxTime,
-            UriInfo uriInfo) throws EBaseException {
-
-        CertRequestInfos ret = new CertRequestInfos();
-
-        CMSRequestInfos cmsInfos = listCMSRequests(filter, start, pageSize, maxResults, maxTime, uriInfo);
-
-        Collection<? extends CMSRequestInfo> cmsList = cmsInfos.getRequests();
-
-        // We absolutely know 100% that this list is a list
-        // of CertRequestInfo objects. This is because the method
-        // createCMSRequestInfo. Is the only one adding to it
-
-        List<CertRequestInfo> list = (List<CertRequestInfo>) cmsList;
-        ret.setRequests(list);
-
-        ret.setLinks(cmsInfos.getLinks());
-
-        return ret;
-    }
-
-    /**
-     * Gets info for a specific request
-     *
-     * @param id
-     * @return info for specific request
-     * @throws EBaseException
-     */
-    public CertRequestInfo getRequest(RequestId id, UriInfo uriInfo) throws EBaseException {
-        IRequest request = queue.findRequest(id);
-        if (request == null) {
-            return null;
-        }
-        CertRequestInfo info = createCMSRequestInfo(request, uriInfo);
-        return info;
-    }
-
-    /**
-     * Gets info for a specific request
-     *
-     * @param id
-     * @return info for specific request
-     * @throws EBaseException
-     */
-    public CertReviewResponse reviewRequest(HttpServletRequest servletRequest, RequestId id,
-            UriInfo uriInfo, Locale locale) throws EBaseException {
-        IRequest request = queue.findRequest(id);
-        if (request == null) {
-            return null;
-        }
-        String profileId = request.getExtDataInString("profileId");
-        IProfile profile = ps.getProfile(profileId);
-        CertReviewResponse info = CertReviewResponseFactory.create(request, profile, uriInfo, locale);
-
-        if (ca.noncesEnabled()) {
-            // generate nonce
-            long n = random.nextLong();
-
-            // store nonce in session
-            Map<Object, Long> nonces = ca.getNonces(servletRequest, "cert-request");
-            nonces.put(info.getRequestId().toBigInteger(), n);
-
-            // return nonce to client
-            info.setNonce(Long.toString(n));
-        }
-        return info;
-    }
-
-    /**
-     * Submits an enrollment request and processes it.
-     *
-     * @param data
-     * @return info for the request submitted.
-     * @throws EBaseException
-     * @throws ServletException
-     */
-    public CertRequestInfos submitRequest(CertEnrollmentRequest data, HttpServletRequest request, UriInfo uriInfo,
-            Locale locale) throws EBaseException {
-
-        CertRequestInfos ret = new CertRequestInfos();
-
-        HashMap<String, Object> results = null;
-        if (data.getIsRenewal()) {
-            RenewalProcessor processor = new RenewalProcessor("caProfileSubmit", locale);
-            results = processor.processRenewal(data, request);
-        } else {
-            EnrollmentProcessor processor = new EnrollmentProcessor("caProfileSubmit", locale);
-            results = processor.processEnrollment(data, request);
-        }
-
-        IRequest reqs[] = (IRequest[]) results.get(Processor.ARG_REQUESTS);
-        for (IRequest req : reqs) {
-            CertRequestInfo info = CertRequestInfoFactory.create(req, uriInfo);
-            ret.addRequest(info);
-        }
-
-        // TODO - what happens if the errorCode is internal error ?
-
-        return ret;
-    }
-
-    public void changeRequestState(RequestId id, HttpServletRequest request, CertReviewResponse data,
-            Locale locale, String op) throws EBaseException {
-        IRequest ireq = queue.findRequest(id);
-        if (ireq == null) {
-            throw new RequestNotFoundException(id);
-        }
-
-        RequestProcessor processor = new RequestProcessor("caProfileProcess", locale);
-        processor.processRequest(request, data, ireq, op);
-    }
-
-    @Override
-    public CertRequestInfo createCMSRequestInfo(IRequest request, UriInfo uriInfo) {
-        return CertRequestInfoFactory.create(request, uriInfo);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertRequestInfoFactory.java b/base/common/src/com/netscape/cms/servlet/cert/CertRequestInfoFactory.java
deleted file mode 100644
index 64e045d0d..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/CertRequestInfoFactory.java
+++ /dev/null
@@ -1,86 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-
-package com.netscape.cms.servlet.cert;
-
-import java.math.BigInteger;
-
-import javax.ws.rs.Path;
-import javax.ws.rs.core.UriBuilder;
-import javax.ws.rs.core.UriInfo;
-
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.cert.CertRequestInfo;
-import com.netscape.certsrv.cert.CertRequestResource;
-import com.netscape.certsrv.cert.CertResource;
-import com.netscape.certsrv.dbs.certdb.CertId;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestStatus;
-
-public class CertRequestInfoFactory {
-
-    public static CertRequestInfo create(IRequest request, UriInfo uriInfo) {
-
-        CertRequestInfo info = new CertRequestInfo();
-
-        String requestType = request.getRequestType();
-        RequestStatus requestStatus = request.getRequestStatus();
-
-        info.setRequestType(requestType);
-        info.setRequestStatus(requestStatus);
-
-        info.setCertRequestType(request.getExtDataInString("cert_request_type"));
-
-        Path certRequestPath = CertRequestResource.class.getAnnotation(Path.class);
-        RequestId requestId = request.getRequestId();
-
-        UriBuilder reqBuilder = uriInfo.getBaseUriBuilder();
-        reqBuilder.path(certRequestPath.value() + "/" + requestId);
-        info.setRequestURL(reqBuilder.build().toString());
-
-        Integer result = request.getExtDataInInteger(IRequest.RESULT);
-        if (result == null || result.equals(IRequest.RES_SUCCESS)) {
-            info.setOperationResult(CertRequestInfo.RES_SUCCESS);
-        } else {
-            info.setOperationResult(CertRequestInfo.RES_ERROR);
-            String error = request.getExtDataInString(IRequest.ERROR);
-            info.setErrorMessage(error);
-        }
-
-        if (requestType == null || requestStatus != RequestStatus.COMPLETE)
-            return info;
-
-        X509CertImpl impl = request.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
-        if (impl == null)
-            return info;
-
-        BigInteger serialNo = impl.getSerialNumber();
-        info.setCertId(new CertId(serialNo));
-
-        Path certPath = CertResource.class.getAnnotation(Path.class);
-        UriBuilder certBuilder = uriInfo.getBaseUriBuilder();
-        certBuilder.path(certPath.value() + "/" + serialNo);
-
-        info.setCertURL(certBuilder.build().toString());
-
-        return info;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertReviewResponseFactory.java b/base/common/src/com/netscape/cms/servlet/cert/CertReviewResponseFactory.java
deleted file mode 100644
index 6071b1dcb..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/CertReviewResponseFactory.java
+++ /dev/null
@@ -1,177 +0,0 @@
-//--- BEGIN COPYRIGHT BLOCK ---
-//This program is free software; you can redistribute it and/or modify
-//it under the terms of the GNU General Public License as published by
-//the Free Software Foundation; version 2 of the License.
-//
-//This program is distributed in the hope that it will be useful,
-//but WITHOUT ANY WARRANTY; without even the implied warranty of
-//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-//GNU General Public License for more details.
-//
-//You should have received a copy of the GNU General Public License along
-//with this program; if not, write to the Free Software Foundation, Inc.,
-//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-//(C) 2012 Red Hat, Inc.
-//All rights reserved.
-//--- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.util.Enumeration;
-import java.util.Locale;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.core.UriInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.cert.CertReviewResponse;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.profile.IProfilePolicy;
-import com.netscape.certsrv.profile.PolicyConstraint;
-import com.netscape.certsrv.profile.PolicyDefault;
-import com.netscape.certsrv.profile.ProfileInput;
-import com.netscape.certsrv.profile.ProfilePolicy;
-import com.netscape.certsrv.profile.ProfilePolicySet;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.processors.Processor;
-import com.netscape.cms.servlet.profile.PolicyConstraintFactory;
-import com.netscape.cms.servlet.profile.PolicyDefaultFactory;
-import com.netscape.cms.servlet.profile.ProfileInputFactory;
-
-public class CertReviewResponseFactory {
-
-    public static CertReviewResponse create(IRequest request, IProfile profile, UriInfo uriInfo, Locale locale) throws EBaseException {
-        CertReviewResponse ret = new CertReviewResponse();
-
-        if (request.getRequestType().equals("renewal")) {
-            ret.setIsRenewal(true);
-        } else {
-            ret.setIsRenewal(false);
-        }
-
-        ret.setRequestId(request.getRequestId());
-        ret.setRequestType(request.getRequestType());
-        ret.setRequestStatus(request.getRequestStatus().toString());
-        if (request.getRequestOwner() == null) {
-            ret.setRequestOwner("");
-        } else {
-            ret.setRequestOwner(request.getRequestOwner());
-        }
-        ret.setRequestCreationTime(request.getCreationTime().toString());
-        ret.setRequestModificationTime(request.getModificationTime().toString());
-
-        ret.setProfileId(profile.getId());
-        ret.setProfileApprovedBy(request.getExtDataInString("profileApprovedBy"));
-        ret.setProfileSetId(request.getExtDataInString("profileSetId"));
-        if (profile.isVisible()) {
-            ret.setProfileIsVisible("true");
-        } else {
-            ret.setProfileIsVisible("false");
-        }
-
-        ret.setProfileName(profile.getName(locale));
-        ret.setProfileDescription(profile.getDescription(locale));
-        ret.setProfileRemoteHost(request.getExtDataInString("profileRemoteHost"));
-        ret.setProfileRemoteAddr(request.getExtDataInString("profileRemoteAddr"));
-        if (request.getExtDataInString("requestNotes") == null) {
-            ret.setRequestNotes("");
-        } else {
-            ret.setRequestNotes(request.getExtDataInString("requestNotes"));
-        }
-
-        // populate profile inputs
-        Enumeration<String> inputIds = profile.getProfileInputIds();
-        while (inputIds.hasMoreElements()) {
-            IProfileInput input = profile.getProfileInput(inputIds.nextElement());
-            ProfileInput addInput = ProfileInputFactory.create(input, request, locale);
-            ret.addInput(addInput);
-        }
-
-        String profileSetId = request.getExtDataInString("profileSetId");
-        CMS.debug("createAgentCertRequestInfo: profileSetId=" + profileSetId);
-        Enumeration<String> policyIds = (profileSetId != null && profileSetId.length() > 0) ?
-                profile.getProfilePolicyIds(profileSetId) : null;
-        ProfilePolicySet dataPolicySet = new ProfilePolicySet();
-
-        if (policyIds != null) {
-            while (policyIds.hasMoreElements()) {
-                String id = policyIds.nextElement();
-                CMS.debug("policyId:" + id);
-                IProfilePolicy policy = profile.getProfilePolicy(profileSetId, id);
-                ProfilePolicy dataPolicy = new ProfilePolicy();
-
-                //populate defaults
-                IPolicyDefault def = policy.getDefault();
-                PolicyDefault dataDef = PolicyDefaultFactory.create(request, locale, def);
-                dataPolicy.setDef(dataDef);
-
-                //populate constraints
-                // TODO - fix this.
-                PolicyConstraint dataCons = PolicyConstraintFactory.create(locale, policy.getConstraint(),
-                        policy.getConstraint().getClass().getSimpleName());
-                dataPolicy.setConstraint(dataCons);
-
-                dataPolicySet.addPolicy(dataPolicy);
-            }
-        }
-
-
-        ret.addProfilePolicySet(dataPolicySet);
-
-        // TODO populate profile outputs
-        return ret;
-    }
-
-    public static CertReviewResponse create(
-            CMSRequest cmsReq, IProfile profile, boolean noncesEnabled, Locale locale)
-            throws EPropertyException, EProfileException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        IRequest ireq = cmsReq.getIRequest();
-        IArgBlock params = cmsReq.getHttpParams();
-
-        CertReviewResponse ret = new CertReviewResponse();
-        ret.setProfileId(profile.getId());
-        ret.setRequestNotes(req.getParameter("requestNotes"));
-        ret.setRequestId(ireq.getRequestId());
-
-        if (noncesEnabled) {
-            ret.setNonce(req.getParameter(Processor.ARG_REQUEST_NONCE));
-        }
-
-        // populate profile policy values
-        String profileSetId = ireq.getExtDataInString("profileSetId");
-        Enumeration<String> policyIds = (profileSetId != null && profileSetId.length() > 0) ?
-                profile.getProfilePolicyIds(profileSetId) : null;
-        ProfilePolicySet dataPolicySet = new ProfilePolicySet();
-
-        if (policyIds != null) {
-            while (policyIds.hasMoreElements()) {
-                String id = policyIds.nextElement();
-                CMS.debug("policyId:" + id);
-                IProfilePolicy policy = profile.getProfilePolicy(profileSetId, id);
-                com.netscape.certsrv.profile.ProfilePolicy dataPolicy =
-                        new com.netscape.certsrv.profile.ProfilePolicy();
-
-                //populate defaults
-                IPolicyDefault def = policy.getDefault();
-                PolicyDefault dataDef = PolicyDefaultFactory.create(params, locale, def);
-                dataPolicy.setDef(dataDef);
-
-                dataPolicySet.addPolicy(dataPolicy);
-                CMS.debug(dataPolicy.toString());
-            }
-        }
-
-        ret.addProfilePolicySet(dataPolicySet);
-
-        return ret;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertService.java b/base/common/src/com/netscape/cms/servlet/cert/CertService.java
deleted file mode 100644
index 6f46d9eb5..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/CertService.java
+++ /dev/null
@@ -1,618 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2011 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-
-package com.netscape.cms.servlet.cert;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.net.URI;
-import java.security.InvalidKeyException;
-import java.security.Principal;
-import java.security.PublicKey;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.List;
-import java.util.Map;
-import java.util.Random;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.Request;
-import javax.ws.rs.core.UriInfo;
-
-import netscape.security.pkcs.ContentInfo;
-import netscape.security.pkcs.PKCS7;
-import netscape.security.pkcs.SignerInfo;
-import netscape.security.provider.RSAPublicKey;
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.RevocationReason;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509Key;
-
-import org.jboss.resteasy.plugins.providers.atom.Link;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.BadRequestException;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.ICertPrettyPrint;
-import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.base.UnauthorizedException;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.cert.CertData;
-import com.netscape.certsrv.cert.CertDataInfo;
-import com.netscape.certsrv.cert.CertDataInfos;
-import com.netscape.certsrv.cert.CertNotFoundException;
-import com.netscape.certsrv.cert.CertRequestInfo;
-import com.netscape.certsrv.cert.CertResource;
-import com.netscape.certsrv.cert.CertRetrievalRequest;
-import com.netscape.certsrv.cert.CertRevokeRequest;
-import com.netscape.certsrv.cert.CertSearchRequest;
-import com.netscape.certsrv.cert.CertUnrevokeRequest;
-import com.netscape.certsrv.dbs.EDBRecordNotFoundException;
-import com.netscape.certsrv.dbs.certdb.CertId;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.realm.PKIPrincipal;
-import com.netscape.cms.servlet.base.PKIService;
-import com.netscape.cms.servlet.processors.Processor;
-import com.netscape.cmsutil.ldap.LDAPUtil;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * @author alee
- *
- */
-public class CertService extends PKIService implements CertResource {
-
-    @Context
-    private UriInfo uriInfo;
-
-    @Context
-    private HttpHeaders headers;
-
-    @Context
-    private Request request;
-
-    @Context
-    private HttpServletRequest servletRequest;
-
-    ICertificateAuthority authority;
-    ICertificateRepository repo;
-    Random random;
-
-    public final static int DEFAULT_SIZE = 20;
-
-    public CertService() {
-        authority = (ICertificateAuthority) CMS.getSubsystem("ca");
-        if (authority.noncesEnabled()) {
-            random = new Random();
-        }
-        repo = authority.getCertificateRepository();
-    }
-
-    private void validateRequest(CertId id) {
-        if (id == null) {
-            throw new BadRequestException("Invalid id in CertResourceService.validateRequest.");
-        }
-    }
-
-    @Override
-    public CertData getCert(CertId id) {
-        return getCert(id, false);
-    }
-
-    @Override
-    public CertData reviewCert(CertId id) {
-        return getCert(id, true);
-    }
-
-    public CertData getCert(CertId id, boolean generateNonce) {
-        validateRequest(id);
-
-        CertRetrievalRequest data = new CertRetrievalRequest();
-        data.setCertId(id);
-
-        CertData certData = null;
-
-        try {
-            certData = getCert(data, generateNonce);
-        } catch (EDBRecordNotFoundException e) {
-            throw new CertNotFoundException(id);
-        } catch (EBaseException e) {
-            throw new PKIException(e.getMessage(), e);
-        } catch (CertificateEncodingException e) {
-            throw new PKIException(e.getMessage(), e);
-        }
-
-        return certData;
-    }
-
-    @Override
-    public CertRequestInfo revokeCACert(CertId id, CertRevokeRequest request) {
-        return revokeCert(id, request, true);
-    }
-
-    @Override
-    public CertRequestInfo revokeCert(CertId id, CertRevokeRequest request) {
-        return revokeCert(id, request, false);
-    }
-
-    public CertRequestInfo revokeCert(CertId id, CertRevokeRequest request, boolean caCert) {
-        RevocationReason revReason = request.getReason();
-        if (revReason == RevocationReason.REMOVE_FROM_CRL) {
-            CertUnrevokeRequest unrevRequest = new CertUnrevokeRequest();
-            unrevRequest.setRequestID(request.getRequestID());
-            return unrevokeCert(id, unrevRequest);
-        }
-
-        RevocationProcessor processor;
-        try {
-            processor = new RevocationProcessor("caDoRevoke-agent", getLocale(headers));
-            processor.setStartTime(CMS.getCurrentDate().getTime());
-
-            // TODO: set initiative based on auth info
-            processor.setInitiative(AuditFormat.FROMAGENT);
-
-            processor.setSerialNumber(id);
-            processor.setRequestID(request.getRequestID());
-
-            processor.setRevocationReason(revReason);
-            processor.setRequestType(revReason == RevocationReason.CERTIFICATE_HOLD
-                    ? RevocationProcessor.ON_HOLD : RevocationProcessor.REVOKE);
-            processor.setInvalidityDate(request.getInvalidityDate());
-            processor.setComments(request.getComments());
-
-            processor.setAuthority(authority);
-
-        } catch (EBaseException e) {
-            throw new PKIException(e.getMessage());
-        }
-
-        try {
-            X509Certificate clientCert = null;
-            try {
-                clientCert = Processor.getSSLClientCertificate(servletRequest);
-            } catch (EBaseException e) {
-                // No client certificate, ignore.
-            }
-
-            ICertRecord clientRecord = null;
-            BigInteger clientSerialNumber = null;
-            String clientSubjectDN = null;
-
-            if (clientCert != null) {
-                clientSerialNumber = clientCert.getSerialNumber();
-                clientSubjectDN = clientCert.getSubjectDN().toString();
-                clientRecord = processor.getCertificateRecord(clientSerialNumber);
-
-                // Verify client cert is not revoked.
-                // TODO: This should be checked during authentication.
-                if (clientRecord.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
-                    throw new UnauthorizedException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"));
-                }
-            }
-
-            if (authority.noncesEnabled() &&
-                !processor.isMemberOfSubsystemGroup(clientCert)) {
-                processor.validateNonce(servletRequest, "cert-revoke", id.toBigInteger(), request.getNonce());
-
-            }
-
-            // Find target cert record if different from client cert.
-            ICertRecord targetRecord = id.equals(clientSerialNumber) ? clientRecord : processor.getCertificateRecord(id);
-            X509CertImpl targetCert = targetRecord.getCertificate();
-
-            processor.createCRLExtension();
-
-            PKIPrincipal principal = (PKIPrincipal)servletRequest.getUserPrincipal();
-            // TODO: do not hard-code role name
-            String subjectDN = principal.hasRole("Certificate Manager Agents") ?
-                    null : clientSubjectDN;
-
-            processor.validateCertificateToRevoke(subjectDN, targetRecord, caCert);
-            processor.addCertificateToRevoke(targetCert);
-            processor.createRevocationRequest();
-
-            processor.auditChangeRequest(ILogger.SUCCESS);
-
-        } catch (PKIException e) {
-            processor.log(ILogger.LL_FAILURE, e.getMessage());
-            processor.auditChangeRequest(ILogger.FAILURE);
-            throw e;
-
-        } catch (EBaseException e) {
-            processor.log(ILogger.LL_FAILURE, "Error " + e);
-            processor.auditChangeRequest(ILogger.FAILURE);
-
-            throw new PKIException(e.getMessage());
-
-        } catch (IOException e) {
-            processor.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
-            processor.auditChangeRequest(ILogger.FAILURE);
-
-            throw new PKIException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
-        }
-
-        // change audit processing from "REQUEST" to "REQUEST_PROCESSED"
-        // to distinguish which type of signed audit log message to save
-        // as a failure outcome in case an exception occurs
-
-        try {
-            processor.processRevocationRequest();
-
-            processor.auditChangeRequestProcessed(ILogger.SUCCESS);
-
-        } catch (EBaseException e) {
-            processor.log(ILogger.LL_FAILURE, "Error " + e);
-            processor.auditChangeRequestProcessed(ILogger.FAILURE);
-
-            throw new PKIException(e.getMessage());
-        }
-
-        try {
-            IRequest certRequest = processor.getRequest();
-            CertRequestDAO dao = new CertRequestDAO();
-            return dao.getRequest(certRequest.getRequestId(), uriInfo);
-
-        } catch (EBaseException e) {
-            throw new PKIException(e.getMessage());
-        }
-    }
-
-    @Override
-    public CertRequestInfo unrevokeCert(CertId id, CertUnrevokeRequest request) {
-        RevocationProcessor processor;
-        try {
-            processor = new RevocationProcessor("caDoUnrevoke", getLocale(headers));
-
-            // TODO: set initiative based on auth info
-            processor.setInitiative(AuditFormat.FROMAGENT);
-
-            processor.setSerialNumber(id);
-            processor.setRequestID(request.getRequestID());
-            processor.setRevocationReason(RevocationReason.CERTIFICATE_HOLD);
-            processor.setAuthority(authority);
-
-        } catch (EBaseException e) {
-            throw new PKIException(e.getMessage());
-        }
-
-        try {
-            processor.addSerialNumberToUnrevoke(id.toBigInteger());
-            processor.createUnrevocationRequest();
-
-            processor.auditChangeRequest(ILogger.SUCCESS);
-
-        } catch (EBaseException e) {
-            processor.log(ILogger.LL_FAILURE, "Error " + e);
-            processor.auditChangeRequest(ILogger.FAILURE);
-
-            throw new PKIException(e.getMessage());
-        }
-
-        // change audit processing from "REQUEST" to "REQUEST_PROCESSED"
-        // to distinguish which type of signed audit log message to save
-        // as a failure outcome in case an exception occurs
-
-        try {
-            processor.processUnrevocationRequest();
-
-            processor.auditChangeRequestProcessed(ILogger.SUCCESS);
-
-        } catch (EBaseException e) {
-            processor.log(ILogger.LL_FAILURE, "Error " + e);
-            processor.auditChangeRequestProcessed(ILogger.FAILURE);
-
-            throw new PKIException(e.getMessage());
-        }
-
-        try {
-            IRequest certRequest = processor.getRequest();
-            CertRequestDAO dao = new CertRequestDAO();
-            return dao.getRequest(certRequest.getRequestId(), uriInfo);
-
-        } catch (EBaseException e) {
-            throw new PKIException(e.getMessage());
-        }
-    }
-
-    private String createSearchFilter(String status) {
-        String filter = "";
-
-        if ((status == null)) {
-            filter = "(serialno=*)";
-            return filter;
-        }
-
-        if (status != null) {
-            filter += "(certStatus=" + LDAPUtil.escapeFilter(status) + ")";
-        }
-
-        return filter;
-    }
-
-    private String createSearchFilter(CertSearchRequest data) {
-        if (data == null) {
-            return null;
-        }
-        FilterBuilder builder = new FilterBuilder(data);
-        return builder.buildFilter();
-    }
-
-    @Override
-    public CertDataInfos listCerts(String status, int maxResults, int maxTime) {
-        // get ldap filter
-        String filter = createSearchFilter(status);
-        CMS.debug("listKeys: filter is " + filter);
-
-        CertDataInfos infos;
-        try {
-            infos = getCertList(filter, maxResults, maxTime);
-        } catch (Exception e) {
-            e.printStackTrace();
-            throw new PKIException("Error listing certs in CertsResourceService.listCerts!", e);
-        }
-        return infos;
-    }
-
-    @Override
-    public CertDataInfos searchCerts(CertSearchRequest data, Integer start, Integer size) {
-        if (data == null) {
-            throw new BadRequestException("Search request is null.");
-        }
-        start = start == null ? 0 : start;
-        size = size == null ? DEFAULT_SIZE : size;
-        String filter = createSearchFilter(data);
-
-        CertDataInfos infos = new CertDataInfos();
-
-        Enumeration<ICertRecord> e = null;
-        try {
-
-            e = repo.findCertRecords(filter);
-
-            int i = 0;
-
-            // skip to the start of the page
-            for (; i < start && e.hasMoreElements(); i++)
-                e.nextElement();
-
-            // return entries up to the page size
-            for (; i < start + size && e.hasMoreElements(); i++) {
-                ICertRecord user = e.nextElement();
-                infos.addCertData(createCertDataInfo(user));
-            }
-
-            // count the total entries
-            for (; e.hasMoreElements(); i++)
-                e.nextElement();
-
-            if (start > 0) {
-                URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", Math.max(start - size, 0)).build();
-                infos.addLink(new Link("prev", uri));
-            }
-
-            if (start + size < i) {
-                URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", start + size).build();
-                infos.addLink(new Link("next", uri));
-            }
-        } catch (Exception e1) {
-            throw new PKIException("Error listing certs in CertsResourceService.listCerts!", e1);
-        }
-
-        return infos;
-    }
-
-    /**
-     * Returns list of certs meeting specified search filter.
-     * Currently, vlv searches are not used for certs.
-     *
-     * @param filter
-     * @param maxResults
-     * @param maxTime
-     * @param uriInfo
-     * @return
-     * @throws EBaseException
-     * @throws InvalidKeyException
-     */
-    private CertDataInfos getCertList(String filter, int maxResults, int maxTime)
-            throws EBaseException, InvalidKeyException {
-        List<CertDataInfo> list = new ArrayList<CertDataInfo>();
-        Enumeration<ICertRecord> e = null;
-
-        e = repo.searchCertificates(filter, maxResults, maxTime);
-        if (e == null) {
-            throw new EBaseException("search results are null");
-        }
-
-        while (e.hasMoreElements()) {
-            ICertRecord rec = e.nextElement();
-            if (rec != null) {
-                list.add(createCertDataInfo(rec));
-            }
-        }
-
-        CertDataInfos ret = new CertDataInfos();
-        ret.setCertInfos(list);
-
-        return ret;
-    }
-
-    public CertData getCert(CertRetrievalRequest data, boolean generateNonce) throws EBaseException, CertificateEncodingException {
-        CertId certId = data.getCertId();
-
-        //find the cert in question
-        ICertRecord record = repo.readCertificateRecord(certId.toBigInteger());
-        X509CertImpl cert = record.getCertificate();
-
-        CertData certData = new CertData();
-
-        certData.setSerialNumber(certId);
-
-        Principal issuerDN = cert.getIssuerDN();
-        if (issuerDN != null) certData.setIssuerDN(issuerDN.toString());
-
-        Principal subjectDN = cert.getSubjectDN();
-        if (subjectDN != null) certData.setSubjectDN(subjectDN.toString());
-
-        String base64 = CMS.getEncodedCert(cert);
-        certData.setEncoded(base64);
-
-        ICertPrettyPrint print = CMS.getCertPrettyPrint(cert);
-        certData.setPrettyPrint(print.toString(getLocale(headers)));
-
-        String p7Str = getCertChainData(cert);
-        certData.setPkcs7CertChain(p7Str);
-
-        Date notBefore = cert.getNotBefore();
-        if (notBefore != null) certData.setNotBefore(notBefore.toString());
-
-        Date notAfter = cert.getNotAfter();
-        if (notAfter != null) certData.setNotAfter(notAfter.toString());
-
-        certData.setStatus(record.getStatus());
-
-        if (authority.noncesEnabled() && generateNonce) {
-            // generate nonce
-            long n = random.nextLong();
-            // store nonce in session
-            Map<Object, Long> nonces = authority.getNonces(servletRequest, "cert-revoke");
-            nonces.put(certId.toBigInteger(), n);
-            // return nonce to client
-            certData.setNonce(n);
-        }
-
-        URI uri = uriInfo.getBaseUriBuilder().path(CertResource.class).path("{id}").build(certId.toHexString());
-        certData.setLink(new Link("self", uri));
-
-        return certData;
-    }
-
-    private CertDataInfo createCertDataInfo(ICertRecord record) throws EBaseException, InvalidKeyException {
-        CertDataInfo info = new CertDataInfo();
-
-        CertId id = new CertId(record.getSerialNumber());
-        info.setID(id);
-
-        X509Certificate cert = record.getCertificate();
-        info.setSubjectDN(cert.getSubjectDN().toString());
-        info.setStatus(record.getStatus());
-        info.setVersion(cert.getVersion());
-        info.setType(cert.getType());
-
-        PublicKey key = cert.getPublicKey();
-        if (key instanceof X509Key) {
-            X509Key x509Key = (X509Key)key;
-            info.setKeyAlgorithmOID(x509Key.getAlgorithmId().getOID().toString());
-
-            if (x509Key.getAlgorithmId().toString().equalsIgnoreCase("RSA")) {
-                RSAPublicKey rsaKey = new RSAPublicKey(x509Key.getEncoded());
-                info.setKeyLength(rsaKey.getKeySize());
-            }
-        }
-
-        info.setNotValidBefore(cert.getNotBefore());
-        info.setNotValidAfter(cert.getNotAfter());
-
-        info.setIssuedOn(record.getCreateTime());
-        info.setIssuedBy(record.getIssuedBy());
-
-        URI uri = uriInfo.getBaseUriBuilder().path(CertResource.class).path("{id}").build(id.toHexString());
-        info.setLink(new Link("self", uri));
-
-        return info;
-    }
-
-    private String getCertChainData(X509CertImpl x509cert) {
-        X509Certificate mCACerts[];
-
-        if (x509cert == null) {
-            return null;
-        }
-
-        try {
-            mCACerts = authority.getCACertChain().getChain();
-        } catch (Exception e) {
-            mCACerts = null;
-        }
-
-        X509CertImpl[] certsInChain = new X509CertImpl[1];
-
-        int mCACertsLength = 0;
-        boolean certAlreadyInChain = false;
-        int certsInChainLength = 0;
-        if (mCACerts != null) {
-            mCACertsLength = mCACerts.length;
-            for (int i = 0; i < mCACertsLength; i++) {
-                if (x509cert.equals(mCACerts[i])) {
-                    certAlreadyInChain = true;
-                    break;
-                }
-            }
-
-            if (certAlreadyInChain == true) {
-                certsInChainLength = mCACertsLength;
-            } else {
-                certsInChainLength = mCACertsLength + 1;
-            }
-
-            certsInChain = new X509CertImpl[certsInChainLength];
-
-        }
-
-        certsInChain[0] = x509cert;
-
-        if (mCACerts != null) {
-            int curCount = 1;
-            for (int i = 0; i < mCACertsLength; i++) {
-                if (!x509cert.equals(mCACerts[i])) {
-                    certsInChain[curCount] = (X509CertImpl) mCACerts[i];
-                    curCount++;
-                }
-
-            }
-        }
-
-        String p7Str;
-
-        try {
-            PKCS7 p7 = new PKCS7(new AlgorithmId[0],
-                    new ContentInfo(new byte[0]),
-                    certsInChain,
-                    new SignerInfo[0]);
-            ByteArrayOutputStream bos = new ByteArrayOutputStream();
-
-            p7.encodeSignedData(bos, false);
-            byte[] p7Bytes = bos.toByteArray();
-
-            p7Str = Utils.base64encode(p7Bytes);
-        } catch (Exception e) {
-            p7Str = null;
-        }
-
-        return p7Str;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java b/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java
deleted file mode 100644
index 097035be1..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java
+++ /dev/null
@@ -1,716 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.CertificateException;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.CRLExtensions;
-import netscape.security.x509.CRLReasonExtension;
-import netscape.security.x509.InvalidityDateExtension;
-import netscape.security.x509.RevocationReason;
-import netscape.security.x509.RevokedCertImpl;
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.ca.ICRLIssuingPoint;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertRecordList;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.IPublisherProcessor;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * Takes the certificate info (serial number) and optional challenge phrase, creates a
- * revocation request and submits it to the authority subsystem for processing
- *
- * @version $Revision$, $Date$
- */
-public class ChallengeRevocationServlet1 extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 1253319999546210407L;
-    public final static String GETCERTS_FOR_CHALLENGE_REQUEST = "getCertsForChallenge";
-    public static final String TOKEN_CERT_SERIAL = "certSerialToRevoke";
-    // revocation templates.
-    private final static String TPL_FILE = "revocationResult.template";
-
-    private ICertificateRepository mCertDB = null;
-    private String mFormPath = null;
-    private IRequestQueue mQueue = null;
-    private IPublisherProcessor mPublisherProcessor = null;
-    private String mRequestID = null;
-
-    // http params
-    public static final String SERIAL_NO = TOKEN_CERT_SERIAL;
-    public static final String REASON_CODE = "reasonCode";
-    public static final String CHALLENGE_PHRASE = "challengePhrase";
-
-    // request attributes
-    public static final String SERIALNO_ARRAY = "serialNoArray";
-
-    public ChallengeRevocationServlet1() {
-        super();
-    }
-
-    /**
-     * Initialize the servlet. This servlet uses the file
-     * revocationResult.template for the response
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-
-        String authorityId = mAuthority.getId();
-
-        mFormPath = "/" + authorityId + "/" + TPL_FILE;
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        if (mAuthority instanceof ICertificateAuthority) {
-            mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository();
-        }
-
-        if (mAuthority instanceof ICertAuthority) {
-            mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor();
-        }
-        mQueue = mAuthority.getRequestQueue();
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param REASON_CODE the revocation reason
-     * <li>http.param b64eCertificate the base-64 encoded certificate to revoke
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     * @throws EBaseException
-     */
-    protected void process(CMSRequest cmsReq) throws EBaseException {
-        IArgBlock httpParams = cmsReq.getHttpParams();
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock ctx = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-
-        // for audit log
-        IAuthToken authToken = authenticate(cmsReq);
-        String authMgr = AuditFormat.NOAUTH;
-
-        BigInteger[] serialNoArray = null;
-
-        if (authToken != null) {
-            serialNoArray = authToken.getInBigIntegerArray(SERIAL_NO);
-        }
-        // set revocation reason, default to unspecified if not set.
-        int reasonCode =
-                httpParams.getValueAsInt(REASON_CODE, 0);
-        //        header.addIntegerValue("reason", reasonCode);
-
-        String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS);
-        Date invalidityDate = null;
-        String revokeAll = null;
-        int totalRecordCount = (serialNoArray != null) ? serialNoArray.length : 0;
-        int verifiedRecordCount = (serialNoArray != null) ? serialNoArray.length : 0;
-
-        X509CertImpl[] certs = null;
-
-        //for audit log.
-        String initiative = null;
-
-        if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
-            // request is from agent
-            if (authToken != null) {
-                authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
-                String agentID = authToken.getInString("userid");
-
-                initiative = AuditFormat.FROMAGENT + " agentID: " + agentID +
-                        " authenticated by " + authMgr;
-            }
-        } else {
-            initiative = AuditFormat.FROMUSER;
-        }
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "revoke");
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        if (serialNoArray != null && serialNoArray.length > 0) {
-            if (mAuthority instanceof ICertificateAuthority) {
-                certs = new X509CertImpl[serialNoArray.length];
-
-                for (int i = 0; i < serialNoArray.length; i++) {
-                    certs[i] =
-                            ((ICertificateAuthority) mAuthority).getCertificateRepository().getX509Certificate(
-                                    serialNoArray[i]);
-                }
-
-            } else if (mAuthority instanceof IRegistrationAuthority) {
-                IRequest getCertsChallengeReq = null;
-
-                getCertsChallengeReq = mQueue.newRequest(
-                            GETCERTS_FOR_CHALLENGE_REQUEST);
-                getCertsChallengeReq.setExtData(SERIALNO_ARRAY, serialNoArray);
-                mQueue.processRequest(getCertsChallengeReq);
-                RequestStatus status = getCertsChallengeReq.getRequestStatus();
-
-                if (status == RequestStatus.COMPLETE) {
-                    certs = getCertsChallengeReq.getExtDataInCertArray(IRequest.OLD_CERTS);
-                    header.addStringValue("request", getCertsChallengeReq.getRequestId().toString());
-                    mRequestID = getCertsChallengeReq.getRequestId().toString();
-                } else {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD"));
-                }
-            }
-
-            header.addIntegerValue("totalRecordCount", serialNoArray.length);
-            header.addIntegerValue("verifiedRecordCount", serialNoArray.length);
-
-            for (int i = 0; i < serialNoArray.length; i++) {
-                IArgBlock rarg = CMS.createArgBlock();
-
-                rarg.addBigIntegerValue("serialNumber",
-                        serialNoArray[i], 16);
-                rarg.addStringValue("subject",
-                        certs[i].getSubjectDN().toString());
-                rarg.addLongValue("validNotBefore",
-                        certs[i].getNotBefore().getTime() / 1000);
-                rarg.addLongValue("validNotAfter",
-                        certs[i].getNotAfter().getTime() / 1000);
-                //argSet.addRepeatRecord(rarg);
-            }
-
-            revokeAll = "(|(certRecordId=" + serialNoArray[0].toString() + "))";
-            process(argSet, header, reasonCode, invalidityDate, initiative, req, resp,
-                    verifiedRecordCount, revokeAll, totalRecordCount,
-                    comments, locale[0]);
-        } else {
-            header.addIntegerValue("totalRecordCount", 0);
-            header.addIntegerValue("verifiedRecordCount", 0);
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            if (serialNoArray == null) {
-                CMS.debug("ChallengeRevcationServlet1::process() - " +
-                           " serialNoArray is null!");
-                EBaseException ee = new EBaseException("No matched certificate is found");
-
-                cmsReq.setError(ee);
-                return;
-            }
-
-            if (serialNoArray.length == 0) {
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                EBaseException ee = new EBaseException("No matched certificate is found");
-
-                cmsReq.setError(ee);
-            } else {
-                String xmlOutput = req.getParameter("xml");
-                if (xmlOutput != null && xmlOutput.equals("true")) {
-                    outputXML(resp, argSet);
-                } else {
-                    resp.setContentType("text/html");
-                    form.renderOutput(out, argSet);
-                    cmsReq.setStatus(ICMSRequest.SUCCESS);
-                }
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-        }
-    }
-
-    private void process(CMSTemplateParams argSet, IArgBlock header,
-            int reason, Date invalidityDate,
-            String initiative,
-            HttpServletRequest req,
-            HttpServletResponse resp,
-            int verifiedRecordCount,
-            String revokeAll,
-            int totalRecordCount,
-            String comments,
-            Locale locale)
-            throws EBaseException {
-        try {
-            int count = 0;
-            Vector<X509CertImpl> oldCertsV = new Vector<X509CertImpl>();
-            Vector<RevokedCertImpl> revCertImplsV = new Vector<RevokedCertImpl>();
-
-            // Construct a CRL reason code extension.
-            RevocationReason revReason = RevocationReason.fromInt(reason);
-            CRLReasonExtension crlReasonExtn = new CRLReasonExtension(revReason);
-
-            // Construct a CRL invalidity date extension.
-            InvalidityDateExtension invalidityDateExtn = null;
-
-            if (invalidityDate != null) {
-                invalidityDateExtn = new InvalidityDateExtension(invalidityDate);
-            }
-
-            // Construct a CRL extension for this request.
-            CRLExtensions entryExtn = new CRLExtensions();
-
-            if (crlReasonExtn != null) {
-                entryExtn.set(crlReasonExtn.getName(), crlReasonExtn);
-            }
-            if (invalidityDateExtn != null) {
-                entryExtn.set(invalidityDateExtn.getName(), invalidityDateExtn);
-            }
-
-            if (mAuthority instanceof ICertificateAuthority) {
-                ICertRecordList list = mCertDB.findCertRecordsInList(
-                        revokeAll, null, totalRecordCount);
-                Enumeration<ICertRecord> e = list.getCertRecords(0, totalRecordCount - 1);
-
-                while (e != null && e.hasMoreElements()) {
-                    ICertRecord rec = e.nextElement();
-                    X509CertImpl cert = rec.getCertificate();
-                    IArgBlock rarg = CMS.createArgBlock();
-
-                    rarg.addBigIntegerValue("serialNumber",
-                            cert.getSerialNumber(), 16);
-
-                    if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
-                        rarg.addStringValue("error", "Certificate " +
-                                cert.getSerialNumber().toString() +
-                                " is already revoked.");
-                    } else {
-                        oldCertsV.addElement(cert);
-
-                        RevokedCertImpl revCertImpl =
-                                new RevokedCertImpl(cert.getSerialNumber(),
-                                        CMS.getCurrentDate(), entryExtn);
-
-                        revCertImplsV.addElement(revCertImpl);
-                        count++;
-                        rarg.addStringValue("error", null);
-                    }
-                    argSet.addRepeatRecord(rarg);
-                }
-
-            } else if (mAuthority instanceof IRegistrationAuthority) {
-                String reqIdStr = null;
-
-                if (mRequestID != null && mRequestID.length() > 0)
-                    reqIdStr = mRequestID;
-                Vector<String> serialNumbers = new Vector<String>();
-
-                if (revokeAll != null && revokeAll.length() > 0) {
-                    for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1;
-                            i = revokeAll.indexOf('=', i)) {
-                        if (i > -1) {
-                            i++;
-                            while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') {
-                                i++;
-                            }
-                            String legalDigits = "0123456789";
-                            int j = i;
-
-                            while (j < revokeAll.length() &&
-                                    legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
-                                j++;
-                            }
-                            if (j > i) {
-                                serialNumbers.addElement(revokeAll.substring(i, j));
-                            }
-                        }
-                    }
-                }
-                if (reqIdStr != null && reqIdStr.length() > 0 && serialNumbers.size() > 0) {
-                    IRequest certReq = mRequestQueue.findRequest(new RequestId(reqIdStr));
-                    X509CertImpl[] certs = certReq.getExtDataInCertArray(IRequest.OLD_CERTS);
-
-                    for (int i = 0; i < certs.length; i++) {
-                        boolean addToList = false;
-
-                        for (int j = 0; j < serialNumbers.size(); j++) {
-                            if (certs[i].getSerialNumber().toString().equals(
-                                    serialNumbers.elementAt(j))) {
-                                addToList = true;
-                                break;
-                            }
-                        }
-                        if (addToList) {
-                            IArgBlock rarg = CMS.createArgBlock();
-
-                            rarg.addBigIntegerValue("serialNumber",
-                                    certs[i].getSerialNumber(), 16);
-                            oldCertsV.addElement(certs[i]);
-
-                            RevokedCertImpl revCertImpl =
-                                    new RevokedCertImpl(certs[i].getSerialNumber(),
-                                            CMS.getCurrentDate(), entryExtn);
-
-                            revCertImplsV.addElement(revCertImpl);
-                            count++;
-                            rarg.addStringValue("error", null);
-                            argSet.addRepeatRecord(rarg);
-                        }
-                    }
-                } else {
-                    String b64eCert = req.getParameter("b64eCertificate");
-
-                    if (b64eCert != null) {
-                        byte[] certBytes = Utils.base64decode(b64eCert);
-                        X509CertImpl cert = new X509CertImpl(certBytes);
-                        IArgBlock rarg = CMS.createArgBlock();
-
-                        rarg.addBigIntegerValue("serialNumber",
-                                cert.getSerialNumber(), 16);
-                        oldCertsV.addElement(cert);
-
-                        RevokedCertImpl revCertImpl =
-                                new RevokedCertImpl(cert.getSerialNumber(),
-                                        CMS.getCurrentDate(), entryExtn);
-
-                        revCertImplsV.addElement(revCertImpl);
-                        count++;
-                        rarg.addStringValue("error", null);
-                        argSet.addRepeatRecord(rarg);
-                    }
-                }
-            }
-
-            header.addIntegerValue("totalRecordCount", count);
-
-            X509CertImpl[] oldCerts = new X509CertImpl[count];
-            RevokedCertImpl[] revCertImpls = new RevokedCertImpl[count];
-
-            for (int i = 0; i < count; i++) {
-                oldCerts[i] = oldCertsV.elementAt(i);
-                revCertImpls[i] = revCertImplsV.elementAt(i);
-            }
-
-            IRequest revReq =
-                    mQueue.newRequest(IRequest.REVOCATION_REQUEST);
-
-            revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
-            revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST);
-            revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
-
-            revReq.setExtData(IRequest.OLD_CERTS, oldCerts);
-            if (comments != null) {
-                revReq.setExtData(IRequest.REQUESTOR_COMMENTS, comments);
-            }
-
-            mQueue.processRequest(revReq);
-            RequestStatus stat = revReq.getRequestStatus();
-
-            if (stat == RequestStatus.COMPLETE) {
-                // audit log the error
-                Integer result = revReq.getExtDataInInteger(IRequest.RESULT);
-
-                if (result.equals(IRequest.RES_ERROR)) {
-                    String[] svcErrors =
-                            revReq.getExtDataInStringArray(IRequest.SVCERRORS);
-
-                    if (svcErrors != null && svcErrors.length > 0) {
-                        for (int i = 0; i < svcErrors.length; i++) {
-                            String err = svcErrors[i];
-
-                            if (err != null) {
-                                //cmsReq.setErrorDescription(err);
-                                for (int j = 0; j < count; j++) {
-                                    if (oldCerts[j] != null) {
-                                        mLogger.log(ILogger.EV_AUDIT,
-                                                ILogger.S_OTHER,
-                                                AuditFormat.LEVEL,
-                                                AuditFormat.DOREVOKEFORMAT,
-                                                new Object[] {
-                                                        revReq.getRequestId(),
-                                                        initiative,
-                                                        "completed with error: " +
-                                                                err,
-                                                        oldCerts[j].getSubjectDN(),
-                                                        oldCerts[j].getSerialNumber().toString(16),
-                                                        RevocationReason.fromInt(reason).toString() }
-                                                );
-                                    }
-                                }
-                            }
-                        }
-                    }
-                    return;
-                }
-
-                // audit log the success.
-                for (int j = 0; j < count; j++) {
-                    if (oldCerts[j] != null) {
-                        mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.DOREVOKEFORMAT,
-                                new Object[] {
-                                        revReq.getRequestId(),
-                                        initiative,
-                                        "completed",
-                                        oldCerts[j].getSubjectDN(),
-                                        oldCerts[j].getSerialNumber().toString(16),
-                                        RevocationReason.fromInt(reason).toString() }
-                                );
-                    }
-                }
-
-                header.addStringValue("revoked", "yes");
-
-                Integer updateCRLResult =
-                        revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
-
-                if (updateCRLResult != null) {
-                    header.addStringValue("updateCRL", "yes");
-                    if (updateCRLResult.equals(IRequest.RES_SUCCESS)) {
-                        header.addStringValue("updateCRLSuccess", "yes");
-                    } else {
-                        header.addStringValue("updateCRLSuccess", "no");
-                        String crlError =
-                                revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
-
-                        if (crlError != null)
-                            header.addStringValue("updateCRLError",
-                                    crlError);
-                    }
-                    // let known crl publishing status too.
-                    Integer publishCRLResult =
-                            revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
-
-                    if (publishCRLResult != null) {
-                        if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
-                            header.addStringValue("publishCRLSuccess", "yes");
-                        } else {
-                            header.addStringValue("publishCRLSuccess", "no");
-                            String publError =
-                                    revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
-
-                            if (publError != null)
-                                header.addStringValue("publishCRLError",
-                                        publError);
-                        }
-                    }
-                }
-                if (mAuthority instanceof ICertificateAuthority) {
-                    // let known update and publish status of all crls.
-                    Enumeration<ICRLIssuingPoint> otherCRLs =
-                            ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
-
-                    while (otherCRLs.hasMoreElements()) {
-                        ICRLIssuingPoint crl = otherCRLs.nextElement();
-                        String crlId = crl.getId();
-
-                        if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
-                            continue;
-                        String updateStatusStr = crl.getCrlUpdateStatusStr();
-                        Integer updateResult = revReq.getExtDataInInteger(updateStatusStr);
-
-                        if (updateResult != null) {
-                            if (updateResult.equals(IRequest.RES_SUCCESS)) {
-                                CMS.debug("ChallengeRevcationServlet1: "
-                                        + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER",
-                                                updateStatusStr));
-                                header.addStringValue(updateStatusStr, "yes");
-                            } else {
-                                String updateErrorStr = crl.getCrlUpdateErrorStr();
-
-                                CMS.debug("ChallengeRevcationServlet1: "
-                                        + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
-                                                updateStatusStr));
-                                header.addStringValue(updateStatusStr, "no");
-                                String error =
-                                        revReq.getExtDataInString(updateErrorStr);
-
-                                if (error != null)
-                                    header.addStringValue(updateErrorStr,
-                                            error);
-                            }
-                            String publishStatusStr = crl.getCrlPublishStatusStr();
-                            Integer publishResult =
-                                    revReq.getExtDataInInteger(publishStatusStr);
-
-                            if (publishResult == null)
-                                continue;
-                            if (publishResult.equals(IRequest.RES_SUCCESS)) {
-                                header.addStringValue(publishStatusStr, "yes");
-                            } else {
-                                String publishErrorStr =
-                                        crl.getCrlPublishErrorStr();
-
-                                header.addStringValue(publishStatusStr, "no");
-                                String error =
-                                        revReq.getExtDataInString(publishErrorStr);
-
-                                if (error != null)
-                                    header.addStringValue(
-                                            publishErrorStr, error);
-                            }
-                        }
-                    }
-                }
-
-                if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
-                    header.addStringValue("dirEnabled", "yes");
-                    Integer[] ldapPublishStatus =
-                            revReq.getExtDataInIntegerArray("ldapPublishStatus");
-                    int certsToUpdate = 0;
-                    int certsUpdated = 0;
-
-                    if (ldapPublishStatus != null) {
-                        certsToUpdate = ldapPublishStatus.length;
-                        for (int i = 0; i < certsToUpdate; i++) {
-                            if (ldapPublishStatus[i] == IRequest.RES_SUCCESS) {
-                                certsUpdated++;
-                            }
-                        }
-                    }
-                    header.addIntegerValue("certsUpdated", certsUpdated);
-                    header.addIntegerValue("certsToUpdate", certsToUpdate);
-
-                    // add crl publishing status.
-                    String publError =
-                            revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
-
-                    if (publError != null) {
-                        header.addStringValue("crlPublishError",
-                                publError);
-                    }
-                } else {
-                    header.addStringValue("dirEnabled", "no");
-                }
-                header.addStringValue("error", null);
-
-            } else if (stat == RequestStatus.PENDING) {
-                header.addStringValue("error", "Request Pending");
-                header.addStringValue("revoked", "pending");
-                // audit log the pending
-                for (int j = 0; j < count; j++) {
-                    if (oldCerts[j] != null) {
-                        mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.DOREVOKEFORMAT,
-                                new Object[] {
-                                        revReq.getRequestId(),
-                                        initiative,
-                                        "pending",
-                                        oldCerts[j].getSubjectDN(),
-                                        oldCerts[j].getSerialNumber().toString(16),
-                                        RevocationReason.fromInt(reason).toString() }
-                                );
-                    }
-                }
-
-            } else {
-                Vector<String> errors = revReq.getExtDataInStringVector(IRequest.ERRORS);
-                StringBuffer errorStr = new StringBuffer();
-
-                if (errors != null && errors.size() > 0) {
-                    for (int ii = 0; ii < errors.size(); ii++) {
-                        errorStr.append(errors.elementAt(ii));
-                    }
-                }
-                header.addStringValue("error", errorStr.toString());
-                header.addStringValue("revoked", "no");
-                // audit log the error
-                for (int j = 0; j < count; j++) {
-                    if (oldCerts[j] != null) {
-                        mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.DOREVOKEFORMAT,
-                                new Object[] {
-                                        revReq.getRequestId(),
-                                        initiative,
-                                        stat.toString(),
-                                        oldCerts[j].getSubjectDN(),
-                                        oldCerts[j].getSerialNumber().toString(16),
-                                        RevocationReason.fromInt(reason).toString() }
-                                );
-                    }
-                }
-            }
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, "error " + e);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, "error " + e);
-            throw e;
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString()));
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-
-        return;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java b/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java
deleted file mode 100644
index bf5fc490f..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java
+++ /dev/null
@@ -1,143 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Redirect a request to the Master. This servlet is used in
- * a clone when a requested service (such as CRL) is not available.
- * It redirects the user to the master.
- *
- * @version $Revision$, $Date$
- */
-public class CloneRedirect extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 3217967115281965166L;
-    private final static String PROP_REDIRECT_URL = "masterURL";
-    private final static String TPL_FILE = "cloneRedirect.template";
-
-    private String mNewUrl = null;
-    private String mFormPath = null;
-
-    private ICertificateAuthority mCA = null;
-
-    /**
-     * Constructs CloneRedirect servlet.
-     */
-    public CloneRedirect() {
-        super();
-
-    }
-
-    /**
-     * Initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-
-        if (mAuthority instanceof ICertificateAuthority) {
-            mCA = (ICertificateAuthority) mAuthority;
-            IConfigStore authConfig = mCA.getConfigStore();
-
-            if (authConfig != null) {
-                try {
-                    mNewUrl = authConfig.getString(PROP_REDIRECT_URL,
-                                "*** master URL unavailable, check your configuration ***");
-                } catch (EBaseException e) {
-                    // do nothing
-                }
-            }
-        }
-
-        if (mAuthority instanceof ICertificateAuthority)
-            mCA = (ICertificateAuthority) mAuthority;
-
-        // override success to do output with our own template.
-        mTemplates.remove(ICMSRequest.SUCCESS);
-    }
-
-    /**
-     * Serves HTTP request.
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-            throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-        }
-
-        CMS.debug("CloneRedirect: " + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl));
-        header.addStringValue("masterURL", mNewUrl);
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            String xmlOutput = req.getParameter("xml");
-            if (xmlOutput != null && xmlOutput.equals("true")) {
-                outputXML(resp, argSet);
-            } else {
-                resp.setContentType("text/html");
-                form.renderOutput(out, argSet);
-                cmsReq.setStatus(ICMSRequest.SUCCESS);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java b/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java
deleted file mode 100644
index 66c2aa268..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java
+++ /dev/null
@@ -1,242 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.util.Date;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-import com.netscape.cms.authentication.HashAuthentication;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * 'Face-to-face' certificate enrollment.
- *
- * @version $Revision$, $Date$
- */
-public class DirAuthServlet extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 3906057586972768401L;
-    private final static String TPL_FILE = "/ra/hashEnrollmentSubmit.template";
-    private final static String TPL_ERROR_FILE = "/ra/GenErrorHashDirEnroll.template";
-    private String mFormPath = null;
-
-    public DirAuthServlet() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        try {
-            mFormPath = sc.getInitParameter(
-                        PROP_SUCCESS_TEMPLATE);
-            if (mFormPath == null)
-                mFormPath = TPL_FILE;
-        } catch (Exception e) {
-        }
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-    }
-
-    /**
-     * Process the HTTP request. This servlet reads configuration information
-     * from the hashDirEnrollment configuration substore
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq)
-            throws EBaseException {
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        String reqHost = httpReq.getRemoteHost();
-
-        // Construct an ArgBlock
-        IArgBlock args = cmsReq.getHttpParams();
-
-        if (!(mAuthority instanceof IRegistrationAuthority)) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_CA_FROM_RA_NOT_IMP"));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_NOT_YET_IMPLEMENTED")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, httpReq, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "submit");
-        } catch (Exception e) {
-            // do nothing for now
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        IConfigStore configStore = CMS.getConfigStore();
-        String val = configStore.getString("hashDirEnrollment.name");
-        IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-        IAuthManager authMgr = authSS.get(val);
-        HashAuthentication mgr = (HashAuthentication) authMgr;
-
-        Date date = new Date();
-        long currTime = date.getTime();
-        long timeout = mgr.getTimeout(reqHost);
-        long lastlogin = mgr.getLastLogin(reqHost);
-        long diff = currTime - lastlogin;
-
-        boolean enable = mgr.isEnable(reqHost);
-
-        if (!enable) {
-            printError(cmsReq, "0");
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-            return;
-        }
-        if (lastlogin == 0)
-            mgr.setLastLogin(reqHost, currTime);
-        else if (diff > timeout) {
-            mgr.disable(reqHost);
-            printError(cmsReq, "2");
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-            return;
-        }
-
-        mgr.setLastLogin(reqHost, currTime);
-
-        String uid = args.getValueAsString("uid");
-        long pageid = mgr.getPageID();
-        String pageID = pageid + "";
-
-        mgr.addAuthToken(pageID, authToken);
-
-        header.addStringValue("pageID", pageID);
-        header.addStringValue("uid", uid);
-        header.addStringValue("fingerprint", mgr.hashFingerprint(reqHost, pageID, uid));
-        header.addStringValue("hostname", reqHost);
-
-        try {
-            ServletOutputStream out = httpResp.getOutputStream();
-
-            httpResp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-        }
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-        return;
-    }
-
-    private void printError(CMSRequest cmsReq, String errorCode)
-            throws EBaseException {
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        header.addStringValue("authority", "Registration Manager");
-        header.addStringValue("errorCode", errorCode);
-        String formPath = TPL_ERROR_FILE;
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(formPath, httpReq, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        try {
-            ServletOutputStream out = httpResp.getOutputStream();
-
-            httpResp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-        }
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java b/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java
deleted file mode 100644
index 4b195c282..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java
+++ /dev/null
@@ -1,174 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.security.cert.X509Certificate;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-import com.netscape.cms.authentication.HashAuthentication;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * For Face-to-face enrollment, disable EE enrollment feature
- *
- * @version $Revision$, $Date$
- * @see com.netscape.cms.servlet.cert.EnableEnrollResult
- */
-public class DisableEnrollResult extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 4307655310299723974L;
-    private final static String TPL_FILE = "enableEnrollResult.template";
-    private String mFormPath = null;
-
-    public DisableEnrollResult() {
-        super();
-    }
-
-    /**
-     * Initializes the servlet.
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        // coming from agent
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-    }
-
-    protected CMSRequest newCMSRequest() {
-        return new CMSRequest();
-    }
-
-    /**
-     * Services the request
-     */
-    protected void process(CMSRequest cmsReq)
-            throws EBaseException {
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        IAuthToken token = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, token,
-                        mAuthzResourceName, "disable");
-        } catch (Exception e) {
-            // do nothing for now
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        X509Certificate sslClientCert = null;
-
-        sslClientCert = getSSLClientCertificate(httpReq);
-        String dn = sslClientCert.getSubjectDN().toString();
-
-        // Construct an ArgBlock
-        IArgBlock args = cmsReq.getHttpParams();
-
-        if (!(mAuthority instanceof IRegistrationAuthority)) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_CA_FROM_RA_NOT_IMP"));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_NOT_YET_IMPLEMENTED")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, httpReq, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        IConfigStore configStore = CMS.getConfigStore();
-        String val = configStore.getString("hashDirEnrollment.name");
-        IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-        IAuthManager authMgr = authSS.get(val);
-        HashAuthentication mgr = (HashAuthentication) authMgr;
-
-        String host = args.getValueAsString("hosts", null);
-        String name = mgr.getAgentName(host);
-
-        if (name == null) {
-            header.addStringValue("code", "2");
-        } else if (name.equals(dn)) {
-            mgr.disable(host);
-            header.addStringValue("code", "2");
-        } else {
-            header.addStringValue("code", "3");
-        }
-
-        try {
-            ServletOutputStream out = httpResp.getOutputStream();
-
-            httpResp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-        }
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-        return;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java b/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
deleted file mode 100644
index da7f01ca5..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
+++ /dev/null
@@ -1,488 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.Enumeration;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.extensions.NSCertTypeExtension;
-import netscape.security.pkcs.ContentInfo;
-import netscape.security.pkcs.PKCS7;
-import netscape.security.pkcs.SignerInfo;
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.CRLExtensions;
-import netscape.security.x509.CRLReasonExtension;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.Extension;
-import netscape.security.x509.KeyUsageExtension;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.ICertPrettyPrint;
-import com.netscape.certsrv.base.MetaInfo;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.EDBRecordNotFoundException;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.dbs.certdb.IRevocationInfo;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * Display detailed information about a certificate
- *
- * The template 'displayBySerial.template' is used to
- * render the response for this servlet.
- *
- * @version $Revision$, $Date$
- */
-public class DisplayBySerial extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -4143700762995036597L;
-    private final static String TPL_FILE1 = "displayBySerial.template";
-    private final static BigInteger MINUS_ONE = new BigInteger("-1");
-
-    private ICertificateRepository mCertDB = null;
-    private String mForm1Path = null;
-    private X509Certificate mCACerts[] = null;
-
-    /**
-     * Constructs DisplayBySerial servlet.
-     */
-    public DisplayBySerial() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        if (mAuthority instanceof ICertificateAuthority) {
-            mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository();
-        }
-        try {
-            mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain();
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE"));
-        }
-        // coming from ee
-        mForm1Path = "/" + mAuthority.getId() + "/" + TPL_FILE1;
-
-        if (mOutputTemplatePath != null)
-            mForm1Path = mOutputTemplatePath;
-
-        // override success and error templates to null -
-        // handle templates locally.
-        mTemplates.remove(ICMSRequest.SUCCESS);
-    }
-
-    /**
-     * Serves HTTP request. The format of this request is as follows:
-     * <ul>
-     * <li>http.param serialNumber Decimal serial number of certificate to display (or hex if serialNumber preceded by
-     * 0x)
-     * </ul>
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        BigInteger serialNumber = MINUS_ONE;
-        EBaseException error = null;
-        String certType[] = new String[1];
-
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            AuthzToken authzToken = null;
-
-            try {
-                authzToken = authorize(mAclMethod, authToken,
-                            mAuthzResourceName, "read");
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            }
-
-            if (authzToken == null) {
-                cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-                return;
-            }
-
-            serialNumber = getSerialNumber(req);
-            getCertRecord(serialNumber, certType); //throw exception on error
-
-            if (certType[0].equalsIgnoreCase("x509")) {
-                form = getTemplate(mForm1Path, req, locale);
-            }
-        } catch (NumberFormatException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", String.valueOf(serialNumber)));
-
-            error = new ECMSGWException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-        } catch (EDBRecordNotFoundException e) {
-            throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", "0x" + serialNumber.toString(16)));
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        try {
-            if (serialNumber.compareTo(MINUS_ONE) > 0) {
-                process(argSet, header, serialNumber,
-                        req, resp, locale[0]);
-            } else {
-                error = new ECMSGWException(
-                            CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER"));
-            }
-        } catch (EBaseException e) {
-            error = e;
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            if (error == null) {
-                String xmlOutput = req.getParameter("xml");
-                if (xmlOutput != null && xmlOutput.equals("true")) {
-                    outputXML(resp, argSet);
-                } else {
-                    resp.setContentType("text/html");
-                    form.renderOutput(out, argSet);
-                    cmsReq.setStatus(ICMSRequest.SUCCESS);
-                }
-            } else {
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                cmsReq.setError(error);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString()));
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-        }
-
-    }
-
-    /**
-     * Display information about a particular certificate
-     */
-    private void process(CMSTemplateParams argSet, IArgBlock header,
-            BigInteger seq, HttpServletRequest req,
-            HttpServletResponse resp,
-            Locale locale)
-            throws EBaseException {
-        String certType[] = new String[1];
-
-        try {
-            getCertRecord(seq, certType); // throw exception on error
-
-            if (certType[0].equalsIgnoreCase("x509")) {
-                processX509(argSet, header, seq, req, resp, locale);
-                return;
-            }
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
-            throw e;
-        }
-
-        return;
-    }
-
-    private void processX509(CMSTemplateParams argSet, IArgBlock header,
-            BigInteger seq, HttpServletRequest req,
-            HttpServletResponse resp,
-            Locale locale)
-            throws EBaseException {
-        try {
-            ICertRecord rec = mCertDB.readCertificateRecord(seq);
-            if (rec == null) {
-                CMS.debug("DisplayBySerial: failed to read record");
-                throw new ECMSGWException(
-                        CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
-            }
-            X509CertImpl cert = rec.getCertificate();
-            if (cert == null) {
-                CMS.debug("DisplayBySerial: no certificate in record");
-                throw new ECMSGWException(
-                        CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
-            }
-
-            try {
-                X509CertInfo info = (X509CertInfo) cert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
-                if (info == null) {
-                    CMS.debug("DisplayBySerial: no info found");
-                    throw new ECMSGWException(
-                            CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
-                }
-                CertificateExtensions extensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
-
-                boolean emailCert = false;
-
-                if (extensions != null) {
-                    for (int i = 0; i < extensions.size(); i++) {
-                        Extension ext = extensions.elementAt(i);
-
-                        if (ext instanceof NSCertTypeExtension) {
-                            NSCertTypeExtension type = (NSCertTypeExtension) ext;
-
-                            if (((Boolean) type.get(NSCertTypeExtension.EMAIL)).booleanValue())
-                                emailCert = true;
-                        }
-                        if (ext instanceof KeyUsageExtension) {
-                            KeyUsageExtension usage =
-                                    (KeyUsageExtension) ext;
-
-                            try {
-                                if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() ||
-                                        ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue())
-                                    emailCert = true;
-                            } catch (ArrayIndexOutOfBoundsException e) {
-                                // bug356108:
-                                // In case there is only DIGITAL_SIGNATURE,
-                                // don't report error
-                            }
-                        }
-                    }
-                }
-                header.addBooleanValue("emailCert", emailCert);
-
-                boolean noCertImport = true;
-                MetaInfo metaInfo = (MetaInfo) rec.get(ICertRecord.ATTR_META_INFO);
-
-                if (metaInfo != null) {
-                    String rid = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
-
-                    if (rid != null && mAuthority instanceof ICertificateAuthority) {
-                        IRequest r =
-                                ((ICertificateAuthority) mAuthority).getRequestQueue().findRequest(new RequestId(rid));
-                        String certType = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
-
-                        if (certType != null && certType.equals(IRequest.CLIENT_CERT)) {
-                            noCertImport = false;
-                        }
-                    }
-                }
-                header.addBooleanValue("noCertImport", noCertImport);
-
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString()));
-            }
-
-            IRevocationInfo revocationInfo = rec.getRevocationInfo();
-
-            if (revocationInfo != null) {
-                CRLExtensions crlExts = revocationInfo.getCRLEntryExtensions();
-
-                if (crlExts != null) {
-                    Enumeration<Extension> enumx = crlExts.getElements();
-                    int reason = 0;
-
-                    while (enumx.hasMoreElements()) {
-                        Extension ext = enumx.nextElement();
-
-                        if (ext instanceof CRLReasonExtension) {
-                            reason = ((CRLReasonExtension) ext).getReason().toInt();
-                        }
-                    }
-                    header.addIntegerValue("revocationReason", reason);
-                }
-            }
-
-            ICertPrettyPrint certDetails = CMS.getCertPrettyPrint(cert);
-
-            header.addStringValue("certPrettyPrint",
-                    certDetails.toString(locale));
-
-            /*
-             String scheme = req.getScheme();
-             if (scheme.equals("http") && connectionIsSSL(req))
-             scheme = "https";
-             String requestURI = req.getRequestURI();
-             int i = requestURI.indexOf('?');
-             String newRequestURI =
-             (i > -1)? requestURI.substring(0, i): requestURI;
-             header.addStringValue("serviceURL", scheme +"://"+
-             req.getServerName() + ":"+
-             req.getServerPort() + newRequestURI);
-             */
-            header.addStringValue("authorityid", mAuthority.getId());
-
-            String certFingerprints = "";
-
-            try {
-                certFingerprints = CMS.getFingerPrints(cert);
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", e.toString()));
-            }
-            if (certFingerprints.length() > 0)
-                header.addStringValue("certFingerprint", certFingerprints);
-
-            byte[] ba = cert.getEncoded();
-            // Do base 64 encoding
-
-            header.addStringValue("certChainBase64", Utils.base64encode(ba));
-            header.addStringValue("serialNumber", seq.toString(16));
-
-            /*
-             String userAgent = req.getHeader("user-agent");
-             String agent =
-             (userAgent != null)? UserInfo.getUserAgent(userAgent): "";
-             */
-            // Now formulate a PKCS#7 blob
-            X509CertImpl[] certsInChain = new X509CertImpl[1];
-            ;
-            if (mCACerts != null) {
-                for (int i = 0; i < mCACerts.length; i++) {
-                    if (cert.equals(mCACerts[i])) {
-                        certsInChain = new
-                                X509CertImpl[mCACerts.length];
-                        break;
-                    }
-                    certsInChain = new X509CertImpl[mCACerts.length + 1];
-                }
-            }
-
-            // Set the EE cert
-            certsInChain[0] = cert;
-
-            // Set the Ca certificate chain
-            if (mCACerts != null) {
-                for (int i = 0; i < mCACerts.length; i++) {
-                    if (!cert.equals(mCACerts[i]))
-                        certsInChain[i + 1] = (X509CertImpl) mCACerts[i];
-                }
-            }
-
-            // Wrap the chain into a degenerate P7 object
-            String p7Str;
-
-            try {
-                PKCS7 p7 = new PKCS7(new AlgorithmId[0],
-                        new ContentInfo(new byte[0]),
-                        certsInChain,
-                        new SignerInfo[0]);
-                ByteArrayOutputStream bos = new ByteArrayOutputStream();
-
-                p7.encodeSignedData(bos, false);
-                byte[] p7Bytes = bos.toByteArray();
-
-                p7Str = Utils.base64encode(p7Bytes);
-                header.addStringValue("pkcs7ChainBase64", p7Str);
-            } catch (Exception e) {
-                //p7Str = "PKCS#7 B64 Encoding error - " + e.toString()
-                //+ "; Please contact your administrator";
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString()));
-                throw new ECMSGWException(
-                        CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7"));
-            }
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString()));
-            throw e;
-        } catch (CertificateEncodingException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
-        }
-
-        return;
-    }
-
-    private ICertRecord getCertRecord(BigInteger seq, String certtype[])
-            throws EBaseException {
-        ICertRecord rec = null;
-
-        try {
-            rec = mCertDB.readCertificateRecord(seq);
-            X509CertImpl x509cert = rec.getCertificate();
-
-            if (x509cert != null) {
-                certtype[0] = "x509";
-                return rec;
-            }
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
-            throw e;
-        }
-
-        return rec;
-    }
-
-    private BigInteger getSerialNumber(HttpServletRequest req)
-            throws NumberFormatException {
-        String serialNumString = req.getParameter("serialNumber");
-
-        if (serialNumString != null) {
-            serialNumString = serialNumString.trim();
-            if (serialNumString.startsWith("0x") || serialNumString.startsWith("0X")) {
-                return new BigInteger(serialNumString.substring(2), 16);
-            } else {
-                return new BigInteger(serialNumString);
-            }
-        } else {
-            throw new NumberFormatException();
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java b/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java
deleted file mode 100644
index 3c9d5778c..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java
+++ /dev/null
@@ -1,491 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.CRLException;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.X509CRLImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.ICRLPrettyPrint;
-import com.netscape.certsrv.ca.ICRLIssuingPoint;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
-import com.netscape.certsrv.dbs.crldb.ICRLRepository;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * Decode the CRL and display it to the requester.
- *
- * @version $Revision$, $Date$
- */
-public class DisplayCRL extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 1152016798229054027L;
-    private final static String TPL_FILE = "displayCRL.template";
-    //private final static String E_TPL_FILE = "error.template";
-    //private final static String OUT_ERROR = "errorDetails";
-
-    private String mFormPath = null;
-    private ICertificateAuthority mCA = null;
-
-    /**
-     * Constructs DisplayCRL servlet.
-     */
-    public DisplayCRL() {
-        super();
-    }
-
-    /**
-     * Initialize the servlet. This servlet uses the 'displayCRL.template' file to
-     * to render the response to the client.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        if (mAuthority instanceof ICertificateAuthority) {
-            mCA = (ICertificateAuthority) mAuthority;
-        }
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-    }
-
-    /**
-     * Process the HTTP request
-     * <ul>
-     * <li>http.param crlIssuingPoint number
-     * <li>http.param crlDisplayType entireCRL or crlHeader or base64Encoded or deltaCRL
-     * <li>http.param pageStart which page to start displaying from
-     * <li>http.param pageSize number of entries to show per page
-     * </ul>
-     *
-     * @param cmsReq the Request to service.
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "read");
-        } catch (Exception e) {
-            // do nothing for now
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        // Note error is covered in the same template as success.
-
-        String crlIssuingPointId = req.getParameter("crlIssuingPoint");
-
-        process(argSet, header, req, resp, crlIssuingPointId,
-                locale[0]);
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            String xmlOutput = req.getParameter("xml");
-            if (xmlOutput != null && xmlOutput.equals("true")) {
-                outputXML(resp, argSet);
-            } else {
-                resp.setContentType("text/html");
-                form.renderOutput(out, argSet);
-                cmsReq.setStatus(ICMSRequest.SUCCESS);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString()));
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-        }
-    }
-
-    /**
-     * Display information about a particular CRL.
-     */
-    private void process(CMSTemplateParams argSet, IArgBlock header,
-                         HttpServletRequest req,
-                         HttpServletResponse resp,
-                         String crlIssuingPointId,
-                         Locale locale) {
-        ICRLIssuingPoint crlIP = null;
-        X509CRLImpl crl = null;
-        boolean clonedCA = false;
-        boolean isCRLCacheEnabled = false;
-        String masterHost = null;
-        String masterPort = null;
-        Vector<String> ipNames = null;
-        String ipId = crlIssuingPointId;
-        ICRLRepository crlRepository = mCA.getCRLRepository();
-
-        try {
-            masterHost = CMS.getConfigStore().getString("master.ca.agent.host", "");
-            masterPort = CMS.getConfigStore().getString("master.ca.agent.port", "");
-            if (masterHost != null && masterHost.length() > 0 &&
-                    masterPort != null && masterPort.length() > 0) {
-                clonedCA = true;
-                ipNames = crlRepository.getIssuingPointsNames();
-            }
-        } catch (EBaseException e) {
-        }
-
-        if (clonedCA) {
-            if (crlIssuingPointId != null) {
-                if (ipNames != null && ipNames.size() > 0) {
-                    int i;
-                    for (i = 0; i < ipNames.size(); i++) {
-                        String ipName = ipNames.elementAt(i);
-                        if (crlIssuingPointId.equals(ipName)) {
-                            break;
-                        }
-                    }
-                    if (i >= ipNames.size())
-                        crlIssuingPointId = null;
-                } else {
-                    crlIssuingPointId = null;
-                }
-            }
-        } else {
-            if (crlIssuingPointId != null) {
-                Enumeration<ICRLIssuingPoint> ips = mCA.getCRLIssuingPoints();
-
-                while (ips.hasMoreElements()) {
-                    ICRLIssuingPoint ip = ips.nextElement();
-
-                    if (crlIssuingPointId.equals(ip.getId())) {
-                        crlIP = ip;
-                        isCRLCacheEnabled = ip.isCRLCacheEnabled();
-                        break;
-                    }
-                    if (!ips.hasMoreElements())
-                        crlIssuingPointId = null;
-                }
-            }
-        }
-        if (crlIssuingPointId == null) {
-            header.addStringValue("error",
-                    "Request to unspecified or non-existing CRL issuing point: " + ipId);
-            return;
-        }
-
-        ICRLIssuingPointRecord crlRecord = null;
-
-        String crlDisplayType = req.getParameter("crlDisplayType");
-
-        if (crlDisplayType == null)
-            crlDisplayType = "cachedCRL";
-        header.addStringValue("crlDisplayType", crlDisplayType);
-
-        try {
-            crlRecord =
-                    mCA.getCRLRepository().readCRLIssuingPointRecord(crlIssuingPointId);
-        } catch (EBaseException e) {
-            header.addStringValue("error", e.toString(locale));
-            return;
-        }
-        if (crlRecord == null) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
-            header.addStringValue("error",
-                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
-            return;
-        }
-
-        header.addStringValue("crlIssuingPoint", crlIssuingPointId);
-        if (crlDisplayType.equals("deltaCRL")) {
-            if (clonedCA) {
-                header.addStringValue("crlNumber", crlRecord.getDeltaCRLNumber().toString());
-            } else {
-                header.addStringValue("crlNumber", crlIP.getDeltaCRLNumber().toString());
-            }
-        } else {
-            if (clonedCA) {
-                header.addStringValue("crlNumber", crlRecord.getCRLNumber().toString());
-            } else {
-                header.addStringValue("crlNumber", crlIP.getCRLNumber().toString());
-            }
-        }
-        long lCRLSize = crlRecord.getCRLSize().longValue();
-        header.addLongValue("crlSize", lCRLSize);
-
-        if (crlIP != null) {
-            header.addStringValue("crlDescription", crlIP.getDescription());
-        }
-
-        if (!crlDisplayType.equals("cachedCRL")) {
-            byte[] crlbytes = crlRecord.getCRL();
-
-            if (crlbytes == null) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
-                header.addStringValue("error",
-                        new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
-                return;
-            }
-
-            try {
-                if (crlDisplayType.equals("crlHeader")) {
-                    crl = new X509CRLImpl(crlbytes, false);
-                } else {
-                    crl = new X509CRLImpl(crlbytes);
-                }
-
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_CRL", e.toString()));
-                header.addStringValue("error",
-                        new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
-            }
-        }
-
-        if (crl != null || (isCRLCacheEnabled && crlDisplayType.equals("cachedCRL"))) {
-            if (crlDisplayType.equals("entireCRL") || crlDisplayType.equals("cachedCRL")) {
-                ICRLPrettyPrint crlDetails = null;
-                if (crlDisplayType.equals("entireCRL")) {
-                    crlDetails = CMS.getCRLPrettyPrint(crl);
-                } else {
-                    crlDetails = CMS.getCRLCachePrettyPrint(crlIP);
-                }
-
-                String pageStart = req.getParameter("pageStart");
-                String pageSize = req.getParameter("pageSize");
-
-                if (pageStart != null && pageSize != null) {
-                    long lPageStart = 0L;
-                    long lPageSize = 0L;
-                    try {
-                        lPageStart = new Long(pageStart).longValue();
-                    } catch (NumberFormatException e) {
-                    }
-                    try {
-                        lPageSize = new Long(pageSize).longValue();
-                    } catch (NumberFormatException e) {
-                    }
-
-                    if (lPageStart < 1)
-                        lPageStart = 1;
-                    // if (lPageStart + lPageSize - lCRLSize > 1)
-                    //     lPageStart = lCRLSize - lPageSize + 1;
-                    if (lPageSize < 1)
-                        lPageSize = 10;
-
-                    header.addStringValue(
-                            "crlPrettyPrint", crlDetails.toString(locale,
-                                    lCRLSize, lPageStart, lPageSize));
-                    header.addLongValue("pageStart", lPageStart);
-                    header.addLongValue("pageSize", lPageSize);
-                } else {
-                    header.addStringValue(
-                            "crlPrettyPrint", crlDetails.toString(locale));
-                }
-            } else if (crlDisplayType.equals("crlHeader")) {
-                ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl);
-
-                header.addStringValue(
-                        "crlPrettyPrint", crlDetails.toString(locale, lCRLSize, 0, 0));
-            } else if (crlDisplayType.equals("base64Encoded")) {
-                try {
-                    byte[] ba = crl.getEncoded();
-                    String crlBase64Encoded = Utils.base64encode(ba);
-                    int length = crlBase64Encoded.length();
-                    int i = 0;
-                    int j = 0;
-                    int n = 1;
-
-                    while (i < length) {
-                        int k = crlBase64Encoded.indexOf('\n', i);
-
-                        if (n < 100 && k > -1) {
-                            n++;
-                            i = k + 1;
-                            if (i >= length) {
-                                IArgBlock rarg = CMS.createArgBlock();
-
-                                rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k));
-                                argSet.addRepeatRecord(rarg);
-                            }
-                        } else {
-                            n = 1;
-                            IArgBlock rarg = CMS.createArgBlock();
-
-                            if (k > -1) {
-                                rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k));
-                                i = k + 1;
-                                j = i;
-                            } else {
-                                rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length));
-                                i = length;
-                            }
-                            argSet.addRepeatRecord(rarg);
-                        }
-                    }
-                } catch (CRLException e) {
-                }
-            } else if (crlDisplayType.equals("deltaCRL")) {
-                if ((clonedCA && crlRecord.getDeltaCRLSize() != null &&
-                        crlRecord.getDeltaCRLSize().longValue() > -1) ||
-                        (crlIP != null && crlIP.isDeltaCRLEnabled())) {
-                    byte[] deltaCRLBytes = crlRecord.getDeltaCRL();
-
-                    if (deltaCRLBytes == null) {
-                        log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL", crlIssuingPointId));
-                        header.addStringValue("error", "Delta CRL is not available");
-                    } else {
-                        X509CRLImpl deltaCRL = null;
-
-                        try {
-                            deltaCRL = new X509CRLImpl(deltaCRLBytes);
-                        } catch (Exception e) {
-                            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_DELTA_CRL", e.toString()));
-                            header.addStringValue("error",
-                                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED"))
-                                            .toString());
-                        }
-                        if (deltaCRL != null) {
-                            BigInteger crlNumber = crlRecord.getCRLNumber();
-                            BigInteger deltaNumber = crlRecord.getDeltaCRLNumber();
-                            if ((clonedCA && crlNumber != null && deltaNumber != null &&
-                                    deltaNumber.compareTo(crlNumber) >= 0) ||
-                                    (crlIP != null && crlIP.isThisCurrentDeltaCRL(deltaCRL))) {
-
-                                header.addIntegerValue("deltaCRLSize",
-                                        deltaCRL.getNumberOfRevokedCertificates());
-
-                                ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(deltaCRL);
-
-                                header.addStringValue(
-                                        "crlPrettyPrint", crlDetails.toString(locale, 0, 0, 0));
-
-                                try {
-                                    byte[] ba = deltaCRL.getEncoded();
-                                    String crlBase64Encoded = Utils.base64encode(ba);
-                                    int length = crlBase64Encoded.length();
-                                    int i = 0;
-                                    int j = 0;
-                                    int n = 1;
-
-                                    while (i < length) {
-                                        int k = crlBase64Encoded.indexOf('\n', i);
-
-                                        if (n < 100 && k > -1) {
-                                            n++;
-                                            i = k + 1;
-                                            if (i >= length) {
-                                                IArgBlock rarg = CMS.createArgBlock();
-
-                                                rarg.addStringValue("crlBase64Encoded",
-                                                        crlBase64Encoded.substring(j, k));
-                                                argSet.addRepeatRecord(rarg);
-                                            }
-                                        } else {
-                                            n = 1;
-                                            IArgBlock rarg = CMS.createArgBlock();
-
-                                            if (k > -1) {
-                                                rarg.addStringValue("crlBase64Encoded",
-                                                        crlBase64Encoded.substring(j, k));
-                                                i = k + 1;
-                                                j = i;
-                                            } else {
-                                                rarg.addStringValue("crlBase64Encoded",
-                                                        crlBase64Encoded.substring(j, length));
-                                                i = length;
-                                            }
-                                            argSet.addRepeatRecord(rarg);
-                                        }
-                                    }
-                                } catch (CRLException e) {
-                                }
-                            } else {
-                                header.addStringValue("error", "Current Delta CRL is not available.");
-                            }
-                        }
-                    }
-                } else {
-                    header.addStringValue("error", "Delta CRL is not enabled for " +
-                            crlIssuingPointId +
-                            " issuing point");
-                }
-            }
-
-        } else if (!isCRLCacheEnabled && crlDisplayType.equals("cachedCRL")) {
-            header.addStringValue("error",
-                    CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId));
-            header.addStringValue("crlPrettyPrint",
-                    CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId));
-        } else {
-            header.addStringValue("error",
-                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
-            header.addStringValue("crlPrettyPrint",
-                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
-        }
-        return;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java b/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java
deleted file mode 100644
index 6c1d6f5f4..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java
+++ /dev/null
@@ -1,228 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.util.Date;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-import com.netscape.cms.authentication.HashAuthentication;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Servlet to report the status, ie, the agent-initiated user
- * enrollment is enabled or disabled.
- *
- * @version $Revision$, $Date$
- */
-public class DisplayHashUserEnroll extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = -7063912475278810362L;
-    private final static String TPL_FILE = "/ra/hashDirUserEnroll.template";
-    private final static String TPL_ERROR_FILE = "/ra/GenErrorHashDirEnroll.template";
-    private String mFormPath = null;
-
-    public DisplayHashUserEnroll() {
-        super();
-    }
-
-    /**
-     * Initializes the servlet.
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-
-        try {
-            mFormPath = sc.getInitParameter(
-                        PROP_SUCCESS_TEMPLATE);
-            if (mFormPath == null)
-                mFormPath = TPL_FILE;
-        } catch (Exception e) {
-        }
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-    }
-
-    protected CMSRequest newCMSRequest() {
-        return new CMSRequest();
-    }
-
-    /**
-     * Services the request
-     */
-    protected void process(CMSRequest cmsReq)
-            throws EBaseException {
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "read");
-        } catch (Exception e) {
-            // do nothing for now
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        String reqHost = httpReq.getRemoteHost();
-
-        if (!(mAuthority instanceof IRegistrationAuthority)) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE"));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        IConfigStore configStore = CMS.getConfigStore();
-        String val = configStore.getString("hashDirEnrollment.name");
-        IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-        IAuthManager authMgr = authSS.get(val);
-        HashAuthentication mgr = (HashAuthentication) authMgr;
-        boolean isEnable = mgr.isEnable(reqHost);
-
-        if (!isEnable) {
-            printError(cmsReq, "0");
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-            return;
-        }
-
-        Date date = new Date();
-        long currTime = date.getTime();
-        long timeout = mgr.getTimeout(reqHost);
-        long lastlogin = mgr.getLastLogin(reqHost);
-        long diff = currTime - lastlogin;
-
-        if (lastlogin == 0)
-            mgr.setLastLogin(reqHost, currTime);
-        else if (diff > timeout) {
-            mgr.disable(reqHost);
-            printError(cmsReq, "2");
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-            return;
-        }
-
-        mgr.setLastLogin(reqHost, currTime);
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, httpReq, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        try {
-            ServletOutputStream out = httpResp.getOutputStream();
-
-            httpResp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-        }
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-        return;
-    }
-
-    private void printError(CMSRequest cmsReq, String errorCode)
-            throws EBaseException {
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        header.addStringValue("authority", "Registration Manager");
-        header.addStringValue("errorCode", errorCode);
-        String formPath = TPL_ERROR_FILE;
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(formPath, httpReq, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        try {
-            ServletOutputStream out = httpResp.getOutputStream();
-
-            httpResp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
-
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java b/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
deleted file mode 100644
index 64a9856fc..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
+++ /dev/null
@@ -1,812 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.RevocationReason;
-import netscape.security.x509.X509CertImpl;
-
-import org.apache.commons.lang.StringUtils;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.authorization.EAuthzException;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.ForbiddenException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.ca.ICRLIssuingPoint;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.certdb.CertId;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.IPublisherProcessor;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.certsrv.usrgrp.ICertUserLocator;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Revoke a Certificate
- *
- * @version $Revision$, $Date$
- */
-public class DoRevoke extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 1693115906265904238L;
-    private final static String TPL_FILE = "revocationResult.template";
-
-    private ICertificateRepository mCertDB = null;
-    private String mFormPath = null;
-    private IPublisherProcessor mPublisherProcessor = null;
-    private int mTimeLimits = 30; /* in seconds */
-    private IUGSubsystem mUG = null;
-    private ICertUserLocator mUL = null;
-
-    public DoRevoke() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template
-     * file "revocationResult.template" to render the result
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-
-        mUG = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
-        mUL = mUG.getCertUserLocator();
-
-        if (mAuthority instanceof ICertificateAuthority) {
-            mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository();
-        }
-        if (mAuthority instanceof ICertAuthority) {
-            mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor();
-        }
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-
-        /* Server-Side time limit */
-        try {
-            mTimeLimits = Integer.parseInt(sc.getInitParameter("timeLimits"));
-        } catch (Exception e) {
-            /* do nothing, just use the default if integer parsing failed */
-        }
-    }
-
-    /**
-     * Serves HTTP request. The http parameters used by this request are as follows:
-     *
-     * <pre>
-     * serialNumber Serial number of certificate to revoke (in HEX)
-     * revocationReason Revocation reason (Described below)
-     * totalRecordCount [number]
-     * verifiedRecordCount [number]
-     * invalidityDate [number of seconds in Jan 1,1970]
-     *
-     * </pre>
-     *
-     * revocationReason can be one of these values:
-     *
-     * <pre>
-     * 0 = Unspecified   (default)
-     * 1 = Key compromised
-     * 2 = CA key compromised
-     * 3 = Affiliation changed
-     * 4 = Certificate superseded
-     * 5 = Cessation of operation
-     * 6 = Certificate is on hold
-     * </pre>
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        String revokeAll = null;
-        int totalRecordCount = -1;
-        int verifiedRecordCount = -1;
-        EBaseException error = null;
-        int reason = -1;
-        boolean authorized = true;
-        Date invalidityDate = null;
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock ctx = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-
-        try {
-            if (req.getParameter("revocationReason") != null) {
-                reason = Integer.parseInt(req.getParameter(
-                                "revocationReason"));
-            }
-            if (req.getParameter("totalRecordCount") != null) {
-                totalRecordCount = Integer.parseInt(req.getParameter(
-                                "totalRecordCount"));
-            }
-            if (req.getParameter("verifiedRecordCount") != null) {
-                verifiedRecordCount = Integer.parseInt(
-                            req.getParameter(
-                                    "verifiedRecordCount"));
-            }
-            if (req.getParameter("invalidityDate") != null) {
-                long l = Long.parseLong(req.getParameter(
-                            "invalidityDate"));
-
-                if (l > 0) {
-                    invalidityDate = new Date(l);
-                }
-            }
-            revokeAll = req.getParameter("revokeAll");
-
-            String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS);
-            String eeSubjectDN = null;
-            String eeSerialNumber = null;
-
-            //for audit log.
-            String initiative = null;
-
-            String authMgr = AuditFormat.NOAUTH;
-
-            authToken = authenticate(req);
-
-            AuthzToken authzToken = null;
-
-            try {
-                authzToken = authorize(mAclMethod, authToken,
-                            mAuthzResourceName, "revoke");
-            } catch (EAuthzAccessDenied e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            }
-
-            if (authzToken == null) {
-                cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-                return;
-            }
-
-            if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
-                if (authToken != null) {
-                    // Request is from agent.
-
-                    String serialNumber = req.getParameter("serialNumber");
-                    getSSLClientCertificate(req); // throw exception on error
-
-                    if (serialNumber != null) {
-                        // Agent has null subject DN.
-                        eeSerialNumber = serialNumber;
-                    }
-
-                    authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
-                    String agentID = authToken.getInString("userid");
-
-                    initiative = AuditFormat.FROMAGENT + " agentID: " + agentID +
-                            " authenticated by " + authMgr;
-                }
-            } else {
-                // Request is from user.
-                initiative = AuditFormat.FROMUSER;
-
-                String serialNumber = req.getParameter("serialNumber");
-                X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req);
-
-                if (serialNumber == null || sslCert == null ||
-                        !(serialNumber.equals(sslCert.getSerialNumber().toString(16)))) {
-                    throw new ForbiddenException("Invalid serial number.");
-
-                } else {
-                    eeSubjectDN = sslCert.getSubjectDN().toString();
-                    eeSerialNumber = sslCert.getSerialNumber().toString();
-                }
-
-            }
-
-            BigInteger serialNumber = parseSerialNumber(eeSerialNumber);
-
-            process(argSet, header, reason, invalidityDate, initiative,
-                    req, resp, verifiedRecordCount, revokeAll,
-                    totalRecordCount, serialNumber, eeSubjectDN,
-                    comments, locale[0]);
-
-        } catch (NumberFormatException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
-            error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
-
-        } catch (ForbiddenException e) {
-            authorized = false;
-
-        } catch (EBaseException e) {
-            error = e;
-        }
-
-        /*
-         catch (Exception e) {
-         noError = false;
-         header.addStringValue(OUT_ERROR,
-         MessageFormatter.getLocalizedString(
-         errorlocale[0],
-         BaseResources.class.getName(),
-         BaseResources.INTERNAL_ERROR_1,
-         e.toString()));
-         }
-         */
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            if (error == null && authorized) {
-                String xmlOutput = req.getParameter("xml");
-                if (xmlOutput != null && xmlOutput.equals("true")) {
-                    outputXML(resp, argSet);
-                } else {
-                    resp.setContentType("text/html");
-                    form.renderOutput(out, argSet);
-                    cmsReq.setStatus(ICMSRequest.SUCCESS);
-                }
-            } else if (!authorized) {
-                cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            } else {
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                cmsReq.setError(error);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-        }
-    }
-
-    /**
-     * Process cert status change request
-     * <P>
-     *
-     * (Certificate Request - either an "agent" cert status change request, or an "EE" cert status change request)
-     * <P>
-     *
-     * (Certificate Request Processed - either an "agent" cert status change request, or an "EE" cert status change
-     * request)
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. -
-     * "revocation") is made (before approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is
-     * changed (revoked, expired, on-hold, off-hold)
-     * </ul>
-     *
-     * @param argSet CMS template parameters
-     * @param header argument block
-     * @param reason revocation reason (0 - Unspecified, 1 - Key compromised,
-     *            2 - CA key compromised; should not be used, 3 - Affiliation changed,
-     *            4 - Certificate superceded, 5 - Cessation of operation, or
-     *            6 - Certificate is on hold)
-     * @param invalidityDate certificate validity date
-     * @param initiative string containing the audit format
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @param verifiedRecordCount number of verified records
-     * @param revokeAll string containing information on all of the
-     *            certificates to be revoked
-     * @param totalRecordCount total number of records (verified and unverified)
-     * @param eeSerialNumber BigInteger containing the end-entity certificate
-     *            serial number
-     * @param eeSubjectDN string containing the end-entity certificate subject
-     *            distinguished name (DN)
-     * @param comments string containing certificate comments
-     * @param locale the system locale
-     * @exception EBaseException an error has occurred
-     */
-    private void process(CMSTemplateParams argSet, IArgBlock header,
-            int reason, Date invalidityDate,
-            String initiative,
-            HttpServletRequest req,
-            HttpServletResponse resp,
-            int verifiedRecordCount,
-            String revokeAll,
-            int totalRecordCount,
-            BigInteger eeSerialNumber,
-            String eeSubjectDN,
-            String comments,
-            Locale locale)
-            throws EBaseException {
-
-        CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber);
-        long startTime = CMS.getCurrentDate().getTime();
-
-        RevocationProcessor processor =
-                new RevocationProcessor(servletConfig.getServletName(), getLocale(req));
-
-        processor.setStartTime(startTime);
-        processor.setInitiative(initiative);
-        processor.setSerialNumber(eeSerialNumber == null ? null : new CertId(eeSerialNumber));
-        processor.setRequestID(auditRequesterID(req));
-
-        RevocationReason revReason = RevocationReason.fromInt(reason);
-        processor.setRevocationReason(revReason);
-        processor.setRequestType(
-                processor.getRevocationReason() == RevocationReason.CERTIFICATE_HOLD
-                        ? RevocationProcessor.ON_HOLD : RevocationProcessor.REVOKE);
-
-        processor.setInvalidityDate(invalidityDate);
-        processor.setComments(comments);
-
-        Hashtable<BigInteger, Long> nonceMap = new Hashtable<BigInteger, Long>();
-        X509Certificate clientCert = getSSLClientCertificate(req);
-
-        if (mAuthority instanceof ICertificateAuthority) {
-            processor.setAuthority(certAuthority);
-
-            if (certAuthority.noncesEnabled()) {
-                String nonces = req.getParameter("nonce");
-                if (nonces == null) {
-                    throw new ForbiddenException("Missing nonce.");
-                }
-
-                // parse serial numbers and nonces
-                for (String s : nonces.split(",")) {
-                    String[] elements = s.split(":");
-                    BigInteger serialNumber = new BigInteger(elements[0].trim());
-                    Long nonce = new Long(elements[1].trim());
-                    nonceMap.put(serialNumber, nonce);
-                }
-            }
-        }
-
-        try {
-            processor.createCRLExtension();
-
-            if (mAuthority instanceof ICertificateAuthority) {
-
-                Enumeration<ICertRecord> e = mCertDB.searchCertificates(revokeAll, totalRecordCount, mTimeLimits);
-
-                while (e != null && e.hasMoreElements()) {
-                    ICertRecord targetRecord = e.nextElement();
-                    X509CertImpl targetCert = targetRecord.getCertificate();
-
-                    // Verify end-entity cert is not revoked.
-                    // TODO: This should be checked during authentication.
-                    if (eeSerialNumber != null &&
-                        eeSerialNumber.equals(targetCert.getSerialNumber()) &&
-                        targetRecord.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
-                        processor.log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1",
-                                        targetRecord.getSerialNumber().toString(16)));
-
-                        throw new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"));
-                    }
-
-                    IArgBlock rarg = CMS.createArgBlock();
-                    rarg.addStringValue("serialNumber", targetCert.getSerialNumber().toString(16));
-
-                    try {
-                        if (mAuthority instanceof ICertificateAuthority &&
-                            certAuthority.noncesEnabled() &&
-                            !processor.isMemberOfSubsystemGroup(clientCert)) {
-                            // validate nonce for each certificate
-                            Long nonce = nonceMap.get(targetRecord.getSerialNumber());
-                            processor.validateNonce(req, "cert-revoke", targetRecord.getSerialNumber(), nonce);
-                        }
-
-                        processor.validateCertificateToRevoke(eeSubjectDN, targetRecord, false);
-                        processor.addCertificateToRevoke(targetCert);
-                        rarg.addStringValue("error", null);
-
-                    } catch (PKIException ex) {
-                        rarg.addStringValue("error", ex.getMessage());
-                    }
-
-                    argSet.addRepeatRecord(rarg);
-                }
-
-            } else if (mAuthority instanceof IRegistrationAuthority) {
-                String reqIdStr = req.getParameter("requestId");
-                Collection<CertId> certSerialNumbers = new ArrayList<CertId>();
-
-                if (revokeAll != null && revokeAll.length() > 0) {
-                    for (int i = revokeAll.indexOf('='); i > -1; i = revokeAll.indexOf('=', i)) {
-                        i++;
-                        // skip spaces
-                        while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') {
-                            i++;
-                        }
-                        // xxxx decimal serial number?
-                        String legalDigits = "0123456789";
-                        int j = i;
-
-                        // find legal digits
-                        while (j < revokeAll.length() && legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
-                            j++;
-                        }
-                        if (j > i) {
-                            certSerialNumbers.add(new CertId(revokeAll.substring(i, j)));
-                        }
-                    }
-                }
-
-                if (reqIdStr != null && reqIdStr.length() > 0 && certSerialNumbers.size() > 0) {
-                    IRequest certReq = mRequestQueue.findRequest(new RequestId(reqIdStr));
-                    X509CertImpl[] certs = certReq.getExtDataInCertArray(IRequest.OLD_CERTS);
-                    boolean authorized = false;
-
-                    for (int i = 0; i < certs.length; i++) {
-                        boolean addToList = false;
-
-                        for (CertId certSerialNumber : certSerialNumbers) {
-                            //xxxxx serial number in decimal?
-                            if (certs[i].getSerialNumber().equals(certSerialNumber.toBigInteger()) &&
-                                    eeSubjectDN != null && eeSubjectDN.equals(certs[i].getSubjectDN().toString())) {
-                                addToList = true;
-                                break;
-                            }
-                        }
-
-                        if (eeSerialNumber != null && eeSerialNumber.equals(certs[i].getSerialNumber())) {
-                            authorized = true;
-                        }
-
-                        if (addToList) {
-                            IArgBlock rarg = CMS.createArgBlock();
-
-                            rarg.addStringValue("serialNumber", certs[i].getSerialNumber().toString(16));
-
-                            processor.addCertificateToRevoke(certs[i]);
-
-                            rarg.addStringValue("error", null);
-                            argSet.addRepeatRecord(rarg);
-                        }
-                    }
-
-                    if (!authorized) {
-                        processor.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT"));
-                        throw new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"));
-                    }
-
-                } else {
-                    String b64eCert = req.getParameter("b64eCertificate");
-
-                    if (b64eCert != null) {
-                        //  BASE64Decoder decoder = new BASE64Decoder();
-                        //  byte[] certBytes = decoder.decodeBuffer(b64eCert);
-                        byte[] certBytes = CMS.AtoB(b64eCert);
-                        X509CertImpl cert = new X509CertImpl(certBytes);
-                        IArgBlock rarg = CMS.createArgBlock();
-
-                        rarg.addStringValue("serialNumber", cert.getSerialNumber().toString(16));
-
-                        processor.addCertificateToRevoke(cert);
-
-                        rarg.addStringValue("error", null);
-                        argSet.addRepeatRecord(rarg);
-                    }
-                }
-            }
-
-            int count = processor.getCertificates().size();
-            if (count == 0) {
-                processor.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO"));
-                throw new ECMSGWException(CMS.getLogMessage("CMSGW_REVOCATION_ERROR_CERT_NOT_FOUND"));
-            }
-
-            header.addIntegerValue("totalRecordCount", count);
-
-            processor.createRevocationRequest();
-
-            processor.auditChangeRequest(ILogger.SUCCESS);
-
-        } catch (ForbiddenException e) {
-            throw new EAuthzException(CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR"));
-
-        } catch (CertificateException e) {
-            processor.log(ILogger.LL_FAILURE, "Error " + e);
-            processor.auditChangeRequest(ILogger.FAILURE);
-
-            // TODO: throw exception or return?
-            // throw new EBaseException(e.getMessage());
-            return;
-
-        } catch (EBaseException e) {
-            processor.log(ILogger.LL_FAILURE, "Error " + e);
-            processor.auditChangeRequest(ILogger.FAILURE);
-
-            throw e;
-
-        } catch (IOException e) {
-            processor.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
-            processor.auditChangeRequest(ILogger.FAILURE);
-
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
-        }
-
-        // change audit processing from "REQUEST" to "REQUEST_PROCESSED"
-        // to distinguish which type of signed audit log message to save
-        // as a failure outcome in case an exception occurs
-
-        try {
-            processor.processRevocationRequest();
-            IRequest revReq = processor.getRequest();
-
-            // retrieve the request status
-            RequestStatus status = revReq.getRequestStatus();
-            processor.setRequestStatus(status);
-
-            String type = revReq.getRequestType();
-
-            // The SVC_PENDING check has been added for the Cloned CA request
-            // that is meant for the Master CA. From Clone's point of view
-            // the request is complete
-
-            if (status == RequestStatus.COMPLETE
-                    || status == RequestStatus.SVC_PENDING
-                        && type.equals(IRequest.CLA_CERT4CRL_REQUEST)) {
-
-                header.addStringValue("revoked", "yes");
-
-                Integer updateCRLResult = revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
-
-                if (updateCRLResult != null) {
-                    header.addStringValue("updateCRL", "yes");
-                    if (updateCRLResult.equals(IRequest.RES_SUCCESS)) {
-                        header.addStringValue("updateCRLSuccess", "yes");
-                    } else {
-                        header.addStringValue("updateCRLSuccess", "no");
-                        String crlError = revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
-
-                        if (crlError != null)
-                            header.addStringValue("updateCRLError", crlError);
-                    }
-
-                    // let known crl publishing status too.
-                    Integer publishCRLResult = revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
-
-                    if (publishCRLResult != null) {
-                        if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
-                            header.addStringValue("publishCRLSuccess", "yes");
-                        } else {
-                            header.addStringValue("publishCRLSuccess", "no");
-                            String publError = revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
-
-                            if (publError != null)
-                                header.addStringValue("publishCRLError", publError);
-                        }
-                    }
-                }
-
-                if (mAuthority instanceof ICertificateAuthority) {
-                    // let known update and publish status of all crls.
-                    Enumeration<ICRLIssuingPoint> otherCRLs =
-                            ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
-
-                    while (otherCRLs.hasMoreElements()) {
-                        ICRLIssuingPoint crl = otherCRLs.nextElement();
-                        String crlId = crl.getId();
-
-                        if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
-                            continue;
-
-                        String updateStatusStr = crl.getCrlUpdateStatusStr();
-                        Integer updateResult = revReq.getExtDataInInteger(updateStatusStr);
-
-                        if (updateResult != null) {
-                            if (updateResult.equals(IRequest.RES_SUCCESS)) {
-                                CMS.debug("DoRevoke: "
-                                        + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", updateStatusStr));
-                                header.addStringValue(updateStatusStr, "yes");
-
-                            } else {
-                                String updateErrorStr = crl.getCrlUpdateErrorStr();
-
-                                CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
-                                        updateStatusStr));
-                                header.addStringValue(updateStatusStr, "no");
-                                String error = revReq.getExtDataInString(updateErrorStr);
-
-                                if (error != null)
-                                    header.addStringValue(updateErrorStr, error);
-                            }
-
-                            String publishStatusStr = crl.getCrlPublishStatusStr();
-                            Integer publishResult = revReq.getExtDataInInteger(publishStatusStr);
-
-                            if (publishResult == null)
-                                continue;
-
-                            if (publishResult.equals(IRequest.RES_SUCCESS)) {
-                                header.addStringValue(publishStatusStr, "yes");
-
-                            } else {
-                                String publishErrorStr = crl.getCrlPublishErrorStr();
-                                header.addStringValue(publishStatusStr, "no");
-                                String error = revReq.getExtDataInString(publishErrorStr);
-
-                                if (error != null)
-                                    header.addStringValue(publishErrorStr, error);
-                            }
-                        }
-                    }
-                }
-
-                if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
-                    header.addStringValue("dirEnabled", "yes");
-                    Integer[] ldapPublishStatus = revReq.getExtDataInIntegerArray("ldapPublishStatus");
-                    int certsToUpdate = 0;
-                    int certsUpdated = 0;
-
-                    if (ldapPublishStatus != null) {
-                        certsToUpdate = ldapPublishStatus.length;
-                        for (int i = 0; i < certsToUpdate; i++) {
-                            if (ldapPublishStatus[i] == IRequest.RES_SUCCESS) {
-                                certsUpdated++;
-                            }
-                        }
-                    }
-
-                    header.addIntegerValue("certsUpdated", certsUpdated);
-                    header.addIntegerValue("certsToUpdate", certsToUpdate);
-
-                    // add crl publishing status.
-                    String publError = revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
-
-                    if (publError != null) {
-                        header.addStringValue("crlPublishError", publError);
-                    }
-
-                } else {
-                    header.addStringValue("dirEnabled", "no");
-                }
-
-                header.addStringValue("error", null);
-
-            } else {
-                if (status == RequestStatus.PENDING || status == RequestStatus.REJECTED) {
-                    header.addStringValue("revoked", status.toString());
-                } else {
-                    header.addStringValue("revoked", "no");
-                }
-
-                Vector<String> errors = revReq.getExtDataInStringVector(IRequest.ERRORS);
-                if (errors != null) {
-                    StringBuilder errInfo = new StringBuilder();
-                    for (int i = 0; i < errors.size(); i++) {
-                        errInfo.append(errors.elementAt(i));
-                        errInfo.append("\n");
-                    }
-                    header.addStringValue("error", errInfo.toString());
-
-                } else if (status == RequestStatus.PENDING) {
-                    header.addStringValue("error", "Request Pending");
-
-                } else {
-                    header.addStringValue("error", null);
-                }
-            }
-
-            processor.auditChangeRequestProcessed(ILogger.SUCCESS);
-
-        } catch (EBaseException e) {
-            processor.log(ILogger.LL_FAILURE, "Error " + e);
-            processor.auditChangeRequestProcessed(ILogger.FAILURE);
-
-            throw e;
-        }
-    }
-
-    /**
-     * Signed Audit Log Requester ID
-     *
-     * This method is called to obtain the "RequesterID" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @param req HTTP request
-     * @return id string containing the signed audit log message RequesterID
-     */
-    private RequestId auditRequesterID(HttpServletRequest req) {
-        String requesterID = req.getParameter("requestId");
-
-        if (requesterID != null) {
-            return new RequestId(requesterID.trim());
-        } else {
-            return null;
-        }
-    }
-
-    /**
-     * This method parses a String serial number into BigInteger.
-     *
-     * @param serialNumber a String containing the un-normalized serial number
-     * @return a BigInteger containing the serial number
-     */
-    private BigInteger parseSerialNumber(String serialNumber) {
-
-        if (StringUtils.isEmpty(serialNumber)) return null;
-
-        // Normalize the serialNumber
-        serialNumber = serialNumber.trim();
-
-        // find out if the value is hex or decimal
-
-        //try decimal
-        try {
-            return new BigInteger(serialNumber, 10);
-        } catch (NumberFormatException e) {
-        }
-
-        //try hex
-        try {
-            return new BigInteger(serialNumber, 16);
-        } catch (NumberFormatException e) {
-        }
-
-        // give up if it isn't hex or dec
-        throw new NumberFormatException("Invalid serial number: "+serialNumber);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java b/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
deleted file mode 100644
index 63806e659..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
+++ /dev/null
@@ -1,930 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.math.BigInteger;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.CRLExtensions;
-import netscape.security.x509.CRLReasonExtension;
-import netscape.security.x509.InvalidityDateExtension;
-import netscape.security.x509.RevocationReason;
-import netscape.security.x509.RevokedCertImpl;
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.ca.ICRLIssuingPoint;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.IPublisherProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Revoke a Certificate
- *
- * @version $Revision$, $Date$
- */
-public class DoRevokeTPS extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -2980600514636454836L;
-    private final static String TPL_FILE = "revocationResult.template";
-
-    private ICertificateRepository mCertDB = null;
-    private String mFormPath = null;
-    private IRequestQueue mQueue = null;
-    private IPublisherProcessor mPublisherProcessor = null;
-    private String errorString = "error=";
-    private String o_status = "status=0";
-    private int mTimeLimits = 30; /* in seconds */
-
-    private final static String REVOKE = "revoke";
-    private final static String ON_HOLD = "on-hold";
-    private final static int ON_HOLD_REASON = 6;
-    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
-            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
-    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
-            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
-
-    public DoRevokeTPS() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template
-     * file "revocationResult.template" to render the result
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-
-        if (mAuthority instanceof ICertificateAuthority) {
-            mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository();
-        }
-        if (mAuthority instanceof ICertAuthority) {
-            mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor();
-        }
-        mQueue = mAuthority.getRequestQueue();
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-        mRenderResult = false;
-
-        /* Server-Side time limit */
-        try {
-            mTimeLimits = Integer.parseInt(sc.getInitParameter("timeLimits"));
-        } catch (Exception e) {
-            /* do nothing, just use the default if integer parsing failed */
-        }
-    }
-
-    /**
-     * Serves HTTP request. The http parameters used by this request are as follows:
-     *
-     * <pre>
-     * serialNumber Serial number of certificate to revoke (in HEX)
-     * revocationReason Revocation reason (Described below)
-     * totalRecordCount [number]
-     * verifiedRecordCount [number]
-     * invalidityDate [number of seconds in Jan 1,1970]
-     *
-     * </pre>
-     *
-     * revocationReason can be one of these values:
-     *
-     * <pre>
-     * 0 = Unspecified   (default)
-     * 1 = Key compromised
-     * 2 = CA key compromised
-     * 3 = Affiliation changed
-     * 4 = Certificate superseded
-     * 5 = Cessation of operation
-     * 6 = Certificate is on hold
-     * </pre>
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-        CMS.debug("DoRevokeTPS after authenticate");
-
-        String revokeAll = null;
-        int totalRecordCount = -1;
-        EBaseException error = null;
-        int reason = -1;
-        boolean authorized = true;
-        Date invalidityDate = null;
-        Locale[] locale = new Locale[1];
-
-        CMS.debug("DoRevokeTPS before getTemplate");
-        try {
-            @SuppressWarnings("unused")
-            CMSTemplate form = getTemplate(mFormPath, req, locale); // check for errors
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-        } catch (Exception e) {
-            CMS.debug("DoRevokeTPS getTemplate failed");
-            throw new EBaseException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-        }
-
-        CMS.debug("DoRevokeTPS after getTemplate");
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock ctx = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-
-        try {
-            if (req.getParameter("revocationReason") != null) {
-                reason = Integer.parseInt(req.getParameter(
-                                "revocationReason"));
-            }
-            if (req.getParameter("totalRecordCount") != null) {
-                totalRecordCount = Integer.parseInt(req.getParameter(
-                                "totalRecordCount"));
-            }
-            if (req.getParameter("invalidityDate") != null) {
-                long l = Long.parseLong(req.getParameter(
-                            "invalidityDate"));
-
-                if (l > 0) {
-                    invalidityDate = new Date(l);
-                }
-            }
-            revokeAll = req.getParameter("revokeAll");
-            String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS);
-
-            //for audit log.
-            String initiative = null;
-
-            String authMgr = AuditFormat.NOAUTH;
-
-            AuthzToken authzToken = null;
-
-            try {
-                authzToken = authorize(mAclMethod, authToken,
-                            mAuthzResourceName, "revoke");
-            } catch (EAuthzAccessDenied e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            }
-
-            if (authzToken == null) {
-                cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-                return;
-            }
-
-            if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
-                if (authToken != null) {
-                    authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
-                    String agentID = authToken.getInString("userid");
-
-                    initiative = AuditFormat.FROMAGENT + " agentID: " + agentID +
-                            " authenticated by " + authMgr;
-                }
-            } else {
-                CMS.debug("DoRevokeTPS: Missing authentication manager");
-                o_status = "status=1";
-                errorString = "errorString=Missing authentication manager.";
-            }
-
-            if (authorized) {
-                process(argSet, header, reason, invalidityDate, initiative, req,
-                        resp, revokeAll, totalRecordCount, comments, locale[0]);
-            }
-        } catch (NumberFormatException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
-            error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
-        } catch (EBaseException e) {
-            error = e;
-        }
-
-        try {
-            if (!authorized) {
-                o_status = "status=3";
-                errorString = "error=unauthorized";
-            } else if (error != null) {
-                o_status = "status=3";
-                errorString = "error=" + error.toString();
-            }
-
-            String pp = o_status + "\n" + errorString;
-            byte[] b = pp.getBytes();
-            resp.setContentType("text/html");
-            resp.setContentLength(b.length);
-            OutputStream os = resp.getOutputStream();
-            os.write(b);
-            os.flush();
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-        }
-    }
-
-    /**
-     * Process cert status change request
-     * <P>
-     *
-     * (Certificate Request - either an "agent" cert status change request, or an "EE" cert status change request)
-     * <P>
-     *
-     * (Certificate Request Processed - either an "agent" cert status change request, or an "EE" cert status change
-     * request)
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. -
-     * "revocation") is made (before approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is
-     * changed (revoked, expired, on-hold, off-hold)
-     * </ul>
-     *
-     * @param argSet CMS template parameters
-     * @param header argument block
-     * @param reason revocation reason (0 - Unspecified, 1 - Key compromised,
-     *            2 - CA key compromised; should not be used, 3 - Affiliation changed,
-     *            4 - Certificate superceded, 5 - Cessation of operation, or
-     *            6 - Certificate is on hold)
-     * @param invalidityDate certificate validity date
-     * @param initiative string containing the audit format
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @param revokeAll string containing information on all of the
-     *            certificates to be revoked
-     * @param totalRecordCount total number of records (verified and unverified)
-     * @param comments string containing certificate comments
-     * @param locale the system locale
-     * @exception EBaseException an error has occurred
-     */
-    private void process(CMSTemplateParams argSet, IArgBlock header,
-            int reason, Date invalidityDate,
-            String initiative,
-            HttpServletRequest req,
-            HttpServletResponse resp,
-            String revokeAll,
-            int totalRecordCount,
-            String comments,
-            Locale locale)
-            throws EBaseException {
-        boolean auditRequest = true;
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditRequesterID = auditRequesterID(req);
-        String auditSerialNumber = auditSerialNumber(null);
-        String auditRequestType = auditRequestType(reason);
-        RequestStatus auditApprovalStatus = null;
-        String auditReasonNum = String.valueOf(reason);
-
-        if (revokeAll != null) {
-            CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll);
-
-            String serial = "";
-            String[] tokens;
-            tokens = revokeAll.split("=");
-
-            if (tokens.length == 2) {
-                serial = tokens[1];
-                //remove the trailing paren
-                if (serial.endsWith(")")) {
-                    serial = serial.substring(0, serial.length() - 1);
-                }
-                auditSerialNumber = serial;
-            }
-        }
-
-        long startTime = CMS.getCurrentDate().getTime();
-
-        try {
-            int count = 0;
-            Vector<X509CertImpl> oldCertsV = new Vector<X509CertImpl>();
-            Vector<RevokedCertImpl> revCertImplsV = new Vector<RevokedCertImpl>();
-
-            // Construct a CRL reason code extension.
-            RevocationReason revReason = RevocationReason.fromInt(reason);
-            CRLReasonExtension crlReasonExtn = new CRLReasonExtension(revReason);
-
-            // Construct a CRL invalidity date extension.
-            InvalidityDateExtension invalidityDateExtn = null;
-
-            if (invalidityDate != null) {
-                invalidityDateExtn = new InvalidityDateExtension(invalidityDate);
-            }
-
-            // Construct a CRL extension for this request.
-            CRLExtensions entryExtn = new CRLExtensions();
-
-            if (crlReasonExtn != null) {
-                entryExtn.set(crlReasonExtn.getName(), crlReasonExtn);
-            }
-            if (invalidityDateExtn != null) {
-                entryExtn.set(invalidityDateExtn.getName(), invalidityDateExtn);
-            }
-
-            Enumeration<ICertRecord> e = mCertDB.searchCertificates(revokeAll,
-                    totalRecordCount, mTimeLimits);
-
-            boolean alreadyRevokedCertFound = false;
-            boolean badCertsRequested = false;
-            while (e != null && e.hasMoreElements()) {
-                ICertRecord rec = e.nextElement();
-
-                if (rec == null) {
-                    badCertsRequested = true;
-                    continue;
-                }
-                X509CertImpl xcert = rec.getCertificate();
-                IArgBlock rarg = CMS.createArgBlock();
-
-                // we do not want to revoke the CA certificate accidentially
-                if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) {
-                    CMS.debug("DoRevokeTPS: skipped revocation request for system certificate "
-                            + xcert.getSerialNumber());
-                    badCertsRequested = true;
-                    continue;
-                }
-
-                if (xcert != null) {
-                    rarg.addStringValue("serialNumber",
-                            xcert.getSerialNumber().toString(16));
-
-                    if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
-                        alreadyRevokedCertFound = true;
-                        CMS.debug("Certificate 0x" + xcert.getSerialNumber().toString(16) + " has been revoked.");
-                    } else {
-                        oldCertsV.addElement(xcert);
-
-                        RevokedCertImpl revCertImpl =
-                                new RevokedCertImpl(xcert.getSerialNumber(),
-                                        CMS.getCurrentDate(), entryExtn);
-
-                        revCertImplsV.addElement(revCertImpl);
-                        CMS.debug("Certificate 0x" + xcert.getSerialNumber().toString(16) + " is going to be revoked.");
-                        count++;
-                    }
-                } else {
-                    badCertsRequested = true;
-                }
-            }
-
-            if (count == 0) {
-                // Situation where no certs were reoked here, but some certs
-                // requested happened to be already revoked. Don't return error.
-                if (alreadyRevokedCertFound == true && badCertsRequested == false) {
-                    CMS.debug("Only have previously revoked certs in the list.");
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditRequesterID,
-                            auditSerialNumber,
-                            auditRequestType);
-
-                    audit(auditMessage);
-                    return;
-                }
-
-                errorString = "error=No certificates are revoked.";
-                o_status = "status=2";
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO"));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRequesterID,
-                            auditSerialNumber,
-                            auditRequestType);
-
-                audit(auditMessage);
-
-                throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
-            }
-
-            X509CertImpl[] oldCerts = new X509CertImpl[count];
-            RevokedCertImpl[] revCertImpls = new RevokedCertImpl[count];
-
-            for (int i = 0; i < count; i++) {
-                oldCerts[i] = oldCertsV.elementAt(i);
-                revCertImpls[i] = revCertImplsV.elementAt(i);
-            }
-
-            IRequest revReq =
-                    mQueue.newRequest(IRequest.REVOCATION_REQUEST);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditRequesterID,
-                        auditSerialNumber,
-                        auditRequestType);
-
-            audit(auditMessage);
-
-            revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
-            revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST);
-            if (initiative.equals(AuditFormat.FROMUSER)) {
-                revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE);
-            } else {
-                revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
-            }
-            revReq.setExtData(IRequest.OLD_CERTS, oldCerts);
-            if (comments != null) {
-                revReq.setExtData(IRequest.REQUESTOR_COMMENTS, comments);
-            }
-            revReq.setExtData(IRequest.REVOKED_REASON,
-                    Integer.valueOf(reason));
-
-            // change audit processing from "REQUEST" to "REQUEST_PROCESSED"
-            // to distinguish which type of signed audit log message to save
-            // as a failure outcome in case an exception occurs
-            auditRequest = false;
-
-            mQueue.processRequest(revReq);
-
-            // retrieve the request status
-            auditApprovalStatus = revReq.getRequestStatus();
-
-            RequestStatus stat = revReq.getRequestStatus();
-            String type = revReq.getRequestType();
-
-            // The SVC_PENDING check has been added for the Cloned CA request
-            // that is meant for the Master CA. From Clone's point of view
-            // the request is complete
-            if ((stat == RequestStatus.COMPLETE)
-                    || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) {
-                // audit log the error
-                Integer result = revReq.getExtDataInInteger(IRequest.RESULT);
-
-                if (result.equals(IRequest.RES_ERROR)) {
-                    String[] svcErrors =
-                            revReq.getExtDataInStringArray(IRequest.SVCERRORS);
-
-                    if (svcErrors != null && svcErrors.length > 0) {
-                        for (int i = 0; i < svcErrors.length; i++) {
-                            String err = svcErrors[i];
-
-                            if (err != null) {
-                                //cmsReq.setErrorDescription(err);
-                                for (int j = 0; j < count; j++) {
-                                    if (oldCerts[j] instanceof X509CertImpl) {
-                                        X509CertImpl cert = oldCerts[j];
-
-                                        if (oldCerts[j] != null) {
-                                            mLogger.log(ILogger.EV_AUDIT,
-                                                    ILogger.S_OTHER,
-                                                    AuditFormat.LEVEL,
-                                                    AuditFormat.DOREVOKEFORMAT,
-                                                    new Object[] {
-                                                            revReq.getRequestId(),
-                                                            initiative,
-                                                            "completed with error: " +
-                                                                    err,
-                                                            cert.getSubjectDN(),
-                                                            cert.getSerialNumber().toString(16),
-                                                            RevocationReason.fromInt(reason).toString() }
-                                                    );
-                                        }
-                                    }
-                                }
-                            }
-                        }
-                    }
-
-                    // store a message in the signed audit log file
-                    // if and only if "auditApprovalStatus" is
-                    // "complete", "revoked", or "canceled"
-                    if (auditApprovalStatus == RequestStatus.COMPLETE ||
-                            auditApprovalStatus == RequestStatus.REJECTED ||
-                            auditApprovalStatus == RequestStatus.CANCELED) {
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditRequesterID,
-                                    auditSerialNumber,
-                                    auditRequestType,
-                                    auditReasonNum,
-                                    auditApprovalStatus == null ? ILogger.SIGNED_AUDIT_EMPTY_VALUE : auditApprovalStatus.toString());
-
-                        audit(auditMessage);
-                    }
-
-                    return;
-                }
-
-                long endTime = CMS.getCurrentDate().getTime();
-
-                // audit log the success.
-                for (int j = 0; j < count; j++) {
-                    if (oldCerts[j] != null) {
-                        if (oldCerts[j] instanceof X509CertImpl) {
-                            X509CertImpl cert = oldCerts[j];
-
-                            mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.DOREVOKEFORMAT,
-                                    new Object[] {
-                                            revReq.getRequestId(),
-                                            initiative,
-                                            "completed",
-                                            cert.getSubjectDN(),
-                                            cert.getSerialNumber().toString(16),
-                                            RevocationReason.fromInt(reason).toString()
-                                                    + " time: " + (endTime - startTime) }
-                                    );
-                        }
-                    }
-                }
-
-                header.addStringValue("revoked", "yes");
-
-                Integer updateCRLResult =
-                        revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
-
-                if (updateCRLResult != null) {
-                    if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) {
-
-                        o_status = "status=3";
-                        if (revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR) != null) {
-                            errorString = "error=Update CRL Error.";
-                            // 3 means miscellaneous
-                        }
-                    }
-                    // let known crl publishing status too.
-                    Integer publishCRLResult =
-                            revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
-
-                    if (publishCRLResult != null) {
-                        if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) {
-                            String publError =
-                                    revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
-
-                            o_status = "status=3";
-                            if (publError != null) {
-                                errorString = "error=" + publError;
-                            }
-                        }
-                    }
-                }
-
-                if (mAuthority instanceof ICertificateAuthority) {
-                    // let known update and publish status of all crls.
-                    Enumeration<ICRLIssuingPoint> otherCRLs =
-                            ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
-
-                    while (otherCRLs.hasMoreElements()) {
-                        ICRLIssuingPoint crl = otherCRLs.nextElement();
-                        String crlId = crl.getId();
-
-                        if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
-                            continue;
-                        String updateStatusStr = crl.getCrlUpdateStatusStr();
-                        Integer updateResult = revReq.getExtDataInInteger(updateStatusStr);
-
-                        if (updateResult != null) {
-                            if (!updateResult.equals(IRequest.RES_SUCCESS)) {
-                                String updateErrorStr = crl.getCrlUpdateErrorStr();
-
-                                CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
-                                        updateStatusStr));
-                                String error =
-                                        revReq.getExtDataInString(updateErrorStr);
-
-                                o_status = "status=3";
-                                if (error != null) {
-                                    errorString = "error=" + error;
-                                }
-                            }
-                            String publishStatusStr = crl.getCrlPublishStatusStr();
-                            Integer publishResult =
-                                    revReq.getExtDataInInteger(publishStatusStr);
-
-                            if (publishResult == null)
-                                continue;
-                            if (!publishResult.equals(IRequest.RES_SUCCESS)) {
-                                String publishErrorStr =
-                                        crl.getCrlPublishErrorStr();
-
-                                String error =
-                                        revReq.getExtDataInString(publishErrorStr);
-
-                                o_status = "status=3";
-                                if (error != null) {
-                                    errorString = "error=Publish CRL Status Error.";
-                                }
-                            }
-                        }
-                    }
-                }
-
-                if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
-                    header.addStringValue("dirEnabled", "yes");
-
-                    // add crl publishing status.
-                    String publError =
-                            revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
-
-                    if (publError != null) {
-                        errorString = "error=" + publError;
-                        o_status = "status=3";
-                    }
-                } else if (mPublisherProcessor == null && mPublisherProcessor.ldapEnabled()) {
-                    errorString = "error=LDAP publishing not enabled.";
-                    o_status = "status=3";
-                }
-            } else {
-                if (stat == RequestStatus.PENDING || stat == RequestStatus.REJECTED) {
-                    o_status = "status=2";
-                    errorString = "error=" + stat.toString();
-                } else {
-                    o_status = "status=2";
-                    errorString = "error=Undefined request status";
-                }
-                Vector<String> errors = revReq.getExtDataInStringVector(IRequest.ERRORS);
-                if (errors != null) {
-                    StringBuffer errInfo = new StringBuffer();
-
-                    for (int i = 0; i < errors.size(); i++) {
-                        errInfo.append(errors.elementAt(i));
-                        errInfo.append("\n");
-                    }
-                    o_status = "status=2";
-                    errorString = "error=" + errInfo.toString();
-
-                } else if (stat == RequestStatus.PENDING) {
-                    o_status = "status=2";
-                    errorString = "error=Request pending";
-                } else {
-                    o_status = "status=2";
-                    errorString = "error=Undefined request status";
-                }
-
-                // audit log the pending, revoked and rest
-                for (int j = 0; j < count; j++) {
-                    if (oldCerts[j] != null) {
-                        if (oldCerts[j] instanceof X509CertImpl) {
-                            X509CertImpl cert = oldCerts[j];
-
-                            mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.DOREVOKEFORMAT,
-                                    new Object[] {
-                                            revReq.getRequestId(),
-                                            initiative,
-                                            stat.toString(),
-                                            cert.getSubjectDN(),
-                                            cert.getSerialNumber().toString(16),
-                                            RevocationReason.fromInt(reason).toString() }
-                                    );
-                        }
-                    }
-                }
-            }
-
-            // store a message in the signed audit log file
-            // if and only if "auditApprovalStatus" is
-            // "complete", "revoked", or "canceled"
-            if (auditApprovalStatus == RequestStatus.COMPLETE ||
-                    auditApprovalStatus == RequestStatus.REJECTED ||
-                    auditApprovalStatus == RequestStatus.CANCELED) {
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditRequesterID,
-                            auditSerialNumber,
-                            auditRequestType,
-                            auditReasonNum,
-                            auditApprovalStatus == null ? ILogger.SIGNED_AUDIT_EMPTY_VALUE : auditApprovalStatus.toString());
-
-                audit(auditMessage);
-            }
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, "error " + e);
-
-            if (auditRequest) {
-                // store a "CERT_STATUS_CHANGE_REQUEST" failure
-                // message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRequesterID,
-                            auditSerialNumber,
-                            auditRequestType);
-
-                audit(auditMessage);
-            } else {
-                // store a "CERT_STATUS_CHANGE_REQUEST_PROCESSED" failure
-                // message in the signed audit log file
-                // if and only if "auditApprovalStatus" is
-                // "complete", "revoked", or "canceled"
-                if (auditApprovalStatus == RequestStatus.COMPLETE ||
-                        auditApprovalStatus == RequestStatus.REJECTED ||
-                        auditApprovalStatus == RequestStatus.CANCELED) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditSerialNumber,
-                                auditRequestType,
-                                auditReasonNum,
-                                auditApprovalStatus == null ? ILogger.SIGNED_AUDIT_EMPTY_VALUE : auditApprovalStatus.toString());
-
-                    audit(auditMessage);
-                }
-            }
-
-            throw e;
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
-
-            if (auditRequest) {
-                // store a "CERT_STATUS_CHANGE_REQUEST" failure
-                // message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRequesterID,
-                            auditSerialNumber,
-                            auditRequestType);
-
-                audit(auditMessage);
-            } else {
-                // store a "CERT_STATUS_CHANGE_REQUEST_PROCESSED" failure
-                // message in the signed audit log file
-                // if and only if "auditApprovalStatus" is
-                // "complete", "revoked", or "canceled"
-                if (auditApprovalStatus == RequestStatus.COMPLETE ||
-                        auditApprovalStatus == RequestStatus.REJECTED ||
-                        auditApprovalStatus == RequestStatus.CANCELED) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditSerialNumber,
-                                auditRequestType,
-                                auditReasonNum,
-                                auditApprovalStatus == null ? ILogger.SIGNED_AUDIT_EMPTY_VALUE : auditApprovalStatus.toString());
-
-                    audit(auditMessage);
-                }
-            }
-
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
-        }
-
-        return;
-    }
-
-    /**
-     * Signed Audit Log Requester ID
-     *
-     * This method is called to obtain the "RequesterID" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @param req HTTP request
-     * @return id string containing the signed audit log message RequesterID
-     */
-    private String auditRequesterID(HttpServletRequest req) {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        String requesterID = null;
-
-        // Obtain the requesterID
-        requesterID = req.getParameter("requestId");
-
-        if (requesterID != null) {
-            requesterID = requesterID.trim();
-        } else {
-            requesterID = ILogger.UNIDENTIFIED;
-        }
-
-        return requesterID;
-    }
-
-    /**
-     * Signed Audit Log Serial Number
-     *
-     * This method is called to obtain the serial number of the certificate
-     * whose status is to be changed for a signed audit log message.
-     * <P>
-     *
-     * @param eeSerialNumber a string containing the un-normalized serialNumber
-     * @return id string containing the signed audit log message RequesterID
-     */
-    private String auditSerialNumber(String eeSerialNumber) {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        String serialNumber = null;
-
-        // Normalize the serialNumber
-        if (eeSerialNumber != null) {
-            serialNumber = eeSerialNumber.trim();
-
-            // convert it to hexadecimal
-            serialNumber = "0x" + (new BigInteger(serialNumber)).toString(16);
-        } else {
-            serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        return serialNumber;
-    }
-
-    /**
-     * Signed Audit Log Request Type
-     *
-     * This method is called to obtain the "Request Type" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @param reason an integer denoting the revocation reason
-     * @return string containing REVOKE or ON_HOLD
-     */
-    private String auditRequestType(int reason) {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        String requestType = null;
-
-        // Determine the revocation type based upon the revocation reason
-        if (reason == ON_HOLD_REASON) {
-            requestType = ON_HOLD;
-        } else {
-            requestType = REVOKE;
-        }
-
-        return requestType;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java b/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
deleted file mode 100644
index 142fea3c8..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
+++ /dev/null
@@ -1,499 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.RevocationReason;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.ca.ICRLIssuingPoint;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.certdb.CertId;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.IPublisherProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * 'Unrevoke' a certificate. (For certificates that are on-hold only,
- * take them off-hold)
- *
- * @version $Revision$, $Date$
- */
-public class DoUnrevoke extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -7978703730006036625L;
-    private final static String TPL_FILE = "unrevocationResult.template";
-
-    @SuppressWarnings("unused")
-    private ICertificateRepository mCertDB;
-
-    private String mFormPath = null;
-    private IPublisherProcessor mPublisherProcessor = null;
-
-    public DoUnrevoke() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-        if (mAuthority instanceof ICertificateAuthority) {
-            mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository();
-        }
-        if (mAuthority instanceof ICertAuthority) {
-            mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor();
-        }
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The certificate must be revoked
-     * with a revovcation reason 'on hold' for this operation to succeed. The serial number may be expressed as a hex
-     * number by prefixing '0x' to the serialNumber string
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        BigInteger[] serialNumber;
-        EBaseException error = null;
-
-        CMSTemplate form = null;
-
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock ctx = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-
-        try {
-            serialNumber = getSerialNumbers(req);
-
-            //for audit log.
-            IAuthToken authToken = authenticate(cmsReq);
-            String authMgr = AuditFormat.NOAUTH;
-
-            if (authToken != null) {
-                authMgr =
-                        authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
-            } else {
-                CMS.debug("DoUnrevoke::process() -  authToken is null!");
-                return;
-            }
-            String agentID = authToken.getInString("userid");
-            String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID
-                    + " authenticated by " + authMgr;
-
-            AuthzToken authzToken = null;
-
-            try {
-                authzToken = authorize(mAclMethod, authToken,
-                            mAuthzResourceName, "unrevoke");
-            } catch (EAuthzAccessDenied e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            }
-
-            if (authzToken == null) {
-                cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-                return;
-            }
-
-            process(argSet, header, serialNumber, req, resp, locale[0], initiative);
-
-        } catch (NumberFormatException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT"));
-            error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
-        } catch (EBaseException e) {
-            error = e;
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            if (error == null) {
-                String xmlOutput = req.getParameter("xml");
-                if (xmlOutput != null && xmlOutput.equals("true")) {
-                    outputXML(resp, argSet);
-                } else {
-                    resp.setContentType("text/html");
-                    form.renderOutput(out, argSet);
-                    cmsReq.setStatus(ICMSRequest.SUCCESS);
-                }
-            } else {
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                cmsReq.setError(error);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-    }
-
-    /**
-     * Process X509 cert status change request
-     * <P>
-     *
-     * (Certificate Request - an "agent" cert status change request to take a certificate off-hold)
-     * <P>
-     *
-     * (Certificate Request Processed - an "agent" cert status change request to take a certificate off-hold)
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. -
-     * "revocation") is made (before approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is
-     * changed (taken off-hold)
-     * </ul>
-     *
-     * @param argSet CMS template parameters
-     * @param header argument block
-     * @param serialNumbers the serial number of the certificate
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @param locale the system locale
-     * @param initiative string containing the audit format
-     * @exception EBaseException an error has occurred
-     */
-    private void process(CMSTemplateParams argSet, IArgBlock header,
-            BigInteger[] serialNumbers,
-            HttpServletRequest req,
-            HttpServletResponse resp,
-            Locale locale, String initiative)
-            throws EBaseException {
-
-        RevocationProcessor processor = new RevocationProcessor(
-                servletConfig.getServletName(), getLocale(req));
-
-        processor.setInitiative(initiative);
-        processor.setSerialNumber(auditSerialNumber(serialNumbers[0].toString()));
-        processor.setRequestID(auditRequesterID(req));
-
-        processor.setRevocationReason(RevocationReason.CERTIFICATE_HOLD);
-        processor.setRequestType(RevocationProcessor.OFF_HOLD);
-
-        if (mAuthority instanceof ICertificateAuthority) {
-            processor.setAuthority((ICertificateAuthority) mAuthority);
-        }
-
-        try {
-            StringBuilder snList = new StringBuilder();
-
-            for (BigInteger serialNumber : serialNumbers) {
-
-                processor.addSerialNumberToUnrevoke(serialNumber);
-
-                if (snList.length() > 0)
-                    snList.append(", ");
-                snList.append("0x");
-                snList.append(serialNumber.toString(16));
-            }
-
-            header.addStringValue("serialNumber", snList.toString());
-
-            processor.createUnrevocationRequest();
-
-            processor.auditChangeRequest(ILogger.SUCCESS);
-
-        } catch (EBaseException e) {
-            processor.log(ILogger.LL_FAILURE, "Error " + e);
-            processor.auditChangeRequest(ILogger.FAILURE);
-
-            throw new PKIException(e.getMessage());
-        }
-
-        // change audit processing from "REQUEST" to "REQUEST_PROCESSED"
-        // to distinguish which type of signed audit log message to save
-        // as a failure outcome in case an exception occurs
-
-        try {
-            processor.processUnrevocationRequest();
-            IRequest unrevReq = processor.getRequest();
-
-            RequestStatus status = unrevReq.getRequestStatus();
-            String type = unrevReq.getRequestType();
-
-            if (status == RequestStatus.COMPLETE
-                    || status == RequestStatus.SVC_PENDING && type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) {
-
-                Integer result = unrevReq.getExtDataInInteger(IRequest.RESULT);
-
-                if (result != null && result.equals(IRequest.RES_SUCCESS)) {
-                    header.addStringValue("unrevoked", "yes");
-
-                } else {
-                    header.addStringValue("unrevoked", "no");
-                    String error = unrevReq.getExtDataInString(IRequest.ERROR);
-
-                    if (error != null) {
-                        header.addStringValue("error", error);
-
-                        // TODO: throw exception on error?
-                        // throw new EBaseException(error);
-                    }
-                }
-
-                Integer updateCRLResult = unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
-
-                if (updateCRLResult != null) {
-                    header.addStringValue("updateCRL", "yes");
-
-                    if (updateCRLResult.equals(IRequest.RES_SUCCESS)) {
-                        header.addStringValue("updateCRLSuccess", "yes");
-
-                    } else {
-                        header.addStringValue("updateCRLSuccess", "no");
-                        String crlError = unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
-
-                        if (crlError != null)
-                            header.addStringValue("updateCRLError", crlError);
-                    }
-
-                    // let known crl publishing status too.
-                    Integer publishCRLResult = unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
-
-                    if (publishCRLResult != null) {
-                        if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
-                            header.addStringValue("publishCRLSuccess", "yes");
-
-                        } else {
-                            header.addStringValue("publishCRLSuccess", "no");
-                            String publError = unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
-
-                            if (publError != null)
-                                header.addStringValue("publishCRLError", publError);
-                        }
-                    }
-                }
-
-                // let known update and publish status of all crls.
-                Enumeration<ICRLIssuingPoint> otherCRLs = ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
-
-                while (otherCRLs.hasMoreElements()) {
-                    ICRLIssuingPoint crl = otherCRLs.nextElement();
-                    String crlId = crl.getId();
-
-                    if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
-                        continue;
-
-                    String updateStatusStr = crl.getCrlUpdateStatusStr();
-                    Integer updateResult = unrevReq.getExtDataInInteger(updateStatusStr);
-
-                    if (updateResult != null) {
-                        if (updateResult.equals(IRequest.RES_SUCCESS)) {
-                            CMS.debug("DoUnrevoke: adding header " + updateStatusStr + " yes");
-                            header.addStringValue(updateStatusStr, "yes");
-
-                        } else {
-                            String updateErrorStr = crl.getCrlUpdateErrorStr();
-
-                            CMS.debug("DoUnrevoke: adding header " + updateStatusStr + " no");
-                            header.addStringValue(updateStatusStr, "no");
-                            String error = unrevReq.getExtDataInString(updateErrorStr);
-
-                            if (error != null)
-                                header.addStringValue(updateErrorStr, error);
-                        }
-
-                        String publishStatusStr = crl.getCrlPublishStatusStr();
-                        Integer publishResult = unrevReq.getExtDataInInteger(publishStatusStr);
-
-                        if (publishResult == null)
-                            continue;
-
-                        if (publishResult.equals(IRequest.RES_SUCCESS)) {
-                            header.addStringValue(publishStatusStr, "yes");
-
-                        } else {
-                            String publishErrorStr = crl.getCrlPublishErrorStr();
-                            header.addStringValue(publishStatusStr, "no");
-                            String error = unrevReq.getExtDataInString(publishErrorStr);
-
-                            if (error != null)
-                                header.addStringValue(publishErrorStr, error);
-                        }
-                    }
-                }
-
-                if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
-                    header.addStringValue("dirEnabled", "yes");
-                    Integer[] ldapPublishStatus = unrevReq.getExtDataInIntegerArray("ldapPublishStatus");
-
-                    if (ldapPublishStatus != null) {
-                        if (ldapPublishStatus[0] == IRequest.RES_SUCCESS) {
-                            header.addStringValue("dirUpdated", "yes");
-                        } else {
-                            header.addStringValue("dirUpdated", "no");
-                        }
-                    }
-                } else {
-                    header.addStringValue("dirEnabled", "no");
-                }
-
-            } else if (status == RequestStatus.PENDING) {
-                header.addStringValue("error", "Request Pending");
-                header.addStringValue("unrevoked", "pending");
-
-            } else {
-                header.addStringValue("error", "Request Status.Error");
-                header.addStringValue("unrevoked", "no");
-            }
-
-            processor.auditChangeRequestProcessed(ILogger.SUCCESS);
-
-        } catch (EBaseException e) {
-            processor.log(ILogger.LL_FAILURE, "Error " + e);
-            processor.auditChangeRequestProcessed(ILogger.FAILURE);
-        }
-    }
-
-    private BigInteger[] getSerialNumbers(HttpServletRequest req)
-            throws NumberFormatException {
-        String serialNumString = req.getParameter("serialNumber");
-
-        StringTokenizer snList = new StringTokenizer(serialNumString, " ");
-        Vector<BigInteger> biList = new Vector<BigInteger>();
-        while (snList.hasMoreTokens()) {
-            String snStr = snList.nextToken();
-            if (snStr != null) {
-                snStr = snStr.trim();
-                BigInteger bi;
-                if (snStr.startsWith("0x") || snStr.startsWith("0X")) {
-                    bi = new BigInteger(snStr.substring(2), 16);
-                } else {
-                    bi = new BigInteger(snStr);
-                }
-                if (bi.compareTo(BigInteger.ZERO) < 0) {
-                    throw new NumberFormatException();
-                }
-                biList.addElement(bi);
-            } else {
-                throw new NumberFormatException();
-            }
-        }
-        if (biList.size() < 1) {
-            throw new NumberFormatException();
-        }
-
-        BigInteger[] biNumbers = new BigInteger[biList.size()];
-        for (int i = 0; i < biList.size(); i++) {
-            biNumbers[i] = biList.elementAt(i);
-        }
-
-        return biNumbers;
-    }
-
-    /**
-     * Signed Audit Log Requester ID
-     *
-     * This method is called to obtain the "RequesterID" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @param req HTTP request
-     * @return id string containing the signed audit log message RequesterID
-     */
-    private RequestId auditRequesterID(HttpServletRequest req) {
-        String requesterID = req.getParameter("requestId");
-
-        if (requesterID != null) {
-            return new RequestId(requesterID.trim());
-        } else {
-            return null;
-        }
-    }
-
-    /**
-     * Signed Audit Log Serial Number
-     *
-     * This method is called to obtain the serial number of the certificate
-     * whose status is to be changed for a signed audit log message.
-     * <P>
-     *
-     * @param eeSerialNumber a string containing the un-normalized serialNumber
-     * @return id string containing the signed audit log message RequesterID
-     */
-    private CertId auditSerialNumber(String eeSerialNumber) {
-        if (eeSerialNumber != null) {
-            return new CertId(eeSerialNumber.trim());
-        } else {
-            return null;
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java b/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java
deleted file mode 100644
index 0437a2e0e..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java
+++ /dev/null
@@ -1,613 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.math.BigInteger;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.ca.ICRLIssuingPoint;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.IPublisherProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * 'Unrevoke' a certificate. (For certificates that are on-hold only,
- * take them off-hold)
- *
- * @version $Revision$, $Date$
- */
-public class DoUnrevokeTPS extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -6245049221697655642L;
-
-    @SuppressWarnings("unused")
-    private ICertificateRepository mCertDB;
-
-    private IRequestQueue mQueue = null;
-    private IPublisherProcessor mPublisherProcessor = null;
-    private String errorString = "error=";
-    private String o_status = "status=0";
-
-    private final static String OFF_HOLD = "off-hold";
-    private final static int OFF_HOLD_REASON = 6;
-    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
-            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
-    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
-            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
-
-    public DoUnrevokeTPS() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        if (mAuthority instanceof ICertificateAuthority) {
-            mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository();
-        }
-        if (mAuthority instanceof ICertAuthority) {
-            mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor();
-        }
-        mQueue = mAuthority.getRequestQueue();
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        mRenderResult = false;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The certificate must be revoked
-     * with a revovcation reason 'on hold' for this operation to succeed. The serial number may be expressed as a hex
-     * number by prefixing '0x' to the serialNumber string
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        BigInteger[] serialNumbers;
-        EBaseException error = null;
-
-        Locale[] locale = new Locale[1];
-
-        /*
-                try {
-                    form = getTemplate(mFormPath, req, locale);
-                } catch (IOException e) {
-                    log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
-                    throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-                }
-        */
-
-        try {
-            serialNumbers = getSerialNumbers(req);
-
-            //for audit log.
-            IAuthToken authToken = authenticate(cmsReq);
-            String authMgr = AuditFormat.NOAUTH;
-
-            if (authToken != null) {
-                authMgr =
-                        authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
-            } else {
-                CMS.debug("DoUnrevokeTPS::process() -  authToken is null!");
-                return;
-            }
-            String agentID = authToken.getInString("userid");
-            String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID
-                    + " authenticated by " + authMgr;
-
-            AuthzToken authzToken = null;
-
-            try {
-                authzToken = authorize(mAclMethod, authToken,
-                            mAuthzResourceName, "unrevoke");
-            } catch (EAuthzAccessDenied e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            }
-
-            if (authzToken == null) {
-                cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-                o_status = "status=3";
-                errorString = "error=unauthorized";
-                String pp = o_status + "\n" + errorString;
-                byte[] b = pp.getBytes();
-                resp.setContentType("text/html");
-                resp.setContentLength(b.length);
-                OutputStream os = resp.getOutputStream();
-                os.write(b);
-                os.flush();
-                return;
-            }
-
-            process(serialNumbers, req, resp, locale[0], initiative);
-        } catch (NumberFormatException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT"));
-            error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
-        } catch (EBaseException e) {
-            error = e;
-        } catch (IOException e) {
-        }
-
-        try {
-            if (error == null) {
-                o_status = "status=0";
-                errorString = "error=";
-            } else {
-                o_status = "status=3";
-                errorString = "error=" + error.toString();
-            }
-
-            String pp = o_status + "\n" + errorString;
-            byte[] b = pp.getBytes();
-            resp.setContentType("text/html");
-            resp.setContentLength(b.length);
-            OutputStream os = resp.getOutputStream();
-            os.write(b);
-            os.flush();
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-    }
-
-    /**
-     * Process X509 cert status change request
-     * <P>
-     *
-     * (Certificate Request - an "agent" cert status change request to take a certificate off-hold)
-     * <P>
-     *
-     * (Certificate Request Processed - an "agent" cert status change request to take a certificate off-hold)
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. -
-     * "revocation") is made (before approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is
-     * changed (taken off-hold)
-     * </ul>
-     *
-     * @param serialNumbers the serial number of the certificate
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @param locale the system locale
-     * @param initiative string containing the audit format
-     * @exception EBaseException an error has occurred
-     */
-    private void process(BigInteger[] serialNumbers,
-            HttpServletRequest req,
-            HttpServletResponse resp,
-            Locale locale, String initiative)
-            throws EBaseException {
-        boolean auditRequest = true;
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditRequesterID = auditRequesterID(req);
-        String auditSerialNumber = auditSerialNumber(serialNumbers[0].toString());
-        String auditRequestType = OFF_HOLD;
-        RequestStatus auditApprovalStatus = null;
-        String auditReasonNum = String.valueOf(OFF_HOLD_REASON);
-
-        try {
-            String snList = "";
-
-            // certs are for old cloning and they should be removed as soon as possible
-            X509CertImpl[] certs = new X509CertImpl[serialNumbers.length];
-            for (int i = 0; i < serialNumbers.length; i++) {
-                certs[i] = (X509CertImpl) getX509Certificate(serialNumbers[i]);
-                if (snList.length() > 0)
-                    snList += ", ";
-                snList += "0x" + serialNumbers[i].toString(16);
-            }
-
-            IRequest unrevReq = mQueue.newRequest(IRequest.UNREVOCATION_REQUEST);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditRequesterID,
-                        auditSerialNumber,
-                        auditRequestType);
-
-            audit(auditMessage);
-
-            unrevReq.setExtData(IRequest.REQ_TYPE, IRequest.UNREVOCATION_REQUEST);
-            unrevReq.setExtData(IRequest.OLD_SERIALS, serialNumbers);
-            unrevReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
-
-            // change audit processing from "REQUEST" to "REQUEST_PROCESSED"
-            // to distinguish which type of signed audit log message to save
-            // as a failure outcome in case an exception occurs
-            auditRequest = false;
-
-            mQueue.processRequest(unrevReq);
-
-            // retrieve the request status
-            auditApprovalStatus = unrevReq.getRequestStatus();
-
-            RequestStatus status = unrevReq.getRequestStatus();
-            String type = unrevReq.getRequestType();
-
-            if ((status == RequestStatus.COMPLETE)
-                    || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) {
-
-                Integer result = unrevReq.getExtDataInInteger(IRequest.RESULT);
-
-                if (result != null && result.equals(IRequest.RES_SUCCESS)) {
-                    if (certs[0] != null) {
-                        mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.DOUNREVOKEFORMAT,
-                                new Object[] {
-                                        unrevReq.getRequestId(),
-                                        initiative,
-                                        "completed",
-                                        certs[0].getSubjectDN(),
-                                        "0x" + serialNumbers[0].toString(16) }
-                                );
-                    }
-                } else {
-                    String error = unrevReq.getExtDataInString(IRequest.ERROR);
-
-                    if (error != null) {
-                        o_status = "status=3";
-                        errorString = "error=" + error;
-                        if (certs[0] != null) {
-                            mLogger.log(ILogger.EV_AUDIT,
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.DOUNREVOKEFORMAT,
-                                    new Object[] {
-                                            unrevReq.getRequestId(),
-                                            initiative,
-                                            "completed with error: " +
-                                                    error,
-                                            certs[0].getSubjectDN(),
-                                            "0x" + serialNumbers[0].toString(16) }
-                                    );
-                        }
-                    }
-                }
-
-                Integer updateCRLResult =
-                        unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
-
-                if (updateCRLResult != null) {
-                    if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) {
-                        String crlError =
-                                unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
-
-                        if (crlError != null) {
-                            o_status = "status=3";
-                            errorString = "error=" + crlError;
-                        }
-                    }
-                    // let known crl publishing status too.
-                    Integer publishCRLResult =
-                            unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
-
-                    if (publishCRLResult != null) {
-                        if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) {
-                            String publError =
-                                    unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
-
-                            if (publError != null) {
-                                o_status = "status=3";
-                                errorString = "error=" + publError;
-                            }
-                        }
-                    }
-                }
-
-                // let known update and publish status of all crls.
-                Enumeration<ICRLIssuingPoint> otherCRLs =
-                        ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
-
-                while (otherCRLs.hasMoreElements()) {
-                    ICRLIssuingPoint crl = otherCRLs.nextElement();
-                    String crlId = crl.getId();
-
-                    if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
-                        continue;
-                    String updateStatusStr = crl.getCrlUpdateStatusStr();
-                    Integer updateResult = unrevReq.getExtDataInInteger(updateStatusStr);
-
-                    if (updateResult != null) {
-                        if (!updateResult.equals(IRequest.RES_SUCCESS)) {
-                            String updateErrorStr = crl.getCrlUpdateErrorStr();
-                            String error =
-                                    unrevReq.getExtDataInString(updateErrorStr);
-
-                            if (error != null) {
-                                o_status = "status=3";
-                                errorString = "error=" + error;
-                            }
-                        }
-                        String publishStatusStr = crl.getCrlPublishStatusStr();
-                        Integer publishResult =
-                                unrevReq.getExtDataInInteger(publishStatusStr);
-
-                        if (publishResult == null)
-                            continue;
-                        if (!publishResult.equals(IRequest.RES_SUCCESS)) {
-                            String publishErrorStr =
-                                    crl.getCrlPublishErrorStr();
-
-                            String error =
-                                    unrevReq.getExtDataInString(publishErrorStr);
-
-                            if (error != null) {
-                                o_status = "status=3";
-                                errorString = "error=" + error;
-                            }
-                        }
-                    }
-                }
-
-                if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
-                    Integer[] ldapPublishStatus =
-                            unrevReq.getExtDataInIntegerArray("ldapPublishStatus");
-
-                    if (ldapPublishStatus != null) {
-                        if (ldapPublishStatus[0] != IRequest.RES_SUCCESS) {
-                            o_status = "status=3";
-                            errorString = "error=Problem in publishing to LDAP";
-                        }
-                    }
-                } else if (mPublisherProcessor == null || (!mPublisherProcessor.ldapEnabled())) {
-                    o_status = "status=3";
-                    errorString = "error=LDAP Publisher not enabled";
-                }
-
-            } else if (status == RequestStatus.PENDING) {
-                o_status = "status=2";
-                errorString = "error=" + status.toString();
-                if (certs[0] != null) {
-                    mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.DOUNREVOKEFORMAT,
-                            new Object[] {
-                                    unrevReq.getRequestId(),
-                                    initiative,
-                                    "pending",
-                                    certs[0].getSubjectDN(),
-                                    "0x" + serialNumbers[0].toString(16) }
-                            );
-                }
-            } else {
-                o_status = "status=2";
-                errorString = "error=Undefined request status";
-
-                if (certs[0] != null) {
-                    mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.DOUNREVOKEFORMAT,
-                            new Object[] {
-                                    unrevReq.getRequestId(),
-                                    initiative,
-                                    status.toString(),
-                                    certs[0].getSubjectDN(),
-                                    "0x" + serialNumbers[0].toString(16) }
-                            );
-                }
-            }
-
-            // store a message in the signed audit log file
-            // if and only if "auditApprovalStatus" is
-            // "complete", "revoked", or "canceled"
-            if (auditApprovalStatus == RequestStatus.COMPLETE ||
-                    auditApprovalStatus == RequestStatus.REJECTED ||
-                    auditApprovalStatus == RequestStatus.CANCELED) {
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditRequesterID,
-                            auditSerialNumber,
-                            auditRequestType,
-                            auditReasonNum,
-                            auditApprovalStatus == null ? ILogger.SIGNED_AUDIT_EMPTY_VALUE : auditApprovalStatus.toString());
-
-                audit(auditMessage);
-            }
-
-        } catch (EBaseException eAudit1) {
-            if (auditRequest) {
-                // store a "CERT_STATUS_CHANGE_REQUEST" failure
-                // message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRequesterID,
-                            auditSerialNumber,
-                            auditRequestType);
-
-                audit(auditMessage);
-            } else {
-                // store a "CERT_STATUS_CHANGE_REQUEST_PROCESSED" failure
-                // message in the signed audit log file
-                // if and only if "auditApprovalStatus" is
-                // "complete", "revoked", or "canceled"
-                if (auditApprovalStatus == RequestStatus.COMPLETE ||
-                        auditApprovalStatus == RequestStatus.REJECTED ||
-                        auditApprovalStatus == RequestStatus.CANCELED) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditSerialNumber,
-                                auditRequestType,
-                                auditReasonNum,
-                                auditApprovalStatus == null ? ILogger.SIGNED_AUDIT_EMPTY_VALUE : auditApprovalStatus.toString());
-
-                    audit(auditMessage);
-                }
-            }
-        }
-
-        return;
-    }
-
-    private BigInteger[] getSerialNumbers(HttpServletRequest req)
-            throws NumberFormatException {
-        String serialNumString = req.getParameter("serialNumber");
-
-        StringTokenizer snList = new StringTokenizer(serialNumString, " ");
-        Vector<BigInteger> biList = new Vector<BigInteger>();
-        while (snList.hasMoreTokens()) {
-            String snStr = snList.nextToken();
-            if (snStr != null) {
-                snStr = snStr.trim();
-                BigInteger bi;
-                if (snStr.startsWith("0x") || snStr.startsWith("0X")) {
-                    bi = new BigInteger(snStr.substring(2), 16);
-                } else {
-                    bi = new BigInteger(snStr);
-                }
-                if (bi.compareTo(BigInteger.ZERO) < 0) {
-                    throw new NumberFormatException();
-                }
-                biList.addElement(bi);
-            } else {
-                throw new NumberFormatException();
-            }
-        }
-        if (biList.size() < 1) {
-            throw new NumberFormatException();
-        }
-
-        BigInteger[] biNumbers = new BigInteger[biList.size()];
-        for (int i = 0; i < biList.size(); i++) {
-            biNumbers[i] = biList.elementAt(i);
-        }
-
-        return biNumbers;
-    }
-
-    /**
-     * Signed Audit Log Requester ID
-     *
-     * This method is called to obtain the "RequesterID" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @param req HTTP request
-     * @return id string containing the signed audit log message RequesterID
-     */
-    private String auditRequesterID(HttpServletRequest req) {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        String requesterID = null;
-
-        // Obtain the requesterID
-        requesterID = req.getParameter("requestId");
-
-        if (requesterID != null) {
-            requesterID = requesterID.trim();
-        } else {
-            requesterID = ILogger.UNIDENTIFIED;
-        }
-
-        return requesterID;
-    }
-
-    /**
-     * Signed Audit Log Serial Number
-     *
-     * This method is called to obtain the serial number of the certificate
-     * whose status is to be changed for a signed audit log message.
-     * <P>
-     *
-     * @param eeSerialNumber a string containing the un-normalized serialNumber
-     * @return id string containing the signed audit log message RequesterID
-     */
-    private String auditSerialNumber(String eeSerialNumber) {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        String serialNumber = null;
-
-        // Normalize the serialNumber
-        if (eeSerialNumber != null) {
-            serialNumber = eeSerialNumber.trim();
-
-            // convert it to hexadecimal
-            serialNumber = "0x" + (new BigInteger(serialNumber)).toString(16);
-        } else {
-            serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        return serialNumber;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java b/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java
deleted file mode 100644
index 4904ec9b7..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java
+++ /dev/null
@@ -1,185 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.security.cert.X509Certificate;
-import java.util.Locale;
-import java.util.Random;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-import com.netscape.cms.authentication.HashAuthentication;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * For Face-to-face enrollment, enable EE enrollment feature
- *
- * @version $Revision$, $Date$
- * @see com.netscape.cms.servlet.cert.DisableEnrollResult
- */
-public class EnableEnrollResult extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = -2646998784859783012L;
-    private final static String TPL_FILE = "enableEnrollResult.template";
-    private String mFormPath = null;
-    private Random random = null;
-
-    public EnableEnrollResult() {
-        super();
-    }
-
-    /**
-     * Initializes the servlet.
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        // override success to display own output.
-
-        // coming from agent
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        random = new Random();
-    }
-
-    protected CMSRequest newCMSRequest() {
-        return new CMSRequest();
-    }
-
-    /**
-     * Services the request
-     */
-    protected void process(CMSRequest cmsReq)
-            throws EBaseException {
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "enable");
-        } catch (Exception e) {
-            // do nothing for now
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        X509Certificate sslClientCert = null;
-
-        sslClientCert = getSSLClientCertificate(httpReq);
-        String dn = sslClientCert.getSubjectDN().toString();
-
-        // Construct an ArgBlock
-        IArgBlock args = cmsReq.getHttpParams();
-
-        if (!(mAuthority instanceof IRegistrationAuthority)) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, httpReq, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        IConfigStore configStore = CMS.getConfigStore();
-        String machine = configStore.getString("machineName");
-        String port = CMS.getEESSLPort();
-
-        header.addStringValue("machineName", machine);
-        header.addStringValue("port", port);
-        String val = configStore.getString("hashDirEnrollment.name");
-        IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-        IAuthManager authMgr = authSS.get(val);
-        HashAuthentication mgr = (HashAuthentication) authMgr;
-
-        String host = args.getValueAsString("hostname", null);
-        boolean isEnable = mgr.isEnable(host);
-
-        if (isEnable) {
-            header.addStringValue("code", "1");
-        } else {
-            String timeout = args.getValueAsString("timeout", "600");
-
-            mgr.createEntry(host, dn, Long.parseLong(timeout) * 1000,
-                    random.nextLong() + "", 0);
-            header.addStringValue("code", "0");
-        }
-
-        try {
-            ServletOutputStream out = httpResp.getOutputStream();
-
-            httpResp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-        }
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-        return;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java b/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java
deleted file mode 100644
index 16e2ab840..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java
+++ /dev/null
@@ -1,1767 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.pkcs.PKCS10;
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.CertificateAlgorithmId;
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.KeyGenInfo;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertRecordList;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.policy.IPolicyProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.certsrv.usrgrp.IGroup;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSGateway;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.ECMSGWException;
-import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-import com.netscape.cms.servlet.processors.CMCProcessor;
-import com.netscape.cms.servlet.processors.CRMFProcessor;
-import com.netscape.cms.servlet.processors.KeyGenProcessor;
-import com.netscape.cms.servlet.processors.PKCS10Processor;
-import com.netscape.cms.servlet.processors.PKIProcessor;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * Submit a Certificate Enrollment request
- *
- * @version $Revision$, $Date$
- */
-public class EnrollServlet extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = -6983729702665630013L;
-
-    public final static String ADMIN_ENROLL_SERVLET_ID = "caadminEnroll";
-
-    // enrollment templates.
-    public static final String ENROLL_SUCCESS_TEMPLATE = "EnrollSuccess.template";
-
-    // http params
-    public static final String OLD_CERT_TYPE = "csrCertType";
-    public static final String CERT_TYPE = "certType";
-    // same as in ConfigConstant.java
-    public static final String REQUEST_FORMAT = "reqFormat";
-    public static final String REQUEST_FORMAT_PKCS10 = "PKCS10";
-    public static final String REQUEST_FORMAT_CMC = "CMC";
-    public static final String REQUEST_CONTENT = "requestContent";
-    public static final String SUBJECT_KEYGEN_INFO = "subjectKeyGenInfo";
-    public static final String PKCS10_REQUEST = "pkcs10Request";
-    public static final String CMC_REQUEST = "cmcRequest";
-    public static final String CRMF_REQUEST = "CRMFRequest";
-    public static final String SUBJECT_NAME = "subject";
-    public static final String CRMF_REQID = "crmfReqId";
-    public static final String CHALLENGE_PASSWORD = "challengePhrase";
-
-    private static final String CERT_AUTH_DUAL = "dual";
-    private static final String CERT_AUTH_ENCRYPTION = "encryption";
-    private static final String CERT_AUTH_SINGLE = "single";
-    private static final String CLIENT_ISSUER = "clientIssuer";
-
-    private String mEnrollSuccessTemplate = null;
-    private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller();
-
-    ICertificateAuthority mCa = null;
-    ICertificateRepository mRepository = null;
-
-    private boolean enforcePop = false;
-
-    private String auditServiceID = ILogger.UNIDENTIFIED;
-    private final static String ADMIN_CA_ENROLLMENT_SERVLET =
-            "caadminEnroll";
-    private final static String AGENT_CA_BULK_ENROLLMENT_SERVLET =
-            "cabulkissuance";
-    private final static String AGENT_RA_BULK_ENROLLMENT_SERVLET =
-            "rabulkissuance";
-    private final static String EE_CA_CERT_BASED_ENROLLMENT_SERVLET =
-            "cacertbasedenrollment";
-    private final static String EE_CA_ENROLLMENT_SERVLET =
-            "caenrollment";
-    private final static String EE_RA_CERT_BASED_ENROLLMENT_SERVLET =
-            "racertbasedenrollment";
-    private final static String EE_RA_ENROLLMENT_SERVLET =
-            "raenrollment";
-    private final static byte EOL[] = { Character.LINE_SEPARATOR };
-    private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
-
-    /* 0 */"automated non-profile cert request rejection:  "
-            + "unable to render OLD_CERT_TYPE response",
-
-    /* 1 */"automated non-profile cert request rejection:  "
-            + "unable to complete handleEnrollAuditLog() method",
-
-    /* 2 */"automated non-profile cert request rejection:  "
-            + "unable to render success template",
-
-    /* 3 */"automated non-profile cert request rejection:  "
-            + "indeterminate reason for inability to process "
-            + "cert request due to an EBaseException"
-        };
-    private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST =
-            "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5";
-    private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
-            "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
-
-    private static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----";
-    private static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----";
-
-    public EnrollServlet() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     * <p>
-     * the following parameters are read from the servlet config:
-     * <ul>
-     * <li>CMSServlet.PROP_ID - ID for signed audit log messages
-     * <li>CMSServlet.PROP_SUCCESS_TEMPLATE - success template file
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        try {
-            super.init(sc);
-
-            CMS.debug("EnrollServlet: In Enroll Servlet init!");
-
-            try {
-                IConfigStore configStore = CMS.getConfigStore();
-                String PKI_Subsystem = configStore.getString("subsystem.0.id",
-                                                              null);
-
-                // CMS 6.1 began utilizing the "Certificate Profiles" framework
-                // instead of the legacy "Certificate Policies" framework.
-                //
-                // Beginning with CS 8.1, to meet the Common Criteria
-                // evaluation performed on this version of the product, it
-                // was determined that this legacy "Certificate Policies"
-                // framework would be deprecated and disabled by default
-                // (see Bugzilla Bug #472597).
-                //
-                // NOTE:  The "Certificate Policies" framework ONLY applied to
-                //        to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems.
-                //
-                //        Further, the "EnrollServlet.java" servlet is ONLY
-                //        used by the CA for the following:
-                //
-                //        SERVLET-NAME           URL-PATTERN
-                //        ====================================================
-                //        caadminEnroll          ca/admin/ca/adminEnroll.html
-                //        cabulkissuance         ca/agent/ca/bulkissuance.html
-                //        cacertbasedenrollment  ca/certbasedenrollment.html
-                //        caenrollment           ca/enrollment.html
-                //
-                //        The "EnrollServlet.java" servlet is NOT used by
-                //        the KRA.
-                //
-                if (PKI_Subsystem.trim().equalsIgnoreCase("ca")) {
-                    String policyStatus = PKI_Subsystem.trim().toLowerCase()
-                                        + "." + "Policy"
-                                        + "." + IPolicyProcessor.PROP_ENABLE;
-
-                    if (configStore.getBoolean(policyStatus, true) == true) {
-                        // NOTE:  If "<subsystem>.Policy.enable=<boolean>"
-                        //        is missing, then the referenced instance
-                        //        existed prior to this name=value pair
-                        //        existing in its 'CS.cfg' file, and thus
-                        //        we err on the side that the user may
-                        //        still need to use the policy framework.
-                        CMS.debug("EnrollServlet::init Certificate "
-                                 + "Policy Framework (deprecated) "
-                                 + "is ENABLED");
-                    } else {
-                        // CS 8.1 Default:  <subsystem>.Policy.enable=false
-                        CMS.debug("EnrollServlet::init Certificate "
-                                 + "Policy Framework (deprecated) "
-                                 + "is DISABLED");
-                        return;
-                    }
-                }
-            } catch (EBaseException e) {
-                throw new ServletException("EnrollServlet::init - "
-                                          + "EBaseException:  "
-                                          + "Unable to initialize "
-                                          + "Certificate Policy Framework "
-                                          + "(deprecated)");
-            }
-
-            // override success template to allow direct import of keygen certs.
-            mTemplates.remove(ICMSRequest.SUCCESS);
-
-            try {
-                // determine the service ID for signed audit log messages
-                String id = sc.getInitParameter(CMSServlet.PROP_ID);
-
-                if (id != null) {
-                    if (!(auditServiceID.equals(
-                                ADMIN_CA_ENROLLMENT_SERVLET))
-                            && !(auditServiceID.equals(
-                                    AGENT_CA_BULK_ENROLLMENT_SERVLET))
-                            && !(auditServiceID.equals(
-                                    AGENT_RA_BULK_ENROLLMENT_SERVLET))
-                            && !(auditServiceID.equals(
-                                    EE_CA_CERT_BASED_ENROLLMENT_SERVLET))
-                            && !(auditServiceID.equals(
-                                    EE_CA_ENROLLMENT_SERVLET))
-                            && !(auditServiceID.equals(
-                                    EE_RA_CERT_BASED_ENROLLMENT_SERVLET))
-                            && !(auditServiceID.equals(
-                                    EE_RA_ENROLLMENT_SERVLET))) {
-                        auditServiceID = ILogger.UNIDENTIFIED;
-                    } else {
-                        auditServiceID = id.trim();
-                    }
-                }
-
-                mEnrollSuccessTemplate = sc.getInitParameter(
-                            CMSServlet.PROP_SUCCESS_TEMPLATE);
-                if (mEnrollSuccessTemplate == null)
-                    mEnrollSuccessTemplate = ENROLL_SUCCESS_TEMPLATE;
-                String fillername = sc.getInitParameter(
-                        PROP_SUCCESS_TEMPLATE_FILLER);
-
-                if (fillername != null) {
-                    ICMSTemplateFiller filler = newFillerObject(fillername);
-
-                    if (filler != null)
-                        mEnrollSuccessFiller = filler;
-                }
-
-                // cfu
-                mCa = (ICertificateAuthority) CMS.getSubsystem("ca");
-
-                init_testbed_hack(mConfig);
-            } catch (Exception e) {
-                // this should never happen.
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR",
-                                e.toString(), mId));
-            }
-        } catch (ServletException eAudit1) {
-            // rethrow caught exception
-            throw eAudit1;
-        }
-    }
-
-    /**
-     * XXX (SHOULD CHANGE TO READ FROM Servletconfig)
-     * Getter method to see if Proof of Posession checking is enabled.
-     * this value is set in the CMS.cfg filem with the parameter
-     * "enrollment.enforcePop". It defaults to false
-     *
-     * @return true if user is required to Prove that they possess the
-     *         private key corresponding to the public key in the certificate
-     *         request they are submitting
-     */
-    public boolean getEnforcePop() {
-        return enforcePop;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <UL>
-     * <LI>If the request is coming through the admin port, it is only allowed to continue if 'admin enrollment' is
-     * enabled in the CMS.cfg file
-     * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread is renamed with more information about
-     * the current request ID
-     * <LI>The request is preprocessed, then processed further in one of the cert request processor classes:
-     * KeyGenProcessor, PKCS10Processor, CMCProcessor, CRMFProcessor
-     * </UL>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq)
-            throws EBaseException {
-        // SPECIAL CASE:
-        // if it is adminEnroll servlet,check if it's enabled
-        if (mId.equals(ADMIN_ENROLL_SERVLET_ID) &&
-                !CMSGateway.getEnableAdminEnroll()) {
-            log(ILogger.LL_SECURITY,
-                    CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP"));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_REDIRECTING_ADMINENROLL_ERROR",
-                            "Attempt to access adminEnroll after already setup."));
-        }
-
-        processX509(cmsReq);
-    }
-
-    private boolean getCertAuthEnrollStatus(IArgBlock httpParams) {
-
-        /*
-         * === certAuth based enroll ===
-         * "certAuthEnroll" is on.
-         * "certauthEnrollType can be one of the three:
-         *               single - it's for single cert enrollment
-         *               dual - it's for dual certs enrollment
-         *               encryption - getting the encryption cert only via
-         *                    authentication of the signing cert
-         *                    (crmf or keyGenInfo)
-         */
-        boolean certAuthEnroll = false;
-
-        String certAuthEnrollOn =
-                httpParams.getValueAsString("certauthEnroll", null);
-
-        if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) {
-            certAuthEnroll = true;
-            CMS.debug("EnrollServlet: certAuthEnroll is on");
-        }
-
-        return certAuthEnroll;
-
-    }
-
-    private String getCertAuthEnrollType(IArgBlock httpParams, boolean certAuthEnroll)
-            throws EBaseException {
-
-        String certauthEnrollType = null;
-
-        if (certAuthEnroll == true) {
-            certauthEnrollType =
-                    httpParams.getValueAsString("certauthEnrollType", null);
-            if (certauthEnrollType != null) {
-                if (certauthEnrollType.equals("dual")) {
-                    CMS.debug("EnrollServlet: certauthEnrollType is dual");
-                } else if (certauthEnrollType.equals("encryption")) {
-                    CMS.debug("EnrollServlet: certauthEnrollType is encryption");
-                } else if (certauthEnrollType.equals("single")) {
-                    CMS.debug("EnrollServlet: certauthEnrollType is single");
-                } else {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType));
-                    throw new ECMSGWException(
-                            CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE"));
-                }
-            } else {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("MSGW_MISSING_CERTAUTH_ENROLL_TYPE"));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE"));
-            }
-        }
-
-        return certauthEnrollType;
-
-    }
-
-    private boolean checkClientCertSigningOnly(X509Certificate sslClientCert)
-            throws EBaseException {
-        if ((CMS.isSigningCert(sslClientCert) ==
-                false) ||
-                ((CMS.isSigningCert(sslClientCert) ==
-                    true) &&
-                (CMS.isEncryptionCert(sslClientCert) ==
-                    true))) {
-
-            // either it's not a signing cert, or it's a dual cert
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
-        }
-
-        return true;
-    }
-
-    private X509CertInfo[] handleCertAuthDual(X509CertInfo certInfo, IAuthToken authToken,
-            X509Certificate sslClientCert,
-            ICertificateAuthority mCa, String certBasedOldSubjectDN,
-            BigInteger certBasedOldSerialNum)
-            throws EBaseException {
-
-        CMS.debug("EnrollServlet: In handleCertAuthDual!");
-
-        if (mCa == null) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_NOT_A_CA"));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_NOT_A_CA"));
-        }
-
-        // first, make sure the client cert is indeed a
-        // signing only cert
-
-        try {
-
-            checkClientCertSigningOnly(sslClientCert);
-        } catch (ECMSGWException e) {
-
-            throw new ECMSGWException(e.toString());
-
-        }
-
-        X509Key key = null;
-
-        // for signing cert
-        key = (X509Key) sslClientCert.getPublicKey();
-        try {
-            certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_IO", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
-        }
-
-        String filter =
-                "(&(x509cert.subject="
-                        + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum
-                        + "))(certStatus=VALID))";
-        ICertRecordList list =
-                mCa.getCertificateRepository().findCertRecordsInList(filter, null, 10);
-        int size = list.getSize();
-        Enumeration<ICertRecord> en = list.getCertRecords(0, size - 1);
-
-        CMS.debug("EnrollServlet: signing cert filter " + filter);
-
-        if (!en.hasMoreElements()) {
-            CMS.debug("EnrollServlet: pairing encryption cert not found!");
-            return null;
-            // pairing encryption cert not found
-        } else {
-            X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo();
-            X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo,
-                    encCertInfo };
-            int i = 1;
-
-            boolean encCertFound = false;
-
-            while (en.hasMoreElements()) {
-                ICertRecord record = en.nextElement();
-                X509CertImpl cert = record.getCertificate();
-
-                // if not encryption cert only, try next one
-                if ((CMS.isEncryptionCert(cert) == false) ||
-                        ((CMS.isEncryptionCert(cert) == true) &&
-                        (CMS.isSigningCert(cert) == true))) {
-
-                    CMS.debug("EnrollServlet: Not encryption only cert, will try next one.");
-                    continue;
-                }
-
-                key = (X509Key) cert.getPublicKey();
-                CMS.debug("EnrollServlet: Found key for encryption cert.");
-                encCertFound = true;
-
-                try {
-                    encCertInfo = (X509CertInfo)
-                            cert.get(
-                                    X509CertImpl.NAME + "." + X509CertImpl.INFO);
-
-                } catch (CertificateParsingException ex) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
-                    throw new ECMSGWException(
-                            CMS.getUserMessage("CMS_GW_MISSING_CERTINFO"));
-                }
-
-                try {
-                    encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
-                } catch (CertificateException e) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
-                    throw new ECMSGWException(
-                            CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
-                } catch (IOException e) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
-                    throw new ECMSGWException(
-                            CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
-                }
-
-                CMS.debug("EnrollServlet: About to fillCertInfoFromAuthToken!");
-                PKIProcessor.fillCertInfoFromAuthToken(encCertInfo, authToken);
-
-                cInfoArray[i++] = encCertInfo;
-                break;
-
-            }
-            if (encCertFound == false) {
-                CMS.debug("EnrollServlet: Leaving because Enc Cert not found.");
-                return null;
-            }
-
-            CMS.debug("EnrollServlet: returning cInfoArray of length " + cInfoArray.length);
-            return cInfoArray;
-        }
-
-    }
-
-    private boolean handleEnrollAuditLog(IRequest req, CMSRequest cmsReq, String authMgr, IAuthToken authToken,
-            X509CertInfo certInfo, long startTime)
-            throws EBaseException {
-        //for audit log
-
-        String initiative = null;
-        String agentID = null;
-
-        if (authToken == null) {
-            // request is from eegateway, so fromUser.
-            initiative = AuditFormat.FROMUSER;
-        } else {
-            agentID = authToken.getInString("userid");
-            initiative = AuditFormat.FROMAGENT + " agentID: " + agentID;
-        }
-
-        // if service not complete return standard templates.
-        RequestStatus status = req.getRequestStatus();
-
-        if (status != RequestStatus.COMPLETE) {
-            cmsReq.setIRequestStatus(); // set status acc. to IRequest status.
-            // audit log the status
-            try {
-                if (status == RequestStatus.REJECTED) {
-                    Vector<String> messages = req.getExtDataInStringVector(IRequest.ERRORS);
-
-                    if (messages != null) {
-                        Enumeration<String> msgs = messages.elements();
-                        StringBuffer wholeMsg = new StringBuffer();
-
-                        while (msgs.hasMoreElements()) {
-                            wholeMsg.append("\n");
-                            wholeMsg.append(msgs.nextElement());
-                        }
-                        mLogger.log(ILogger.EV_AUDIT,
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.ENROLLMENTFORMAT,
-                                new Object[] {
-                                        req.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        status.toString(),
-                                        certInfo.get(X509CertInfo.SUBJECT),
-                                        " violation: " +
-                                                wholeMsg.toString() }
-                                );
-                    } else { // no policy violation, from agent
-                        mLogger.log(ILogger.EV_AUDIT,
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.ENROLLMENTFORMAT,
-                                new Object[] {
-                                        req.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        status.toString(),
-                                        certInfo.get(X509CertInfo.SUBJECT), "" }
-                                );
-                    }
-                } else { // other imcomplete status
-                    long endTime = CMS.getCurrentDate().getTime();
-
-                    mLogger.log(ILogger.EV_AUDIT,
-                            ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.ENROLLMENTFORMAT,
-                            new Object[] {
-                                    req.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    status.toString(),
-                                    certInfo.get(X509CertInfo.SUBJECT) + " time: " + (endTime - startTime), "" }
-                            );
-                }
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
-                                e.toString()));
-            } catch (CertificateException e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
-                                e.toString()));
-            }
-            return false;
-        }
-        // if service error use standard error templates.
-        Integer result = req.getExtDataInInteger(IRequest.RESULT);
-
-        if (result.equals(IRequest.RES_ERROR)) {
-
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            cmsReq.setError(req.getExtDataInString(IRequest.ERROR));
-            String[] svcErrors =
-                    req.getExtDataInStringArray(IRequest.SVCERRORS);
-
-            if (svcErrors != null && svcErrors.length > 0) {
-                for (int i = 0; i < svcErrors.length; i++) {
-                    String err = svcErrors[i];
-
-                    if (err != null) {
-                        //System.out.println(
-                        //"revocation servlet: setting error description "+
-                        //err.toString());
-                        cmsReq.setErrorDescription(err);
-                        // audit log the error
-                        try {
-                            mLogger.log(ILogger.EV_AUDIT,
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.ENROLLMENTFORMAT,
-                                    new Object[] {
-                                            req.getRequestId(),
-                                            initiative,
-                                            authMgr,
-                                            "completed with error: " +
-                                                    err,
-                                            certInfo.get(X509CertInfo.SUBJECT), ""
-                                }
-                                    );
-                        } catch (IOException e) {
-                            log(ILogger.LL_FAILURE,
-                                    CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
-                                            e.toString()));
-                        } catch (CertificateException e) {
-                            log(ILogger.LL_FAILURE,
-                                    CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
-                                            e.toString()));
-                        }
-
-                    }
-                }
-            }
-            return false;
-
-        }
-
-        return true;
-
-    }
-
-    /**
-     * Process X509 certificate enrollment request
-     * <P>
-     *
-     * (Certificate Request - either an "admin" cert request for an admin certificate, an "agent" cert request for
-     * "bulk enrollment", or an "EE" standard cert request)
-     * <P>
-     *
-     * (Certificate Request Processed - either an automated "admin" non-profile based CA admin cert acceptance, an
-     * automated "admin" non-profile based CA admin cert rejection, an automated "EE" non-profile based cert acceptance,
-     * or an automated "EE" non-profile based cert rejection)
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a non-profile cert request is made
-     * (before approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been
-     * through the approval process
-     * </ul>
-     *
-     * @param cmsReq a certificate enrollment request
-     * @exception EBaseException an error has occurred
-     */
-    protected void processX509(CMSRequest cmsReq)
-            throws EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditRequesterID = ILogger.UNIDENTIFIED;
-        String auditCertificateSubjectName = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        String id = null;
-
-        // define variables common to try-catch-blocks
-        long startTime = 0;
-        IArgBlock httpParams = null;
-        HttpServletRequest httpReq = null;
-        IAuthToken authToken = null;
-        AuthzToken authzToken = null;
-        IRequest req = null;
-        X509CertInfo certInfo = null;
-
-        IConfigStore configStore = CMS.getConfigStore();
-
-        /* XXX shouldn't we read this from ServletConfig at init time? */
-        enforcePop = configStore.getBoolean("enrollment.enforcePop", false);
-        CMS.debug("EnrollServlet: enforcePop " + enforcePop);
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            startTime = CMS.getCurrentDate().getTime();
-            httpParams = cmsReq.getHttpParams();
-            httpReq = cmsReq.getHttpReq();
-            if (mAuthMgr != null) {
-                authToken = authenticate(cmsReq);
-            }
-
-            try {
-                authzToken = authorize(mAclMethod, authToken,
-                            mAuthzResourceName, "submit");
-            } catch (EAuthzAccessDenied e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            }
-
-            if (authzToken == null) {
-                cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-
-                // store a message in the signed audit log file
-                // (either an "admin" cert request for an admin certificate,
-                //  an "agent" cert request for "bulk enrollment", or
-                //  an "EE" standard cert request)
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRequesterID,
-                            auditServiceID,
-                            auditCertificateSubjectName);
-
-                audit(auditMessage);
-
-                return;
-            }
-
-            // create enrollment request in request queue.
-            req = mRequestQueue.newRequest(IRequest.ENROLLMENT_REQUEST);
-
-            // retrieve the actual "auditRequesterID"
-            if (req != null) {
-                // overwrite "auditRequesterID" if and only if "id" != null
-                id = req.getRequestId().toString();
-                if (id != null) {
-                    auditRequesterID = id.trim();
-                }
-            }
-
-            try {
-                if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) {
-                    String currentName = Thread.currentThread().getName();
-
-                    Thread.currentThread().setName(currentName
-                            + "-request-"
-                            + req.getRequestId().toString()
-                            + "-"
-                            + (new Date()).getTime());
-                }
-            } catch (Exception e) {
-            }
-
-            /*
-             * === certAuth based enroll ===
-             * "certAuthEnroll" is on.
-             * "certauthEnrollType can be one of the three:
-             *       single - it's for single cert enrollment
-             *       dual - it's for dual certs enrollment
-             *       encryption - getting the encryption cert only via
-             *                    authentication of the signing cert
-             *                    (crmf or keyGenInfo)
-             */
-            boolean certAuthEnroll = false;
-            String certauthEnrollType = null;
-
-            certAuthEnroll = getCertAuthEnrollStatus(httpParams);
-
-            try {
-                if (certAuthEnroll == true) {
-                    certauthEnrollType = getCertAuthEnrollType(httpParams,
-                                certAuthEnroll);
-                }
-            } catch (ECMSGWException e) {
-                // store a message in the signed audit log file
-                // (either an "admin" cert request for an admin certificate,
-                //  an "agent" cert request for "bulk enrollment", or
-                //  an "EE" standard cert request)
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRequesterID,
-                            auditServiceID,
-                            auditCertificateSubjectName);
-
-                audit(auditMessage);
-
-                throw new ECMSGWException(e.toString());
-            }
-
-            CMS.debug("EnrollServlet: In EnrollServlet.processX509!");
-            CMS.debug("EnrollServlet: certAuthEnroll " + certAuthEnroll);
-            CMS.debug("EnrollServlet: certauthEnrollType " + certauthEnrollType);
-
-            String challengePassword = httpParams.getValueAsString(
-                    "challengePassword", "");
-
-            cmsReq.setIRequest(req);
-            saveHttpHeaders(httpReq, req);
-            saveHttpParams(httpParams, req);
-
-            X509Certificate sslClientCert = null;
-
-            // cert auth enroll
-            String certBasedOldSubjectDN = null;
-            BigInteger certBasedOldSerialNum = null;
-
-            // check if request was authenticated, if so set authtoken &
-            // certInfo.  also if authenticated, take certInfo from authToken.
-            certInfo = null;
-            if (certAuthEnroll == true) {
-                sslClientCert = getSSLClientCertificate(httpReq);
-                if (sslClientCert == null) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT"));
-
-                    // store a message in the signed audit log file
-                    // (either an "admin" cert request for an admin certificate,
-                    //  an "agent" cert request for "bulk enrollment", or
-                    //  an "EE" standard cert request)
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditServiceID,
-                                auditCertificateSubjectName);
-
-                    audit(auditMessage);
-
-                    throw new ECMSGWException(
-                            CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT"));
-                }
-
-                certBasedOldSubjectDN = sslClientCert.getSubjectDN().toString();
-                certBasedOldSerialNum = sslClientCert.getSerialNumber();
-
-                CMS.debug("EnrollServlet: certBasedOldSubjectDN " + certBasedOldSubjectDN);
-                CMS.debug("EnrollServlet: certBasedOldSerialNum " + certBasedOldSerialNum);
-
-                // if the cert subject name is NOT MISSING, retrieve the
-                // actual "auditCertificateSubjectName" and "normalize" it
-                if (certBasedOldSubjectDN != null) {
-                    // NOTE:  This is ok even if the cert subject name
-                    //        is "" (empty)!
-                    auditCertificateSubjectName = certBasedOldSubjectDN.trim();
-                }
-
-                try {
-                    certInfo = (X509CertInfo)
-                            ((X509CertImpl) sslClientCert).get(
-                                    X509CertImpl.NAME + "." + X509CertImpl.INFO);
-                } catch (CertificateParsingException ex) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_MISSING_CERTINFO"));
-
-                    // store a message in the signed audit log file
-                    // (either an "admin" cert request for an admin certificate,
-                    //  an "agent" cert request for "bulk enrollment", or
-                    //  an "EE" standard cert request)
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditServiceID,
-                                auditCertificateSubjectName);
-
-                    audit(auditMessage);
-
-                    throw new ECMSGWException(
-                            CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
-                }
-            } else {
-                CMS.debug("EnrollServlet: No CertAuthEnroll.");
-                certInfo = CMS.getDefaultX509CertInfo();
-            }
-
-            X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo };
-
-            String authMgr = AuditFormat.NOAUTH;
-
-            // if authentication
-            if (authToken != null) {
-                authMgr =
-                        authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
-                // don't store agent token in request.
-                // agent currently used for bulk issuance.
-                // if (!authMgr.equals(AuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
-                log(ILogger.LL_INFO,
-                        "Enrollment request was authenticated by " +
-                                authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME));
-
-                PKIProcessor.fillCertInfoFromAuthToken(certInfo,
-                        authToken);
-                // save authtoken attrs to request directly
-                // (for policy use)
-                saveAuthToken(authToken, req);
-                // req.set(IRequest.AUTH_TOKEN, authToken);
-                // }
-            }
-
-            CMS.debug("EnrollServlet: Enroll authMgr " + authMgr);
-
-            if (certAuthEnroll == true) {
-                // log(ILogger.LL_DEBUG,
-                //     "just gotten subjectDN and serialNumber " +
-                //     "from ssl client cert");
-                if (authToken == null) {
-                    // authToken is null, can't match to anyone; bail!
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_ERR_PROCESS_ENROLL_NO_AUTH"));
-
-                    // store a message in the signed audit log file
-                    // (either an "admin" cert request for an admin certificate,
-                    //  an "agent" cert request for "bulk enrollment", or
-                    //  an "EE" standard cert request)
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditServiceID,
-                                auditCertificateSubjectName);
-
-                    audit(auditMessage);
-
-                    return;
-                }
-            }
-
-            // fill certInfo from input types: keygen, cmc, pkcs10 or crmf
-            KeyGenInfo keyGenInfo = httpParams.getValueAsKeyGenInfo(
-                    SUBJECT_KEYGEN_INFO, null);
-            PKCS10 pkcs10 = null;
-
-            // support Enterprise 3.5.1 server where CERT_TYPE=csrCertType
-            // instead of certType
-            String certType = httpParams.getValueAsString(OLD_CERT_TYPE, null);
-            CMS.debug("EnrollServlet: certType " + certType);
-
-            if (certType == null) {
-                certType = httpParams.getValueAsString(CERT_TYPE, "client");
-                CMS.debug("EnrollServlet: certType " + certType);
-            } else {
-                // some policies may rely on the fact that
-                // CERT_TYPE is set. So for 3.5.1 or eariler
-                // we need to set CERT_TYPE here.
-                req.setExtData(IRequest.HTTP_PARAMS, CERT_TYPE, certType);
-            }
-            if (certType.equals("client")) {
-                // coming from MSIE
-                String p10b64 = httpParams.getValueAsString(PKCS10_REQUEST,
-                        null);
-
-                if (p10b64 != null) {
-                    try {
-                        byte[] bytes = CMS.AtoB(p10b64);
-
-                        pkcs10 = new PKCS10(bytes);
-                    } catch (Exception e) {
-                        // ok, if the above fails, it could
-                        // be a PKCS10 with header
-                        pkcs10 = httpParams.getValueAsPKCS10(PKCS10_REQUEST,
-                                    false, null);
-                        // e.printStackTrace();
-                    }
-                }
-
-                //pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null);
-
-            } else {
-                try {
-                    // coming from server cut & paste blob.
-                    pkcs10 = httpParams.getValueAsPKCS10(PKCS10_REQUEST,
-                                false, null);
-                } catch (Exception ex) {
-                    ex.printStackTrace();
-                }
-            }
-
-            String cmc = null;
-            String asciiBASE64Blob = httpParams.getValueAsString(CMC_REQUEST, null);
-
-            if (asciiBASE64Blob != null) {
-                int startIndex = asciiBASE64Blob.indexOf(HEADER);
-                int endIndex = asciiBASE64Blob.indexOf(TRAILER);
-                if (startIndex != -1 && endIndex != -1) {
-                    startIndex = startIndex + HEADER.length();
-                    cmc = asciiBASE64Blob.substring(startIndex, endIndex);
-                } else
-                    cmc = asciiBASE64Blob;
-                CMS.debug("EnrollServlet: cmc " + cmc);
-            }
-
-            String crmf = httpParams.getValueAsString(CRMF_REQUEST, null);
-
-            CMS.debug("EnrollServlet: crmf " + crmf);
-
-            if (certAuthEnroll == true) {
-
-                PKIProcessor.fillCertInfoFromAuthToken(certInfo, authToken);
-
-                // for dual certs
-                if (certauthEnrollType.equals(CERT_AUTH_DUAL)) {
-
-                    CMS.debug("EnrollServlet: Attempting CERT_AUTH_DUAL");
-                    boolean gotEncCert = false;
-                    X509CertInfo[] cInfoArray = null;
-
-                    try {
-                        cInfoArray = handleCertAuthDual(certInfo, authToken,
-                                    sslClientCert, mCa,
-                                    certBasedOldSubjectDN,
-                                    certBasedOldSerialNum);
-                    } catch (ECMSGWException e) {
-                        // store a message in the signed audit log file
-                        // (either an "admin" cert request for an admin
-                        //  certificate, an "agent" cert request for
-                        //  "bulk enrollment", or an "EE" standard cert request)
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditRequesterID,
-                                    auditServiceID,
-                                    auditCertificateSubjectName);
-
-                        audit(auditMessage);
-
-                        throw new ECMSGWException(e.toString());
-                    }
-
-                    if (cInfoArray != null && cInfoArray.length != 0) {
-                        CMS.debug("EnrollServlet: cInfoArray Length " + cInfoArray.length);
-
-                        certInfoArray = cInfoArray;
-                        gotEncCert = true;
-                    }
-
-                    if (gotEncCert == false) {
-                        // encryption cert not found, bail
-                        log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage(
-                                        "CMSGW_ENCRYPTION_CERT_NOT_FOUND"));
-
-                        // store a message in the signed audit log file
-                        // (either an "admin" cert request for an admin
-                        //  certificate, an "agent" cert request for
-                        //  "bulk enrollment", or an "EE" standard cert request)
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditRequesterID,
-                                    auditServiceID,
-                                    auditCertificateSubjectName);
-
-                        audit(auditMessage);
-
-                        throw new ECMSGWException(
-                                CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND"));
-                    }
-
-                } else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) {
-
-                    // first, make sure the client cert is indeed a
-                    // signing only cert
-
-                    try {
-
-                        checkClientCertSigningOnly(sslClientCert);
-                    } catch (ECMSGWException e) {
-                        // store a message in the signed audit log file
-                        // (either an "admin" cert request for an admin
-                        //  certificate, an "agent" cert request for
-                        //  "bulk enrollment", or an "EE" standard cert request)
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditRequesterID,
-                                    auditServiceID,
-                                    auditCertificateSubjectName);
-
-                        audit(auditMessage);
-
-                        throw new ECMSGWException(e.toString());
-                    }
-
-                    /*
-                     * either crmf or keyGenInfo
-                     */
-                    if (keyGenInfo != null) {
-                        KeyGenProcessor keyGenProc = new KeyGenProcessor(cmsReq,
-                                this);
-
-                        keyGenProc.fillCertInfo(null, certInfo,
-                                authToken, httpParams);
-
-                        req.setExtData(CLIENT_ISSUER,
-                                sslClientCert.getIssuerDN().toString());
-                        CMS.debug("EnrollServlet: sslClientCert issuerDN = " +
-                                sslClientCert.getIssuerDN().toString());
-                    } else if (crmf != null && crmf != "") {
-                        CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this, enforcePop);
-
-                        certInfoArray = crmfProc.fillCertInfoArray(crmf,
-                                    authToken,
-                                    httpParams,
-                                    req);
-
-                        req.setExtData(CLIENT_ISSUER,
-                                sslClientCert.getIssuerDN().toString());
-                        CMS.debug("EnrollServlet: sslClientCert issuerDN = " +
-                                sslClientCert.getIssuerDN().toString());
-                    } else {
-                        log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
-                                        CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
-
-                        // store a message in the signed audit log file
-                        // (either an "admin" cert request for an admin
-                        //  certificate, an "agent" cert request for
-                        //  "bulk enrollment", or an "EE" standard cert request)
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditRequesterID,
-                                    auditServiceID,
-                                    auditCertificateSubjectName);
-
-                        audit(auditMessage);
-
-                        throw new ECMSGWException(
-                                CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
-                    }
-
-                } else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) {
-
-                    // have to be buried here to handle the issuer
-
-                    if (keyGenInfo != null) {
-                        KeyGenProcessor keyGenProc = new KeyGenProcessor(cmsReq,
-                                this);
-
-                        keyGenProc.fillCertInfo(null, certInfo,
-                                authToken, httpParams);
-                    } else if (pkcs10 != null) {
-                        PKCS10Processor pkcs10Proc = new PKCS10Processor(cmsReq,
-                                this);
-
-                        pkcs10Proc.fillCertInfo(pkcs10, certInfo,
-                                authToken, httpParams);
-                    } else if (cmc != null && cmc != "") {
-                        CMCProcessor cmcProc = new CMCProcessor(cmsReq, this, enforcePop);
-
-                        certInfoArray = cmcProc.fillCertInfoArray(cmc,
-                                    authToken,
-                                    httpParams,
-                                    req);
-                    } else if (crmf != null && crmf != "") {
-                        CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this, enforcePop);
-
-                        certInfoArray = crmfProc.fillCertInfoArray(crmf,
-                                    authToken,
-                                    httpParams,
-                                    req);
-                    } else {
-                        log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
-                                        CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
-
-                        // store a message in the signed audit log file
-                        // (either an "admin" cert request for an admin
-                        //  certificate, an "agent" cert request for
-                        //  "bulk enrollment", or an "EE" standard cert request)
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditRequesterID,
-                                    auditServiceID,
-                                    auditCertificateSubjectName);
-
-                        audit(auditMessage);
-
-                        throw new ECMSGWException(
-                                CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
-                    }
-                    req.setExtData(CLIENT_ISSUER,
-                            sslClientCert.getIssuerDN().toString());
-                }
-
-            } else if (keyGenInfo != null) {
-
-                CMS.debug("EnrollServlet: Trying KeyGen with no cert auth.");
-                KeyGenProcessor keyGenProc = new KeyGenProcessor(cmsReq, this);
-
-                keyGenProc.fillCertInfo(null, certInfo, authToken, httpParams);
-            } else if (pkcs10 != null) {
-                CMS.debug("EnrollServlet: Trying PKCS10 with no cert auth.");
-                PKCS10Processor pkcs10Proc = new PKCS10Processor(cmsReq, this);
-
-                pkcs10Proc.fillCertInfo(pkcs10, certInfo, authToken, httpParams);
-            } else if (cmc != null) {
-                CMS.debug("EnrollServlet: Trying CMC with no cert auth.");
-                CMCProcessor cmcProc = new CMCProcessor(cmsReq, this, enforcePop);
-
-                certInfoArray = cmcProc.fillCertInfoArray(cmc, authToken,
-                            httpParams, req);
-            } else if (crmf != null && crmf != "") {
-                CMS.debug("EnrollServlet: Trying CRMF with no cert auth.");
-                CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this, enforcePop);
-
-                certInfoArray = crmfProc.fillCertInfoArray(crmf, authToken,
-                            httpParams, req);
-            } else {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
-                                CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
-
-                // store a message in the signed audit log file
-                // (either an "admin" cert request for an admin certificate,
-                //  an "agent" cert request for "bulk enrollment", or
-                //  an "EE" standard cert request)
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRequesterID,
-                            auditServiceID,
-                            auditCertificateSubjectName);
-
-                audit(auditMessage);
-
-                throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
-            }
-
-            // if ca, fill in default signing alg here
-
-            try {
-                ICertificateAuthority caSub =
-                        (ICertificateAuthority) CMS.getSubsystem("ca");
-                if (certInfoArray != null && caSub != null) {
-                    for (int ix = 0; ix < certInfoArray.length; ix++) {
-                        X509CertInfo ci = certInfoArray[ix];
-                        String defaultSig = caSub.getDefaultAlgorithm();
-                        AlgorithmId algid = AlgorithmId.get(defaultSig);
-                        ci.set(X509CertInfo.ALGORITHM_ID,
-                                new CertificateAlgorithmId(algid));
-                    }
-                }
-            } catch (Exception e) {
-                CMS.debug("Failed to set signing alg to certinfo " + e.toString());
-            }
-
-            req.setExtData(IRequest.CERT_INFO, certInfoArray);
-
-            if (challengePassword != null && !challengePassword.equals("")) {
-                String pwd = hashPassword(challengePassword);
-
-                req.setExtData(CHALLENGE_PASSWORD, pwd);
-            }
-
-            // store a message in the signed audit log file
-            // (either an "admin" cert request for an admin certificate,
-            //  an "agent" cert request for "bulk enrollment", or
-            //  an "EE" standard cert request)
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditRequesterID,
-                        auditServiceID,
-                        auditCertificateSubjectName);
-
-            audit(auditMessage);
-
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            // (either an "admin" cert request for an admin certificate,
-            //  an "agent" cert request for "bulk enrollment", or
-            //  an "EE" standard cert request)
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequesterID,
-                        auditServiceID,
-                        auditCertificateSubjectName);
-
-            audit(auditMessage);
-
-            throw eAudit1;
-        }
-
-        X509CertImpl[] issuedCerts = null;
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            // send request to request queue.
-            mRequestQueue.processRequest(req);
-            // process result.
-
-            // render OLD_CERT_TYPE's response differently, we
-            // do not want any javascript in HTML, and need to
-            // override the default render.
-            if (httpParams.getValueAsString(OLD_CERT_TYPE, null) != null) {
-                try {
-                    renderServerEnrollResult(cmsReq);
-                    cmsReq.setStatus(ICMSRequest.SUCCESS); // no default render
-
-                    issuedCerts =
-                            cmsReq.getIRequest().getExtDataInCertArray(
-                                    IRequest.ISSUED_CERTS);
-
-                    for (int i = 0; i < issuedCerts.length; i++) {
-                        // (automated "agent" cert request processed
-                        //  - "accepted")
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                    auditSubjectID,
-                                    ILogger.SUCCESS,
-                                    auditRequesterID,
-                                    ILogger.SIGNED_AUDIT_ACCEPTANCE,
-                                    auditInfoCertValue(issuedCerts[i]));
-
-                        audit(auditMessage);
-                    }
-                } catch (IOException ex) {
-                    cmsReq.setStatus(ICMSRequest.ERROR);
-
-                    // (automated "agent" cert request processed - "rejected")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                ILogger.SIGNED_AUDIT_REJECTION,
-                                SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[0]);
-
-                    audit(auditMessage);
-                }
-
-                return;
-            }
-
-            boolean completed = handleEnrollAuditLog(req, cmsReq,
-                    mAuthMgr, authToken,
-                    certInfo, startTime);
-
-            if (completed == false) {
-                // (automated "agent" cert request processed - "rejected")
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRequesterID,
-                            ILogger.SIGNED_AUDIT_REJECTION,
-                            SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[1]);
-
-                audit(auditMessage);
-
-                return;
-            }
-
-            // service success
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-            issuedCerts = req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
-
-            String initiative = null;
-            String agentID;
-
-            if (authToken == null) {
-                // request is from eegateway, so fromUser.
-                initiative = AuditFormat.FROMUSER;
-            } else {
-                agentID = authToken.getInString("userid");
-                initiative = AuditFormat.FROMAGENT + " agentID: " + agentID;
-            }
-
-            // audit log the success.
-            long endTime = CMS.getCurrentDate().getTime();
-
-            mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                    AuditFormat.LEVEL,
-                    AuditFormat.ENROLLMENTFORMAT,
-                    new Object[]
-                { req.getRequestId(),
-                        initiative,
-                        mAuthMgr,
-                        "completed",
-                        issuedCerts[0].getSubjectDN(),
-                        "cert issued serial number: 0x" +
-                                issuedCerts[0].getSerialNumber().toString(16) +
-                                " time: " +
-                                (endTime - startTime) }
-                    );
-
-            // handle initial admin enrollment if in adminEnroll mode.
-            checkAdminEnroll(cmsReq, issuedCerts);
-
-            // return cert as mime type binary if requested.
-            if (checkImportCertToNav(cmsReq.getHttpResp(),
-                    httpParams, issuedCerts[0])) {
-                cmsReq.setStatus(ICMSRequest.SUCCESS);
-
-                for (int i = 0; i < issuedCerts.length; i++) {
-                    // (automated "agent" cert request processed - "accepted")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.SUCCESS,
-                                auditRequesterID,
-                                ILogger.SIGNED_AUDIT_ACCEPTANCE,
-                                auditInfoCertValue(issuedCerts[i]));
-
-                    audit(auditMessage);
-                }
-
-                return;
-            }
-
-            // use success template.
-            try {
-                cmsReq.setResult(issuedCerts);
-                renderTemplate(cmsReq, mEnrollSuccessTemplate,
-                        mEnrollSuccessFiller);
-                cmsReq.setStatus(ICMSRequest.SUCCESS);
-
-                for (int i = 0; i < issuedCerts.length; i++) {
-                    // (automated "agent" cert request processed - "accepted")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.SUCCESS,
-                                auditRequesterID,
-                                ILogger.SIGNED_AUDIT_ACCEPTANCE,
-                                auditInfoCertValue(issuedCerts[i]));
-
-                    audit(auditMessage);
-                }
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_TEMP_REND_ERR",
-                                mEnrollSuccessFiller.toString(),
-                                e.toString()));
-
-                // (automated "agent" cert request processed - "rejected")
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRequesterID,
-                            ILogger.SIGNED_AUDIT_REJECTION,
-                            SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[2]);
-
-                audit(auditMessage);
-
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR"));
-            }
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            // (automated "agent" cert request processed - "rejected")
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequesterID,
-                        ILogger.SIGNED_AUDIT_REJECTION,
-                        SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[3]);
-
-            audit(auditMessage);
-
-            throw eAudit1;
-        }
-
-        return;
-    }
-
-    /**
-     * check if this is first enroll from admin enroll.
-     * If so disable admin enroll from here on.
-     */
-    protected void checkAdminEnroll(CMSRequest cmsReq, X509CertImpl[] issuedCerts)
-            throws EBaseException {
-        // this is special case, get the admin certificate
-        if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) {
-            addAdminAgent(cmsReq, issuedCerts);
-            CMSGateway.disableAdminEnroll();
-        }
-    }
-
-    protected void addAdminAgent(CMSRequest cmsReq, X509CertImpl[] issuedCerts)
-            throws EBaseException {
-        String userid = cmsReq.getHttpParams().getValueAsString("uid");
-        IUGSubsystem ug = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
-
-        IUser adminuser = ug.createUser(userid);
-
-        adminuser.setX509Certificates(issuedCerts);
-        try {
-            ug.addUserCert(adminuser);
-        } catch (netscape.ldap.LDAPException e) {
-            CMS.debug(
-                    "EnrollServlet: Cannot add admin's certificate to its entry in the " +
-                            "user group database. Error " + e);
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_ADDING_ADMIN_CERT_ERROR", e.toString()));
-        }
-        IGroup agentGroup =
-                ug.getGroupFromName(CA_AGENT_GROUP);
-
-        if (agentGroup != null) {
-            // add user to the group if necessary
-            if (!agentGroup.isMember(userid)) {
-                agentGroup.addMemberName(userid);
-                ug.modifyGroup(agentGroup);
-                mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-                        AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
-                        new Object[] { userid, userid, CA_AGENT_GROUP }
-                        );
-
-            }
-        } else {
-            String msg = "Cannot add admin to the " +
-                    CA_AGENT_GROUP +
-                    " group: Group does not exist.";
-
-            CMS.debug("EnrollServlet: " + msg);
-            throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_ADMIN_ERROR"));
-        }
-    }
-
-    protected void renderServerEnrollResult(CMSRequest cmsReq) throws
-            IOException {
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        httpResp.setContentType("text/html");
-        ServletOutputStream out = null;
-
-        out = httpResp.getOutputStream();
-
-        // get template based on request status
-        out.println("<HTML>");
-        out.println("<TITLE>");
-        out.println("Server Enrollment");
-        out.println("</TITLE>");
-        // out.println("<BODY BGCOLOR=white>");
-
-        if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.COMPLETE)) {
-            out.println("<H1>");
-            out.println("SUCCESS");
-            out.println("</H1>");
-            out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX - localize the message
-            out.println("<P>");
-            out.println("Request Creation Time: ");
-            out.println(cmsReq.getIRequest().getCreationTime().toString());
-            out.println("<P>");
-            out.println("Request Status: ");
-            out.println(cmsReq.getStatus().toString());
-            out.println("<P>");
-            out.println("Request ID: ");
-            out.println(cmsReq.getIRequest().getRequestId().toString());
-            out.println("<P>");
-            out.println("Certificate: ");
-            out.println("<P>");
-            out.println("<PRE>");
-            X509CertImpl certs[] =
-                    cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS);
-
-            out.println(CMS.getEncodedCert(certs[0]));
-            out.println("</PRE>");
-            out.println("<P>");
-            out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" +
-                    cmsReq.getIRequest().getCreationTime().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
-                    cmsReq.getStatus().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_ID=" +
-                    cmsReq.getIRequest().getRequestId().toString() + ">");
-            out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" +
-                    CMS.getEncodedCert(certs[0]) + ">");
-        } else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) {
-            out.println("<H1>");
-            out.println("PENDING");
-            out.println("</H1>");
-            out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX - localize the message
-            out.println("<P>");
-            out.println("Request Creation Time: ");
-            out.println(cmsReq.getIRequest().getCreationTime().toString());
-            out.println("<P>");
-            out.println("Request Status: ");
-            out.println(cmsReq.getStatus().toString());
-            out.println("<P>");
-            out.println("Request ID: ");
-            out.println(cmsReq.getIRequest().getRequestId().toString());
-            out.println("<P>");
-            out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" +
-                    cmsReq.getIRequest().getCreationTime().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
-                    cmsReq.getStatus().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_ID=" +
-                    cmsReq.getIRequest().getRequestId().toString() + ">");
-        } else {
-            out.println("<H1>");
-            out.println("ERROR");
-            out.println("</H1>");
-            out.println("<!INFO>");
-            out.println("Please consult your local administrator for assistance."); // XXX - localize the message
-            out.println("<!/INFO>");
-            out.println("<P>");
-            out.println("Request Status: ");
-            out.println(cmsReq.getStatus().toString());
-            out.println("<P>");
-            out.println("Error: ");
-            out.println(cmsReq.getError()); // XXX - need to parse in Locale
-            out.println("<P>");
-            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
-                    cmsReq.getStatus().toString() + ">");
-            out.println("<!HTTP_OUTPUT ERROR=" +
-                    cmsReq.getError() + ">");
-        }
-
-        /**
-         * // include all the input data
-         * ArgBlock args = cmsReq.getHttpParams();
-         * Enumeration ele = args.getElements();
-         * while (ele.hasMoreElements()) {
-         * String eleT = (String)ele.nextElement();
-         * out.println("<!HTTP_INPUT " + eleT + "=" +
-         * args.get(eleT) + ">");
-         * }
-         **/
-
-        out.println("</HTML>");
-    }
-
-    // XXX ALERT !!
-    // Remove the following and calls to them when we bundle a cartman
-    // later than alpha1.
-    // These are here to cover up problem in cartman where the
-    // key usage extension always ends up being digital signature only
-    // and for rsa-ex ends up having no bits set.
-
-    @SuppressWarnings("unused")
-    private boolean mIsTestBed;
-
-    private void init_testbed_hack(IConfigStore config)
-            throws EBaseException {
-        mIsTestBed = config.getBoolean("isTestBed", true);
-    }
-
-    /**
-     * Signed Audit Log Info Certificate Value
-     *
-     * This method is called to obtain the certificate from the passed in
-     * "X509CertImpl" for a signed audit log message.
-     * <P>
-     *
-     * @param x509cert an X509CertImpl
-     * @return cert string containing the certificate
-     */
-    private String auditInfoCertValue(X509CertImpl x509cert) {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        if (x509cert == null) {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        byte rawData[] = null;
-
-        try {
-            rawData = x509cert.getEncoded();
-        } catch (CertificateEncodingException e) {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        String cert = null;
-
-        // convert "rawData" into "base64Data"
-        if (rawData != null) {
-            String base64Data = null;
-
-            base64Data = Utils.base64encode(rawData).trim();
-
-            StringBuffer sb = new StringBuffer();
-            // extract all line separators from the "base64Data"
-            for (int i = 0; i < base64Data.length(); i++) {
-                if (base64Data.substring(i, i).getBytes() != EOL) {
-                    sb.append(base64Data.substring(i, i));
-                }
-            }
-            cert = sb.toString();
-        }
-
-        if (cert != null) {
-            cert = cert.trim();
-
-            if (cert.equals("")) {
-                return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-            } else {
-                return cert;
-            }
-        } else {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java
deleted file mode 100644
index 31b235d2a..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java
+++ /dev/null
@@ -1,204 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Locale;
-
-import javax.servlet.http.HttpServletRequest;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.BadRequestDataException;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.cert.CertEnrollmentRequest;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileAuthenticator;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.profile.ProfileAttribute;
-import com.netscape.certsrv.profile.ProfileInput;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.profile.SSLClientCertProvider;
-import com.netscape.cmsutil.ldap.LDAPUtil;
-
-public class EnrollmentProcessor extends CertProcessor {
-
-    public EnrollmentProcessor(String id, Locale locale) throws EPropertyNotFound, EBaseException {
-        super(id, locale);
-    }
-
-    private void setInputsIntoContext(CertEnrollmentRequest data, IProfile profile, IProfileContext ctx) {
-        // put profile inputs into a local map
-        HashMap<String, String> dataInputs = new HashMap<String, String>();
-        for (ProfileInput input : data.getInputs()) {
-            for (ProfileAttribute attr: input.getAttrs()) {
-                dataInputs.put(attr.getName(), attr.getValue());
-            }
-        }
-
-        // iterate through inputs in profile and put those in context
-        Enumeration<String> inputIds = profile.getProfileInputIds();
-        if (inputIds != null) {
-            while (inputIds.hasMoreElements()) {
-                String inputId = inputIds.nextElement();
-                IProfileInput profileInput = profile.getProfileInput(inputId);
-                Enumeration<String> inputNames = profileInput.getValueNames();
-
-                while (inputNames.hasMoreElements()) {
-                    String inputName = inputNames.nextElement();
-                    if (dataInputs.containsKey(inputName)) {
-                        // all subject name parameters start with sn_, no other input parameters do
-                        if (inputName.matches("^sn_.*")) {
-                            ctx.set(inputName, LDAPUtil.escapeRDNValue(dataInputs.get(inputName)));
-                        } else {
-                            ctx.set(inputName, dataInputs.get(inputName));
-                        }
-                    }
-                }
-            }
-        }
-
-    }
-
-    /**
-     * Called by the legacy servlets to access the Processor function
-     * @param request
-     * @return
-     * @throws EBaseException
-     */
-    public HashMap<String, Object> processEnrollment(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        String profileId = (this.profileID == null) ? req.getParameter("profileId") : this.profileID;
-        IProfile profile = ps.getProfile(profileId);
-
-        if (profile == null) {
-            CMS.debug(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
-            throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
-        }
-
-        CertEnrollmentRequest data = CertEnrollmentRequestFactory.create(cmsReq, profile, locale);
-        return processEnrollment(data, cmsReq.getHttpReq());
-    }
-
-    /**
-     * Process the HTTP request
-     * <P>
-     *
-     * (Certificate Request Processed - either an automated "EE" profile based cert acceptance, or an automated "EE"
-     * profile based cert rejection)
-     * <P>
-     *
-     * <ul>
-     * <li>http.param profileId ID of profile to use to process request
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been
-     * through the approval process
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     * @exception EBaseException an error has occurred
-     */
-    public HashMap<String, Object> processEnrollment(CertEnrollmentRequest data, HttpServletRequest request)
-            throws EBaseException {
-
-        try {
-            if (CMS.debugOn()) {
-                HashMap<String,String> params = data.toParams();
-                printParameterValues(params);
-            }
-
-            CMS.debug("EnrollmentSubmitter: isRenewal false");
-            startTiming("enrollment");
-
-            // if we did not configure profileId in xml file,
-            // then accept the user-provided one
-            String profileId = (this.profileID == null) ? data.getProfileId() : this.profileID;
-            CMS.debug("EnrollmentSubmitter: profileId " + profileId);
-
-            IProfile profile = ps.getProfile(profileId);
-            if (profile == null) {
-                CMS.debug(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
-                throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
-            }
-            if (!ps.isProfileEnable(profileId)) {
-                CMS.debug("EnrollmentSubmitter: Profile " + profileId + " not enabled");
-                throw new BadRequestDataException("Profile " + profileId + " not enabled");
-            }
-
-            IProfileContext ctx = profile.createContext();
-            CMS.debug("EnrollmentSubmitter: set Inputs into profile Context");
-            setInputsIntoContext(data, profile, ctx);
-
-            IProfileAuthenticator authenticator = profile.getAuthenticator();
-            if (authenticator != null) {
-                CMS.debug("EnrollmentSubmitter: authenticator " + authenticator.getName() + " found");
-                setCredentialsIntoContext(request, authenticator, ctx);
-            }
-
-            // for ssl authentication; pass in servlet for retrieving ssl client certificates
-            // insert profile context so that input parameter can be retrieved
-            SessionContext context = SessionContext.getContext();
-            context.put("profileContext", ctx);
-            context.put("sslClientCertProvider", new SSLClientCertProvider(request));
-            CMS.debug("EnrollmentSubmitter: set sslClientCertProvider");
-
-            // before creating the request, authenticate the request
-            IAuthToken authToken = authenticate(request, null, authenticator, context, false);
-
-            // authentication success, now authorize
-            authorize(profileId, profile, authToken);
-
-            ///////////////////////////////////////////////
-            // create and populate request
-            ///////////////////////////////////////////////
-            startTiming("request_population");
-            IRequest[] reqs = profile.createRequests(ctx, locale);
-            populateRequests(data, false, locale, null, null, null, profileId, profile,
-                    ctx, authenticator, authToken, reqs);
-            endTiming("request_population");
-
-            ///////////////////////////////////////////////
-            // submit request
-            ///////////////////////////////////////////////
-            String errorCode = submitRequests(locale, profile, authToken, reqs);
-            String errorReason = codeToReason(locale, errorCode);
-
-            HashMap<String, Object> ret = new HashMap<String, Object>();
-            ret.put(ARG_REQUESTS, reqs);
-            ret.put(ARG_ERROR_CODE, errorCode);
-            ret.put(ARG_ERROR_REASON, errorReason);
-            ret.put(ARG_PROFILE, profile);
-
-            CMS.debug("EnrollmentSubmitter: done serving");
-            endTiming("enrollment");
-
-            return ret;
-        } finally {
-            SessionContext.releaseContext();
-            endAllEvents();
-        }
-    }
-
-
-
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/FilterBuilder.java b/base/common/src/com/netscape/cms/servlet/cert/FilterBuilder.java
deleted file mode 100644
index 5c337afee..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/FilterBuilder.java
+++ /dev/null
@@ -1,332 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-
-package com.netscape.cms.servlet.cert;
-
-import java.util.Calendar;
-import java.util.StringTokenizer;
-
-import com.netscape.certsrv.cert.CertSearchRequest;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.cmsutil.ldap.LDAPUtil;
-
-/**
- * @author jmagne
- *
- */
-public class FilterBuilder {
-    private final static String MATCH_EXACTLY = "exact";
-    private String searchFilter = null;
-    private CertSearchRequest request = null;
-
-    public FilterBuilder(CertSearchRequest request) {
-        this.request = request;
-    }
-
-    public String buildFilter() {
-        StringBuffer filter = new StringBuffer();
-        buildSerialNumberRangeFilter(filter);
-        buildSubjectFilter(filter);
-        buildStatusFilter(filter);
-        buildRevokedByFilter(filter);
-        buildRevokedOnFilter(filter);
-        buildRevocationReasonFilter(filter);
-        buildIssuedByFilter(filter);
-        buildIssuedOnFilter(filter);
-        buildValidNotBeforeFilter(filter);
-        buildValidNotAfterFilter(filter);
-        buildValidityLengthFilter(filter);
-        buildCertTypeFilter(filter);
-
-        searchFilter = filter.toString();
-
-        if (searchFilter != null && !searchFilter.equals("")) {
-            searchFilter = "(&" + searchFilter + ")";
-        }
-
-        return searchFilter;
-    }
-
-    private void buildSerialNumberRangeFilter(StringBuffer filter) {
-
-        if (!request.getSerialNumberRangeInUse()) {
-            return;
-        }
-        boolean changed = false;
-        String serialFrom = request.getSerialFrom();
-        if (serialFrom != null && !serialFrom.equals("")) {
-            filter.append("(certRecordId>=" + LDAPUtil.escapeFilter(serialFrom) + ")");
-            changed = true;
-        }
-        String serialTo = request.getSerialTo();
-        if (serialTo != null && !serialTo.equals("")) {
-            filter.append("(certRecordId<=" + LDAPUtil.escapeFilter(serialTo) + ")");
-            changed = true;
-        }
-        if (!changed) {
-            filter.append("(certRecordId=*)");
-        }
-
-    }
-
-    private void buildSubjectFilter(StringBuffer filter) {
-        if (!request.getSubjectInUse()) {
-            return;
-        }
-        StringBuffer lf = new StringBuffer();
-
-        String matchStr = null;
-        boolean match = request.getMatchExactly();
-
-        if (match == true) {
-            matchStr = MATCH_EXACTLY;
-        }
-
-        buildAVAFilter(request.getEmail(), "E", lf, matchStr);
-        buildAVAFilter(request.getCommonName(), "CN", lf, matchStr);
-        buildAVAFilter(request.getUserID(), "UID", lf, matchStr);
-        buildAVAFilter(request.getOrgUnit(), "OU", lf, matchStr);
-        buildAVAFilter(request.getOrg(), "O", lf, matchStr);
-        buildAVAFilter(request.getLocality(), "L", lf, matchStr);
-        buildAVAFilter(request.getState(), "ST", lf, matchStr);
-        buildAVAFilter(request.getCountry(), "C", lf, matchStr);
-
-        if (lf.length() == 0) {
-            filter.append("("+ICertRecord.ATTR_X509CERT_SUBJECT+"=*)");
-            return;
-        }
-        if (matchStr != null && matchStr.equals(MATCH_EXACTLY)) {
-            filter.append("(&");
-            filter.append(lf);
-            filter.append(")");
-        } else {
-            filter.append("(|");
-            filter.append(lf);
-            filter.append(")");
-        }
-    }
-
-    private void buildStatusFilter(StringBuffer filter) {
-        String status = request.getStatus();
-        if (status == null || status.equals("")) {
-            return;
-        }
-        filter.append("(certStatus=");
-        filter.append(LDAPUtil.escapeFilter(status));
-        filter.append(")");
-    }
-
-    private void buildRevokedByFilter(StringBuffer filter) {
-        if (!request.getRevokedByInUse()) {
-            return;
-        }
-
-        String revokedBy = request.getRevokedBy();
-        if (revokedBy == null || revokedBy.equals("")) {
-            filter.append("(certRevokedBy=*)");
-        } else {
-            filter.append("(certRevokedBy=");
-            filter.append(LDAPUtil.escapeFilter(revokedBy));
-            filter.append(")");
-        }
-    }
-
-    private void buildDateFilter(String prefix,
-            String outStr, long adjustment,
-            StringBuffer filter) {
-        if (prefix == null || prefix.length() == 0) return;
-        long epoch = Long.parseLong(prefix);
-        Calendar from = Calendar.getInstance();
-        from.setTimeInMillis(epoch);
-        filter.append("(");
-        filter.append(LDAPUtil.escapeFilter(outStr));
-        filter.append(Long.toString(from.getTimeInMillis() + adjustment));
-        filter.append(")");
-    }
-
-    private void buildRevokedOnFilter(StringBuffer filter) {
-        if (!request.getRevokedOnInUse()) {
-            return;
-        }
-        buildDateFilter(request.getRevokedOnFrom(), "certRevokedOn>=", 0, filter);
-        buildDateFilter(request.getRevokedOnTo(), "certRevokedOn<=", 86399999, filter);
-    }
-
-    private void buildRevocationReasonFilter(StringBuffer filter) {
-        if (!request.getRevocationReasonInUse()) {
-            return;
-        }
-        String reasons = request.getRevocationReason();
-        if (reasons == null) {
-            return;
-        }
-        String queryCertFilter = null;
-        StringTokenizer st = new StringTokenizer(reasons, ",");
-        int count = st.countTokens();
-        if (st.hasMoreTokens()) {
-            if (count >=2) filter.append("(|");
-            while (st.hasMoreTokens()) {
-                String token = st.nextToken();
-                if (queryCertFilter == null) {
-                    queryCertFilter = "";
-                }
-                filter.append("(x509cert.certRevoInfo=");
-                filter.append(LDAPUtil.escapeFilter(token));
-                filter.append(")");
-            }
-            if (count >= 2) filter.append(")");
-        }
-    }
-
-    private void buildIssuedByFilter(StringBuffer filter) {
-        if (!request.getIssuedByInUse()) {
-            return;
-        }
-        String issuedBy = request.getIssuedBy();
-        if (issuedBy == null || issuedBy.equals("")) {
-            filter.append("(certIssuedBy=*)");
-        } else {
-            filter.append("(certIssuedBy=");
-            filter.append(LDAPUtil.escapeFilter(issuedBy));
-            filter.append(")");
-        }
-    }
-
-    private void buildIssuedOnFilter(StringBuffer filter) {
-        if (!request.getIssuedOnInUse()) {
-            return;
-        }
-        buildDateFilter(request.getIssuedOnFrom(), "certCreateTime>=", 0, filter);
-        buildDateFilter(request.getIssuedOnTo(), "certCreateTime<=", 86399999, filter);
-    }
-
-    private void buildValidNotBeforeFilter(StringBuffer filter) {
-        if (!request.getValidNotBeforeInUse()) {
-            return;
-        }
-        buildDateFilter(request.getValidNotBeforeFrom(), ICertRecord.ATTR_X509CERT_NOT_BEFORE+">=", 0, filter);
-        buildDateFilter(request.getValidNotBeforeTo(), ICertRecord.ATTR_X509CERT_NOT_BEFORE+"<=", 86399999, filter);
-
-    }
-
-    private void buildValidNotAfterFilter(StringBuffer filter) {
-        if (!request.getValidNotAfterInUse()) {
-            return;
-        }
-        buildDateFilter(request.getValidNotAfterFrom(), ICertRecord.ATTR_X509CERT_NOT_AFTER+">=", 0, filter);
-        buildDateFilter(request.getValidNotAfterTo(), ICertRecord.ATTR_X509CERT_NOT_AFTER+"<=", 86399999, filter);
-
-    }
-
-    private void buildValidityLengthFilter(StringBuffer filter) {
-        if (!request.getValidityLengthInUse()) {
-            return;
-        }
-
-        String op = request.getValidityOperation();
-        Integer count = request.getValidityCount();
-        Long unit = request.getValidityUnit();
-
-        filter.append("(");
-        filter.append(ICertRecord.ATTR_X509CERT_DURATION);
-        filter.append(LDAPUtil.escapeFilter(op));
-        filter.append(count * unit);
-        filter.append(")");
-    }
-
-    private void buildCertTypeFilter(StringBuffer filter) {
-        if (!request.getCertTypeInUse()) {
-            return;
-        }
-        if (isOn(request.getCertTypeSSLClient())) {
-            filter.append("(x509cert.nsExtension.SSLClient=on)");
-        } else if (isOff(request.getCertTypeSSLClient())) {
-            filter.append("(x509cert.nsExtension.SSLClient=off)");
-        }
-        if (isOn(request.getCertTypeSSLServer())) {
-            filter.append("(x509cert.nsExtension.SSLServer=on)");
-        } else if (isOff(request.getCertTypeSSLServer())) {
-            filter.append("(x509cert.nsExtension.SSLServer=off)");
-        }
-        if (isOn(request.getCertTypeSecureEmail())) {
-            filter.append("(x509cert.nsExtension.SecureEmail=on)");
-        } else if (isOff(request.getCertTypeSecureEmail())) {
-            filter.append("(x509cert.nsExtension.SecureEmail=off)");
-        }
-        if (isOn(request.getCertTypeSubSSLCA())) {
-            filter.append("(x509cert.nsExtension.SubordinateSSLCA=on)");
-        } else if (isOff(request.getCertTypeSubSSLCA())) {
-            filter.append("(x509cert.nsExtension.SubordinateSSLCA=off)");
-        }
-        if (isOn(request.getCertTypeSubEmailCA())) {
-            filter.append("(x509cert.nsExtension.SubordinateEmailCA=on)");
-        } else if (isOff(request.getCertTypeSubEmailCA())) {
-            filter.append("(x509cert.nsExtension.SubordinateEmailCA=off)");
-        }
-    }
-
-    private boolean isOn(String value) {
-        String inUse = value;
-        if (inUse == null) {
-            return false;
-        }
-        if (inUse.equals("on")) {
-            return true;
-        }
-        return false;
-    }
-
-    private boolean isOff(String value) {
-        String inUse = value;
-        if (inUse == null) {
-            return false;
-        }
-        if (inUse.equals("off")) {
-            return true;
-        }
-        return false;
-    }
-
-    private void buildAVAFilter(String param,
-            String avaName, StringBuffer lf, String match) {
-        if (param != null && !param.equals("")) {
-            if (match != null && match.equals(MATCH_EXACTLY)) {
-                lf.append("(|");
-                lf.append("("+ICertRecord.ATTR_X509CERT_SUBJECT+"=*");
-                lf.append(avaName);
-                lf.append("=");
-                lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeRDNValue(param)));
-                lf.append(",*)");
-                lf.append("("+ICertRecord.ATTR_X509CERT_SUBJECT+"=*");
-                lf.append(avaName);
-                lf.append("=");
-                lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeRDNValue(param)));
-                lf.append(")");
-                lf.append(")");
-            } else {
-                lf.append("("+ICertRecord.ATTR_X509CERT_SUBJECT+"=*");
-                lf.append(avaName);
-                lf.append("=");
-                lf.append("*");
-                lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeRDNValue(param)));
-                lf.append("*)");
-            }
-        }
-
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java b/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java
deleted file mode 100644
index 2ea7da7c6..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java
+++ /dev/null
@@ -1,295 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.X509Certificate;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.pkcs.ContentInfo;
-import netscape.security.pkcs.PKCS7;
-import netscape.security.pkcs.SignerInfo;
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.CertificateChain;
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.MetaInfo;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-import com.netscape.cmsutil.crypto.CryptoUtil;
-
-/**
- * Retrieve certificate by serial number.
- *
- * @version $Revision$, $Date$
- */
-public class GetBySerial extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -2276677839178370838L;
-
-    private final static String IMPORT_CERT_TEMPLATE = "ImportCert.template";
-    private String mImportTemplate = null;
-    private String mIETemplate = null;
-    private ICMSTemplateFiller mImportTemplateFiller = null;
-    IRequestQueue mReqQ = null;
-
-    public GetBySerial() {
-        super();
-    }
-
-    /**
-     * Initialize the servlet. This servlet uses the template file
-     * "ImportCert.template" to import the cert to the users browser,
-     * if that is what the user requested
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        try {
-            mImportTemplate = sc.getInitParameter(
-                        PROP_SUCCESS_TEMPLATE);
-            mIETemplate = sc.getInitParameter("importCertTemplate");
-            if (mImportTemplate == null)
-                mImportTemplate = IMPORT_CERT_TEMPLATE;
-        } catch (Exception e) {
-            mImportTemplate = null;
-        }
-        mImportTemplateFiller = new ImportCertsTemplateFiller();
-
-        // override success and error templates to null -
-        // handle templates locally.
-        mTemplates.remove(ICMSRequest.SUCCESS);
-
-        ICertificateAuthority mCa = (ICertificateAuthority) CMS.getSubsystem("ca");
-        if (mCa == null) {
-            return;
-        }
-
-        mReqQ = mCa.getRequestQueue();
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param serialNumber serial number of certificate in HEX
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse response = cmsReq.getHttpResp();
-        IArgBlock args = cmsReq.getHttpParams();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "import");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        String serial = args.getValueAsString("serialNumber", null);
-        String browser = args.getValueAsString("browser", null);
-        BigInteger serialNo = null;
-
-        try {
-            serialNo = new BigInteger(serial, 16);
-        } catch (NumberFormatException e) {
-            serialNo = null;
-        }
-        if (serial == null || serialNo == null) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER"));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        ICertRecord certRecord = getCertRecord(serialNo);
-        if (certRecord == null) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16)));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16))));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        // if RA, needs requestOwner to match
-        // first, find the user's group
-        if (authToken != null) {
-            String group = authToken.getInString("group");
-
-            if ((group != null) && (group != "")) {
-                CMS.debug("GetBySerial process: auth group=" + group);
-                if (group.equals("Registration Manager Agents")) {
-                    boolean groupMatched = false;
-                    // find the cert record's orig. requestor's group
-                    MetaInfo metai = certRecord.getMetaInfo();
-                    if (metai != null) {
-                        String reqId = (String) metai.get(ICertRecord.META_REQUEST_ID);
-                        RequestId rid = new RequestId(reqId);
-                        IRequest creq = mReqQ.findRequest(rid);
-                        if (creq != null) {
-                            String reqOwner = creq.getRequestOwner();
-                            if (reqOwner != null) {
-                                CMS.debug("GetBySerial process: req owner=" + reqOwner);
-                                if (reqOwner.equals(group))
-                                    groupMatched = true;
-                            }
-                        }
-                    }
-                    if (groupMatched == false) {
-                        log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16)));
-                        cmsReq.setError(new ECMSGWException(
-                                CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16))));
-                        cmsReq.setStatus(ICMSRequest.ERROR);
-                        return;
-                    }
-                }
-            }
-        }
-
-        X509CertImpl cert = certRecord.getCertificate();
-
-        if (cert != null) {
-            // if there's a crmf request id, set that too.
-            if (browser != null && browser.equals("ie")) {
-                IArgBlock header = CMS.createArgBlock();
-                IArgBlock ctx = CMS.createArgBlock();
-                Locale[] locale = new Locale[1];
-                CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-                ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
-                CertificateChain cachain = ca.getCACertChain();
-                X509Certificate[] cacerts = cachain.getChain();
-                X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
-                int m = 1, n = 0;
-
-                for (; n < cacerts.length; m++, n++) {
-                    userChain[m] = (X509CertImpl) cacerts[n];
-                }
-
-                userChain[0] = cert;
-                PKCS7 p7 = new PKCS7(new AlgorithmId[0],
-                        new ContentInfo(new byte[0]), userChain, new SignerInfo[0]);
-                ByteArrayOutputStream bos = new ByteArrayOutputStream();
-
-                try {
-                    p7.encodeSignedData(bos);
-                } catch (Exception eee) {
-                }
-
-                byte[] p7Bytes = bos.toByteArray();
-                String p7Str = CMS.BtoA(p7Bytes);
-
-                header.addStringValue("pkcs7", CryptoUtil.normalizeCertStr(p7Str));
-                try {
-                    CMSTemplate form = getTemplate(mIETemplate, req, locale);
-                    ServletOutputStream out = response.getOutputStream();
-                    cmsReq.setStatus(ICMSRequest.SUCCESS);
-                    response.setContentType("text/html");
-                    form.renderOutput(out, argSet);
-                    return;
-                } catch (Exception ee) {
-                    CMS.debug("GetBySerial process: Exception=" + ee.toString());
-                }
-            } //browser is IE
-
-            MetaInfo metai = certRecord.getMetaInfo();
-            String crmfReqId = null;
-
-            if (metai != null) {
-                crmfReqId = (String) metai.get(ICertRecord.META_CRMF_REQID);
-                if (crmfReqId != null)
-                    cmsReq.setResult(IRequest.CRMF_REQID, crmfReqId);
-            }
-
-            if (crmfReqId == null && checkImportCertToNav(
-                    cmsReq.getHttpResp(), cmsReq.getHttpParams(), cert)) {
-                cmsReq.setStatus(ICMSRequest.SUCCESS);
-                return;
-            }
-
-            // use import cert template to return cert.
-            X509CertImpl[] certs = new X509CertImpl[] { cert };
-
-            cmsReq.setResult(certs);
-
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-
-            // XXX follow request in cert record to set certtype, which will
-            // import cert only if it's client. For now assume "client" if
-            // someone clicked to import this cert.
-            cmsReq.getHttpParams().set("certType", "client");
-
-            try {
-                renderTemplate(cmsReq, mImportTemplate, mImportTemplateFiller);
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
-                throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-            }
-        }
-
-        return;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java b/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java
deleted file mode 100644
index 9ffb54671..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java
+++ /dev/null
@@ -1,406 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.CertificateChain;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.ICertPrettyPrint;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Retrieve the Certificates comprising the CA Chain for this CA.
- *
- * @version $Revision$, $Date$
- */
-public class GetCAChain extends CMSServlet {
-    /**
-         *
-         */
-    private static final long serialVersionUID = -8189048155415074581L;
-    private final static String TPL_FILE = "displayCaCert.template";
-    private String mFormPath = null;
-
-    public GetCAChain() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-
-        // override success to display own output.
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        // coming from ee
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param op 'downloadBIN' - return the binary certificate chain
-     * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq)
-            throws EBaseException {
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        // Construct an ArgBlock
-        IArgBlock args = cmsReq.getHttpParams();
-
-        // Get the operation code
-        String op = null;
-
-        op = args.getValueAsString("op", null);
-        if (op == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED"));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"));
-        }
-
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-
-        AuthzToken authzToken = null;
-
-        if (op.startsWith("download")) {
-            try {
-                authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "download");
-            } catch (EAuthzAccessDenied e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            }
-
-            if (authzToken == null) {
-                cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-                return;
-            }
-
-            downloadChain(op, args, httpReq, httpResp, cmsReq);
-        } else if (op.startsWith("display")) {
-            try {
-                authzToken = mAuthz.authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "read");
-            } catch (EAuthzAccessDenied e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            }
-
-            if (authzToken == null) {
-                cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-                return;
-            }
-
-            displayChain(op, args, httpReq, httpResp, cmsReq);
-        } else {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_INVALID_OPTIONS_CA_CHAIN"));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED"));
-        }
-        //		cmsReq.setResult(null);
-        return;
-    }
-
-    private void downloadChain(String op,
-            IArgBlock args,
-            HttpServletRequest httpReq,
-            HttpServletResponse httpResp,
-            CMSRequest cmsReq)
-            throws EBaseException {
-
-        /* check browser info ? */
-
-        /* check if pkcs7 will work for both nav and ie */
-
-        byte[] bytes = null;
-
-        /*
-         * Some IE actions - IE doesn't want PKCS7 for "download" CA Cert.
-         * This means that we can only hand out the root CA, and not
-         * the whole chain.
-         */
-
-        if (clientIsMSIE(httpReq) && (op.equals("download") || op.equals("downloadBIN"))) {
-            X509Certificate[] caCerts =
-                    ((ICertAuthority) mAuthority).getCACertChain().getChain();
-
-            try {
-                bytes = caCerts[0].getEncoded();
-            } catch (CertificateEncodingException e) {
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_GETTING_CACERT_ENCODED", e.toString()));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_GETTING_CA_CERT_ERROR"));
-            }
-        } else {
-            CertificateChain certChain =
-                    ((ICertAuthority) mAuthority).getCACertChain();
-
-            if (certChain == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_EMPTY"));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_CA_CHAIN_EMPTY"));
-            }
-
-            try {
-                ByteArrayOutputStream encoded = new ByteArrayOutputStream();
-
-                certChain.encode(encoded, false);
-                bytes = encoded.toByteArray();
-            } catch (IOException e) {
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString()));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
-            }
-        }
-
-        String mimeType = null;
-
-        if (op.equals("downloadBIN")) {
-            mimeType = "application/octet-stream";
-        } else {
-            try {
-                mimeType = args.getValueAsString("mimeType");
-            } catch (EBaseException e) {
-                mimeType = "application/octet-stream";
-            }
-        }
-
-        try {
-            if (op.equals("downloadBIN")) {
-                // file suffixes changed to comply with RFC 5280
-                // requirements for AIA extensions
-                if (clientIsMSIE(httpReq)) {
-                    httpResp.setHeader("Content-disposition",
-                            "attachment; filename=ca.cer");
-                } else {
-                    httpResp.setHeader("Content-disposition",
-                            "attachment; filename=ca.p7c");
-                }
-            }
-            httpResp.setContentType(mimeType);
-            httpResp.getOutputStream().write(bytes);
-            httpResp.setContentLength(bytes.length);
-            httpResp.getOutputStream().flush();
-        } catch (IOException e) {
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR"));
-        }
-    }
-
-    private void displayChain(String op,
-            IArgBlock args,
-            HttpServletRequest httpReq,
-            HttpServletResponse httpResp,
-            CMSRequest cmsReq)
-            throws EBaseException {
-
-        CertificateChain certChain =
-                ((ICertAuthority) mAuthority).getCACertChain();
-
-        if (certChain == null) {
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE"));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE"));
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-        try {
-            form = getTemplate(mFormPath, httpReq, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        String displayFormat = null;
-
-        if (op.equals("displayIND")) {
-            displayFormat = "individual";
-        } else {
-            try {
-                displayFormat = args.getValueAsString("displayFormat");
-            } catch (EBaseException e) {
-                displayFormat = "chain";
-            }
-        }
-
-        header.addStringValue("displayFormat", displayFormat);
-
-        if (displayFormat.equals("chain")) {
-            String subjectdn = null;
-            byte[] bytes = null;
-
-            try {
-                subjectdn =
-                        certChain.getFirstCertificate().getSubjectDN().toString();
-                ByteArrayOutputStream encoded = new ByteArrayOutputStream();
-
-                certChain.encode(encoded);
-                bytes = encoded.toByteArray();
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString()));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
-            }
-
-            String chainBase64 = getBase64(bytes);
-
-            header.addStringValue("subjectdn", subjectdn);
-            header.addStringValue("chainBase64", chainBase64);
-        } else {
-            try {
-                X509Certificate[] certs = certChain.getChain();
-
-                header.addIntegerValue("length", certs.length);
-                locale[0] = getLocale(httpReq);
-                for (int i = 0; i < certs.length; i++) {
-                    byte[] bytes = null;
-
-                    try {
-                        bytes = certs[i].getEncoded();
-                    } catch (CertificateEncodingException e) {
-                        throw new IOException("Internal Error");
-                    }
-                    String subjectdn = certs[i].getSubjectDN().toString();
-                    String finger = null;
-                    try {
-                        finger = CMS.getFingerPrints(certs[i]);
-                    } catch (Exception e) {
-                        throw new IOException("Internal Error");
-                    }
-
-                    ICertPrettyPrint certDetails = CMS.getCertPrettyPrint(certs[i]);
-
-                    IArgBlock rarg = CMS.createArgBlock();
-
-                    rarg.addStringValue("fingerprints", finger);
-                    rarg.addStringValue("subjectdn", subjectdn);
-                    rarg.addStringValue("base64", getBase64(bytes));
-                    rarg.addStringValue("certDetails",
-                            certDetails.toString(locale[0]));
-                    argSet.addRepeatRecord(rarg);
-                }
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString()));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR"));
-            }
-        }
-
-        try {
-            ServletOutputStream out = httpResp.getOutputStream();
-
-            httpResp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-        }
-
-    }
-
-    /**
-     * gets base 64 encoded cert
-     */
-    private String getBase64(byte[] certBytes) {
-        String certBase64 = CMS.BtoA(certBytes);
-
-        return certBase64;
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader("accept-language");
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                        UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java b/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java
deleted file mode 100644
index 3ea2297db..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java
+++ /dev/null
@@ -1,479 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.CRLException;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.X509CRLImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.ICRLPrettyPrint;
-import com.netscape.certsrv.ca.ICRLIssuingPoint;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * Retrieve CRL for a Certificate Authority
- *
- * @version $Revision$, $Date$
- */
-public class GetCRL extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 7132206924070383013L;
-    private final static String TPL_FILE = "displayCRL.template";
-    private String mFormPath = null;
-
-    public GetCRL() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-    }
-
-    /**
-     * Process the HTTP request.
-     *
-     * @param cmsReq the object holding the request and response information
-     * @see DisplayCRL#process
-     */
-    protected void process(CMSRequest cmsReq)
-            throws EBaseException {
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "read");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        // Construct an ArgBlock
-        IArgBlock args = cmsReq.getHttpParams();
-
-        if (!(mAuthority instanceof ICertificateAuthority)) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        CMS.debug("**** mFormPath before getTemplate = " + mFormPath);
-        try {
-            form = getTemplate(mFormPath, httpReq, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        // Get the operation code
-        String op = null;
-        String crlId = null;
-
-        op = args.getValueAsString("op", null);
-        crlId = args.getValueAsString("crlIssuingPoint", null);
-        if (op == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED"));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-        if (crlId == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT"));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_NO_CRL_SELECTED")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        ICRLIssuingPointRecord crlRecord = null;
-        ICertificateAuthority ca = (ICertificateAuthority) mAuthority;
-        ICRLIssuingPoint crlIP = null;
-        if (ca != null)
-            crlIP = ca.getCRLIssuingPoint(crlId);
-
-        try {
-            crlRecord = ca.getCRLRepository().readCRLIssuingPointRecord(crlId);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CRL_NOT_FOUND")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-        if (crlRecord == null) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        header.addStringValue("crlIssuingPoint", crlId);
-        header.addStringValue("crlNumber", crlRecord.getCRLNumber().toString());
-        long lCRLSize = crlRecord.getCRLSize().longValue();
-
-        header.addLongValue("crlSize", lCRLSize);
-        if (crlIP != null) {
-            header.addStringValue("crlDescription", crlIP.getDescription());
-        }
-
-        String crlDisplayType = args.getValueAsString("crlDisplayType", null);
-        if (crlDisplayType != null) {
-            header.addStringValue("crlDisplayType", crlDisplayType);
-        }
-
-        if ((op.equals("checkCRLcache") ||
-                (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) &&
-                (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP.isCRLCacheEmpty())) {
-            cmsReq.setError(
-                    CMS.getUserMessage(
-                            ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP.isCRLCacheEmpty()) ?
-                                    "CMS_GW_CRL_CACHE_IS_EMPTY" : "CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        byte[] crlbytes = null;
-
-        if (op.equals("importDeltaCRL") || op.equals("getDeltaCRL") ||
-                (op.equals("displayCRL") && crlDisplayType != null &&
-                crlDisplayType.equals("deltaCRL"))) {
-            crlbytes = crlRecord.getDeltaCRL();
-        } else if (op.equals("importCRL") || op.equals("getCRL") ||
-                   op.equals("checkCRL") ||
-                   (op.equals("displayCRL") &&
-                           crlDisplayType != null &&
-                    (crlDisplayType.equals("entireCRL") ||
-                            crlDisplayType.equals("crlHeader") ||
-                     crlDisplayType.equals("base64Encoded")))) {
-            crlbytes = crlRecord.getCRL();
-        }
-
-        if (crlbytes == null && (!op.equals("checkCRLcache")) &&
-                (!(op.equals("displayCRL") && crlDisplayType != null &&
-                crlDisplayType.equals("cachedCRL")))) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-        byte[] bytes = crlbytes;
-
-        X509CRLImpl crl = null;
-
-        if (op.equals("checkCRL") || op.equals("importCRL") ||
-                op.equals("importDeltaCRL") ||
-                (op.equals("displayCRL") && crlDisplayType != null &&
-                (crlDisplayType.equals("entireCRL") ||
-                        crlDisplayType.equals("crlHeader") ||
-                        crlDisplayType.equals("base64Encoded") ||
-                crlDisplayType.equals("deltaCRL")))) {
-            try {
-                if (op.equals("displayCRL") && crlDisplayType != null &&
-                        crlDisplayType.equals("crlHeader")) {
-                    crl = new X509CRLImpl(crlbytes, false);
-                } else {
-                    crl = new X509CRLImpl(crlbytes);
-                }
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAILED_DECODE_CRL_1", e.toString()));
-                cmsReq.setError(new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_DECODE_CRL_FAILED")));
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                return;
-            }
-            if ((op.equals("importDeltaCRL") || (op.equals("displayCRL") &&
-                    crlDisplayType != null && crlDisplayType.equals("deltaCRL"))) &&
-                    ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) &&
-                    (crlRecord.getCRLNumber() == null ||
-                            crlRecord.getDeltaCRLNumber() == null ||
-                            crlRecord.getDeltaCRLNumber().compareTo(crlRecord.getCRLNumber()) < 0 ||
-                            crlRecord.getDeltaCRLSize() == null ||
-                    crlRecord.getDeltaCRLSize().longValue() == -1))) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL_1"));
-                cmsReq.setError(new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                return;
-            }
-        }
-
-        String mimeType = "application/x-pkcs7-crl";
-
-        if (op.equals("checkCRLcache") || op.equals("checkCRL") || op.equals("displayCRL")) {
-            header.addStringValue("toDo", op);
-            String certSerialNumber = args.getValueAsString("certSerialNumber", "");
-
-            header.addStringValue("certSerialNumber", certSerialNumber);
-            if (certSerialNumber.startsWith("0x")) {
-                certSerialNumber = hexToDecimal(certSerialNumber);
-            }
-
-            if (op.equals("checkCRLcache")) {
-                if (crlIP.getRevocationDateFromCache(
-                        new BigInteger(certSerialNumber), false, false) != null) {
-                    header.addBooleanValue("isOnCRL", true);
-                } else {
-                    header.addBooleanValue("isOnCRL", false);
-                }
-            }
-
-            if (op.equals("checkCRL")) {
-                header.addBooleanValue("isOnCRL",
-                        crl.isRevoked(new BigInteger(certSerialNumber)));
-            }
-
-            if (op.equals("displayCRL")) {
-                if (crlDisplayType.equals("entireCRL") || crlDisplayType.equals("cachedCRL")) {
-                    ICRLPrettyPrint crlDetails = (crlDisplayType.equals("entireCRL")) ?
-                                                    CMS.getCRLPrettyPrint(crl) :
-                                                    CMS.getCRLCachePrettyPrint(crlIP);
-                    String pageStart = args.getValueAsString("pageStart", null);
-                    String pageSize = args.getValueAsString("pageSize", null);
-
-                    if (pageStart != null && pageSize != null) {
-                        long lPageStart = 0L;
-                        long lPageSize = 0L;
-                        try {
-                            lPageStart = new Long(pageStart).longValue();
-                        } catch (NumberFormatException e) {
-                        }
-                        try {
-                            lPageSize = new Long(pageSize).longValue();
-                        } catch (NumberFormatException e) {
-                        }
-
-                        if (lPageStart < 1)
-                            lPageStart = 1;
-                        if (lPageSize < 1)
-                            lPageSize = 10;
-
-                        header.addStringValue("crlPrettyPrint",
-                                 crlDetails.toString(locale[0],
-                                         lCRLSize, lPageStart, lPageSize));
-                        header.addLongValue("pageStart", lPageStart);
-                        header.addLongValue("pageSize", lPageSize);
-                    } else {
-                        header.addStringValue(
-                                "crlPrettyPrint", crlDetails.toString(locale[0]));
-                    }
-                } else if (crlDisplayType.equals("crlHeader")) {
-                    ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl);
-
-                    header.addStringValue(
-                            "crlPrettyPrint", crlDetails.toString(locale[0], lCRLSize, 0, 0));
-                } else if (crlDisplayType.equals("base64Encoded")) {
-                    try {
-                        byte[] ba = crl.getEncoded();
-                        String crlBase64Encoded = Utils.base64encode(ba);
-                        int length = crlBase64Encoded.length();
-                        int i = 0;
-                        int j = 0;
-                        int n = 1;
-
-                        while (i < length) {
-                            int k = crlBase64Encoded.indexOf('\n', i);
-                            if (k < 0)
-                                break;
-
-                            if (n < 100) {
-                                n++;
-                                i = k + 1;
-                            } else {
-                                n = 1;
-                                IArgBlock rarg = CMS.createArgBlock();
-                                rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k));
-                                i = k + 1;
-                                j = i;
-                                argSet.addRepeatRecord(rarg);
-                            }
-                        }
-                        if (j < length) {
-                            IArgBlock rarg = CMS.createArgBlock();
-                            rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length));
-                            argSet.addRepeatRecord(rarg);
-                        }
-                    } catch (CRLException e) {
-                    }
-                } else if (crlDisplayType.equals("deltaCRL")) {
-                    header.addIntegerValue("deltaCRLSize",
-                            crl.getNumberOfRevokedCertificates());
-
-                    ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl);
-
-                    header.addStringValue(
-                            "crlPrettyPrint", crlDetails.toString(locale[0], 0, 0, 0));
-
-                    try {
-                        byte[] ba = crl.getEncoded();
-                        String crlBase64Encoded = Utils.base64encode(ba);
-                        int length = crlBase64Encoded.length();
-                        int i = 0;
-                        int j = 0;
-                        int n = 1;
-
-                        while (i < length) {
-                            int k = crlBase64Encoded.indexOf('\n', i);
-                            if (k < 0)
-                                break;
-                            if (n < 100) {
-                                n++;
-                                i = k + 1;
-                            } else {
-                                n = 1;
-                                IArgBlock rarg = CMS.createArgBlock();
-                                rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k));
-                                i = k + 1;
-                                j = i;
-                                argSet.addRepeatRecord(rarg);
-                            }
-                        }
-                        if (j < length) {
-                            IArgBlock rarg = CMS.createArgBlock();
-                            rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length));
-                            argSet.addRepeatRecord(rarg);
-                        }
-                    } catch (CRLException e) {
-                    }
-                }
-            }
-
-            try {
-                ServletOutputStream out = httpResp.getOutputStream();
-
-                httpResp.setContentType("text/html");
-                form.renderOutput(out, argSet);
-                cmsReq.setStatus(ICMSRequest.SUCCESS);
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
-                cmsReq.setError(new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
-                cmsReq.setStatus(ICMSRequest.ERROR);
-            }
-            return;
-        } else if (op.equals("importCRL") || op.equals("importDeltaCRL")) {
-            if (clientIsMSIE(httpReq))
-                mimeType = "application/pkix-crl";
-            else
-                mimeType = "application/x-pkcs7-crl";
-        } else if (op.equals("getCRL")) {
-            mimeType = "application/octet-stream";
-            httpResp.setHeader("Content-disposition",
-                    "attachment; filename=" + crlId + ".crl");
-        } else if (op.equals("getDeltaCRL")) {
-            mimeType = "application/octet-stream";
-            httpResp.setHeader("Content-disposition",
-                    "attachment; filename=delta-" + crlId + ".crl");
-        } else {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_OPTIONS_SELECTED"));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED"));
-        }
-
-        try {
-            //            if (clientIsMSIE(httpReq) &&  op.equals("getCRL"))
-            //                httpResp.setHeader("Content-disposition",
-            //                  "attachment; filename=getCRL.crl");
-            httpResp.setContentType(mimeType);
-            httpResp.setContentLength(bytes.length);
-            httpResp.getOutputStream().write(bytes);
-            httpResp.getOutputStream().flush();
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CRLINFO"));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR"));
-        }
-        //		cmsReq.setResult(null);
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-        return;
-    }
-
-    private String hexToDecimal(String hex) {
-        String newHex = hex.substring(2);
-        BigInteger bi = new BigInteger(newHex, 16);
-
-        return bi.toString();
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java b/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
deleted file mode 100644
index af8b3cc02..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
+++ /dev/null
@@ -1,351 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.util.Locale;
-import java.math.BigInteger;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-
-import netscape.security.extensions.NSCertTypeExtension;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.Extension;
-import netscape.security.x509.KeyUsageExtension;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-
-/**
- * Gets a issued certificate from a request id.
- *
- * @version $Revision$, $Date$
- */
-public class GetCertFromRequest extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 5310646832256611066L;
-    private final static String PROP_IMPORT = "importCert";
-    protected static final String GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template";
-    protected static final String DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template";
-
-    protected static final String REQUEST_ID = "requestId";
-    protected static final String CERT_TYPE = "certtype";
-
-    protected String mCertFrReqSuccessTemplate = null;
-    protected ICMSTemplateFiller mCertFrReqFiller = null;
-
-    protected IRequestQueue mQueue = null;
-    protected boolean mImportCert = true;
-
-    public GetCertFromRequest() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template files
-     * "displayCertFromRequest.template" and "ImportCert.template"
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        mQueue = mAuthority.getRequestQueue();
-        try {
-            String tmp = sc.getInitParameter(
-                    PROP_IMPORT);
-
-            if (tmp != null && tmp.trim().equalsIgnoreCase("false"))
-                mImportCert = false;
-
-            String defTemplate = null;
-
-            if (mImportCert)
-                defTemplate = GET_CERT_FROM_REQUEST_TEMPLATE;
-            else
-                defTemplate = DISPLAY_CERT_FROM_REQUEST_TEMPLATE;
-            if (mAuthority instanceof IRegistrationAuthority)
-                defTemplate = "/ra/" + defTemplate;
-            else
-                defTemplate = "/ca/" + defTemplate;
-            mCertFrReqSuccessTemplate = sc.getInitParameter(
-                        PROP_SUCCESS_TEMPLATE);
-            if (mCertFrReqSuccessTemplate == null)
-                mCertFrReqSuccessTemplate = defTemplate;
-            String fillername =
-                    sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
-
-            if (fillername != null) {
-                ICMSTemplateFiller filler = newFillerObject(fillername);
-
-                if (filler != null)
-                    mCertFrReqFiller = filler;
-            } else {
-                mCertFrReqFiller = new CertFrRequestFiller();
-            }
-        } catch (Exception e) {
-            // should never happen.
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
-                            mId));
-        }
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param requestId The request ID to search on
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq)
-            throws EBaseException {
-        IArgBlock httpParams = cmsReq.getHttpParams();
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "read");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        String requestId = httpParams.getValueAsString(REQUEST_ID, null);
-
-        if (requestId == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED"));
-            throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_REQUEST_ID_PROVIDED"));
-        }
-        // check if request Id is valid.
-        try {
-            new BigInteger(requestId);
-        } catch (NumberFormatException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_REQ_ID_FORMAT", requestId));
-            throw new EBaseException(
-                    CMS.getUserMessage(getLocale(httpReq), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
-        }
-
-        IRequest r = mQueue.findRequest(new RequestId(requestId));
-
-        if (r == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
-        }
-
-        if (authToken != null) {
-            //if RA, group and requestOwner must match
-            String group = authToken.getInString("group");
-            if ((group != null) && (group != "") &&
-                    group.equals("Registration Manager Agents")) {
-                boolean groupMatched = false;
-                String reqOwner = r.getRequestOwner();
-                if (reqOwner != null) {
-                    CMS.debug("GetCertFromRequest process: req owner=" + reqOwner);
-                    if (reqOwner.equals(group))
-                        groupMatched = true;
-                }
-                if (groupMatched == false) {
-                    CMS.debug("RA group unmatched");
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId));
-                    throw new ECMSGWException(
-                            CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
-                }
-            }
-        }
-
-        if (!((r.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) ||
-                (r.getRequestType().equals(IRequest.RENEWAL_REQUEST)))) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_REQUEST_NOT_ENROLLMENT", requestId));
-        }
-        RequestStatus status = r.getRequestStatus();
-
-        if (!status.equals(RequestStatus.COMPLETE)) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_REQUEST_NOT_COMPLETED_1", requestId));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_REQUEST_NOT_COMPLETED", requestId));
-        }
-        Integer result = r.getExtDataInInteger(IRequest.RESULT);
-
-        if (result != null && !result.equals(IRequest.RES_SUCCESS)) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_REQUEST_HAD_ERROR", requestId));
-        }
-        Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
-
-        if (r.getExtDataInString("profile") != null) {
-            // handle profile-based request
-            X509CertImpl cert = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
-            X509CertImpl certs[] = new X509CertImpl[1];
-
-            certs[0] = cert;
-            o = certs;
-        }
-        if (o == null || !(o instanceof X509CertImpl[])) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
-        }
-        if (o instanceof X509CertImpl[]) {
-            X509CertImpl[] certs = (X509CertImpl[]) o;
-
-            if (certs == null || certs.length == 0 || certs[0] == null) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
-            }
-
-            // for importsCert to get the crmf_reqid.
-            cmsReq.setIRequest(r);
-
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-
-            if (mImportCert &&
-                    checkImportCertToNav(cmsReq.getHttpResp(), httpParams, certs[0])) {
-                return;
-            }
-            try {
-                cmsReq.setResult(certs);
-                renderTemplate(cmsReq, mCertFrReqSuccessTemplate, mCertFrReqFiller);
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1",
-                                mCertFrReqSuccessTemplate, e.toString()));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-            }
-        }
-        return;
-    }
-}
-
-class CertFrRequestFiller extends ImportCertsTemplateFiller {
-    public CertFrRequestFiller() {
-    }
-
-    public CMSTemplateParams getTemplateParams(
-            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
-            throws Exception {
-        CMSTemplateParams tparams =
-                super.getTemplateParams(cmsReq, authority, locale, e);
-        String reqId = cmsReq.getHttpParams().getValueAsString(
-                GetCertFromRequest.REQUEST_ID);
-
-        tparams.getHeader().addStringValue(GetCertFromRequest.REQUEST_ID, reqId);
-
-        if (reqId != null) {
-            IRequest r = authority.getRequestQueue().findRequest(new RequestId(reqId));
-            if (r != null) {
-                boolean noCertImport = true;
-                String certType = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
-
-                if (certType != null && certType.equals(IRequest.CLIENT_CERT)) {
-                    noCertImport = false;
-                }
-                tparams.getHeader().addBooleanValue("noCertImport", noCertImport);
-
-                X509CertImpl[] certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
-
-                if (certs != null) {
-                    X509CertInfo info = (X509CertInfo) certs[0].get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
-                    CertificateExtensions extensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
-
-                    tparams.getHeader().addStringValue(GetCertFromRequest.CERT_TYPE, "x509");
-
-                    boolean emailCert = false;
-
-                    if (extensions != null) {
-                        for (int i = 0; i < extensions.size(); i++) {
-                            Extension ext = extensions.elementAt(i);
-
-                            if (ext instanceof NSCertTypeExtension) {
-                                NSCertTypeExtension type = (NSCertTypeExtension) ext;
-
-                                if (((Boolean) type.get(NSCertTypeExtension.EMAIL)).booleanValue())
-                                    emailCert = true;
-                            }
-                            if (ext instanceof KeyUsageExtension) {
-                                KeyUsageExtension usage =
-                                        (KeyUsageExtension) ext;
-
-                                try {
-                                    if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() ||
-                                            ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue())
-                                        emailCert = true;
-                                } catch (ArrayIndexOutOfBoundsException e0) {
-                                    // bug356108:
-                                    // In case there is only DIGITAL_SIGNATURE,
-                                    // don't report error
-                                }
-                            }
-                        }
-                    }
-                    tparams.getHeader().addBooleanValue("emailCert", emailCert);
-                }
-            }
-        }
-
-        return tparams;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java b/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java
deleted file mode 100644
index 0c650cf69..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java
+++ /dev/null
@@ -1,174 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-import com.netscape.cms.authentication.HashAuthentication;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Servlet to get the enrollment status, enable or disable.
- *
- * @version $Revision$, $Date$
- */
-public class GetEnableStatus extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 3879769989681379834L;
-    private final static String TPL_FILE = "userEnroll.template";
-    private String mFormPath = null;
-
-    public GetEnableStatus() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        // coming from agent
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-    }
-
-    protected CMSRequest newCMSRequest() {
-        return new CMSRequest();
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq)
-            throws EBaseException {
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "read");
-        } catch (Exception e) {
-            // do nothing for now
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        String reqHost = httpReq.getRemoteHost();
-
-        if (!(mAuthority instanceof IRegistrationAuthority)) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, httpReq, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE",
-                            mFormPath, e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        IConfigStore configStore = CMS.getConfigStore();
-        String val = configStore.getString("hashDirEnrollment.name");
-        IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-        IAuthManager authMgr = authSS.get(val);
-        HashAuthentication mgr = (HashAuthentication) authMgr;
-        long timeout = HashAuthentication.DEFAULT_TIMEOUT / 1000;
-
-        header.addStringValue("timeout", "" + timeout);
-        header.addStringValue("reqHost", reqHost);
-
-        for (Enumeration<String> hosts = mgr.getHosts(); hosts.hasMoreElements();) {
-            IArgBlock rarg = CMS.createArgBlock();
-
-            rarg.addStringValue("hosts", hosts.nextElement());
-            argSet.addRepeatRecord(rarg);
-        }
-
-        try {
-            ServletOutputStream out = httpResp.getOutputStream();
-
-            httpResp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-        }
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-        return;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java b/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java
deleted file mode 100644
index e82b2046f..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java
+++ /dev/null
@@ -1,374 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.AlgorithmId;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.ca.ICRLIssuingPoint;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
-import com.netscape.certsrv.dbs.crldb.ICRLRepository;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Get detailed information about CA CRL processing
- *
- * @version $Revision$, $Date$
- */
-public class GetInfo extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 1909881831730252799L;
-
-    private ICertificateAuthority mCA = null;
-
-    /**
-     * Constructs GetInfo servlet.
-     */
-    public GetInfo() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-
-        if (mAuthority instanceof ICertificateAuthority)
-            mCA = (ICertificateAuthority) mAuthority;
-
-        // override success to do output our own template.
-        mTemplates.remove(ICMSRequest.SUCCESS);
-    }
-
-    /**
-     * XXX Process the HTTP request.
-     * <ul>
-     * <li>http.param template filename of template to use to render the result
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "read");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        EBaseException error = null;
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        String template = req.getParameter("template");
-        String formFile = "";
-
-        /*
-                for (int i = 0; ((template != null) && (i < template.length())); i++) {
-                    char c = template.charAt(i);
-                    if (!Character.isLetterOrDigit(c) && c != '_' && c != '-') {
-                        template = null;
-                        break;
-                    }
-                }
-        */
-
-        if (template != null) {
-            formFile = template + ".template";
-        } else {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1"));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        CMS.debug("*** formFile = " + formFile);
-        try {
-            form = getTemplate(formFile, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formFile, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        try {
-            process(argSet, header, req, resp, locale[0]);
-        } catch (EBaseException e) {
-            error = e;
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            if (error == null) {
-                String xmlOutput = req.getParameter("xml");
-                if (xmlOutput != null && xmlOutput.equals("true")) {
-                    outputXML(resp, argSet);
-                } else {
-                    resp.setContentType("text/html");
-                    form.renderOutput(out, argSet);
-                    cmsReq.setStatus(ICMSRequest.SUCCESS);
-                }
-            } else {
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                cmsReq.setError(error);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-    }
-
-    private void process(CMSTemplateParams argSet, IArgBlock header,
-            HttpServletRequest req,
-            HttpServletResponse resp,
-            Locale locale)
-            throws EBaseException {
-        if (mCA != null) {
-            String crlIssuingPoints = "";
-            String crlNumbers = "";
-            String deltaNumbers = "";
-            String crlSizes = "";
-            String deltaSizes = "";
-            String crlDescriptions = "";
-            StringBuffer crlSplits = new StringBuffer();
-            String recentChanges = "";
-            String crlTesting = "";
-            boolean isDeltaCRLEnabled = false;
-
-            String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", "");
-            String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", "");
-
-            if (masterHost != null && masterHost.length() > 0 &&
-                    masterPort != null && masterPort.length() > 0) {
-
-                ICRLRepository crlRepository = mCA.getCRLRepository();
-
-                Vector<String> ipNames = crlRepository.getIssuingPointsNames();
-                for (int i = 0; i < ipNames.size(); i++) {
-                    String ipName = ipNames.elementAt(i);
-                    ICRLIssuingPointRecord crlRecord = null;
-                    try {
-                        crlRecord = crlRepository.readCRLIssuingPointRecord(ipName);
-                    } catch (Exception e) {
-                    }
-                    if (crlRecord != null) {
-                        if (crlIssuingPoints.length() > 0)
-                            crlIssuingPoints += "+";
-                        crlIssuingPoints += ipName;
-
-                        BigInteger crlNumber = crlRecord.getCRLNumber();
-                        if (crlNumbers.length() > 0)
-                            crlNumbers += "+";
-                        if (crlNumber != null)
-                            crlNumbers += crlNumber.toString();
-
-                        if (crlSizes.length() > 0)
-                            crlSizes += "+";
-                        crlSizes += ((crlRecord.getCRLSize() != null) ?
-                                      crlRecord.getCRLSize().toString() : "-1");
-
-                        if (deltaSizes.length() > 0)
-                            deltaSizes += "+";
-                        long dSize = -1;
-                        if (crlRecord.getDeltaCRLSize() != null)
-                            dSize = crlRecord.getDeltaCRLSize().longValue();
-                        deltaSizes += dSize;
-
-                        BigInteger deltaNumber = crlRecord.getDeltaCRLNumber();
-                        if (deltaNumbers.length() > 0)
-                            deltaNumbers += "+";
-                        if (deltaNumber != null && dSize > -1) {
-                            deltaNumbers += deltaNumber.toString();
-                            isDeltaCRLEnabled |= true;
-                        } else {
-                            deltaNumbers += "0";
-                        }
-
-                        if (recentChanges.length() > 0)
-                            recentChanges += "+";
-                        recentChanges += "-, -, -";
-
-                        if (crlTesting.length() > 0)
-                            crlTesting += "+";
-                        crlTesting += "0";
-                    }
-                }
-
-            } else {
-                Enumeration<ICRLIssuingPoint> ips = mCA.getCRLIssuingPoints();
-
-                while (ips.hasMoreElements()) {
-                    ICRLIssuingPoint ip = ips.nextElement();
-
-                    if (ip.isCRLIssuingPointEnabled()) {
-                        if (crlIssuingPoints.length() > 0)
-                            crlIssuingPoints += "+";
-                        crlIssuingPoints += ip.getId();
-
-                        BigInteger crlNumber = ip.getCRLNumber();
-                        if (crlNumbers.length() > 0)
-                            crlNumbers += "+";
-                        if (crlNumber != null)
-                            crlNumbers += crlNumber.toString();
-
-                        BigInteger deltaNumber = ip.getDeltaCRLNumber();
-                        if (deltaNumbers.length() > 0)
-                            deltaNumbers += "+";
-                        if (deltaNumber != null)
-                            deltaNumbers += deltaNumber.toString();
-
-                        if (crlSizes.length() > 0)
-                            crlSizes += "+";
-                        crlSizes += ip.getCRLSize();
-
-                        if (deltaSizes.length() > 0)
-                            deltaSizes += "+";
-                        deltaSizes += ip.getDeltaCRLSize();
-
-                        if (crlDescriptions.length() > 0)
-                            crlDescriptions += "+";
-                        crlDescriptions += ip.getDescription();
-
-                        if (recentChanges.length() > 0)
-                            recentChanges += "+";
-                        if (ip.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_PUBLISHING_STARTED) {
-                            recentChanges += "Publishing CRL #" + ip.getCRLNumber();
-                        } else if (ip.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_STARTED) {
-                            recentChanges += "Creating CRL #" + ip.getNextCRLNumber();
-                        } else { // ip.CRL_UPDATE_DONE
-                            recentChanges += ip.getNumberOfRecentlyRevokedCerts() + ", " +
-                                    ip.getNumberOfRecentlyUnrevokedCerts() + ", " +
-                                    ip.getNumberOfRecentlyExpiredCerts();
-                        }
-                        isDeltaCRLEnabled |= ip.isDeltaCRLEnabled();
-
-                        if (crlSplits.length() > 0)
-                            crlSplits.append("+");
-                        Vector<Long> splits = ip.getSplitTimes();
-
-                        for (int i = 0; i < splits.size(); i++) {
-                            crlSplits.append(splits.elementAt(i));
-                            if (i + 1 < splits.size())
-                                crlSplits.append(",");
-                        }
-
-                        if (crlTesting.length() > 0)
-                            crlTesting += "+";
-                        crlTesting += ((ip.isCRLCacheTestingEnabled()) ? "1" : "0");
-                    }
-                }
-
-            }
-
-            header.addStringValue("crlIssuingPoints", crlIssuingPoints);
-            header.addStringValue("crlDescriptions", crlDescriptions);
-            header.addStringValue("crlNumbers", crlNumbers);
-            header.addStringValue("deltaNumbers", deltaNumbers);
-            header.addStringValue("crlSizes", crlSizes);
-            header.addStringValue("deltaSizes", deltaSizes);
-            header.addStringValue("crlSplits", crlSplits.toString());
-            header.addStringValue("crlTesting", crlTesting);
-            header.addBooleanValue("isDeltaCRLEnabled", isDeltaCRLEnabled);
-
-            header.addStringValue("master_host", masterHost);
-            header.addStringValue("master_port", masterPort);
-
-            header.addStringValue("masterCRLIssuingPoint", ICertificateAuthority.PROP_MASTER_CRL);
-            ICRLIssuingPoint ip0 = mCA.getCRLIssuingPoint(ICertificateAuthority.PROP_MASTER_CRL);
-
-            if (ip0 != null) {
-                header.addStringValue("defaultAlgorithm", ip0.getSigningAlgorithm());
-            }
-
-            if (recentChanges.length() > 0)
-                header.addStringValue("recentChanges", recentChanges);
-
-            String validAlgorithms = null;
-            String[] allAlgorithms = mCA.getCASigningAlgorithms();
-
-            if (allAlgorithms == null) {
-                CMS.debug("GetInfo: signing algorithms set to All algorithms");
-                allAlgorithms = AlgorithmId.ALL_SIGNING_ALGORITHMS;
-            }
-
-            for (int i = 0; i < allAlgorithms.length; i++) {
-                if (i > 0) {
-                    validAlgorithms += "+" + allAlgorithms[i];
-                } else {
-                    validAlgorithms = allAlgorithms[i];
-                }
-            }
-            if (validAlgorithms != null)
-                header.addStringValue("validAlgorithms", validAlgorithms);
-        }
-
-        return;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java b/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java
deleted file mode 100644
index a6e9d832e..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java
+++ /dev/null
@@ -1,1234 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.InvalidKeyException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.Extension;
-import netscape.security.x509.KeyUsageExtension;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-
-import org.mozilla.jss.asn1.INTEGER;
-import org.mozilla.jss.asn1.InvalidBERException;
-import org.mozilla.jss.asn1.SEQUENCE;
-import org.mozilla.jss.pkix.crmf.CertReqMsg;
-import org.mozilla.jss.pkix.crmf.CertRequest;
-import org.mozilla.jss.pkix.crmf.CertTemplate;
-import org.mozilla.jss.pkix.primitive.Name;
-import org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertRecordList;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.authentication.HashAuthentication;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-
-/**
- * performs face-to-face enrollment.
- *
- * @version $Revision$, $Date$
- */
-public class HashEnrollServlet extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 5532936020515258333L;
-
-    public final static String ADMIN_ENROLL_SERVLET_ID = "adminEnroll";
-
-    // enrollment templates.
-    public static final String ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template";
-
-    // http params
-    public static final String OLD_CERT_TYPE = "csrCertType";
-    public static final String CERT_TYPE = "certType";
-    // same as in ConfigConstant.java
-    public static final String REQUEST_FORMAT = "reqFormat";
-    public static final String REQUEST_CONTENT = "requestContent";
-    public static final String SUBJECT_KEYGEN_INFO = "subjectKeyGenInfo";
-    public static final String CRMF_REQUEST = "CRMFRequest";
-    public static final String SUBJECT_NAME = "subject";
-    public static final String CRMF_REQID = "crmfReqId";
-    public static final String CHALLENGE_PASSWORD = "challengePhrase";
-
-    private static final String CERT_AUTH_DUAL = "dual";
-    private static final String CERT_AUTH_ENCRYPTION = "encryption";
-    private static final String CERT_AUTH_SINGLE = "single";
-    private static final String CLIENT_ISSUER = "clientIssuer";
-    public static final String TPL_ERROR_FILE = "/ra/GenErrorHashDirEnroll.template";
-
-    private String mEnrollSuccessTemplate = null;
-    private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller();
-
-    ICertificateAuthority mCa = null;
-    ICertificateRepository mRepository = null;
-
-    public HashEnrollServlet() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        // override success template to allow direct import of keygen certs.
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        try {
-            mEnrollSuccessTemplate = sc.getInitParameter(
-                    CMSServlet.PROP_SUCCESS_TEMPLATE);
-            if (mEnrollSuccessTemplate == null)
-                mEnrollSuccessTemplate = ENROLL_SUCCESS_TEMPLATE;
-            String fillername =
-                    sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
-
-            if (fillername != null) {
-                ICMSTemplateFiller filler = newFillerObject(fillername);
-
-                if (filler != null)
-                    mEnrollSuccessFiller = filler;
-            }
-
-            // cfu
-            mCa = (ICertificateAuthority) CMS.getSubsystem("ca");
-
-            init_testbed_hack(mConfig);
-        } catch (Exception e) {
-            // this should never happen.
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId));
-        }
-    }
-
-    /**
-     * Process the HTTP request.
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq)
-            throws EBaseException {
-        IArgBlock httpParams = cmsReq.getHttpParams();
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        String certType = null;
-
-        String reqHost = httpReq.getRemoteHost();
-
-        String host = httpParams.getValueAsString("hostname", null);
-
-        if (host == null || !host.equals(reqHost)) {
-            printError(cmsReq, "0");
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-            return;
-        }
-
-        IConfigStore configStore = CMS.getConfigStore();
-        String val = configStore.getString("hashDirEnrollment.name");
-        IAuthSubsystem authSS = (IAuthSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-        IAuthManager authMgr = authSS.get(val);
-        HashAuthentication mgr = (HashAuthentication) authMgr;
-
-        Date date = new Date();
-        long currTime = date.getTime();
-        long timeout = mgr.getTimeout(reqHost);
-        long lastlogin = mgr.getLastLogin(reqHost);
-        long diff = currTime - lastlogin;
-
-        boolean enable = mgr.isEnable(reqHost);
-
-        if (!enable) {
-            printError(cmsReq, "0");
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-            return;
-        }
-        if (lastlogin == 0)
-            mgr.setLastLogin(reqHost, currTime);
-        else if (diff > timeout) {
-            mgr.disable(reqHost);
-            printError(cmsReq, "2");
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-            return;
-        }
-
-        mgr.setLastLogin(reqHost, currTime);
-
-        // support Enterprise 3.5.1 server where CERT_TYPE=csrCertType
-        // instead of certType
-        certType = httpParams.getValueAsString(OLD_CERT_TYPE, null);
-        if (certType == null) {
-            certType = httpParams.getValueAsString(CERT_TYPE, "client");
-        } else {
-            ;
-        }
-
-        processX509(cmsReq);
-    }
-
-    private void printError(CMSRequest cmsReq, String errorCode)
-            throws EBaseException {
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        header.addStringValue("authority", "Registration Manager");
-        header.addStringValue("errorCode", errorCode);
-        String formPath = TPL_ERROR_FILE;
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(formPath, httpReq, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-        try {
-            ServletOutputStream out = httpResp.getOutputStream();
-
-            httpResp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM",
-                            e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-        }
-    }
-
-    protected void processX509(CMSRequest cmsReq)
-            throws EBaseException {
-        IArgBlock httpParams = cmsReq.getHttpParams();
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-
-        // create enrollment request in request queue.
-        IRequest req = mRequestQueue.newRequest(IRequest.ENROLLMENT_REQUEST);
-
-        /*
-         * === certAuth based enroll ===
-         * "certAuthEnroll" is on.
-         * "certauthEnrollType can be one of the three:
-         *		 single - it's for single cert enrollment
-         *		 dual - it's for dual certs enrollment
-         *		 encryption - getting the encryption cert only via
-         *                    authentication of the signing cert
-         *                    (crmf or keyGenInfo)
-         */
-        boolean certAuthEnroll = false;
-
-        String certAuthEnrollOn =
-                httpParams.getValueAsString("certauthEnroll", null);
-
-        if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) {
-            certAuthEnroll = true;
-            CMS.debug("HashEnrollServlet: certAuthEnroll is on");
-        }
-
-        String certauthEnrollType = null;
-
-        if (certAuthEnroll == true) {
-            certauthEnrollType =
-                    httpParams.getValueAsString("certauthEnrollType", null);
-            if (certauthEnrollType != null) {
-                if (certauthEnrollType.equals("dual")) {
-                    CMS.debug("HashEnrollServlet: certauthEnrollType is dual");
-                } else if (certauthEnrollType.equals("encryption")) {
-                    CMS.debug("HashEnrollServlet: certauthEnrollType is encryption");
-                } else if (certauthEnrollType.equals("single")) {
-                    CMS.debug("HashEnrollServlet: certauthEnrollType is single");
-                } else {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType));
-                    throw new ECMSGWException(
-                            CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE"));
-                }
-            } else {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE"));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE"));
-            }
-        }
-
-        String challengePassword = httpParams.getValueAsString("challengePassword", "");
-
-        cmsReq.setIRequest(req);
-        saveHttpHeaders(httpReq, req);
-        saveHttpParams(httpParams, req);
-        IAuthToken token = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, token,
-                    mAuthzResourceName, "import");
-        } catch (Exception e) {
-            // do nothing for now
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        X509Certificate sslClientCert = null;
-        // cert auth enroll
-        String certBasedOldSubjectDN = null;
-        BigInteger certBasedOldSerialNum = null;
-
-        // check if request was authenticated, if so set authtoken & certInfo.
-        // also if authenticated, take certInfo from authToken.
-        X509CertInfo certInfo = null;
-
-        if (certAuthEnroll == true) {
-            sslClientCert = getSSLClientCertificate(httpReq);
-            if (sslClientCert == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT"));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT"));
-            }
-
-            certBasedOldSubjectDN = sslClientCert.getSubjectDN().toString();
-            certBasedOldSerialNum = sslClientCert.getSerialNumber();
-            try {
-                certInfo = (X509CertInfo)
-                        ((X509CertImpl) sslClientCert).get(
-                                X509CertImpl.NAME + "." + X509CertImpl.INFO);
-            } catch (CertificateParsingException ex) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
-                throw new ECMSGWException(
-                        CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
-            }
-        } else {
-            certInfo = CMS.getDefaultX509CertInfo();
-        }
-
-        X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo };
-
-        //AuthToken authToken = access.getAuthToken();
-        IConfigStore configStore = CMS.getConfigStore();
-        String val = configStore.getString("hashDirEnrollment.name");
-        IAuthSubsystem authSS = (IAuthSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-        IAuthManager authMgr1 = authSS.get(val);
-        HashAuthentication mgr = (HashAuthentication) authMgr1;
-        String pageID = httpParams.getValueAsString("pageID", null);
-
-        IAuthToken authToken = mgr.getAuthToken(pageID);
-
-        String authMgr = AuditFormat.NOAUTH;
-
-        if (authToken == null) {
-            printError(cmsReq, "3");
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-            return;
-        } else {
-            authMgr =
-                    authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
-            // don't store agent token in request.
-            // agent currently used for bulk issuance.
-            // if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
-            log(ILogger.LL_INFO,
-                    "Enrollment request was authenticated by " +
-                            authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME));
-            fillCertInfoFromAuthToken(certInfo, authToken);
-            // save authtoken attrs to request directly (for policy use)
-            saveAuthToken(authToken, req);
-            // req.set(IRequest.AUTH_TOKEN, authToken);
-            // }
-        }
-
-        // support Enterprise 3.5.1 server where CERT_TYPE=csrCertType
-        // instead of certType
-        String certType = httpParams.getValueAsString(OLD_CERT_TYPE, null);
-        if (certType == null) {
-            certType = httpParams.getValueAsString(CERT_TYPE, "client");
-        } else {
-            // some policies may rely on the fact that
-            // CERT_TYPE is set. So for 3.5.1 or eariler
-            // we need to set CERT_TYPE here.
-            req.setExtData(IRequest.HTTP_PARAMS, CERT_TYPE, certType);
-        }
-
-        String crmf =
-                httpParams.getValueAsString(CRMF_REQUEST, null);
-
-        if (certAuthEnroll == true) {
-
-            fillCertInfoFromAuthToken(certInfo, authToken);
-
-            // for dual certs
-            if (certauthEnrollType.equals(CERT_AUTH_DUAL)) {
-                if (mCa == null) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_NOT_A_CA"));
-                    throw new ECMSGWException(
-                            CMS.getUserMessage("CMS_GW_NOT_A_CA"));
-                }
-
-                // first, make sure the client cert is indeed a
-                //				signing only cert
-                if ((CMS.isSigningCert(sslClientCert) == false) ||
-                        ((CMS.isSigningCert(sslClientCert) == true) &&
-                        (CMS.isEncryptionCert(sslClientCert) == true))) {
-                    // either it's not a signing cert, or it's a dual cert
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
-                    throw new ECMSGWException(
-                            CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
-                }
-                X509Key key = null;
-
-                // for signing cert
-                key = (X509Key) sslClientCert.getPublicKey();
-                try {
-                    certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
-                } catch (CertificateException e) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
-                    throw new ECMSGWException(
-                            CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
-                } catch (IOException e) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
-                    throw new ECMSGWException(
-                            CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
-                }
-
-                String filter =
-                        "(&(x509cert.subject="
-                                + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum
-                                + "))(certStatus=VALID))";
-                ICertRecordList list =
-                        mCa.getCertificateRepository().findCertRecordsInList(filter,
-                                null, 10);
-                int size = list.getSize();
-                Enumeration<ICertRecord> en = list.getCertRecords(0, size - 1);
-                boolean gotEncCert = false;
-
-                if (!en.hasMoreElements()) {
-                    // pairing encryption cert not found
-                } else {
-                    X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo();
-                    X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo,
-                            encCertInfo };
-                    int i = 1;
-
-                    while (en.hasMoreElements()) {
-                        ICertRecord record = en.nextElement();
-                        X509CertImpl cert = record.getCertificate();
-
-                        // if not encryption cert only, try next one
-                        if ((CMS.isEncryptionCert(cert) == false) ||
-                                ((CMS.isEncryptionCert(cert) == true) &&
-                                (CMS.isSigningCert(cert) == true))) {
-                            continue;
-                        }
-
-                        key = (X509Key) cert.getPublicKey();
-                        try {
-                            encCertInfo = (X509CertInfo)
-                                    cert.get(
-                                            X509CertImpl.NAME + "." + X509CertImpl.INFO);
-
-                        } catch (CertificateParsingException ex) {
-                            log(ILogger.LL_FAILURE,
-                                    CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
-                            throw new ECMSGWException(
-                                    CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
-                        }
-
-                        try {
-                            encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
-                        } catch (CertificateException e) {
-                            log(ILogger.LL_FAILURE,
-                                    CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
-                            throw new ECMSGWException(
-                                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
-                        } catch (IOException e) {
-                            log(ILogger.LL_FAILURE,
-                                    CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
-                            throw new ECMSGWException(
-                                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
-                        }
-                        fillCertInfoFromAuthToken(encCertInfo, authToken);
-
-                        cInfoArray[i++] = encCertInfo;
-                        certInfoArray = cInfoArray;
-                        gotEncCert = true;
-                        break;
-                    }
-                }
-
-                if (gotEncCert == false) {
-                    // encryption cert not found, bail
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND"));
-                    throw new ECMSGWException(
-                            CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND"));
-                }
-            } else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) {
-                // first, make sure the client cert is indeed a
-                //				signing only cert
-                if ((CMS.isSigningCert(sslClientCert) == false) ||
-                        ((CMS.isSigningCert(sslClientCert) == true) &&
-                        (CMS.isEncryptionCert(sslClientCert) == true))) {
-                    // either it's not a signing cert, or it's a dual cert
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
-                    throw new ECMSGWException(
-                            CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
-                }
-
-                /*
-                 * crmf
-                 */
-                if (crmf != null && crmf != "") {
-                    certInfoArray = fillCRMF(crmf, authToken, httpParams, req);
-                    req.setExtData(CLIENT_ISSUER,
-                            sslClientCert.getIssuerDN().toString());
-                    CMS.debug(
-                            "HashEnrollServlet: sslClientCert issuerDN = " + sslClientCert.getIssuerDN().toString());
-                } else {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
-                    throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq),
-                            "CMS_GW_MISSING_KEYGEN_INFO"));
-                }
-            } else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) {
-                // have to be buried here to handle the issuer
-
-                if (crmf != null && crmf != "") {
-                    certInfoArray = fillCRMF(crmf, authToken, httpParams, req);
-                } else {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
-                    throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq),
-                            "CMS_GW_MISSING_KEYGEN_INFO"));
-                }
-                req.setExtData(CLIENT_ISSUER,
-                        sslClientCert.getIssuerDN().toString());
-            }
-        } else if (crmf != null && crmf != "") {
-            certInfoArray = fillCRMF(crmf, authToken, httpParams, req);
-        } else {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
-            throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq),
-                    "CMS_GW_MISSING_KEYGEN_INFO"));
-        }
-
-        req.setExtData(IRequest.CERT_INFO, certInfoArray);
-
-        if (challengePassword != null && !challengePassword.equals("")) {
-            String pwd = hashPassword(challengePassword);
-
-            req.setExtData(CHALLENGE_PASSWORD, pwd);
-        }
-
-        // send request to request queue.
-        mRequestQueue.processRequest(req);
-        // process result.
-
-        // render OLD_CERT_TYPE's response differently, we
-        // dont want any javascript in HTML, and need to
-        // override the default render.
-        if (httpParams.getValueAsString(OLD_CERT_TYPE, null) != null) {
-            try {
-                renderServerEnrollResult(cmsReq);
-                cmsReq.setStatus(ICMSRequest.SUCCESS); // no default render
-            } catch (IOException ex) {
-                cmsReq.setStatus(ICMSRequest.ERROR);
-            }
-            return;
-        }
-
-        //for audit log
-        String initiative = null;
-        String agentID = null;
-
-        if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
-            // request is from eegateway, so fromUser.
-            initiative = AuditFormat.FROMUSER;
-        } else {
-            agentID = authToken.getInString("userid");
-            initiative = AuditFormat.FROMAGENT + " agentID: " + agentID;
-        }
-
-        // if service not complete return standard templates.
-        RequestStatus status = req.getRequestStatus();
-
-        if (status != RequestStatus.COMPLETE) {
-            cmsReq.setIRequestStatus(); // set status acc. to IRequest status.
-            // audit log the status
-            try {
-                if (status == RequestStatus.REJECTED) {
-                    Vector<String> messages = req.getExtDataInStringVector(IRequest.ERRORS);
-
-                    if (messages != null) {
-                        Enumeration<String> msgs = messages.elements();
-                        StringBuffer wholeMsg = new StringBuffer();
-
-                        while (msgs.hasMoreElements()) {
-                            wholeMsg.append("\n");
-                            wholeMsg.append(msgs.nextElement());
-                        }
-                        mLogger.log(ILogger.EV_AUDIT,
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.ENROLLMENTFORMAT,
-                                new Object[] {
-                                        req.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        status.toString(),
-                                        certInfo.get(X509CertInfo.SUBJECT),
-                                        " violation: " +
-                                                wholeMsg.toString() },
-                                ILogger.L_MULTILINE
-                                );
-                    } else { // no policy violation, from agent
-                        mLogger.log(ILogger.EV_AUDIT,
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.ENROLLMENTFORMAT,
-                                new Object[] {
-                                        req.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        status.toString(),
-                                        certInfo.get(X509CertInfo.SUBJECT), "" }
-                                );
-                    }
-                } else { // other imcomplete status
-                    mLogger.log(ILogger.EV_AUDIT,
-                            ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.ENROLLMENTFORMAT,
-                            new Object[] {
-                                    req.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    status.toString(),
-                                    certInfo.get(X509CertInfo.SUBJECT), "" }
-                            );
-                }
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()));
-            } catch (CertificateException e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()));
-            }
-            return;
-        }
-        // if service error use standard error templates.
-        Integer result = req.getExtDataInInteger(IRequest.RESULT);
-
-        if (result.equals(IRequest.RES_ERROR)) {
-
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            cmsReq.setError(req.getExtDataInString(IRequest.ERROR));
-            String[] svcErrors =
-                    req.getExtDataInStringArray(IRequest.SVCERRORS);
-
-            if (svcErrors != null && svcErrors.length > 0) {
-                for (int i = 0; i < svcErrors.length; i++) {
-                    String err = svcErrors[i];
-
-                    if (err != null) {
-                        //System.out.println(
-                        //"revocation servlet: setting error description "+
-                        //err.toString());
-                        cmsReq.setErrorDescription(err);
-                        // audit log the error
-                        try {
-                            mLogger.log(ILogger.EV_AUDIT,
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.ENROLLMENTFORMAT,
-                                    new Object[] {
-                                            req.getRequestId(),
-                                            initiative,
-                                            authMgr,
-                                            "completed with error: " +
-                                                    err,
-                                            certInfo.get(X509CertInfo.SUBJECT), "" }
-                                    );
-                        } catch (IOException e) {
-                            log(ILogger.LL_FAILURE,
-                                    CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
-                                            e.toString()));
-                        } catch (CertificateException e) {
-                            log(ILogger.LL_FAILURE,
-                                    CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
-                                            e.toString()));
-                        }
-                    }
-                }
-            }
-            return;
-        }
-
-        // service success
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-        X509CertImpl[] issuedCerts =
-                req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
-
-        // audit log the success.
-        mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                AuditFormat.LEVEL,
-                AuditFormat.ENROLLMENTFORMAT,
-                new Object[] {
-                        req.getRequestId(),
-                        initiative,
-                        authMgr,
-                        "completed",
-                        issuedCerts[0].getSubjectDN(),
-                        "cert issued serial number: 0x" +
-                                issuedCerts[0].getSerialNumber().toString(16) }
-                );
-
-        // return cert as mime type binary if requested.
-        if (checkImportCertToNav(
-                cmsReq.getHttpResp(), httpParams, issuedCerts[0])) {
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-            return;
-        }
-
-        // use success template.
-        try {
-            cmsReq.setResult(issuedCerts);
-            renderTemplate(cmsReq, mEnrollSuccessTemplate,
-                    mEnrollSuccessFiller);
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(), e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR"));
-        }
-        return;
-    }
-
-    /**
-     * fill subject name, validity, extensions from authoken if any,
-     * overriding what was in pkcs10.
-     * fill subject name, extensions from http input if not authenticated.
-     * requests not authenticated will need to be approved by an agent.
-     */
-    protected void fillCertInfoFromAuthToken(
-            X509CertInfo certInfo, IAuthToken authToken)
-            throws EBaseException {
-        // override subject, validity and extensions from auth token
-        // CA determines algorithm, version and issuer.
-        // take key from keygen, cmc, pkcs10 or crmf.
-
-        // subject name.
-        try {
-            String subjectname =
-                    authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT);
-
-            if (subjectname != null) {
-                CertificateSubjectName certSubject = new CertificateSubjectName(new X500Name(subjectname));
-
-                certInfo.set(X509CertInfo.SUBJECT, certSubject);
-                log(ILogger.LL_INFO,
-                        "cert subject set to " + certSubject + " from authtoken");
-            }
-        } catch (CertificateException e) {
-            log(ILogger.LL_WARN,
-                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
-        } catch (IOException e) {
-            log(ILogger.LL_WARN,
-                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
-                            e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
-        }
-
-        // validity
-        try {
-            CertificateValidity validity = null;
-            Date notBefore =
-                    authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
-            Date notAfter =
-                    authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
-
-            if (notBefore != null && notAfter != null) {
-                validity = new CertificateValidity(notBefore, notAfter);
-                certInfo.set(X509CertInfo.VALIDITY, validity);
-                log(ILogger.LL_INFO,
-                        "cert validity set to " + validity + " from authtoken");
-            }
-        } catch (CertificateException e) {
-            log(ILogger.LL_WARN,
-                    CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1",
-                            e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
-        } catch (IOException e) {
-            log(ILogger.LL_WARN,
-                    CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
-        }
-
-        // extensions
-        try {
-            CertificateExtensions extensions =
-                    authToken.getInCertExts(X509CertInfo.EXTENSIONS);
-
-            if (extensions != null) {
-                certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-                log(ILogger.LL_INFO, "cert extensions set from authtoken");
-            }
-        } catch (CertificateException e) {
-            log(ILogger.LL_WARN,
-                    CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
-        } catch (IOException e) {
-            log(ILogger.LL_WARN,
-                    CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1",
-                            e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
-        }
-    }
-
-    protected X509CertInfo[] fillCRMF(
-            String crmf, IAuthToken authToken, IArgBlock httpParams, IRequest req)
-            throws EBaseException {
-        try {
-            byte[] crmfBlob = CMS.AtoB(crmf);
-            ByteArrayInputStream crmfBlobIn =
-                    new ByteArrayInputStream(crmfBlob);
-
-            SEQUENCE crmfMsgs = (SEQUENCE)
-                    new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn);
-
-            int nummsgs = crmfMsgs.size();
-            X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs];
-
-            for (int i = 0; i < nummsgs; i++) {
-                // decode message.
-                CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i);
-
-                /*
-                 if (certReqMsg.hasPop()) {
-                 try {
-                 certReqMsg.verify();
-                 } catch (ChallengeResponseException ex) {
-                 // create and save the challenge
-                 // construct the cmmf message together
-                 // in a sequence to challenge the requestor
-                 } catch (Exception e) {
-                 // failed, should only affect one request
-                 }
-                 }
-                 */
-                CertRequest certReq = certReqMsg.getCertReq();
-                INTEGER certReqId = certReq.getCertReqId();
-                int srcId = certReqId.intValue();
-
-                req.setExtData(IRequest.CRMF_REQID, String.valueOf(srcId));
-
-                CertTemplate certTemplate = certReq.getCertTemplate();
-                X509CertInfo certInfo = CMS.getDefaultX509CertInfo();
-
-                // get key
-                SubjectPublicKeyInfo spki = certTemplate.getPublicKey();
-                ByteArrayOutputStream keyout = new ByteArrayOutputStream();
-
-                spki.encode(keyout);
-                byte[] keybytes = keyout.toByteArray();
-                X509Key key = new X509Key();
-
-                key.decode(keybytes);
-                certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
-
-                // field suggested notBefore and notAfter in CRMF
-                // Tech Support #383184
-                if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) {
-                    CertificateValidity certValidity =
-                            new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter());
-
-                    certInfo.set(X509CertInfo.VALIDITY, certValidity);
-                }
-
-                if (certTemplate.hasSubject()) {
-                    Name subjectdn = certTemplate.getSubject();
-                    ByteArrayOutputStream subjectEncStream =
-                            new ByteArrayOutputStream();
-
-                    subjectdn.encode(subjectEncStream);
-                    byte[] subjectEnc = subjectEncStream.toByteArray();
-                    X500Name subject = new X500Name(subjectEnc);
-
-                    certInfo.set(X509CertInfo.SUBJECT,
-                            new CertificateSubjectName(subject));
-                } else if (authToken == null ||
-                        authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
-                    // No subject name - error!
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
-                    throw new ECMSGWException(
-                            CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
-                }
-
-                // get extensions
-                CertificateExtensions extensions = null;
-
-                try {
-                    extensions = (CertificateExtensions)
-                            certInfo.get(X509CertInfo.EXTENSIONS);
-                } catch (CertificateException e) {
-                    extensions = null;
-                } catch (IOException e) {
-                    extensions = null;
-                }
-                if (certTemplate.hasExtensions()) {
-                    // put each extension from CRMF into CertInfo.
-                    // index by extension name, consistent with
-                    // CertificateExtensions.parseExtension() method.
-                    if (extensions == null)
-                        extensions = new CertificateExtensions();
-                    int numexts = certTemplate.numExtensions();
-
-                    for (int j = 0; j < numexts; j++) {
-                        org.mozilla.jss.pkix.cert.Extension jssext =
-                                certTemplate.extensionAt(j);
-                        boolean isCritical = jssext.getCritical();
-                        org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid =
-                                jssext.getExtnId();
-                        long[] numbers = jssoid.getNumbers();
-                        int[] oidNumbers = new int[numbers.length];
-
-                        for (int k = numbers.length - 1; k >= 0; k--) {
-                            oidNumbers[k] = (int) numbers[k];
-                        }
-                        ObjectIdentifier oid =
-                                new ObjectIdentifier(oidNumbers);
-                        org.mozilla.jss.asn1.OCTET_STRING jssvalue =
-                                jssext.getExtnValue();
-                        ByteArrayOutputStream jssvalueout =
-                                new ByteArrayOutputStream();
-
-                        jssvalue.encode(jssvalueout);
-                        byte[] extValue = jssvalueout.toByteArray();
-
-                        Extension ext =
-                                new Extension(oid, isCritical, extValue);
-
-                        extensions.parseExtension(ext);
-                    }
-
-                    certInfo.set(X509CertInfo.VERSION,
-                            new CertificateVersion(CertificateVersion.V3));
-                    certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-
-                }
-
-                // Added a new configuration parameter
-                // eeGateway.Enrollment.authTokenOverride=[true|false]
-                // By default, it is set to true. In most
-                // of the case, administrator would want
-                // to have the control of the subject name
-                // formulation.
-                // -- CRMFfillCert
-                if (authToken != null &&
-                        authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
-                    // if authenticated override subect name, validity and
-                    // extensions if any from authtoken.
-                    fillCertInfoFromAuthToken(certInfo, authToken);
-                }
-
-                certInfoArray[i] = certInfo;
-            }
-
-            do_testbed_hack(nummsgs, certInfoArray, httpParams);
-
-            return certInfoArray;
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
-                            e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
-        } catch (InvalidBERException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
-        } catch (InvalidKeyException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
-                            e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
-        }
-    }
-
-    protected void renderServerEnrollResult(CMSRequest cmsReq) throws
-            IOException {
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        httpResp.setContentType("text/html");
-        ServletOutputStream out = null;
-
-        out = httpResp.getOutputStream();
-
-        // get template based on request status
-        out.println("<HTML>");
-        out.println("<TITLE>");
-        out.println("Server Enrollment");
-        out.println("</TITLE>");
-        // out.println("<BODY BGCOLOR=white>");
-
-        if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.COMPLETE)) {
-            out.println("<H1>");
-            out.println("SUCCESS");
-            out.println("</H1>");
-            out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX - localize the message
-            out.println("<P>");
-            out.println("Request Creation Time: ");
-            out.println(cmsReq.getIRequest().getCreationTime().toString());
-            out.println("<P>");
-            out.println("Request Status: ");
-            out.println(cmsReq.getStatus().toString());
-            out.println("<P>");
-            out.println("Request ID: ");
-            out.println(cmsReq.getIRequest().getRequestId().toString());
-            out.println("<P>");
-            out.println("Certificate: ");
-            out.println("<P>");
-            out.println("<PRE>");
-            X509CertImpl certs[] =
-                    cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS);
-
-            out.println(CMS.getEncodedCert(certs[0]));
-            out.println("</PRE>");
-            out.println("<P>");
-            out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" +
-                    cmsReq.getIRequest().getCreationTime().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
-                    cmsReq.getStatus().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_ID=" +
-                    cmsReq.getIRequest().getRequestId().toString() + ">");
-            out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" +
-                    CMS.getEncodedCert(certs[0]) + ">");
-        } else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) {
-            out.println("<H1>");
-            out.println("PENDING");
-            out.println("</H1>");
-            out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX - localize the message
-            out.println("<P>");
-            out.println("Request Creation Time: ");
-            out.println(cmsReq.getIRequest().getCreationTime().toString());
-            out.println("<P>");
-            out.println("Request Status: ");
-            out.println(cmsReq.getStatus().toString());
-            out.println("<P>");
-            out.println("Request ID: ");
-            out.println(cmsReq.getIRequest().getRequestId().toString());
-            out.println("<P>");
-            out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" +
-                    cmsReq.getIRequest().getCreationTime().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
-                    cmsReq.getStatus().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_ID=" +
-                    cmsReq.getIRequest().getRequestId().toString() + ">");
-        } else {
-            out.println("<H1>");
-            out.println("ERROR");
-            out.println("</H1>");
-            out.println("<!INFO>");
-            out.println("Please consult your local administrator for assistance."); // XXX - localize the message
-            out.println("<!/INFO>");
-            out.println("<P>");
-            out.println("Request Status: ");
-            out.println(cmsReq.getStatus().toString());
-            out.println("<P>");
-            out.println("Error: ");
-            out.println(cmsReq.getError()); // XXX - need to parse in Locale
-            out.println("<P>");
-            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
-                    cmsReq.getStatus().toString() + ">");
-            out.println("<!HTTP_OUTPUT ERROR=" +
-                    cmsReq.getError() + ">");
-        }
-
-        /**
-         * // include all the input data
-         * IArgBlock args = cmsReq.getHttpParams();
-         * Enumeration ele = args.getElements();
-         * while (ele.hasMoreElements()) {
-         * String eleT = (String)ele.nextElement();
-         * out.println("<!HTTP_INPUT " + eleT + "=" +
-         * args.get(eleT) + ">");
-         * }
-         **/
-
-        out.println("</HTML>");
-    }
-
-    // XXX ALERT !!
-    // Remove the following and calls to them when we bundle a cartman
-    // later than alpha1.
-    // These are here to cover up problem in cartman where the
-    // key usage extension always ends up being digital signature only
-    // and for rsa-ex ends up having no bits set.
-
-    private boolean mIsTestBed = false;
-
-    private void init_testbed_hack(IConfigStore config)
-            throws EBaseException {
-        mIsTestBed = config.getBoolean("isTestBed", true);
-    }
-
-    private void do_testbed_hack(
-            int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams)
-            throws EBaseException {
-        if (!mIsTestBed)
-            return;
-
-        // get around bug in cartman - bits are off by one byte.
-        for (int i = 0; i < certinfo.length; i++) {
-            try {
-                X509CertInfo cert = certinfo[i];
-                CertificateExtensions exts = (CertificateExtensions)
-                        cert.get(CertificateExtensions.NAME);
-
-                if (exts == null) {
-                    // should not happen.
-                    continue;
-                }
-                KeyUsageExtension ext = (KeyUsageExtension)
-                        exts.get(KeyUsageExtension.NAME);
-
-                if (ext == null)
-                    // should not happen
-                    continue;
-                byte[] value = ext.getExtensionValue();
-
-                if (value[0] == 0x03 && value[1] == 0x02 && value[2] == 0x07) {
-                    byte[] newvalue = new byte[value.length + 1];
-
-                    newvalue[0] = 0x03;
-                    newvalue[1] = 0x03;
-                    newvalue[2] = 0x07;
-                    newvalue[3] = value[3];
-                    // force encryption certs to have digitial signature
-                    // set too so smime can find the cert for encryption.
-                    if (value[3] == 0x20) {
-
-                        /*
-                         newvalue[3] = 0x3f;
-                         newvalue[4] = (byte)0x80;
-                         */
-                        if (httpParams.getValueAsBoolean(
-                                "dual-use-hack", true)) {
-                            newvalue[3] = (byte) 0xE0; // same as rsa-dual-use.
-                        }
-                    }
-                    newvalue[4] = 0;
-                    KeyUsageExtension newext =
-                            new KeyUsageExtension(Boolean.valueOf(true),
-                                    newvalue);
-
-                    exts.delete(KeyUsageExtension.NAME);
-                    exts.set(KeyUsageExtension.NAME, newext);
-                }
-            } catch (IOException e) {
-                // should never happen
-                continue;
-            } catch (CertificateException e) {
-                // should never happen
-                continue;
-            }
-        }
-
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java b/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
deleted file mode 100644
index a56ac1d88..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
+++ /dev/null
@@ -1,380 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.BufferedReader;
-import java.io.ByteArrayOutputStream;
-import java.io.StringReader;
-import java.io.StringWriter;
-import java.math.BigInteger;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.Locale;
-
-import javax.servlet.http.HttpServletRequest;
-
-import netscape.security.pkcs.ContentInfo;
-import netscape.security.pkcs.PKCS7;
-import netscape.security.pkcs.SignerInfo;
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.CertificateChain;
-import netscape.security.x509.X509CertImpl;
-
-import org.mozilla.jss.asn1.INTEGER;
-import org.mozilla.jss.pkix.cmmf.CertOrEncCert;
-import org.mozilla.jss.pkix.cmmf.CertRepContent;
-import org.mozilla.jss.pkix.cmmf.CertResponse;
-import org.mozilla.jss.pkix.cmmf.CertifiedKeyPair;
-import org.mozilla.jss.pkix.cmmf.PKIStatusInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.ICertPrettyPrint;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * Set up HTTP response to import certificate into browsers
- *
- * The result must have been populate with the set of certificates
- * to return.
- *
- * <pre>
- * inputs: certtype.
- * outputs:
- * 	- cert type from http input (if any)
- *      - CA chain
- * 	- authority name (RM, CM, DRM)
- *      - scheme:host:port of server.
- *  array of one or more
- *      - cert serial number
- *      - cert pretty print
- * 	- cert in base 64 encoding.
- * 	- cmmf blob to import
- * </pre>
- *
- * @version $Revision$, $Date$
- */
-public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
-    public static final String CRMF_REQID = "crmfReqId";
-    public static final String ISSUED_CERT_SERIAL = "serialNo";
-    public static final String CERT_TYPE = "certType";
-    public static final String BASE64_CERT = "base64Cert";
-    public static final String CERT_PRETTYPRINT = "certPrettyPrint";
-    public static final String CERT_FINGERPRINT = "certFingerprint"; // cisco
-    public static final String CERT_NICKNAME = "certNickname";
-    public static final String CMMF_RESP = "cmmfResponse";
-    public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE
-
-    public ImportCertsTemplateFiller() {
-    }
-
-    /**
-     * @param cmsReq CMS Request
-     * @param authority this authority
-     * @param locale locale of template.
-     * @param e unexpected exception e. ignored.
-     */
-    public CMSTemplateParams getTemplateParams(
-            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
-            throws Exception {
-        Certificate[] certs = (Certificate[]) cmsReq.getResult();
-
-        if (certs instanceof X509CertImpl[])
-            return getX509TemplateParams(cmsReq, authority, locale, e);
-        else
-            return null;
-    }
-
-    public CMSTemplateParams getX509TemplateParams(
-            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
-            throws Exception {
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams params = new CMSTemplateParams(header, fixed);
-
-        // set host name and port.
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        String host = httpReq.getServerName();
-        int port = httpReq.getServerPort();
-        String scheme = httpReq.getScheme();
-        String format = httpReq.getParameter("format");
-        if (format != null && format.equals("cmc"))
-            fixed.set("importCMC", "false");
-        String agentPort = "" + port;
-        fixed.set("agentHost", host);
-        fixed.set("agentPort", agentPort);
-        fixed.set(ICMSTemplateFiller.HOST, host);
-        fixed.set(ICMSTemplateFiller.PORT, Integer.valueOf(port));
-        fixed.set(ICMSTemplateFiller.SCHEME, scheme);
-        IRequest r = cmsReq.getIRequest();
-
-        if (r != null) {
-            fixed.set(ICMSTemplateFiller.REQUEST_ID, r.getRequestId().toString());
-        }
-
-        // set key record (if KRA enabled)
-        if (r != null) {
-            BigInteger keyRecSerialNo = r.getExtDataInBigInteger("keyRecord");
-
-            if (keyRecSerialNo != null) {
-                fixed.set(ICMSTemplateFiller.KEYREC_ID, keyRecSerialNo.toString());
-            }
-        }
-
-        // set cert type.
-        IArgBlock httpParams = cmsReq.getHttpParams();
-        String certType =
-                httpParams.getValueAsString(CERT_TYPE, null);
-
-        if (certType != null)
-            fixed.set(CERT_TYPE, certType);
-
-        // this authority
-        fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName());
-
-        // CA chain.
-        CertificateChain cachain =
-                ((ICertAuthority) authority).getCACertChain();
-        X509Certificate[] cacerts = cachain.getChain();
-
-        String replyTo = httpParams.getValueAsString("replyTo", null);
-
-        if (replyTo != null)
-            fixed.set("replyTo", replyTo);
-
-        // set user + CA cert chain and pkcs7 for MSIE.
-        X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
-        int m = 1, n = 0;
-
-        for (; n < cacerts.length; m++, n++)
-            userChain[m] = (X509CertImpl) cacerts[n];
-
-        // certs.
-        X509CertImpl[] certs = (X509CertImpl[]) cmsReq.getResult();
-
-        // expose CRMF request id
-        String crmfReqId = cmsReq.getExtData(IRequest.CRMF_REQID);
-
-        if (crmfReqId == null) {
-            crmfReqId = (String) cmsReq.getResult(
-                        IRequest.CRMF_REQID);
-        }
-        if (crmfReqId != null) {
-            fixed.set(CRMF_REQID, crmfReqId);
-        }
-
-        // set CA certs in cmmf, initialize CertRepContent
-        // note cartman can't trust ca certs yet but it'll import them.
-        // also set cert nickname for cartman.
-        CertRepContent certRepContent = null;
-
-        if (CMSServlet.doCMMFResponse(httpParams)) {
-            byte[][] caPubs = new byte[cacerts.length][];
-
-            for (int j = 0; j < cacerts.length; j++)
-                caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded();
-            certRepContent = new CertRepContent(caPubs);
-
-            String certnickname =
-                    cmsReq.getHttpParams().getValueAsString(CERT_NICKNAME, null);
-
-            // if nickname is not requested set to subject name by default.
-            if (certnickname == null)
-                fixed.set(CERT_NICKNAME, certs[0].getSubjectDN().toString());
-            else
-                fixed.set(CERT_NICKNAME, certnickname);
-        }
-
-        // make pkcs7 for MSIE
-        if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) &&
-                (certType == null || certType.equals("client"))) {
-            userChain[0] = certs[0];
-            PKCS7 p7 = new PKCS7(new AlgorithmId[0],
-                    new ContentInfo(new byte[0]),
-                    userChain,
-                    new SignerInfo[0]);
-            ByteArrayOutputStream bos = new ByteArrayOutputStream();
-
-            p7.encodeSignedData(bos);
-            byte[] p7Bytes = bos.toByteArray();
-            //		String p7Str = encoder.encodeBuffer(p7Bytes);
-            String p7Str = CMS.BtoA(p7Bytes);
-
-            header.set(PKCS7_RESP, p7Str);
-        }
-
-        // set base 64, pretty print and cmmf response for each issued cert.
-        for (int i = 0; i < certs.length; i++) {
-            IArgBlock repeat = CMS.createArgBlock();
-            X509CertImpl cert = certs[i];
-
-            // set serial number.
-            BigInteger serialNo =
-                    ((X509Certificate) cert).getSerialNumber();
-
-            repeat.addBigIntegerValue(ISSUED_CERT_SERIAL, serialNo, 16);
-
-            // set base64 encoded blob.
-            byte[] certEncoded = cert.getEncoded();
-            //			String b64 = encoder.encodeBuffer(certEncoded);
-            String b64 = CMS.BtoA(certEncoded);
-            String b64cert = "-----BEGIN CERTIFICATE-----\n" +
-                    b64 + "\n-----END CERTIFICATE-----";
-
-            repeat.set(BASE64_CERT, b64cert);
-
-            // set cert pretty print.
-
-            String prettyPrintRequested =
-                    cmsReq.getHttpParams().getValueAsString(CERT_PRETTYPRINT, null);
-
-            if (prettyPrintRequested == null) {
-                prettyPrintRequested = "true";
-            }
-            String ppStr = "";
-
-            if (!prettyPrintRequested.equals("false")) {
-                ICertPrettyPrint pp = CMS.getCertPrettyPrint(cert);
-
-                ppStr = pp.toString(locale);
-            }
-            repeat.set(CERT_PRETTYPRINT, ppStr);
-
-            // Now formulate a PKCS#7 blob
-            X509CertImpl[] certsInChain = new X509CertImpl[1];
-            ;
-            if (cacerts != null) {
-                for (int j = 0; j < cacerts.length; j++) {
-                    if (cert.equals(cacerts[j])) {
-                        certsInChain = new
-                                X509CertImpl[cacerts.length];
-                        break;
-                    }
-                    certsInChain = new X509CertImpl[cacerts.length + 1];
-                }
-            }
-
-            // Set the EE cert
-            certsInChain[0] = cert;
-
-            // Set the Ca certificate chain
-            if (cacerts != null) {
-                for (int j = 0; j < cacerts.length; j++) {
-                    if (!cert.equals(cacerts[j]))
-                        certsInChain[j + 1] = (X509CertImpl) cacerts[j];
-                }
-            }
-            // Wrap the chain into a degenerate P7 object
-            String p7Str;
-
-            try {
-                PKCS7 p7 = new PKCS7(new AlgorithmId[0],
-                        new ContentInfo(new byte[0]),
-                        certsInChain,
-                        new SignerInfo[0]);
-                ByteArrayOutputStream bos = new ByteArrayOutputStream();
-
-                p7.encodeSignedData(bos);
-                byte[] p7Bytes = bos.toByteArray();
-
-                //p7Str = encoder.encodeBuffer(p7Bytes);
-                p7Str = CMS.BtoA(p7Bytes);
-                repeat.addStringValue("pkcs7ChainBase64", p7Str);
-            } catch (Exception ex) {
-                //p7Str = "PKCS#7 B64 Encoding error - " + ex.toString()
-                //+ "; Please contact your administrator";
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
-            }
-
-            // set cert fingerprint (for Cisco routers)
-            String fingerprint = null;
-
-            try {
-                fingerprint = CMS.getFingerPrints(cert);
-            } catch (CertificateEncodingException ex) {
-                // should never happen
-                throw new EBaseException(
-                        CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", ex.toString()));
-            } catch (NoSuchAlgorithmException ex) {
-                // should never happen
-                throw new EBaseException(
-                        CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", ex.toString()));
-            }
-            if (fingerprint != null && fingerprint.length() > 0)
-                repeat.set(CERT_FINGERPRINT, fingerprint);
-
-            // cmmf response for this cert.
-            if (CMSServlet.doCMMFResponse(httpParams) && crmfReqId != null &&
-                    (certType == null || certType.equals("client"))) {
-                PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted);
-                CertifiedKeyPair certifiedKP =
-                        new CertifiedKeyPair(new CertOrEncCert(certEncoded));
-                CertResponse resp =
-                        new CertResponse(new INTEGER(crmfReqId), status,
-                                certifiedKP);
-
-                certRepContent.addCertResponse(resp);
-            }
-
-            params.addRepeatRecord(repeat);
-        }
-
-        // if cartman set whole cmmf response (CertRepContent) string.
-        if (CMSServlet.doCMMFResponse(httpParams)) {
-            ByteArrayOutputStream certRepOut = new ByteArrayOutputStream();
-
-            certRepContent.encode(certRepOut);
-            byte[] certRepBytes = certRepOut.toByteArray();
-            String certRepB64 = Utils.base64encode(certRepBytes);
-            // add CR to each return as required by cartman
-            BufferedReader certRepB64lines =
-                    new BufferedReader(new StringReader(certRepB64));
-            StringWriter certRepStringOut = new StringWriter();
-            String oneLine = null;
-            boolean first = true;
-
-            while ((oneLine = certRepB64lines.readLine()) != null) {
-                if (first) {
-                    //certRepStringOut.write("\""+oneLine+"\"");
-                    certRepStringOut.write(oneLine);
-                    first = false;
-                } else {
-                    //certRepStringOut.write("+\"\\n"+oneLine+"\"");
-                    certRepStringOut.write("\n" + oneLine);
-                }
-            }
-            String certRepString = certRepStringOut.toString();
-
-            fixed.set(CMMF_RESP, certRepString);
-        }
-
-        return params;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java b/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java
deleted file mode 100644
index 185e1fa8e..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java
+++ /dev/null
@@ -1,673 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.PublicKey;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.provider.RSAPublicKey;
-import netscape.security.x509.CRLExtensions;
-import netscape.security.x509.CRLReasonExtension;
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.Extension;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509Key;
-
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertRecordList;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.dbs.certdb.IRevocationInfo;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Retrieve a paged list of certs matching the specified query
- *
- * @version $Revision$, $Date$
- */
-public class ListCerts extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -3568155814023099576L;
-    private final static String TPL_FILE = "queryCert.template";
-    private final static BigInteger MINUS_ONE = new BigInteger("-1");
-
-    private final static String USE_CLIENT_FILTER = "useClientFilter";
-    private final static String ALLOWED_CLIENT_FILTERS = "allowedClientFilters";
-
-    private ICertificateRepository mCertDB = null;
-    private X500Name mAuthName = null;
-    private String mFormPath = null;
-    private boolean mReverse = false;
-    private boolean mHardJumpTo = false; //jump to the end
-    private String mDirection = null;
-    private boolean mUseClientFilter = false;
-    private Vector<String> mAllowedClientFilters = new Vector<String>();
-    private int mMaxReturns = 2000;
-
-    /**
-     * Constructs query key servlet.
-     */
-    public ListCerts() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * "queryCert.template" to render the response
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        // override success to render own template.
-        mTemplates.remove(ICMSRequest.SUCCESS);
-
-        if (mAuthority instanceof ICertificateAuthority) {
-            ICertificateAuthority ca = (ICertificateAuthority) mAuthority;
-
-            mCertDB = ca.getCertificateRepository();
-            mAuthName = ca.getX500Name();
-        }
-
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-
-        try {
-            mMaxReturns = Integer.parseInt(sc.getInitParameter("maxResults"));
-        } catch (Exception e) {
-            /* do nothing, just use the default if integer parsing failed */
-        }
-
-        /* useClientFilter should be off by default. We keep
-           this parameter around so that we do not break
-           the client applications that submits raw LDAP
-           filter into this servlet.  */
-        if (sc.getInitParameter(USE_CLIENT_FILTER) != null &&
-                sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase("true")) {
-            mUseClientFilter = true;
-        }
-        if (sc.getInitParameter(ALLOWED_CLIENT_FILTERS) == null
-                || sc.getInitParameter(ALLOWED_CLIENT_FILTERS).equals("")) {
-            mAllowedClientFilters.addElement("(certStatus=*)");
-            mAllowedClientFilters.addElement("(certStatus=VALID)");
-            mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))");
-            mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=REVOKED))");
-        } else {
-            StringTokenizer st = new StringTokenizer(sc.getInitParameter(ALLOWED_CLIENT_FILTERS), ",");
-            while (st.hasMoreTokens()) {
-                mAllowedClientFilters.addElement(st.nextToken());
-            }
-        }
-    }
-
-    public String buildFilter(HttpServletRequest req) {
-        String queryCertFilter = req.getParameter("queryCertFilter");
-
-        com.netscape.certsrv.apps.CMS.debug("client queryCertFilter=" + queryCertFilter);
-
-        if (mUseClientFilter) {
-            com.netscape.certsrv.apps.CMS.debug("useClientFilter=true");
-            Enumeration<String> filters = mAllowedClientFilters.elements();
-            // check to see if the filter is allowed
-            while (filters.hasMoreElements()) {
-                String filter = filters.nextElement();
-                com.netscape.certsrv.apps.CMS.debug("Comparing filter="
-                        + filter + " queryCertFilter=" + queryCertFilter);
-                if (filter.equals(queryCertFilter)) {
-                    return queryCertFilter;
-                }
-            }
-            com.netscape.certsrv.apps.CMS.debug("Requested filter '"
-                    + queryCertFilter + "' is not allowed. Please check the " + ALLOWED_CLIENT_FILTERS + "parameter");
-            return null;
-        } else {
-            com.netscape.certsrv.apps.CMS.debug("useClientFilter=false");
-        }
-
-        boolean skipRevoked = false;
-        boolean skipNonValid = false;
-        if (req.getParameter("skipRevoked") != null &&
-                req.getParameter("skipRevoked").equals("on")) {
-            skipRevoked = true;
-        }
-        if (req.getParameter("skipNonValid") != null &&
-                req.getParameter("skipNonValid").equals("on")) {
-            skipNonValid = true;
-        }
-
-        if (!skipRevoked && !skipNonValid) {
-            queryCertFilter = "(certStatus=*)";
-        } else if (skipRevoked && skipNonValid) {
-            queryCertFilter = "(certStatus=VALID)";
-        } else if (skipRevoked) {
-            queryCertFilter = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))";
-        } else if (skipNonValid) {
-            queryCertFilter = "(|(certStatus=VALID)(certStatus=REVOKED))";
-        }
-        return queryCertFilter;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param maxCount Number of certificates to show
-     * <li>http.param queryFilter and ldap style filter specifying the certificates to show
-     * <li>http.param querySentinelDown the serial number of the first certificate to show (default decimal, or hex if
-     * prefixed with 0x) when paging down
-     * <li>http.param querySentinelUp the serial number of the first certificate to show (default decimal, or hex if
-     * prefixed with 0x) when paging up
-     * <li>http.param direction "up", "down", "begin", or "end"
-     * </ul>
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "list");
-        } catch (Exception e) {
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        String revokeAll = null;
-        EBaseException error = null;
-
-        int maxCount = -1;
-        BigInteger sentinel = new BigInteger("0");
-
-        IArgBlock header = com.netscape.certsrv.apps.CMS.createArgBlock();
-        IArgBlock ctx = com.netscape.certsrv.apps.CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        mHardJumpTo = false;
-        try {
-
-            if (req.getParameter("direction") != null) {
-                mDirection = req.getParameter("direction").trim();
-                mReverse = mDirection.equals("up");
-                if (mReverse)
-                    com.netscape.certsrv.apps.CMS.debug("reverse is true");
-                else
-                    com.netscape.certsrv.apps.CMS.debug("reverse is false");
-
-            }
-
-            if (req.getParameter("maxCount") != null) {
-                maxCount = Integer.parseInt(req.getParameter("maxCount"));
-            }
-            if (maxCount == -1 || maxCount > mMaxReturns) {
-                com.netscape.certsrv.apps.CMS.debug("Resetting page size from " + maxCount + " to " + mMaxReturns);
-                maxCount = mMaxReturns;
-            }
-
-            String sentinelStr = "";
-            if (mReverse) {
-                sentinelStr = req.getParameter("querySentinelUp");
-            } else if (mDirection.equals("end")) {
-                // this servlet will figure out the end
-                sentinelStr = "0";
-                mReverse = true;
-                mHardJumpTo = true;
-            } else if (mDirection.equals("down")) {
-                sentinelStr = req.getParameter("querySentinelDown");
-            } else
-                sentinelStr = "0";
-            //begin and non-specified have sentinel default "0"
-
-            if (sentinelStr != null) {
-                if (sentinelStr.trim().startsWith("0x")) {
-                    sentinel = new BigInteger(sentinelStr.trim().substring(2), 16);
-                } else {
-                    sentinel = new BigInteger(sentinelStr, 10);
-                }
-            }
-
-            revokeAll = req.getParameter("revokeAll");
-
-            if (mAuthority instanceof ICertificateAuthority) {
-                X509CertImpl caCert = ((ICertificateAuthority) mAuthority).getSigningUnit().getCertImpl();
-
-                //if (isCertFromCA(caCert))
-                header.addStringValue("caSerialNumber",
-                        caCert.getSerialNumber().toString(16));
-            }
-
-            // constructs the ldap filter on the server side
-            String queryCertFilter = buildFilter(req);
-
-            if (queryCertFilter == null) {
-                cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-                return;
-            }
-
-            com.netscape.certsrv.apps.CMS.debug("queryCertFilter=" + queryCertFilter);
-
-            int totalRecordCount = -1;
-
-            try {
-                totalRecordCount = Integer.parseInt(req.getParameter("totalRecordCount"));
-            } catch (Exception e) {
-            }
-            processCertFilter(argSet, header, maxCount,
-                    sentinel,
-                    totalRecordCount,
-                    req.getParameter("serialTo"),
-                    queryCertFilter,
-                    req, resp, revokeAll, locale[0]);
-        } catch (NumberFormatException e) {
-            log(ILogger.LL_FAILURE, com.netscape.certsrv.apps.CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
-
-            error =
-                    new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage(getLocale(req),
-                            "CMS_BASE_INVALID_NUMBER_FORMAT"));
-        } catch (EBaseException e) {
-            error = e;
-        }
-
-        ctx.addIntegerValue("maxCount", maxCount);
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            if (error == null) {
-                String xmlOutput = req.getParameter("xml");
-                if (xmlOutput != null && xmlOutput.equals("true")) {
-                    outputXML(resp, argSet);
-                } else {
-                    cmsReq.setStatus(ICMSRequest.SUCCESS);
-                    resp.setContentType("text/html");
-                    form.renderOutput(out, argSet);
-                }
-            } else {
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                cmsReq.setError(error);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-    }
-
-    private void processCertFilter(CMSTemplateParams argSet,
-            IArgBlock header,
-            int maxCount,
-            BigInteger sentinel,
-            int totalRecordCount,
-            String serialTo,
-            String filter,
-            HttpServletRequest req,
-            HttpServletResponse resp,
-            String revokeAll,
-            Locale locale
-            ) throws EBaseException {
-        BigInteger serialToVal = MINUS_ONE;
-
-        try {
-            if (serialTo != null) {
-                serialTo = serialTo.trim();
-                if (serialTo.startsWith("0x")) {
-                    serialToVal = new BigInteger
-                            (serialTo.substring(2), 16);
-                    serialTo = serialToVal.toString();
-                } else {
-                    serialToVal = new BigInteger(serialTo);
-                }
-            }
-        } catch (Exception e) {
-        }
-
-        String jumpTo = sentinel.toString();
-        int pSize = 0;
-        if (mReverse) {
-            if (!mHardJumpTo) //reverse gets one more
-                pSize = -1 * maxCount - 1;
-            else
-                pSize = -1 * maxCount;
-        } else
-            pSize = maxCount;
-
-        ICertRecordList list = mCertDB.findCertRecordsInList(
-                filter, (String[]) null, jumpTo, mHardJumpTo, "serialno",
-                pSize);
-        // retrive maxCount + 1 entries
-
-        Enumeration<ICertRecord> e = list.getCertRecords(0, maxCount);
-
-        ICertRecordList tolist = null;
-        int toCurIndex = 0;
-
-        if (!serialToVal.equals(MINUS_ONE)) {
-            // if user specify a range, we need to
-            // calculate the totalRecordCount
-            tolist = mCertDB.findCertRecordsInList(
-                        filter,
-                        (String[]) null, serialTo,
-                        "serialno", maxCount);
-            Enumeration<ICertRecord> en = tolist.getCertRecords(0, 0);
-
-            if (en == null || (!en.hasMoreElements())) {
-                toCurIndex = list.getSize() - 1;
-            } else {
-                toCurIndex = tolist.getCurrentIndex();
-                ICertRecord rx = en.nextElement();
-                BigInteger curToSerial = rx.getSerialNumber();
-
-                if (curToSerial.compareTo(serialToVal) == -1) {
-                    toCurIndex = list.getSize() - 1;
-                } else {
-                    if (!rx.getSerialNumber().toString().equals(serialTo.trim())) {
-                        toCurIndex = toCurIndex - 1;
-                    }
-                }
-            }
-        }
-
-        int curIndex = list.getCurrentIndex();
-
-        int count = 0;
-        BigInteger firstSerial = new BigInteger("0");
-        BigInteger curSerial = new BigInteger("0");
-        ICertRecord[] recs = new ICertRecord[maxCount];
-        int rcount = 0;
-
-        if (e != null) {
-            /* in reverse (page up), because the sentinel is the one after the
-             * last item to be displayed, we need to skip it
-             */
-            while ((count < ((mReverse && !mHardJumpTo) ? (maxCount + 1) : maxCount)) && e.hasMoreElements()) {
-                ICertRecord rec = e.nextElement();
-
-                if (rec == null) {
-                    com.netscape.certsrv.apps.CMS.debug("record " + count + " is null");
-                    break;
-                }
-                curSerial = rec.getSerialNumber();
-                com.netscape.certsrv.apps.CMS.debug("record " + count + " is serial#" + curSerial);
-
-                if (count == 0) {
-                    firstSerial = curSerial;
-                    if (mReverse && !mHardJumpTo) {//reverse got one more, skip
-                        count++;
-                        continue;
-                    }
-                }
-
-                // DS has a problem where last record will be returned
-                // even though the filter is not matched.
-                /*cfu -  is this necessary?  it breaks when paging up
-                if (curSerial.compareTo(sentinel) == -1) {
-                	com.netscape.certsrv.apps.CMS.debug("curSerial compare sentinel -1 break...");
-
-                	break;
-                    }
-                */
-                if (!serialToVal.equals(MINUS_ONE)) {
-                    // check if we go over the limit
-                    if (curSerial.compareTo(serialToVal) == 1) {
-                        com.netscape.certsrv.apps.CMS.debug("curSerial compare serialToVal 1 breaking...");
-                        break;
-                    }
-                }
-
-                if (mReverse) {
-                    recs[rcount++] = rec;
-                } else {
-
-                    IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock();
-
-                    fillRecordIntoArg(rec, rarg);
-                    argSet.addRepeatRecord(rarg);
-                }
-                count++;
-            }
-        } else {
-            com.netscape.certsrv.apps.CMS.debug(
-                    "ListCerts::processCertFilter() - no Cert Records found!");
-            return;
-        }
-
-        if (mReverse) {
-            // fill records into arg block and argSet
-            for (int ii = rcount - 1; ii >= 0; ii--) {
-                if (recs[ii] != null) {
-                    IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock();
-                    //com.netscape.certsrv.apps.CMS.debug("item "+ii+" is serial # "+ recs[ii].getSerialNumber());
-                    fillRecordIntoArg(recs[ii], rarg);
-                    argSet.addRepeatRecord(rarg);
-                }
-            }
-        }
-
-        // peek ahead
-        ICertRecord nextRec = null;
-
-        if (e.hasMoreElements()) {
-            nextRec = e.nextElement();
-        }
-
-        header.addStringValue("op", req.getParameter("op"));
-        if (revokeAll != null)
-            header.addStringValue("revokeAll", revokeAll);
-        if (mAuthName != null)
-            header.addStringValue("issuerName", mAuthName.toString());
-        if (!serialToVal.equals(MINUS_ONE))
-            header.addStringValue("serialTo", serialToVal.toString());
-        header.addStringValue("serviceURL", req.getRequestURI());
-        header.addStringValue("queryCertFilter", filter);
-        header.addStringValue("templateName", "queryCert");
-        header.addStringValue("queryFilter", filter);
-        header.addIntegerValue("maxCount", maxCount);
-        if (totalRecordCount == -1) {
-            if (!serialToVal.equals(MINUS_ONE)) {
-                totalRecordCount = toCurIndex - curIndex + 1;
-                com.netscape.certsrv.apps.CMS.debug("totalRecordCount=" + totalRecordCount);
-            } else {
-                totalRecordCount = list.getSize() -
-                        list.getCurrentIndex();
-                com.netscape.certsrv.apps.CMS.debug("totalRecordCount=" + totalRecordCount);
-            }
-        }
-
-        header.addIntegerValue("totalRecordCount", totalRecordCount);
-        header.addIntegerValue("currentRecordCount", list.getSize() -
-                list.getCurrentIndex());
-
-        String qs = "";
-        if (mReverse)
-            qs = "querySentinelUp";
-        else
-            qs = "querySentinelDown";
-
-        if (mHardJumpTo) {
-            com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:" + curSerial.toString());
-
-            header.addStringValue("querySentinelUp", curSerial.toString());
-        } else {
-            if (nextRec == null) {
-                header.addStringValue(qs, null);
-                com.netscape.certsrv.apps.CMS.debug("nextRec is null");
-                if (mReverse) {
-                    com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:" + curSerial.toString());
-
-                    header.addStringValue("querySentinelUp", curSerial.toString());
-                }
-            } else {
-                BigInteger nextRecNo = nextRec.getSerialNumber();
-
-                if (serialToVal.equals(MINUS_ONE)) {
-                    header.addStringValue(
-                            qs, nextRecNo.toString());
-                } else {
-                    if (nextRecNo.compareTo(serialToVal) <= 0) {
-                        header.addStringValue(
-                                qs, nextRecNo.toString());
-                    } else {
-                        header.addStringValue(qs,
-                                null);
-                    }
-                }
-                com.netscape.certsrv.apps.CMS.debug("querySentinel " + qs + " = " + nextRecNo.toString());
-            }
-        } // !mHardJumpto
-
-        header.addStringValue(!mReverse ? "querySentinelUp" : "querySentinelDown",
-                  firstSerial.toString());
-
-    }
-
-    /**
-     * Fills cert record into argument block.
-     */
-    private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg)
-            throws EBaseException {
-
-        X509CertImpl xcert = rec.getCertificate();
-
-        if (xcert != null) {
-            fillX509RecordIntoArg(rec, rarg);
-        }
-    }
-
-    private void fillX509RecordIntoArg(ICertRecord rec, IArgBlock rarg)
-            throws EBaseException {
-
-        X509CertImpl cert = rec.getCertificate();
-
-        rarg.addIntegerValue("version", cert.getVersion());
-        rarg.addStringValue("serialNumber", cert.getSerialNumber().toString(16));
-        rarg.addStringValue("serialNumberDecimal", cert.getSerialNumber().toString());
-
-        if (cert.getSubjectDN().toString().equals("")) {
-            rarg.addStringValue("subject", " ");
-        } else
-            rarg.addStringValue("subject", cert.getSubjectDN().toString());
-
-        rarg.addStringValue("type", "X.509");
-
-        try {
-            PublicKey pKey = cert.getPublicKey();
-            X509Key key = null;
-
-            if (pKey instanceof CertificateX509Key) {
-                CertificateX509Key certKey = (CertificateX509Key) pKey;
-
-                key = (X509Key) certKey.get(CertificateX509Key.KEY);
-            }
-            if (pKey instanceof X509Key) {
-                key = (X509Key) pKey;
-            }
-            rarg.addStringValue("subjectPublicKeyAlgorithm", key.getAlgorithmId().getOID().toString());
-            if (key.getAlgorithmId().toString().equalsIgnoreCase("RSA")) {
-                RSAPublicKey rsaKey = new RSAPublicKey(key.getEncoded());
-
-                rarg.addIntegerValue("subjectPublicKeyLength", rsaKey.getKeySize());
-            }
-        } catch (Exception e) {
-            rarg.addStringValue("subjectPublicKeyAlgorithm", null);
-            rarg.addIntegerValue("subjectPublicKeyLength", 0);
-        }
-
-        rarg.addLongValue("validNotBefore", cert.getNotBefore().getTime() / 1000);
-        rarg.addLongValue("validNotAfter", cert.getNotAfter().getTime() / 1000);
-        rarg.addStringValue("signatureAlgorithm", cert.getSigAlgOID());
-        String issuedBy = rec.getIssuedBy();
-
-        if (issuedBy == null)
-            issuedBy = "";
-        rarg.addStringValue("issuedBy", issuedBy); // cert.getIssuerDN().toString()
-        rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000);
-
-        rarg.addStringValue("revokedBy",
-                ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy()));
-        if (rec.getRevokedOn() == null) {
-            rarg.addStringValue("revokedOn", null);
-        } else {
-            rarg.addLongValue("revokedOn", rec.getRevokedOn().getTime() / 1000);
-
-            IRevocationInfo revocationInfo = rec.getRevocationInfo();
-
-            if (revocationInfo != null) {
-                CRLExtensions crlExts = revocationInfo.getCRLEntryExtensions();
-
-                if (crlExts != null) {
-                    Enumeration<Extension> enum1 = crlExts.getElements();
-                    int reason = 0;
-
-                    while (enum1.hasMoreElements()) {
-                        Extension ext = enum1.nextElement();
-
-                        if (ext instanceof CRLReasonExtension) {
-                            reason = ((CRLReasonExtension) ext).getReason().toInt();
-                            break;
-                        }
-                    }
-                    rarg.addIntegerValue("revocationReason", reason);
-                }
-            }
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/Monitor.java b/base/common/src/com/netscape/cms/servlet/cert/Monitor.java
deleted file mode 100644
index 305620580..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/Monitor.java
+++ /dev/null
@@ -1,405 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.util.Calendar;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.X500Name;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.request.IRequestList;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.IRequestRecord;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Provide statistical queries of request and certificate records.
- *
- * @version $Revision$, $Date$
- */
-public class Monitor extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -8492837942132357692L;
-    private final static String TPL_FILE = "monitor.template";
-
-    private ICertificateRepository mCertDB = null;
-    private IRequestQueue mQueue = null;
-    private X500Name mAuthName = null;
-    private String mFormPath = null;
-
-    private int mTotalCerts = 0;
-    private int mTotalReqs = 0;
-
-    /**
-     * Constructs query servlet.
-     */
-    public Monitor() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * 'monitor.template' to render the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        // override success to render own template.
-        mTemplates.remove(ICMSRequest.SUCCESS);
-
-        if (mAuthority instanceof ICertificateAuthority) {
-            ICertificateAuthority ca = (ICertificateAuthority) mAuthority;
-
-            mCertDB = ca.getCertificateRepository();
-            mAuthName = ca.getX500Name();
-        }
-        mQueue = mAuthority.getRequestQueue();
-
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param startTime start of time period to query
-     * <li>http.param endTime end of time period to query
-     * <li>http.param interval time between queries
-     * <li>http.param numberOfIntervals number of queries to run
-     * <li>http.param maxResults =number
-     * <li>http.param timeLimit =time
-     * </ul>
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "read");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        String startTime = null;
-        String endTime = null;
-        String interval = null;
-        String numberOfIntervals = null;
-
-        EBaseException error = null;
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock ctx = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        try {
-            startTime = req.getParameter("startTime");
-            endTime = req.getParameter("endTime");
-            interval = req.getParameter("interval");
-            numberOfIntervals = req.getParameter("numberOfIntervals");
-
-            process(argSet, header, startTime, endTime, interval, numberOfIntervals, locale[0]);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_PROCESSING_REQ", e.toString()));
-            error = e;
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            if (error == null) {
-                String xmlOutput = req.getParameter("xml");
-                if (xmlOutput != null && xmlOutput.equals("true")) {
-                    outputXML(resp, argSet);
-                } else {
-                    resp.setContentType("text/html");
-                    form.renderOutput(out, argSet);
-                    cmsReq.setStatus(ICMSRequest.SUCCESS);
-                }
-            } else {
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                cmsReq.setError(error);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
-                            e.toString()));
-            throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-    }
-
-    private void process(CMSTemplateParams argSet, IArgBlock header,
-            String startTime, String endTime,
-            String interval, String numberOfIntervals,
-            Locale locale)
-            throws EBaseException {
-        if (interval == null || interval.length() == 0) {
-            header.addStringValue("error", "Invalid interval: " + interval);
-            return;
-        }
-        if (numberOfIntervals == null || numberOfIntervals.length() == 0) {
-            header.addStringValue("error", "Invalid number of intervals: " + numberOfIntervals);
-            return;
-        }
-
-        Date startDate = StringToDate(startTime);
-
-        if (startDate == null) {
-            header.addStringValue("error", "Invalid start time: " + startTime);
-            return;
-        }
-
-        int iInterval = 0;
-
-        try {
-            iInterval = Integer.parseInt(interval);
-        } catch (NumberFormatException nfe) {
-            header.addStringValue("error", "Invalid interval: " + interval);
-            return;
-        }
-
-        int iNumberOfIntervals = 0;
-
-        try {
-            iNumberOfIntervals = Integer.parseInt(numberOfIntervals);
-        } catch (NumberFormatException nfe) {
-            header.addStringValue("error", "Invalid number of intervals: " + numberOfIntervals);
-            return;
-        }
-
-        header.addStringValue("startDate", startDate.toString());
-        header.addStringValue("startTime", startTime);
-        header.addIntegerValue("interval", iInterval);
-        header.addIntegerValue("numberOfIntervals", iNumberOfIntervals);
-
-        mTotalCerts = 0;
-        mTotalReqs = 0;
-
-        Date d1 = startDate;
-
-        for (int i = 0; i < iNumberOfIntervals; i++) {
-            Date d2 = nextDate(d1, iInterval - 1);
-            IArgBlock rarg = CMS.createArgBlock();
-            String e = getIntervalInfo(rarg, d1, d2);
-
-            if (e != null) {
-                header.addStringValue("error", e);
-                return;
-            }
-            argSet.addRepeatRecord(rarg);
-            d1 = nextDate(d2, 1);
-        }
-
-        header.addIntegerValue("totalNumberOfCertificates", mTotalCerts);
-        header.addIntegerValue("totalNumberOfRequests", mTotalReqs);
-
-        if (mAuthName != null)
-            header.addStringValue("issuerName", mAuthName.toString());
-
-        return;
-    }
-
-    Date nextDate(Date d, int seconds) {
-        return new Date(d.getTime() + seconds * 1000);
-    }
-
-    String getIntervalInfo(IArgBlock arg, Date startDate, Date endDate) {
-        if (startDate != null && endDate != null) {
-            String startTime = DateToZString(startDate);
-            String endTime = DateToZString(endDate);
-            String filter = null;
-
-            arg.addStringValue("startTime", startTime);
-            arg.addStringValue("endTime", endTime);
-
-            try {
-                if (mCertDB != null) {
-                    filter = Filter(ICertRecord.ATTR_CREATE_TIME, startTime, endTime);
-
-                    Enumeration<Object> e = mCertDB.findCertRecs(filter);
-
-                    int count = 0;
-
-                    while (e != null && e.hasMoreElements()) {
-                        ICertRecord rec = (ICertRecord) e.nextElement();
-
-                        if (rec != null) {
-                            count++;
-                        }
-                    }
-                    arg.addIntegerValue("numberOfCertificates", count);
-                    mTotalCerts += count;
-                }
-
-                if (mQueue != null) {
-                    filter = Filter(IRequestRecord.ATTR_CREATE_TIME, startTime, endTime);
-
-                    IRequestList reqList = mQueue.listRequestsByFilter(filter);
-
-                    int count = 0;
-
-                    while (reqList != null && reqList.hasMoreElements()) {
-                        IRequestRecord rec = (IRequestRecord) reqList.nextRequest();
-
-                        if (rec != null) {
-                            if (count == 0) {
-                                arg.addStringValue("firstRequest", rec.getRequestId().toString());
-                            }
-                            count++;
-                        }
-                    }
-                    arg.addIntegerValue("numberOfRequests", count);
-                    mTotalReqs += count;
-                }
-            } catch (Exception ex) {
-                return "Exception: " + ex;
-            }
-
-            return null;
-        } else {
-            return "Missing start or end date";
-        }
-    }
-
-    Date StringToDate(String z) {
-        Date d = null;
-
-        if (z != null && (z.length() == 14 ||
-                z.length() == 15 && (z.charAt(14) == 'Z' || z.charAt(14) == 'z'))) {
-            // 20020516132030Z or 20020516132030
-            try {
-                int year = Integer.parseInt(z.substring(0, 4));
-                int month = Integer.parseInt(z.substring(4, 6)) - 1;
-                int date = Integer.parseInt(z.substring(6, 8));
-                int hour = Integer.parseInt(z.substring(8, 10));
-                int minute = Integer.parseInt(z.substring(10, 12));
-                int second = Integer.parseInt(z.substring(12, 14));
-                Calendar calendar = Calendar.getInstance();
-                calendar.set(year, month, date, hour, minute, second);
-                d = calendar.getTime();
-            } catch (NumberFormatException nfe) {
-            }
-        } else if (z != null && z.length() > 1 && z.charAt(0) == '-') { // -5
-            try {
-                int i = Integer.parseInt(z);
-
-                d = new Date();
-                d = nextDate(d, i);
-            } catch (NumberFormatException nfe) {
-            }
-        }
-
-        return d;
-    }
-
-    String DateToZString(Date d) {
-        Calendar calendar = Calendar.getInstance();
-        calendar.setTime(d);
-
-        String time = "" + (calendar.get(Calendar.YEAR));
-        int i = calendar.get(Calendar.MONTH) + 1;
-
-        if (i < 10)
-            time += "0";
-        time += i;
-        i = calendar.get(Calendar.DAY_OF_MONTH);
-        if (i < 10)
-            time += "0";
-        time += i;
-        i = calendar.get(Calendar.HOUR_OF_DAY);
-        if (i < 10)
-            time += "0";
-        time += i;
-        i = calendar.get(Calendar.MINUTE);
-        if (i < 10)
-            time += "0";
-        time += i;
-        i = calendar.get(Calendar.SECOND);
-        if (i < 10)
-            time += "0";
-        time += i + "Z";
-        return time;
-    }
-
-    String Filter(String name, String start, String end) {
-        String filter = "(&(" + name + ">=" + start + ")(" + name + "<=" + end + "))";
-
-        return filter;
-    }
-
-    String uriFilter(String name, String start, String end) {
-        String filter = "(%26(" + name + "%3e%3d" + start + ")(" + name + "%3c%3d" + end + "))";
-
-        return filter;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java b/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java
deleted file mode 100644
index c65c482b1..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java
+++ /dev/null
@@ -1,298 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Map;
-import java.util.Random;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.X509CertImpl;
-
-import org.apache.commons.lang.StringUtils;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Specify the RevocationReason when revoking a certificate
- *
- * @version $Revision$, $Date$
- */
-public class ReasonToRevoke extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -8447580860330758660L;
-    private final static String TPL_FILE = "reasonToRevoke.template";
-    private final static String INFO = "ReasonToRevoke";
-
-    private ICertificateRepository mCertDB = null;
-    private String mFormPath = null;
-    private ICertificateAuthority mCA = null;
-    private Random mRandom = null;
-    private int mTimeLimits = 30; /* in seconds */
-
-    public ReasonToRevoke() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * 'reasonToRevoke.template' to render the response
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-        if (mAuthority instanceof ICertificateAuthority) {
-            mCA = (ICertificateAuthority) mAuthority;
-            mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository();
-        }
-
-        if (mCA != null && mCA.noncesEnabled()) {
-            mRandom = new Random();
-        }
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-
-        /* Server-Side time limit */
-        try {
-            mTimeLimits = Integer.parseInt(sc.getInitParameter("timeLimits"));
-        } catch (Exception e) {
-            /* do nothing, just use the default if integer parsing failed */
-        }
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Process the HTTP request.
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "revoke");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        String revokeAll = null;
-        int totalRecordCount = 1;
-        EBaseException error = null;
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock ctx = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-
-        try {
-            if (req.getParameter("totalRecordCount") != null) {
-                totalRecordCount =
-                        Integer.parseInt(req.getParameter("totalRecordCount"));
-            }
-
-            revokeAll = req.getParameter("revokeAll");
-
-            process(argSet, header, req, resp,
-                    revokeAll, totalRecordCount, locale[0]);
-        } catch (EBaseException e) {
-            error = e;
-        } catch (NumberFormatException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_RECORD_COUNT_FORMAT"));
-            error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
-        }
-
-        /*
-         catch (Exception e) {
-         noError = false;
-         header.addStringValue(OUT_ERROR,
-         MessageFormatter.getLocalizedString(
-         errorlocale[0],
-         BaseResources.class.getName(),
-         BaseResources.INTERNAL_ERROR_1,
-         e.toString()));
-         }
-         */
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            if (error == null) {
-                String xmlOutput = req.getParameter("xml");
-                if (xmlOutput != null && xmlOutput.equals("true")) {
-                    outputXML(resp, argSet);
-                } else {
-                    resp.setContentType("text/html");
-                    form.renderOutput(out, argSet);
-                    cmsReq.setStatus(ICMSRequest.SUCCESS);
-                }
-            } else {
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                cmsReq.setError(error);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-    }
-
-    private void process(CMSTemplateParams argSet, IArgBlock header,
-            HttpServletRequest req,
-            HttpServletResponse resp,
-            String revokeAll, int totalRecordCount,
-            Locale locale)
-            throws EBaseException {
-
-        header.addStringValue("revokeAll", revokeAll);
-        header.addIntegerValue("totalRecordCount", totalRecordCount);
-
-        try {
-            if (mCA != null) {
-                X509CertImpl caCert = mCA.getSigningUnit().getCertImpl();
-
-                if (isCertFromCA(caCert)) {
-                    header.addStringValue("caSerialNumber",
-                            caCert.getSerialNumber().toString(16));
-                }
-            }
-
-            /**
-             * ICertRecordList list = mCertDB.findCertRecordsInList(
-             * revokeAll, null, totalRecordCount);
-             * Enumeration e = list.getCertRecords(0, totalRecordCount - 1);
-             **/
-            Enumeration<ICertRecord> e = mCertDB.searchCertificates(revokeAll,
-                    totalRecordCount, mTimeLimits);
-
-            ArrayList<String> noncesList = new ArrayList<String>();
-            int count = 0;
-
-            while (e != null && e.hasMoreElements()) {
-                ICertRecord rec = e.nextElement();
-
-                if (rec == null)
-                    continue;
-                X509CertImpl xcert = rec.getCertificate();
-
-                if (xcert != null)
-
-                    if (mCA != null && mCA.noncesEnabled()) {
-                        // generate nonce
-                        long n = mRandom.nextLong();
-                        // store nonce in session
-                        Map<Object, Long> nonces = mCA.getNonces(req, "cert-revoke");
-                        nonces.put(xcert.getSerialNumber(), n);
-                        // store serial number and nonce
-                        noncesList.add(xcert.getSerialNumber()+":"+n);
-                    }
-
-                    if (!(rec.getStatus().equals(ICertRecord.STATUS_REVOKED))) {
-                        count++;
-                        IArgBlock rarg = CMS.createArgBlock();
-
-                        rarg.addStringValue("serialNumber",
-                                xcert.getSerialNumber().toString(16));
-                        rarg.addStringValue("serialNumberDecimal",
-                                xcert.getSerialNumber().toString());
-                        rarg.addStringValue("subject",
-                                xcert.getSubjectDN().toString());
-                        rarg.addLongValue("validNotBefore",
-                                xcert.getNotBefore().getTime() / 1000);
-                        rarg.addLongValue("validNotAfter",
-                                xcert.getNotAfter().getTime() / 1000);
-                        argSet.addRepeatRecord(rarg);
-                    }
-            }
-
-            header.addIntegerValue("verifiedRecordCount", count);
-
-            if (mCA != null && mCA.noncesEnabled()) {
-                // return serial numbers and nonces to client
-                header.addStringValue("nonce", StringUtils.join(noncesList.toArray(), ","));
-            }
-
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, "Error " + e);
-            throw e;
-        }
-        return;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java b/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java
deleted file mode 100644
index 3f5434d9e..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java
+++ /dev/null
@@ -1,624 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.util.Calendar;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthMgrPlugin;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Allow agent to turn on/off authentication managers
- *
- * @version $Revision$, $Date$
- */
-public class RemoteAuthConfig extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -5803015919915253940L;
-    private final static String TPL_FILE = "remoteAuthConfig.template";
-    private final static String ENABLE_REMOTE_CONFIG = "enableRemoteConfiguration";
-    private final static String REMOTELY_SET_INSTANCES = "remotelySetInstances";
-    private final static String MEMBER_OF = "memberOf";
-    private final static String UNIQUE_MEMBER = "uniqueMember";
-
-    private String mFormPath = null;
-    private IAuthSubsystem mAuthSubsystem = null;
-    private IConfigStore mAuthConfig = null;
-    private IConfigStore mFileConfig = null;
-    private Vector<String> mRemotelySetInstances = new Vector<String>();
-    private boolean mEnableRemoteConfiguration = false;
-
-    /**
-     * Constructs RemoteAuthConfig servlet.
-     */
-    public RemoteAuthConfig() {
-        super();
-    }
-
-    /**
-     * Initializes the servlet.
-     *
-     * Presence of "auths.enableRemoteConfiguration=true" in CMS.cfg
-     * enables remote configuration for authentication plugins.
-     * List of remotely set instances can be found in CMS.cfg
-     * at "auths.remotelySetInstances=<name1>,<name2>,...,<nameN>"
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-        mFileConfig = CMS.getConfigStore();
-        mAuthConfig = mFileConfig.getSubStore("auths");
-        try {
-            mEnableRemoteConfiguration = mAuthConfig.getBoolean(ENABLE_REMOTE_CONFIG, false);
-        } catch (EBaseException eb) {
-            // Thanks to design of getBoolean we have to catch but we will never get anything.
-        }
-
-        String remoteList = null;
-
-        try {
-            remoteList = mAuthConfig.getString(REMOTELY_SET_INSTANCES, null);
-        } catch (EBaseException eb) {
-            // Thanks to design of getString we have to catch but we will never get anything.
-        }
-        if (remoteList != null) {
-            StringTokenizer s = new StringTokenizer(remoteList, ",");
-
-            while (s.hasMoreTokens()) {
-                String token = s.nextToken();
-
-                if (token != null && token.trim().length() > 0) {
-                    mRemotelySetInstances.add(token.trim());
-                }
-            }
-        }
-
-        mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-    }
-
-    /**
-     * Serves HTTPS request. The format of this request is as follows:
-     * https://host:ee-port/remoteAuthConfig?
-     * op="add"|"delete"&
-     * instance=<instanceName>&
-     * of=<authPluginName>&
-     * host=<hostName>&
-     * port=<portNumber>&
-     * password=<password>&
-     * [adminDN=<adminDN>]&
-     * [uid=<uid>]&
-     * [baseDN=<baseDN>]
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        authenticate(cmsReq);
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock ctx = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-
-        String host = req.getParameter("host");
-        String port = req.getParameter("port");
-
-        String adminDN = req.getParameter("adminDN");
-        String uid = req.getParameter("uid");
-        String baseDN = req.getParameter("baseDN");
-        String password = req.getParameter("password");
-
-        String replyTo = req.getParameter("replyTo");
-
-        if (replyTo != null && replyTo.length() > 0) {
-            ctx.addStringValue("replyTo", replyTo);
-        }
-
-        if (mEnableRemoteConfiguration) {
-            String errMsg = null;
-
-            if (adminDN != null && adminDN.length() > 0) {
-                errMsg = authenticateRemoteAdmin(host, port, adminDN, password);
-            } else {
-                errMsg = authenticateRemoteAdmin(host, port, uid, baseDN, password);
-            }
-            if (errMsg == null || errMsg.length() == 0) {
-                if (mAuthSubsystem != null && mAuthConfig != null) {
-                    String op = req.getParameter("op");
-
-                    if (op == null || op.length() == 0) {
-                        header.addStringValue("error", "Undefined operation");
-                    } else {
-                        header.addStringValue("op", op);
-
-                        if (op.equals("delete")) {
-                            String plugin = req.getParameter("of");
-
-                            if (isPluginListed(plugin)) {
-                                String instance = req.getParameter("instance");
-
-                                if (isInstanceListed(instance)) {
-                                    errMsg = deleteInstance(instance);
-                                    if (errMsg != null && errMsg.length() > 0) {
-                                        header.addStringValue("error", errMsg);
-                                    } else {
-                                        header.addStringValue("plugin", plugin);
-                                        header.addStringValue("instance", instance);
-                                    }
-                                } else {
-                                    header.addStringValue("error", "Unknown instance " +
-                                            instance + ".");
-                                }
-                            } else {
-                                header.addStringValue("error", "Unknown plugin name: " + plugin);
-                            }
-                        } else if (op.equals("add")) {
-                            String plugin = req.getParameter("of");
-
-                            if (isPluginListed(plugin)) {
-                                String instance = req.getParameter("instance");
-
-                                if (instance == null || instance.length() == 0) {
-                                    instance = makeInstanceName();
-                                }
-                                if (isInstanceListed(instance)) {
-                                    header.addStringValue("error", "Instance name " +
-                                            instance + " is already in use.");
-                                } else {
-                                    errMsg = addInstance(instance, plugin,
-                                                host, port, baseDN,
-                                                req.getParameter("dnPattern"));
-                                    if (errMsg != null && errMsg.length() > 0) {
-                                        header.addStringValue("error", errMsg);
-                                    } else {
-                                        header.addStringValue("plugin", plugin);
-                                        header.addStringValue("instance", instance);
-                                    }
-                                }
-                            } else {
-                                header.addStringValue("error", "Unknown plugin name: " + plugin);
-                            }
-                        } else {
-                            header.addStringValue("error", "Unsupported operation: " + op);
-                        }
-                    }
-                } else {
-                    header.addStringValue("error", "Invalid configuration data.");
-                }
-            } else {
-                header.addStringValue("error", errMsg);
-            }
-        } else {
-            header.addStringValue("error", "Remote configuration is disabled.");
-        }
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            resp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-    }
-
-    private String authenticateRemoteAdmin(String host, String port,
-            String adminDN, String password) {
-        if (host == null || host.length() == 0) {
-            return "Missing host name.";
-        }
-        if (port == null || port.length() == 0 || port.trim().length() == 0) {
-            return "Missing port number.";
-        }
-        if (adminDN == null || adminDN.length() == 0) {
-            return "Missing admin DN.";
-        }
-        if (password == null || password.length() == 0) {
-            return "Missing password.";
-        }
-        int p = 0;
-
-        try {
-            p = Integer.parseInt(port.trim());
-        } catch (NumberFormatException e) {
-            return "Invalid port number: " + port + " (" + e.toString() + ")";
-        }
-
-        boolean connected = false;
-        LDAPConnection c = new LDAPConnection();
-
-        try {
-            c.connect(host, p);
-            connected = true;
-            try {
-                c.authenticate(adminDN, password);
-                LDAPEntry entry = c.read(adminDN);
-                LDAPAttribute attr = entry.getAttribute(MEMBER_OF);
-
-                if (attr != null) {
-                    @SuppressWarnings("unchecked")
-                    Enumeration<String> eVals = attr.getStringValues();
-
-                    while (eVals.hasMoreElements()) {
-                        String nextValue = eVals.nextElement();
-
-                        if (nextValue.indexOf("Administrator") > -1) {
-                            LDAPEntry groupEntry = c.read(nextValue);
-
-                            if (groupEntry != null) {
-                                LDAPAttribute gAttr = groupEntry.getAttribute(UNIQUE_MEMBER);
-
-                                if (gAttr != null) {
-                                    @SuppressWarnings("unchecked")
-                                    Enumeration<String> eValues = gAttr.getStringValues();
-
-                                    while (eValues.hasMoreElements()) {
-                                        String value = eValues.nextElement();
-
-                                        if (value.equals(entry.getDN())) {
-                                            c.disconnect();
-                                            return null;
-                                        }
-                                    }
-                                }
-                            }
-                            break;
-                        }
-                    }
-                } else {
-                    c.disconnect();
-                    return null;
-                }
-
-            } catch (LDAPException e) {
-
-                /*
-                 switch (e.getLDAPResultCode()) {
-                 case LDAPException.NO_SUCH_OBJECT:
-                 case LDAPException.INVALID_CREDENTIALS:
-                 case LDAPException.INSUFFICIENT_ACCESS_RIGHTS:
-                 case LDAPException.LDAP_PARTIAL_RESULTS:
-                 default:
-                 }
-                 */
-                c.disconnect();
-                return "LDAP error: " + e.toString();
-            }
-
-            if (connected) {
-                c.disconnect();
-            }
-        } catch (LDAPException e) {
-            return "LDAP error: " + e.toString();
-        }
-
-        return "Access unauthorized";
-    }
-
-    private String authenticateRemoteAdmin(String host, String port,
-            String uid, String baseDN,
-            String password) {
-        if (host == null || host.length() == 0) {
-            return "Missing host name.";
-        }
-        if (port == null || port.length() == 0 || port.trim().length() == 0) {
-            return "Missing port number.";
-        }
-        if (uid == null || uid.length() == 0) {
-            return "Missing UID.";
-        }
-        if (uid.indexOf('*') > -1) {
-            return "Invalid UID: " + uid;
-        }
-        if (password == null || password.length() == 0) {
-            return "Missing password.";
-        }
-        int p = 0;
-
-        try {
-            p = Integer.parseInt(port.trim());
-        } catch (NumberFormatException e) {
-            return "Invalid port number: " + port + " (" + e.toString() + ")";
-        }
-        if (baseDN == null || baseDN.length() == 0) {
-            return "Missing base DN.";
-        }
-
-        boolean connected = false;
-        LDAPConnection c = new LDAPConnection();
-
-        try {
-            c.connect(host, p);
-            connected = true;
-            boolean memberOf = false;
-            LDAPSearchResults results = c.search(baseDN, LDAPv2.SCOPE_SUB,
-                    "(uid=" + uid + ")",
-                    null, false);
-
-            while (results.hasMoreElements()) {
-                LDAPEntry entry = null;
-
-                try {
-                    entry = results.next();
-                    c.authenticate(entry.getDN(), password);
-                    LDAPAttribute attr = entry.getAttribute(MEMBER_OF);
-
-                    if (attr != null) {
-                        memberOf = true;
-                        @SuppressWarnings("unchecked")
-                        Enumeration<String> eVals = attr.getStringValues();
-
-                        while (eVals.hasMoreElements()) {
-                            String nextValue = eVals.nextElement();
-
-                            if (nextValue.indexOf("Administrator") > -1) {
-                                LDAPEntry groupEntry = c.read(nextValue);
-
-                                if (groupEntry != null) {
-                                    LDAPAttribute gAttr = groupEntry.getAttribute(UNIQUE_MEMBER);
-
-                                    if (gAttr != null) {
-                                        @SuppressWarnings("unchecked")
-                                        Enumeration<String> eValues = gAttr.getStringValues();
-
-                                        while (eValues.hasMoreElements()) {
-                                            String value = eValues.nextElement();
-
-                                            if (value.equals(entry.getDN())) {
-                                                c.disconnect();
-                                                return null;
-                                            }
-                                        }
-                                    }
-                                }
-                                break;
-                            }
-                        }
-                    }
-                } catch (LDAPException e) {
-                    switch (e.getLDAPResultCode()) {
-                    case LDAPException.NO_SUCH_OBJECT:
-                        continue;
-
-                    case LDAPException.INVALID_CREDENTIALS:
-                        break;
-
-                    case LDAPException.INSUFFICIENT_ACCESS_RIGHTS:
-                        break;
-
-                    case LDAPException.LDAP_PARTIAL_RESULTS:
-                        break;
-
-                    default:
-                        continue;
-                    }
-                }
-            }
-            if (connected) {
-                c.disconnect();
-            }
-
-            if (!memberOf) {
-                return null;
-            }
-        } catch (LDAPException e) {
-            return "LDAP error: " + e.toString();
-        }
-
-        return "Access unauthorized";
-    }
-
-    private String addInstance(String instance, String plugin,
-            String host, String port,
-            String baseDN, String dnPattern) {
-        if (host == null || host.length() == 0) {
-            return "Missing host name.";
-        }
-        if (port == null || port.length() == 0) {
-            return "Missing port number.";
-        }
-
-        IConfigStore c0 = mAuthConfig.getSubStore("instance");
-        IConfigStore c1 = c0.makeSubStore(instance);
-
-        c1.putString("dnpattern", dnPattern);
-        c1.putString("ldapByteAttributes", "");
-        c1.putString("ldapStringAttributes", "");
-        c1.putString("pluginName", plugin);
-        if (baseDN != null && baseDN.length() > 0)
-            c1.putString("ldap.basedn", baseDN);
-        c1.putString("ldap.minConns", "");
-        c1.putString("ldap.maxConns", "");
-        c1.putString("ldap.ldapconn.host", host);
-        c1.putString("ldap.ldapconn.port", port);
-        c1.putString("ldap.ldapconn.secureConn", "false");
-        c1.putString("ldap.ldapconn.version", "3");
-
-        mRemotelySetInstances.add(instance);
-
-        IAuthManager authMgrInst = mAuthSubsystem.getAuthManagerPlugin(plugin);
-
-        if (authMgrInst != null) {
-            try {
-                authMgrInst.init(instance, plugin, c1);
-            } catch (EBaseException e) {
-                c0.removeSubStore(instance);
-                mRemotelySetInstances.remove(instance);
-                return e.toString();
-            }
-            mAuthSubsystem.add(instance, authMgrInst);
-        }
-
-        StringBuffer list = new StringBuffer();
-
-        for (int i = 0; i < mRemotelySetInstances.size(); i++) {
-            if (i > 0)
-                list.append(",");
-            list.append(mRemotelySetInstances.elementAt(i));
-        }
-
-        mAuthConfig.putString(REMOTELY_SET_INSTANCES, list.toString());
-
-        try {
-            mFileConfig.commit(false);
-        } catch (EBaseException e) {
-            c0.removeSubStore(instance);
-            mRemotelySetInstances.remove(instance);
-            return e.toString();
-        }
-
-        return null;
-    }
-
-    private String deleteInstance(String instance) {
-        IConfigStore c = mAuthConfig.getSubStore("instance");
-
-        c.removeSubStore(instance);
-
-        if (mRemotelySetInstances.remove(instance)) {
-            StringBuffer list = new StringBuffer();
-
-            for (int i = 0; i < mRemotelySetInstances.size(); i++) {
-                if (i > 0)
-                    list.append(",");
-                list.append(mRemotelySetInstances.elementAt(i));
-            }
-
-            mAuthConfig.putString(REMOTELY_SET_INSTANCES, list.toString());
-        }
-
-        try {
-            mFileConfig.commit(false);
-        } catch (EBaseException e) {
-            return e.toString();
-        }
-        mAuthSubsystem.delete(instance);
-
-        return null;
-    }
-
-    private boolean isPluginListed(String pluginName) {
-        boolean isListed = false;
-
-        if (pluginName != null && pluginName.length() > 0) {
-            Enumeration<AuthMgrPlugin> e = mAuthSubsystem.getAuthManagerPlugins();
-
-            while (e.hasMoreElements()) {
-                AuthMgrPlugin plugin = e.nextElement();
-
-                if (pluginName.equals(plugin.getId())) {
-                    isListed = true;
-                    break;
-                }
-            }
-        }
-
-        return isListed;
-    }
-
-    private boolean isInstanceListed(String instanceName) {
-        boolean isListed = false;
-
-        if (instanceName != null && instanceName.length() > 0) {
-            Enumeration<IAuthManager> e = mAuthSubsystem.getAuthManagers();
-
-            while (e.hasMoreElements()) {
-                IAuthManager authManager = e.nextElement();
-
-                if (instanceName.equals(authManager.getName())) {
-                    isListed = true;
-                    break;
-                }
-            }
-        }
-
-        return isListed;
-    }
-
-    private String makeInstanceName() {
-        Calendar now = Calendar.getInstance();
-        int y = now.get(Calendar.YEAR);
-        String name = "R" + y;
-
-        if (now.get(Calendar.MONTH) < 10)
-            name += "0";
-        name += now.get(Calendar.MONTH);
-        if (now.get(Calendar.DAY_OF_MONTH) < 10)
-            name += "0";
-        name += now.get(Calendar.DAY_OF_MONTH);
-        if (now.get(Calendar.HOUR_OF_DAY) < 10)
-            name += "0";
-        name += now.get(Calendar.HOUR_OF_DAY);
-        if (now.get(Calendar.MINUTE) < 10)
-            name += "0";
-        name += now.get(Calendar.MINUTE);
-        if (now.get(Calendar.SECOND) < 10)
-            name += "0";
-        name += now.get(Calendar.SECOND);
-        return name;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/RenewalProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/RenewalProcessor.java
deleted file mode 100644
index a13a305b8..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/RenewalProcessor.java
+++ /dev/null
@@ -1,344 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.math.BigInteger;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Locale;
-
-import javax.servlet.http.HttpServletRequest;
-
-import netscape.security.x509.BasicConstraintsExtension;
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.BadRequestDataException;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.cert.CertEnrollmentRequest;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileAuthenticator;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.profile.SSLClientCertProvider;
-
-public class RenewalProcessor extends CertProcessor {
-
-    public RenewalProcessor(String id, Locale locale) throws EPropertyNotFound, EBaseException {
-        super(id, locale);
-    }
-
-    public HashMap<String, Object> processRenewal(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        String profileId = (this.profileID == null) ? req.getParameter("profileId") : this.profileID;
-        IProfile profile = ps.getProfile(profileId);
-        if (profile == null) {
-            throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
-        }
-
-        CertEnrollmentRequest data = CertEnrollmentRequestFactory.create(cmsReq, profile, locale);
-
-        //only used in renewal
-        data.setSerialNum(req.getParameter("serial_num"));
-
-        return processRenewal(data, req);
-    }
-
-    /*
-     * Renewal - Renewal is retrofitted into the Profile Enrollment
-     * Framework.  The authentication and authorization are taken from
-     * the renewal profile, while the input (with requests)  and grace
-     * period constraint are taken from the original cert's request record.
-     *
-     * Things to note:
-     * * the renew request will contain the original profile instead of the new
-     */
-    public HashMap<String, Object> processRenewal(CertEnrollmentRequest data, HttpServletRequest request)
-            throws EBaseException {
-        try {
-            if (CMS.debugOn()) {
-                HashMap<String,String> params = data.toParams();
-                printParameterValues(params);
-            }
-            CMS.debug("RenewalSubmitter: isRenewal true");
-
-            startTiming("enrollment");
-            request.setAttribute("reqType", "renewal");
-
-            // in case of renew, "profile" is the orig profile
-            // while "renewProfile" is the current profile used for renewal
-            String renewProfileId = (this.profileID == null) ? data.getProfileId() : this.profileID;
-            CMS.debug("processRenewal: renewProfileId " + renewProfileId);
-
-            IProfile renewProfile = ps.getProfile(renewProfileId);
-            if (renewProfile == null) {
-                CMS.debug(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId));
-                throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId));
-            }
-            if (!ps.isProfileEnable(renewProfileId)) {
-                CMS.debug("RenewalSubmitter: Profile " + renewProfileId + " not enabled");
-                throw new BadRequestDataException("Profile " + renewProfileId + " not enabled");
-            }
-
-            String serial = data.getSerialNum();
-            BigInteger certSerial = null;
-
-            if (serial != null) {
-                // if serial number is sent with request, then the authentication
-                // method is not ssl client auth.  In this case, an alternative
-                // authentication method is used (default: ldap based)
-                // usr_origreq evaluator should be used to authorize ownership
-                // of the cert
-                CMS.debug("RenewalSubmitter: renewal: found serial_num");
-                certSerial = new BigInteger(serial);
-            } else {
-                // ssl client auth is to be used
-                // this is not authentication. Just use the cert to search
-                // for orig request and find the right profile
-                CMS.debug("RenewalSubmitter: renewal: serial_num not found, must do ssl client auth");
-                certSerial = getSerialNumberFromCert(request);
-                if (certSerial == null) {
-                    CMS.debug(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
-                    throw new EBaseException(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
-                }
-            }
-            CMS.debug("processRenewal: serial number of cert to renew:" + certSerial.toString());
-            ICertRecord rec = certdb.readCertificateRecord(certSerial);
-            if (rec == null) {
-                CMS.debug("processRenewal: cert record not found for serial number " + certSerial.toString());
-                throw new EBaseException(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
-            }
-
-            // check to see if the cert is revoked or revoked_expired
-            if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED))
-                    || (rec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))) {
-                CMS.debug("processRenewal: cert found to be revoked. Serial number = "
-                        + certSerial.toString());
-                throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_CA_CANNOT_RENEW_REVOKED_CERT"));
-            }
-
-            X509CertImpl origCert = rec.getCertificate();
-            if (origCert == null) {
-                CMS.debug("processRenewal: original cert not found in cert record for serial number "
-                        + certSerial.toString());
-                throw new EBaseException(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
-            }
-
-            Date origNotAfter = origCert.getNotAfter();
-            CMS.debug("processRenewal: origNotAfter =" + origNotAfter.toString());
-
-            String origSubjectDN = origCert.getSubjectDN().getName();
-            CMS.debug("processRenewal: orig subj dn =" + origSubjectDN);
-
-            IRequest origReq = getOriginalRequest(certSerial, rec);
-            if (origReq == null) {
-                CMS.debug("processRenewal: original request not found");
-                throw new EBaseException(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
-            }
-
-            String profileId = origReq.getExtDataInString("profileId");
-            CMS.debug("RenewalSubmitter: renewal original profileId=" + profileId);
-
-            Integer origSeqNum = origReq.getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM);
-            IProfile profile = ps.getProfile(profileId);
-            if (profile == null) {
-                CMS.debug(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
-                throw new EBaseException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
-            }
-            if (!ps.isProfileEnable(profileId)) {
-                CMS.debug("RenewalSubmitter: Profile " + profileId + " not enabled");
-                throw new BadRequestDataException("Profile " + profileId + " not enabled");
-            }
-
-            IProfileContext ctx = profile.createContext();
-            IProfileAuthenticator authenticator = renewProfile.getAuthenticator();
-            IProfileAuthenticator origAuthenticator = profile.getAuthenticator();
-
-            if (authenticator != null) {
-                CMS.debug("RenewalSubmitter: authenticator " + authenticator.getName() + " found");
-                setCredentialsIntoContext(request, authenticator, ctx);
-            }
-
-            // for renewal, this will override or add auth info to the profile context
-            if (origAuthenticator != null) {
-                CMS.debug("RenewalSubmitter: for renewal, original authenticator " +
-                        origAuthenticator.getName() + " found");
-                setCredentialsIntoContext(request, origAuthenticator, ctx);
-            }
-
-            // for renewal, input needs to be retrieved from the orig req record
-            CMS.debug("processRenewal: set original Inputs into profile Context");
-            setInputsIntoContext(origReq, profile, ctx, locale);
-            ctx.set(IEnrollProfile.CTX_RENEWAL, "true");
-            ctx.set("renewProfileId", renewProfileId);
-            ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString());
-
-            // for ssl authentication; pass in servlet for retrieving
-            // ssl client certificates
-            SessionContext context = SessionContext.getContext();
-            context.put("profileContext", ctx);
-            context.put("sslClientCertProvider", new SSLClientCertProvider(request));
-            CMS.debug("RenewalSubmitter: set sslClientCertProvider");
-            if (origSubjectDN != null)
-                context.put("origSubjectDN", origSubjectDN);
-
-            // before creating the request, authenticate the request
-            IAuthToken authToken = authenticate(request, origReq, authenticator, context, true);
-
-            // authentication success, now authorize
-            authorize(profileId, renewProfile, authToken);
-
-            ///////////////////////////////////////////////
-            // create and populate requests
-            ///////////////////////////////////////////////
-            startTiming("request_population");
-            IRequest[] reqs = profile.createRequests(ctx, locale);
-            populateRequests(data, true, locale, origNotAfter, origSubjectDN, origReq, profileId,
-                    profile, ctx, authenticator, authToken, reqs);
-            endTiming("request_population");
-
-            ///////////////////////////////////////////////
-            // submit request
-            ///////////////////////////////////////////////
-            String errorCode = submitRequests(locale, profile, authToken, reqs);
-            String errorReason = codeToReason(locale, errorCode);
-
-            HashMap<String, Object> ret = new HashMap<String, Object>();
-            ret.put(ARG_REQUESTS, reqs);
-            ret.put(ARG_ERROR_CODE, errorCode);
-            ret.put(ARG_ERROR_REASON, errorReason);
-            ret.put(ARG_PROFILE, profile);
-
-            CMS.debug("RenewalSubmitter: done serving");
-            endTiming("enrollment");
-
-            return ret;
-        } finally {
-            SessionContext.releaseContext();
-            endAllEvents();
-        }
-    }
-
-    private BigInteger getSerialNumberFromCert(HttpServletRequest request) throws EBaseException {
-        BigInteger certSerial;
-        SSLClientCertProvider sslCCP = new SSLClientCertProvider(request);
-        X509Certificate[] certs = sslCCP.getClientCertificateChain();
-        certSerial = null;
-        if (certs == null || certs.length == 0) {
-            CMS.debug("RenewalSubmitter: renewal: no ssl client cert chain");
-            return null;
-        } else { // has ssl client cert
-            CMS.debug("RenewalSubmitter: renewal: has ssl client cert chain");
-            // shouldn't expect leaf cert to be always at the
-            // same location
-            X509Certificate clientCert = null;
-            for (int i = 0; i < certs.length; i++) {
-                clientCert = certs[i];
-                byte[] extBytes = clientCert.getExtensionValue("2.5.29.19");
-                // try to see if this is a leaf cert
-                // look for BasicConstraint extension
-                if (extBytes == null) {
-                    // found leaf cert
-                    CMS.debug("RenewalSubmitter: renewal: found leaf cert");
-                    break;
-                } else {
-                    CMS.debug("RenewalSubmitter: renewal: found cert having BasicConstraints ext");
-                    // it's got BasicConstraints extension
-                    // so it's not likely to be a leaf cert,
-                    // however, check the isCA field regardless
-                    try {
-                        BasicConstraintsExtension bce =
-                                new BasicConstraintsExtension(true, extBytes);
-                        if (bce != null) {
-                            if (!(Boolean) bce.get("is_ca")) {
-                                CMS.debug("RenewalSubmitter: renewal: found CA cert in chain");
-                                break;
-                            } // else found a ca cert, continue
-                        }
-                    } catch (Exception e) {
-                        CMS.debug("RenewalSubmitter: renewal: exception:" + e.toString());
-                        return null;
-                    }
-                }
-            }
-            if (clientCert == null) {
-                CMS.debug("RenewalSubmitter: renewal: no client cert in chain");
-                return null;
-            }
-            // convert to java X509 cert interface
-            try {
-                byte[] certEncoded = clientCert.getEncoded();
-                clientCert = new X509CertImpl(certEncoded);
-            } catch (Exception e) {
-                e.printStackTrace();
-                CMS.debug("RenewalSubmitter: renewal: exception:" + e.toString());
-                return null;
-            }
-
-            certSerial = clientCert.getSerialNumber();
-        }
-        return certSerial;
-    }
-
-    /*
-     * fill input info from "request" to context.
-     * This is expected to be used by renewal where the request
-     * is retrieved from request record
-     */
-    private void setInputsIntoContext(IRequest request, IProfile profile, IProfileContext ctx, Locale locale) {
-        // passing inputs into context
-        Enumeration<String> inputIds = profile.getProfileInputIds();
-
-        if (inputIds != null) {
-            while (inputIds.hasMoreElements()) {
-                String inputId = inputIds.nextElement();
-                IProfileInput profileInput = profile.getProfileInput(inputId);
-                Enumeration<String> inputNames = profileInput.getValueNames();
-
-                while (inputNames.hasMoreElements()) {
-                    String inputName = inputNames.nextElement();
-                    String inputValue = "";
-                    CMS.debug("RenewalSubmitter: setInputsIntoContext() getting input name= " + inputName);
-                    try {
-                        inputValue = profileInput.getValue(inputName, locale, request);
-                    } catch (Exception e) {
-                        CMS.debug("RenewalSubmitter: setInputsIntoContext() getvalue() failed: " + e.toString());
-                    }
-
-                    if (inputValue != null) {
-                        CMS.debug("RenewalSubmitter: setInputsIntoContext() setting value in ctx:" + inputValue);
-                        ctx.set(inputName, inputValue);
-                    } else {
-                        CMS.debug("RenewalSubmitter: setInputsIntoContext() value null");
-                    }
-                }
-            }
-        }
-
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java b/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java
deleted file mode 100644
index a697e14e4..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java
+++ /dev/null
@@ -1,523 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.Calendar;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-
-import netscape.security.extensions.CertInfo;
-import netscape.security.x509.CertificateSerialNumber;
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.MetaInfo;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.ECMSGWException;
-import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-
-/**
- * Certificate Renewal
- *
- * @version $Revision$, $Date$
- */
-public class RenewalServlet extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = -3094124661102395244L;
-
-    // renewal templates.
-    public static final String RENEWAL_SUCCESS_TEMPLATE = "RenewalSuccess.template";
-
-    // http params
-    public static final String CERT_TYPE = "certType";
-    public static final String SERIAL_NO = "serialNo";
-    // XXX can't do pkcs10 cause it's got no serial no.
-    // (unless put serial no in pki attributes)
-    // public static final String PKCS10 = "pkcs10";
-    public static final String IMPORT_CERT = "importCert";
-
-    private String mRenewalSuccessTemplate = RENEWAL_SUCCESS_TEMPLATE;
-    private ICMSTemplateFiller mRenewalSuccessFiller = new ImportCertsTemplateFiller();
-
-    public RenewalServlet() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet makes use of the
-     * template file "RenewalSuccess.template" to render the
-     * response
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        // override success template. has same info as enrollment.
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        try {
-            mRenewalSuccessTemplate = sc.getInitParameter(
-                        PROP_SUCCESS_TEMPLATE);
-            if (mRenewalSuccessTemplate == null)
-                mRenewalSuccessTemplate = RENEWAL_SUCCESS_TEMPLATE;
-            String fillername =
-                    sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
-
-            if (fillername != null) {
-                ICMSTemplateFiller filler = newFillerObject(fillername);
-
-                if (filler != null)
-                    mRenewalSuccessFiller = filler;
-            }
-        } catch (Exception e) {
-            // this should never happen.
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
-                            mId));
-        }
-
-    }
-
-    /**
-     * Process the HTTP request.
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq)
-            throws EBaseException {
-        long startTime = CMS.getCurrentDate().getTime();
-        IArgBlock httpParams = cmsReq.getHttpParams();
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-
-        // renewal requires either:
-        //  - coming from ee:
-        //		- old cert from ssl client auth
-        //		- old certs from auth manager
-        // 	- coming from agent or trusted RA:
-        //  	- serial no of cert to be renewed.
-
-        BigInteger old_serial_no = null;
-        X509CertImpl old_cert = null;
-        X509CertImpl renewed_cert = null;
-        Date notBefore = null;
-        Date notAfter = null;
-        boolean doSaveAuthToken = false;
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "renew");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        String authMgr = AuditFormat.NOAUTH;
-
-        if (authToken != null && !mAuthMgr.equals("sslClientCertAuthMgr")) {
-            authMgr =
-                    authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
-        }
-
-        // coming from agent
-        if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
-            X509Certificate[] cert = new X509Certificate[1];
-
-            old_serial_no = getCertFromAgent(httpParams, cert);
-            old_cert = (X509CertImpl) cert[0];
-
-            // optional validity params from input.
-            int beginYear = httpParams.getValueAsInt("beginYear", -1);
-            int beginMonth = httpParams.getValueAsInt("beginMonth", -1);
-            int beginDate = httpParams.getValueAsInt("beginDate", -1);
-            int endYear = httpParams.getValueAsInt("endYear", -1);
-            int endMonth = httpParams.getValueAsInt("endMonth", -1);
-            int endDate = httpParams.getValueAsInt("endDate", -1);
-
-            if (beginYear != -1 && beginMonth != -1 && beginDate != -1 &&
-                    endYear != -1 && endMonth != -1 && endDate != -1) {
-                Calendar calendar = Calendar.getInstance();
-                calendar.set(beginYear, beginMonth, beginDate);
-                notBefore = calendar.getTime();
-                calendar.set(endYear, endMonth, endDate);
-                notAfter = calendar.getTime();
-            }
-        } // coming from client
-        else {
-            // from auth manager
-            X509CertImpl[] cert = new X509CertImpl[1];
-
-            old_serial_no = getCertFromAuthMgr(authToken, cert);
-            old_cert = cert[0];
-        }
-
-        IRequest req = null;
-
-        try {
-            // get ready to send request to request queue.
-            X509CertInfo new_certInfo = null;
-
-            req = mRequestQueue.newRequest(IRequest.RENEWAL_REQUEST);
-            req.setExtData(IRequest.OLD_SERIALS, new BigInteger[] { old_serial_no });
-            if (old_cert != null) {
-                req.setExtData(IRequest.OLD_CERTS,
-                        new X509CertImpl[] { old_cert }
-                        );
-                // create new certinfo from old_cert contents.
-                X509CertInfo old_certInfo = (X509CertInfo)
-                        old_cert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
-
-                new_certInfo = new X509CertInfo(old_certInfo.getEncodedInfo());
-            } else {
-                // if no old cert (came from RA agent) create new cert info
-                // (serializable) to pass through policies. And set the old
-                // serial number to pick up.
-                new_certInfo = new CertInfo();
-                new_certInfo.set(X509CertInfo.SERIAL_NUMBER,
-                        new CertificateSerialNumber(old_serial_no));
-            }
-
-            if (notBefore == null || notAfter == null) {
-                notBefore = new Date(0);
-                notAfter = new Date(0);
-            }
-            new_certInfo.set(X509CertInfo.VALIDITY,
-                    new CertificateValidity(notBefore, notAfter));
-            req.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { new_certInfo }
-                    );
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR"));
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR"));
-        }
-
-        saveHttpHeaders(httpReq, req);
-        saveHttpParams(httpParams, req);
-        if (doSaveAuthToken)
-            saveAuthToken(authToken, req);
-        cmsReq.setIRequest(req);
-
-        // send request to request queue.
-        mRequestQueue.processRequest(req);
-
-        // for audit log
-        String initiative = null;
-        String agentID = null;
-
-        if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
-            agentID = authToken.getInString("userid");
-            initiative = AuditFormat.FROMAGENT + " agentID: " + agentID;
-        } else {
-            // request is from eegateway, so fromUser.
-            initiative = AuditFormat.FROMUSER;
-        }
-
-        // check resulting status
-        RequestStatus status = req.getRequestStatus();
-
-        if (status != RequestStatus.COMPLETE) {
-            cmsReq.setIRequestStatus();
-            // audit log the status
-            if (status == RequestStatus.REJECTED) {
-                Vector<String> messages = req.getExtDataInStringVector(IRequest.ERRORS);
-
-                if (messages != null) {
-                    Enumeration<String> msgs = messages.elements();
-                    StringBuffer wholeMsg = new StringBuffer();
-
-                    while (msgs.hasMoreElements()) {
-                        wholeMsg.append("\n");
-                        wholeMsg.append(msgs.nextElement());
-                    }
-
-                    mLogger.log(ILogger.EV_AUDIT,
-                            ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.RENEWALFORMAT,
-                            new Object[] {
-                                    req.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    status.toString(),
-                                    old_cert.getSubjectDN(),
-                                    old_cert.getSerialNumber().toString(16),
-                                    "violation: " +
-                                            wholeMsg.toString() }
-                            // wholeMsg},
-                            // ILogger.L_MULTILINE
-                            );
-                } else { // no policy violation, from agent
-                    mLogger.log(ILogger.EV_AUDIT,
-                            ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.RENEWALFORMAT,
-                            new Object[] {
-                                    req.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    status.toString(),
-                                    old_cert.getSubjectDN(),
-                                    old_cert.getSerialNumber().toString(16),
-                                    "" }
-                            );
-                }
-            } else { // other imcomplete status
-                mLogger.log(ILogger.EV_AUDIT,
-                        ILogger.S_OTHER,
-                        AuditFormat.LEVEL,
-                        AuditFormat.RENEWALFORMAT,
-                        new Object[] {
-                                req.getRequestId(),
-                                initiative,
-                                authMgr,
-                                status.toString(),
-                                old_cert.getSubjectDN(),
-                                old_cert.getSerialNumber().toString(16),
-                                "" }
-                        );
-            }
-            return;
-        }
-
-        // service error
-        Integer result = req.getExtDataInInteger(IRequest.RESULT);
-
-        CMS.debug(
-                "RenewalServlet: Result for request " + req.getRequestId() + " is " + result);
-        if (result.equals(IRequest.RES_ERROR)) {
-            CMS.debug(
-                    "RenewalServlet: Result for request " + req.getRequestId() + " is error.");
-
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            cmsReq.setError(req.getExtDataInString(IRequest.ERROR));
-            String[] svcErrors =
-                    req.getExtDataInStringArray(IRequest.SVCERRORS);
-
-            if (svcErrors != null && svcErrors.length > 0) {
-                for (int i = 0; i < svcErrors.length; i++) {
-                    String err = svcErrors[i];
-
-                    if (err != null) {
-                        //System.out.println(
-                        //"revocation servlet: setting error description "+
-                        //err.toString());
-                        cmsReq.setErrorDescription(err);
-                        mLogger.log(ILogger.EV_AUDIT,
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.RENEWALFORMAT,
-                                new Object[] {
-                                        req.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        "completed with error: " +
-                                                err,
-                                        old_cert.getSubjectDN(),
-                                        old_cert.getSerialNumber().toString(16),
-                                        "" }
-                                );
-
-                    }
-                }
-            }
-            return;
-        }
-
-        // success.
-        X509CertImpl[] certs = req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
-
-        renewed_cert = certs[0];
-        respondSuccess(cmsReq, renewed_cert);
-        long endTime = CMS.getCurrentDate().getTime();
-
-        mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                AuditFormat.LEVEL,
-                AuditFormat.RENEWALFORMAT,
-                new Object[] {
-                        req.getRequestId(),
-                        initiative,
-                        authMgr,
-                        "completed",
-                        old_cert.getSubjectDN(),
-                        old_cert.getSerialNumber().toString(16),
-                        "new serial number: 0x" +
-                                renewed_cert.getSerialNumber().toString(16) + " time: " + (endTime - startTime) }
-                );
-
-        return;
-    }
-
-    private void respondSuccess(
-            CMSRequest cmsReq, X509CertImpl renewed_cert)
-            throws EBaseException {
-        cmsReq.setResult(new X509CertImpl[] { renewed_cert }
-                );
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-
-        // check if cert should be imported.
-        // browser must have input type set to nav or cartman since
-        // there's no other way to tell
-
-        IArgBlock httpParams = cmsReq.getHttpParams();
-
-        if (checkImportCertToNav(cmsReq.getHttpResp(),
-                httpParams, renewed_cert)) {
-            return;
-        } else {
-            try {
-                renderTemplate(cmsReq,
-                        mRenewalSuccessTemplate, mRenewalSuccessFiller);
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1",
-                                mRenewalSuccessTemplate, e.toString()));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-            }
-        }
-        return;
-    }
-
-    protected BigInteger getRenewedCert(ICertRecord certRec)
-            throws EBaseException {
-        BigInteger renewedCert = null;
-        String serial = null;
-        MetaInfo meta = certRec.getMetaInfo();
-
-        if (meta == null) {
-            log(ILogger.LL_INFO,
-                    "no meta info in cert serial 0x" + certRec.getSerialNumber().toString(16));
-            return null;
-        }
-        serial = (String) meta.get(ICertRecord.META_RENEWED_CERT);
-        if (serial == null) {
-            log(ILogger.LL_INFO,
-                    "no renewed cert in cert 0x" + certRec.getSerialNumber().toString(16));
-            return null;
-        }
-        renewedCert = new BigInteger(serial);
-        log(ILogger.LL_INFO,
-                "renewed cert serial 0x" + renewedCert.toString(16) + "found for 0x" +
-                        certRec.getSerialNumber().toString(16));
-        return renewedCert;
-    }
-
-    /**
-     * get certs to renew from agent.
-     */
-    private BigInteger getCertFromAgent(
-            IArgBlock httpParams, X509Certificate[] certContainer)
-            throws EBaseException {
-        BigInteger serialno = null;
-        X509Certificate cert = null;
-
-        // get serial no
-        serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null);
-        if (serialno == null) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW"));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_RENEW"));
-        }
-        // get cert from db if we're cert authority.
-        if (mAuthority instanceof ICertificateAuthority) {
-            cert = getX509Certificate(serialno);
-            if (cert == null) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW_1", serialno.toString(16)));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL"));
-            }
-        }
-        certContainer[0] = cert;
-        return serialno;
-    }
-
-    /**
-     * get cert to renew from auth manager
-     */
-    private BigInteger getCertFromAuthMgr(
-            IAuthToken authToken, X509Certificate[] certContainer)
-            throws EBaseException {
-        X509CertImpl cert =
-                authToken.getInCert(AuthToken.TOKEN_CERT);
-
-        if (cert == null) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_MISSING_CERTS_RENEW_FROM_AUTHMGR"));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR"));
-        }
-        if (mAuthority instanceof ICertificateAuthority &&
-                !isCertFromCA(cert)) {
-            log(ILogger.LL_FAILURE, "certficate from auth manager for " +
-                    " renewal is not from this ca.");
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL"));
-        }
-        certContainer[0] = cert;
-        BigInteger serialno = ((X509Certificate) cert).getSerialNumber();
-
-        return serialno;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/RequestProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/RequestProcessor.java
deleted file mode 100644
index 2826f477e..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/RequestProcessor.java
+++ /dev/null
@@ -1,464 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Locale;
-
-import javax.servlet.http.HttpServletRequest;
-
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzException;
-import com.netscape.certsrv.base.BadRequestDataException;
-import com.netscape.certsrv.base.BadRequestException;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.cert.CertReviewResponse;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.EDeferException;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.profile.IPolicyConstraint;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileOutput;
-import com.netscape.certsrv.profile.IProfilePolicy;
-import com.netscape.certsrv.profile.PolicyDefault;
-import com.netscape.certsrv.profile.ProfileAttribute;
-import com.netscape.certsrv.profile.ProfileOutput;
-import com.netscape.certsrv.profile.ProfilePolicySet;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.profile.ProfileOutputFactory;
-
-public class RequestProcessor extends CertProcessor {
-
-    public RequestProcessor(String id, Locale locale) throws EPropertyNotFound, EBaseException {
-        super(id, locale);
-    }
-
-    public CertReviewResponse processRequest(CMSRequest cmsReq, IRequest request, String op) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        IRequest ireq = cmsReq.getIRequest();
-
-        String profileId = ireq.getExtDataInString("profileId");
-        IProfile profile = ps.getProfile(profileId);
-        CertReviewResponse data = CertReviewResponseFactory.create(
-                cmsReq, profile, authority.noncesEnabled(), locale);
-
-        processRequest(req, data, request, op);
-        return data;
-    }
-
-    public void processRequest(HttpServletRequest request, CertReviewResponse data, IRequest req, String op)
-            throws EBaseException {
-        try {
-            startTiming("approval");
-
-            IAuthToken authToken = null;
-
-            if (CMS.debugOn()) {
-                HashMap<String, String> params = data.toParams();
-                printParameterValues(params);
-                CMS.debug("processRequest op is " + op);
-            }
-
-            if (authMgr != null) {
-                authToken = authenticate(request);
-            }
-
-            AuthzToken authzToken = authorize(aclMethod, authToken, authzResourceName, "approve");
-            if (authzToken == null) {
-                throw new EAuthzException(CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR"));
-            }
-
-            if (authority.noncesEnabled()) {
-                Object id = data.getRequestId().toBigInteger();
-
-                String requestNonce = data.getNonce();
-                if (requestNonce == null) {
-                    CMS.debug("RequestProcessor: Missing nonce");
-                    throw new BadRequestException("Missing nonce.");
-                }
-
-                Long nonce = new Long(requestNonce.trim());
-                validateNonce(request, "cert-request", id, nonce);
-            }
-
-            CMS.debug("RequestProcessor: processRequest: start serving");
-
-            RequestId requestId = data.getRequestId();
-            if (requestId == null || requestId.equals("")) {
-                CMS.debug(CMS.getUserMessage(locale, "CMS_REQUEST_ID_NOT_FOUND"));
-                throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_REQUEST_ID_NOT_FOUND"));
-            }
-            CMS.debug("RequestProcessor: requestId=" + requestId);
-
-            // check if the request is in one of the terminal states
-            if (!req.getRequestStatus().equals(RequestStatus.PENDING)) {
-                CMS.debug(CMS.getUserMessage(locale, "CMS_REQUEST_NOT_PENDING", requestId.toString()));
-                throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_REQUEST_NOT_PENDING",
-                        requestId.toString()));
-            }
-
-            // save auth token in request
-            saveAuthToken(authToken, req);
-
-            String profileId = req.getExtDataInString("profileId");
-            if (profileId == null || profileId.equals("")) {
-                CMS.debug("RequestProcessor: Profile Id not found in request");
-                throw new EBaseException(CMS.getUserMessage(locale, "CMS_PROFILE_ID_NOT_FOUND"));
-            }
-            CMS.debug("RequestProcessor: profileId=" + profileId);
-
-            IProfile profile = ps.getProfile(profileId);
-            if (profile == null) {
-                CMS.debug(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
-                throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
-            }
-            if (!ps.isProfileEnable(profileId)) {
-                CMS.debug("RequestProcessor: Profile " + profileId + " not enabled");
-                throw new BadRequestDataException("Profile " + profileId + " not enabled");
-            }
-
-            if (op.equals("assign")) {
-                String owner = req.getRequestOwner();
-
-                // assigned owner
-                if (owner != null && owner.length() > 0) {
-                    if (!grantPermission(req, authToken)) {
-                        CMS.debug("RequestProcessor: Permission not granted to assign request.");
-                        throw new EAuthzException(CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION"));
-                    }
-                }
-                String id = auditSubjectID();
-                req.setRequestOwner(id);
-            } else {
-                if (grantPermission(req, authToken)) {
-                    if (op.equals("approve")) {
-                        checkProfileVersion(profile, req);
-                        updateValues(data, req, profile, locale);
-                        updateNotes(data, req);
-                        approveRequest(req, data, profile, locale);
-                    } else if (op.equals("reject")) {
-                        updateNotes(data, req);
-                        rejectRequest(req);
-                    } else if (op.equals("cancel")) {
-                        updateNotes(data, req);
-                        cancelRequest(req);
-                    } else if (op.equals("update")) {
-                        checkProfileVersion(profile, req);
-                        updateValues(data, req, profile, locale);
-                        updateNotes(data, req);
-                    } else if (op.equals("validate")) {
-                        updateValues(data, req, profile, locale);
-                    } else if (op.equals("unassign")) {
-                        req.setRequestOwner("");
-                    }
-                } else {
-                    CMS.debug("RequestProcessor: Permission not granted to approve/reject/cancel/update/validate/unassign request.");
-                    throw new EAuthzException(CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION"));
-                }
-            }
-
-            // commit request to the storage
-            if (!op.equals("validate")) {
-                if (op.equals("approve")) {
-                    queue.markAsServiced(req);
-                } else {
-                    queue.updateRequest(req);
-                }
-            }
-            endTiming("approval");
-
-        } finally {
-            endAllEvents();
-        }
-    }
-
-    private boolean grantPermission(IRequest req, IAuthToken token) {
-        boolean enable = false;
-        try {
-            enable = CMS.getConfigStore().getBoolean("request.assignee.enable", false);
-        } catch (EBaseException e) {
-        }
-
-        if (!enable)
-            return true;
-        String owner = req.getRequestOwner();
-
-        // unassigned owner
-        if (owner == null || owner.length() == 0)
-            return true;
-        String uid = token.getInString(IAuthToken.USER_ID);
-        if (uid.equals(owner))
-            return true;
-
-        return false;
-    }
-
-    /**
-     * Check if the request creation time is older than the profile
-     * lastModified attribute.
-     */
-    private void checkProfileVersion(IProfile profile, IRequest req) throws EProfileException {
-        IConfigStore profileConfig = profile.getConfigStore();
-        if (profileConfig != null) {
-            String lastModified = null;
-
-            try {
-                lastModified = profileConfig.getString("lastModified", "");
-            } catch (EBaseException e) {
-            }
-
-            if (!lastModified.equals("")) {
-                Date profileModifiedAt = new Date(Long.parseLong(lastModified));
-                CMS.debug("CertRequestExecutor: Profile Last Modified=" +
-                        profileModifiedAt);
-                Date reqCreatedAt = req.getCreationTime();
-                CMS.debug("CertRequestExecutor: Request Created At=" +
-                        reqCreatedAt);
-                if (profileModifiedAt.after(reqCreatedAt)) {
-                    CMS.debug("Profile Newer Than Request");
-                    throw new ERejectException("Profile Newer Than Request");
-                }
-            }
-        }
-    }
-
-    /**
-     * Cancel request
-     * <P>
-     *
-     * (Certificate Request Processed - a manual "agent" profile based cert cancellation)
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been
-     * through the approval process
-     * </ul>
-     *
-     *
-     * @param req the certificate request
-     * @exception EProfileException an error related to this profile has
-     *                occurred
-     */
-    private void cancelRequest(IRequest req) throws EProfileException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditRequesterID = auditRequesterID(req);
-        String auditInfoValue = auditInfoValue(req);
-
-        req.setRequestStatus(RequestStatus.CANCELED);
-
-        // store a message in the signed audit log file
-        auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                auditSubjectID,
-                ILogger.SUCCESS,
-                auditRequesterID,
-                ILogger.SIGNED_AUDIT_CANCELLATION,
-                auditInfoValue);
-
-        audit(auditMessage);
-    }
-
-    /**
-     * Reject request
-     * <P>
-     *
-     * (Certificate Request Processed - a manual "agent" profile based cert rejection)
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been
-     * through the approval process
-     * </ul>
-     *
-     * @param req the certificate request
-     * @exception EProfileException an error related to this profile has
-     *                occurred
-     */
-    private void rejectRequest(IRequest req) throws EProfileException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditRequesterID = auditRequesterID(req);
-        String auditInfoValue = auditInfoValue(req);
-
-        req.setRequestStatus(RequestStatus.REJECTED);
-
-        // store a message in the signed audit log file
-        auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                auditSubjectID,
-                ILogger.SUCCESS,
-                auditRequesterID,
-                ILogger.SIGNED_AUDIT_REJECTION,
-                auditInfoValue);
-
-        audit(auditMessage);
-    }
-
-    /**
-     * Approve request
-     * <P>
-     *
-     * (Certificate Request Processed - a manual "agent" profile based cert acceptance)
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been
-     * through the approval process
-     * </ul>
-     *
-     * @param request the servlet request
-     * @param req the certificate request
-     * @param profile this profile
-     * @param locale the system locale
-     * @exception EProfileException an error related to this profile has
-     *                occurred
-     */
-    private void approveRequest(IRequest req, CertReviewResponse data, IProfile profile, Locale locale)
-            throws EProfileException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditRequesterID = auditRequesterID(req);
-
-        try {
-            profile.execute(req);
-            req.setRequestStatus(RequestStatus.COMPLETE);
-
-            Enumeration<String> outputIds = profile.getProfileOutputIds();
-            while (outputIds.hasMoreElements()) {
-                IProfileOutput output = profile.getProfileOutput(outputIds.nextElement());
-                ProfileOutput addOutput = ProfileOutputFactory.create(output, req, locale);
-                data.addOutput(addOutput);
-            }
-
-            // retrieve the certificate
-            X509CertImpl theCert = req.getExtDataInCert(
-                    IEnrollProfile.REQUEST_ISSUED_CERT);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                    auditSubjectID,
-                    ILogger.SUCCESS,
-                    auditRequesterID,
-                    ILogger.SIGNED_AUDIT_ACCEPTANCE,
-                    auditInfoCertValue(theCert));
-
-            audit(auditMessage);
-
-        } catch (EProfileException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditRequesterID,
-                    ILogger.SIGNED_AUDIT_ACCEPTANCE,
-                    ILogger.SIGNED_AUDIT_EMPTY_VALUE);
-
-            audit(auditMessage);
-
-            CMS.debug("CertRequestExecutor: about to throw EProfileException because of bad profile execute.");
-            throw eAudit1;
-        }
-    }
-
-    private void updateValues(CertReviewResponse data, IRequest req,
-            IProfile profile, Locale locale)
-            throws ERejectException, EDeferException, EPropertyException {
-
-        // put request policy defaults in a local hash
-        HashMap<String, String> policyData = new HashMap<String,String>();
-        for (ProfilePolicySet policySet: data.getPolicySets()) {
-            for (com.netscape.certsrv.profile.ProfilePolicy policy: policySet.getPolicies()) {
-                PolicyDefault def = policy.getDef();
-                List<ProfileAttribute> attrs = def.getAttributes();
-                for (ProfileAttribute attr: attrs) {
-                    policyData.put(attr.getName(), attr.getValue());
-                }
-            }
-        }
-
-        String profileSetId = req.getExtDataInString("profileSetId");
-
-        Enumeration<IProfilePolicy> policies = profile.getProfilePolicies(profileSetId);
-        int count = 0;
-
-        while (policies.hasMoreElements()) {
-            IProfilePolicy policy = policies.nextElement();
-
-            setValue(locale, count, policy, req, policyData);
-            count++;
-        }
-
-        policies = profile.getProfilePolicies(profileSetId);
-        count = 0;
-        while (policies.hasMoreElements()) {
-            IProfilePolicy policy = policies.nextElement();
-
-            validate(count, policy, req);
-            count++;
-        }
-
-    }
-
-    private void updateNotes(CertReviewResponse data, IRequest req) {
-        String notes = data.getRequestNotes();
-
-        if (notes != null) {
-            req.setExtData("requestNotes", notes);
-        }
-    }
-
-    private void validate(int count, IProfilePolicy policy, IRequest req)
-            throws ERejectException, EDeferException {
-        IPolicyConstraint con = policy.getConstraint();
-
-        con.validate(req);
-    }
-
-    private void setValue(Locale locale, int count, IProfilePolicy policy, IRequest req,
-            HashMap<String, String> data) throws EPropertyException {
-        // handle default policy
-        IPolicyDefault def = policy.getDefault();
-        Enumeration<String> defNames = def.getValueNames();
-
-        while (defNames.hasMoreElements()) {
-            String defName = defNames.nextElement();
-            String defValue = data.get(defName);
-
-            def.setValue(defName, locale, req, defValue);
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/RevocationProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/RevocationProcessor.java
deleted file mode 100644
index 93b7531c8..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/RevocationProcessor.java
+++ /dev/null
@@ -1,525 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.Principal;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Date;
-import java.util.Locale;
-
-import netscape.security.x509.CRLExtensions;
-import netscape.security.x509.CRLReasonExtension;
-import netscape.security.x509.InvalidityDateExtension;
-import netscape.security.x509.RevocationReason;
-import netscape.security.x509.RevokedCertImpl;
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.BadRequestException;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.UnauthorizedException;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.dbs.certdb.CertId;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.IPublisherProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.certsrv.usrgrp.Certificates;
-import com.netscape.certsrv.usrgrp.IUser;
-
-/**
- * @author Endi S. Dewata
- */
-public class RevocationProcessor extends CertProcessor {
-
-    public final static String REVOKE = "revoke";
-    public final static String ON_HOLD = "on-hold";
-    public final static String OFF_HOLD = "off-hold";
-
-    public final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
-            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
-    public final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
-            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
-
-    long startTime;
-
-    ICertificateAuthority authority;
-    ICertificateRepository repo;
-    IRequestQueue requestQueue;
-    IPublisherProcessor publisherProcessor;
-
-    String initiative;
-    RequestId requestID;
-    CertId serialNumber;
-    RevocationReason revocationReason;
-    Date invalidityDate;
-    String comments;
-    String requestType;
-
-    CRLExtensions entryExtn;
-    Collection<X509CertImpl> certificates = new ArrayList<X509CertImpl>();
-    Collection<RevokedCertImpl> revCertImpls = new ArrayList<RevokedCertImpl>();
-    IRequest request;
-    RequestStatus requestStatus;
-
-    public RevocationProcessor(String id, Locale locale) throws EPropertyNotFound, EBaseException {
-        super(id, locale);
-    }
-
-    public ICertificateAuthority getAuthority() {
-        return authority;
-    }
-
-    public void setAuthority(ICertificateAuthority authority) {
-        this.authority = authority;
-        repo = authority.getCertificateRepository();
-        requestQueue = authority.getRequestQueue();
-        publisherProcessor = authority.getPublisherProcessor();
-    }
-
-    public long getStartTime() {
-        return startTime;
-    }
-
-    public void setStartTime(long startTime) {
-        this.startTime = startTime;
-    }
-
-    public String getInitiative() {
-        return initiative;
-    }
-
-    public void setInitiative(String initiative) {
-        this.initiative = initiative;
-    }
-
-    public RequestId getRequestID() {
-        return requestID;
-    }
-
-    public void setRequestID(RequestId requestID) {
-        this.requestID = requestID;
-    }
-
-    public CertId getSerialNumber() {
-        return serialNumber;
-    }
-
-    public void setSerialNumber(CertId serialNumber) {
-        this.serialNumber = serialNumber;
-    }
-
-    public RevocationReason getRevocationReason() {
-        return revocationReason;
-    }
-
-    public void setRevocationReason(RevocationReason revocationReason) {
-        this.revocationReason = revocationReason;
-    }
-
-    public Date getInvalidityDate() {
-        return invalidityDate;
-    }
-
-    public void setInvalidityDate(Date invalidityDate) {
-        this.invalidityDate = invalidityDate;
-    }
-
-    public String getComments() {
-        return comments;
-    }
-
-    public void setComments(String comments) {
-        this.comments = comments;
-    }
-
-    public String getRequestType() {
-        return requestType;
-    }
-
-    public void setRequestType(String requestType) {
-        this.requestType = requestType;
-    }
-
-    public RequestStatus getRequestStatus() {
-        return requestStatus;
-    }
-
-    public void setRequestStatus(RequestStatus requestStatus) {
-        this.requestStatus = requestStatus;
-    }
-
-    public void addCertificate(X509CertImpl cert) {
-        certificates.add(cert);
-    }
-
-    public Collection<X509CertImpl> getCertificates() {
-        return certificates;
-    }
-
-    public IRequest getRequest() {
-        return request;
-    }
-
-    public boolean isMemberOfSubsystemGroup(X509Certificate clientCert) {
-
-        if (clientCert == null) {
-            return false;
-        }
-
-        try {
-            X509Certificate certChain[] = new X509Certificate[1];
-            certChain[0] = clientCert;
-
-            IUser user = ul.locateUser(new Certificates(certChain));
-            return ug.isMemberOf(user, "Subsystem Group");
-
-        } catch (Exception e) {
-            CMS.debug("RevocationProcessor:  Failed to map certificate '" +
-                    clientCert.getSubjectDN().getName() + "' to user.");
-            return false;
-        }
-    }
-
-    public void validateCertificateToRevoke(String subjectDN, ICertRecord targetRecord, boolean revokingCACert) {
-
-        X509CertImpl targetCert = targetRecord.getCertificate();
-        BigInteger targetSerialNumber = targetCert.getSerialNumber();
-        Principal targetSubjectDN = targetCert.getSubjectDN();
-
-        // Verify the subject DN matches the target cert's subject DN.
-        // Agent has null subject DN so he can revoke any certificate.
-        // Other users can only revoke their own certificate.
-        if (subjectDN != null && !subjectDN.equals(targetSubjectDN.toString())) {
-            throw new UnauthorizedException(
-                    "Certificate 0x" + targetSerialNumber.toString(16) + " belongs to different subject.");
-        }
-
-        boolean targetIsCACert = isSystemCertificate(targetCert);
-
-        // If not revoking CA cert verify target cert is not CA cert.
-        if (!revokingCACert && targetIsCACert) {
-            throw new UnauthorizedException(
-                    "Certificate 0x" + targetSerialNumber.toString(16) + " is a CA signing certificate");
-        }
-
-        // If revoking CA Cert verify target cert is CA cert.
-        if (revokingCACert && !targetIsCACert) {
-            throw new UnauthorizedException(
-                    "Certificate 0x" + targetSerialNumber.toString(16) + " is not a CA signing certificate");
-        }
-
-        // Verify target cert is not already revoked.
-        if (targetRecord.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
-            throw new BadRequestException(
-                    CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", targetSerialNumber.toString(16)));
-        }
-    }
-
-    public void addCertificateToRevoke(X509CertImpl cert) {
-        addCertificate(cert);
-        revCertImpls.add(new RevokedCertImpl(cert.getSerialNumber(), CMS.getCurrentDate(), entryExtn));
-    }
-
-    public void addSerialNumberToUnrevoke(BigInteger serialNumber) throws EBaseException {
-        ICertRecord record = getCertificateRecord(serialNumber);
-        X509CertImpl cert = record.getCertificate();
-        addCertificate(cert);
-    }
-
-    public ICertRecord[] getCertificateRecords(BigInteger[] serialNumbers) throws EBaseException {
-        ICertRecord[] records = new ICertRecord[serialNumbers.length];
-        for (int i=0; i<serialNumbers.length; i++) {
-            records[i] = getCertificateRecord(serialNumbers[i]);
-        }
-        return records;
-    }
-
-    public ICertRecord getCertificateRecord(CertId id) throws EBaseException {
-        return getCertificateRecord(id.toBigInteger());
-    }
-
-    public ICertRecord getCertificateRecord(BigInteger serialNumber) throws EBaseException {
-        return repo.readCertificateRecord(serialNumber);
-    }
-
-    public X509CertImpl[] getCertificates(ICertRecord[] records) throws EBaseException {
-        X509CertImpl[] certs = new X509CertImpl[records.length];
-        for (int i=0; i<records.length; i++) {
-            certs[i] = records[i].getCertificate();
-        }
-        return certs;
-    }
-
-    public void createCRLExtension() throws IOException {
-
-        // Construct a CRL extension for this request.
-        entryExtn = new CRLExtensions();
-
-        // Construct a CRL reason code extension.
-        CRLReasonExtension crlReasonExtn = new CRLReasonExtension(revocationReason);
-        entryExtn.set(crlReasonExtn.getName(), crlReasonExtn);
-
-        // Construct a CRL invalidity date extension.
-        if (invalidityDate != null) {
-            InvalidityDateExtension invalidityDateExtn = new InvalidityDateExtension(invalidityDate);
-            entryExtn.set(invalidityDateExtn.getName(), invalidityDateExtn);
-        }
-    }
-
-    public void createRevocationRequest() throws EBaseException {
-
-        request = requestQueue.newRequest(IRequest.REVOCATION_REQUEST);
-
-        request.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST);
-
-        request.setExtData(IRequest.OLD_CERTS, certificates.toArray(new X509CertImpl[certificates.size()]));
-        request.setExtData(IRequest.CERT_INFO, revCertImpls.toArray(new RevokedCertImpl[revCertImpls.size()]));
-
-        if (AuditFormat.FROMUSER.equals(initiative)) {
-            request.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE);
-        } else {
-            request.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
-        }
-
-        if (comments != null) {
-            request.setExtData(IRequest.REQUESTOR_COMMENTS, comments);
-        }
-
-        request.setExtData(IRequest.REVOKED_REASON, revocationReason.toInt());
-    }
-
-    public void processRevocationRequest() throws EBaseException {
-
-        requestQueue.processRequest(request);
-        requestStatus = request.getRequestStatus();
-
-        CMS.debug("revokeCert: status: " + requestStatus);
-
-        String type = request.getRequestType();
-
-        // The SVC_PENDING check has been added for the Cloned CA request
-        // that is meant for the Master CA. From Clone's point of view
-        // the request is complete
-
-        if (requestStatus == RequestStatus.COMPLETE
-                || requestStatus == RequestStatus.SVC_PENDING
-                    && type.equals(IRequest.CLA_CERT4CRL_REQUEST)) {
-
-            // audit log the error
-            Integer result = request.getExtDataInInteger(IRequest.RESULT);
-
-            if (result.equals(IRequest.RES_ERROR)) {
-                String[] svcErrors = request.getExtDataInStringArray(IRequest.SVCERRORS);
-
-                if (svcErrors != null) {
-                    for (String err : svcErrors) {
-                        //cmsReq.setErrorDescription(err);
-                        for (X509CertImpl cert : certificates) {
-                            logRevoke(
-                                    request, cert,
-                                    "completed with error: " + err,
-                                    revocationReason.toString());
-                        }
-                    }
-                }
-
-                throw new EBaseException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
-            }
-
-            long endTime = CMS.getCurrentDate().getTime();
-
-            // audit log the success.
-            for (X509CertImpl cert : certificates) {
-                logRevoke(request, cert,
-                        "completed",
-                        revocationReason + " time: " + (endTime - startTime));
-            }
-
-        } else {
-
-            // audit log the pending, revoked and rest
-            for (X509CertImpl cert : certificates) {
-                logRevoke(request, cert,
-                        requestStatus.toString(),
-                        revocationReason.toString());
-            }
-        }
-    }
-
-    public void createUnrevocationRequest() throws EBaseException {
-
-        request = requestQueue.newRequest(IRequest.UNREVOCATION_REQUEST);
-
-        request.setExtData(IRequest.REQ_TYPE, IRequest.UNREVOCATION_REQUEST);
-
-        Collection<BigInteger> serialNumbers = new ArrayList<BigInteger>();
-        for (X509CertImpl cert : certificates) {
-            serialNumbers.add(cert.getSerialNumber());
-        }
-        request.setExtData(IRequest.OLD_SERIALS, serialNumbers.toArray(new BigInteger[serialNumbers.size()]));
-        request.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
-    }
-
-    public void processUnrevocationRequest() throws EBaseException {
-
-        requestQueue.processRequest(request);
-        requestStatus = request.getRequestStatus();
-
-        String type = request.getRequestType();
-
-        if (requestStatus == RequestStatus.COMPLETE
-                || requestStatus == RequestStatus.SVC_PENDING && type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) {
-
-            Integer result = request.getExtDataInInteger(IRequest.RESULT);
-
-            if (result != null && result.equals(IRequest.RES_SUCCESS)) {
-                for (X509CertImpl cert : certificates) {
-                    logUnrevoke(request, cert, "completed");
-                }
-
-            } else {
-                String error = request.getExtDataInString(IRequest.ERROR);
-                for (X509CertImpl cert : certificates) {
-                    logUnrevoke(request, cert, "completed with error: " + error);
-                }
-            }
-
-        } else {
-            for (X509CertImpl cert : certificates) {
-                logUnrevoke(request, cert, requestStatus.toString());
-            }
-        }
-    }
-
-    /**
-     * A system certificate such as the CA signing certificate
-     * should not be allowed to delete.
-     * The main purpose is to avoid revoking the self signed
-     * CA certificate accidentally.
-     */
-    public boolean isSystemCertificate(X509Certificate cert) {
-
-        X509Certificate caCert = authority.getCACert();
-        if (caCert == null)
-            return false;
-
-        // check whether it's a CA certificate
-        if (!caCert.getSerialNumber().equals(cert.getSerialNumber()))
-            return false;
-
-        // check whether it's a self-signed we certificate
-        return caCert.getSubjectDN().equals(caCert.getIssuerDN());
-    }
-
-    public void logRevoke(IRequest revocationRequest, X509Certificate cert, String status, String message) {
-
-        if (logger == null)
-            return;
-
-        logger.log(
-                ILogger.EV_AUDIT,
-                ILogger.S_OTHER,
-                AuditFormat.LEVEL,
-                AuditFormat.DOREVOKEFORMAT,
-                new Object[] {
-                        revocationRequest.getRequestId(),
-                        initiative,
-                        status,
-                        cert.getSubjectDN(),
-                        cert.getSerialNumber().toString(16),
-                        message
-                });
-    }
-
-    public void logUnrevoke(IRequest unrevocationRequest, X509Certificate cert, String status) {
-
-        if (logger == null)
-            return;
-
-        logger.log(
-                ILogger.EV_AUDIT,
-                ILogger.S_OTHER,
-                AuditFormat.LEVEL,
-                AuditFormat.DOUNREVOKEFORMAT,
-                new Object[] {
-                        unrevocationRequest.getRequestId(),
-                        initiative,
-                        status,
-                        cert.getSubjectDN(),
-                        cert.getSerialNumber().toString(16),
-                });
-    }
-
-    public void auditChangeRequest(String status) {
-
-        if (auditor == null)
-            return;
-
-        String auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                auditor.getSubjectID(),
-                status,
-                requestID == null ? ILogger.UNIDENTIFIED : requestID.toString(),
-                serialNumber == null ? ILogger.SIGNED_AUDIT_EMPTY_VALUE : serialNumber.toHexString(),
-                requestType);
-
-        auditor.log(auditMessage);
-    }
-
-    public void auditChangeRequestProcessed(String status) {
-
-        if (auditor == null)
-            return;
-
-        // store a message in the signed audit log file
-        // if and only if "requestStatus" is
-        // "complete", "revoked", or "canceled"
-
-        if (!(requestStatus == RequestStatus.COMPLETE
-                || requestStatus == RequestStatus.REJECTED
-                || requestStatus == RequestStatus.CANCELED)) return;
-
-        String auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                auditor.getSubjectID(),
-                status,
-                requestID == null ? ILogger.UNIDENTIFIED : requestID.toString(),
-                serialNumber == null ? ILogger.SIGNED_AUDIT_EMPTY_VALUE : serialNumber.toHexString(),
-                requestType,
-                String.valueOf(revocationReason.toInt()),
-                requestStatus == null ? ILogger.SIGNED_AUDIT_EMPTY_VALUE : requestStatus.toString());
-
-        auditor.log(auditMessage);
-    }
-
-    public void log(int level, String message) {
-        log(ILogger.S_CA, level, message);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java b/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java
deleted file mode 100644
index ec77d1cec..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java
+++ /dev/null
@@ -1,394 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Map;
-import java.util.Random;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * Perform the first step in revoking a certificate
- *
- * @version $Revision$, $Date$
- */
-public class RevocationServlet extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = -9086730404084717413L;
-    private final static String PROP_REVOKEBYDN = "revokeByDN";
-    // revocation templates.
-    private final static String TPL_FILE = "reasonToRevoke.template";
-
-    // http params
-    public static final String SERIAL_NO = "serialNo";
-    // XXX can't do pkcs10 cause it's got no serial no.
-    // (unless put serial no in pki attributes)
-    // public static final String PKCS10 = "pkcs10";
-    public static final String REASON_CODE = "reasonCode";
-
-    private String mFormPath = null;
-    private boolean mRevokeByDN = true;
-
-    private Random mRandom = null;
-
-    public RevocationServlet() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses
-     * the template file "reasonToRevoke.template" to render the
-     * result.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        // override success template. has same info as enrollment.
-        mTemplates.remove(ICMSRequest.SUCCESS);
-
-        mFormPath = "/" + TPL_FILE;
-        try {
-            mFormPath = sc.getInitParameter(
-                        PROP_SUCCESS_TEMPLATE);
-            if (mFormPath == null)
-                mFormPath = "/" + TPL_FILE;
-
-            if (mAuthority instanceof ICertificateAuthority) {
-                if (((ICertificateAuthority) mAuthority).noncesEnabled()) {
-                    mRandom = new Random();
-                }
-            }
-
-            // set to false by revokeByDN=false in web.xml
-            mRevokeByDN = false;
-            String tmp = sc.getInitParameter(PROP_REVOKEBYDN);
-
-            if (tmp == null || tmp.trim().equalsIgnoreCase("false"))
-                mRevokeByDN = false;
-            else if (tmp.trim().equalsIgnoreCase("true"))
-                mRevokeByDN = true;
-        } catch (Exception e) {
-        }
-    }
-
-    /**
-     * Process the HTTP request. Note that this servlet does not
-     * actually perform the certificate revocation. This is the first
-     * step in the multi-step revocation process. (the next step is
-     * in the ReasonToRevoke servlet.
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq)
-            throws EBaseException {
-        IArgBlock httpParams = cmsReq.getHttpParams();
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        // revocation requires either:
-        //  - coming from ee:
-        //		- old cert from ssl client auth
-        //		- old certs from auth manager
-        // 	- coming from agent or trusted RA:
-        //  	- serial no of cert to be revoked.
-
-        BigInteger old_serial_no = null;
-        X509CertImpl old_cert = null;
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, httpReq, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock ctx = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "submit");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        // coming from agent
-        if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
-            X509Certificate[] cert = new X509Certificate[1];
-
-            old_serial_no = getCertFromAgent(httpParams, cert);
-            old_cert = (X509CertImpl) cert[0];
-        } // coming from client
-        else {
-            // from auth manager
-            X509CertImpl[] cert = new X509CertImpl[1];
-
-            old_serial_no = getCertFromAuthMgr(authToken, cert);
-            old_cert = cert[0];
-        }
-
-        header.addStringValue("serialNumber", old_cert.getSerialNumber().toString(16));
-        header.addStringValue("serialNumberDecimal", old_cert.getSerialNumber().toString());
-        //		header.addStringValue("subject", old_cert.getSubjectDN().toString());
-        //		header.addLongValue("validNotBefore", old_cert.getNotBefore().getTime()/1000);
-        //		header.addLongValue("validNotAfter", old_cert.getNotAfter().getTime()/1000);
-
-        boolean noInfo = false;
-        X509CertImpl[] certsToRevoke = null;
-
-        if (mAuthority instanceof ICertificateAuthority) {
-
-            if (certAuthority.noncesEnabled()) {
-                // generate nonce
-                long n = mRandom.nextLong();
-                // store nonce in session
-                Map<Object, Long> nonces = certAuthority.getNonces(cmsReq.getHttpReq(), "cert-revoke");
-                nonces.put(old_serial_no, n);
-                // return serial number and nonce to client
-                header.addStringValue("nonce", old_serial_no+":"+n);
-            }
-
-            certsToRevoke = ((ICertificateAuthority) mAuthority).getCertificateRepository().getX509Certificates(
-                        old_cert.getSubjectDN().toString(),
-                        ICertificateRepository.ALL_UNREVOKED_CERTS);
-
-        } else if (mAuthority instanceof IRegistrationAuthority) {
-            IRequest req = mRequestQueue.newRequest(IRequest.GETCERTS_REQUEST);
-            String filter = "(&(" + ICertRecord.ATTR_X509CERT + "." +
-                    X509CertInfo.SUBJECT + "=" +
-                    old_cert.getSubjectDN().toString() + ")(|(" +
-                    ICertRecord.ATTR_CERT_STATUS + "=" +
-                    ICertRecord.STATUS_VALID + ")(" +
-                    ICertRecord.ATTR_CERT_STATUS + "=" +
-                    ICertRecord.STATUS_EXPIRED + ")))";
-
-            req.setExtData(IRequest.CERT_FILTER, filter);
-            mRequestQueue.processRequest(req);
-            RequestStatus status = req.getRequestStatus();
-
-            if (status == RequestStatus.COMPLETE) {
-                header.addStringValue("request", req.getRequestId().toString());
-                Enumeration<String> enum1 = req.getExtDataKeys();
-
-                while (enum1.hasMoreElements()) {
-                    String name = enum1.nextElement();
-
-                    if (name.equals(IRequest.OLD_CERTS)) {
-                        X509CertImpl[] certs = req.getExtDataInCertArray(IRequest.OLD_CERTS);
-
-                        certsToRevoke = certs;
-                    }
-                }
-            } else {
-                noInfo = true;
-            }
-        }
-
-        boolean authorized = false;
-
-        if (certsToRevoke != null && certsToRevoke.length > 0) {
-            for (int i = 0; i < certsToRevoke.length; i++) {
-                if (old_cert.getSerialNumber().equals(certsToRevoke[i].getSerialNumber())) {
-                    authorized = true;
-                    break;
-                }
-            }
-        }
-
-        if (!noInfo && (certsToRevoke == null || certsToRevoke.length == 0 ||
-                (!authorized))) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CA_CERT_ALREADY_REVOKED_1", old_serial_no.toString(16)));
-            throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CERT_ALREADY_REVOKED"));
-        }
-
-        if (!mRevokeByDN || noInfo) {
-            certsToRevoke = new X509CertImpl[1];
-            certsToRevoke[0] = old_cert;
-            try {
-                byte[] ba = old_cert.getEncoded();
-                // Do base 64 encoding
-
-                header.addStringValue("b64eCertificate", Utils.base64encode(ba));
-            } catch (CertificateEncodingException e) {
-            }
-        }
-
-        if (certsToRevoke != null && certsToRevoke.length > 0) {
-            header.addIntegerValue("totalRecordCount", certsToRevoke.length);
-            header.addIntegerValue("verifiedRecordCount", certsToRevoke.length);
-
-            for (int i = 0; i < certsToRevoke.length; i++) {
-                IArgBlock rarg = CMS.createArgBlock();
-
-                rarg.addStringValue("serialNumber",
-                        certsToRevoke[i].getSerialNumber().toString(16));
-                rarg.addStringValue("serialNumberDecimal",
-                        certsToRevoke[i].getSerialNumber().toString());
-                rarg.addStringValue("subject",
-                        certsToRevoke[i].getSubjectDN().toString());
-                rarg.addLongValue("validNotBefore",
-                        certsToRevoke[i].getNotBefore().getTime() / 1000);
-                rarg.addLongValue("validNotAfter",
-                        certsToRevoke[i].getNotAfter().getTime() / 1000);
-                argSet.addRepeatRecord(rarg);
-            }
-        } else {
-            header.addIntegerValue("totalRecordCount", 0);
-            header.addIntegerValue("verifiedRecordCount", 0);
-        }
-
-        // set revocation reason, default to unspecified if not set.
-        int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0);
-
-        header.addIntegerValue("reason", reasonCode);
-
-        try {
-            ServletOutputStream out = httpResp.getOutputStream();
-
-            httpResp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        return;
-    }
-
-    /**
-     * get cert to revoke from agent.
-     */
-    private BigInteger getCertFromAgent(
-            IArgBlock httpParams, X509Certificate[] certContainer)
-            throws EBaseException {
-        BigInteger serialno = null;
-        X509Certificate cert = null;
-
-        // get serial no
-        serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null);
-        if (serialno == null) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE"));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE"));
-        }
-
-        // get cert from db if we're cert authority.
-        if (mAuthority instanceof ICertificateAuthority) {
-            cert = getX509Certificate(serialno);
-            if (cert == null) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION"));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
-            }
-        }
-        certContainer[0] = cert;
-        return serialno;
-    }
-
-    /**
-     * get cert to revoke from auth manager
-     */
-    private BigInteger getCertFromAuthMgr(
-            IAuthToken authToken, X509Certificate[] certContainer)
-            throws EBaseException {
-        X509CertImpl cert =
-                authToken.getInCert(AuthToken.TOKEN_CERT);
-
-        if (cert == null) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
-        }
-        if (mAuthority instanceof ICertificateAuthority &&
-                !isCertFromCA(cert)) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION"));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
-        }
-        certContainer[0] = cert;
-        BigInteger serialno = ((X509Certificate) cert).getSerialNumber();
-
-        return serialno;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java b/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java
deleted file mode 100644
index 2fce3e6e1..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java
+++ /dev/null
@@ -1,96 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.util.Locale;
-
-import javax.servlet.http.HttpServletRequest;
-
-import netscape.security.x509.RevokedCertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-
-/**
- * Certificates Template filler.
- * must have list of certificates in result.
- * looks at inputs: certtype.
- * outputs:
- * - cert type from http input (if any)
- * - CA chain
- * - authority name (RM, CM, DRM)
- * - scheme:host:port of server.
- * array of one or more
- * - cert serial number
- * - cert pretty print
- * - cert in base 64 encoding.
- * - cmmf blob to import
- *
- * @version $Revision$, $Date$
- */
-class RevocationSuccessTemplateFiller implements ICMSTemplateFiller {
-    public final static String SERIAL_NO = "serialNo";
-
-    public RevocationSuccessTemplateFiller() {
-    }
-
-    /**
-     * @param cmsReq CMS Request
-     * @param authority this authority
-     * @param locale locale of template.
-     * @param e unexpected exception e. ignored.
-     */
-    public CMSTemplateParams getTemplateParams(
-            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
-            throws Exception {
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams params = new CMSTemplateParams(null, fixed);
-
-        // set host name and port.
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        String host = httpReq.getServerName();
-        int port = httpReq.getServerPort();
-        String scheme = httpReq.getScheme();
-
-        fixed.set(ICMSTemplateFiller.HOST, host);
-        fixed.set(ICMSTemplateFiller.PORT, Integer.valueOf(port));
-        fixed.set(ICMSTemplateFiller.SCHEME, scheme);
-
-        // this authority
-        fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName());
-
-        // XXX CA chain.
-
-        RevokedCertImpl[] revoked =
-                (RevokedCertImpl[]) cmsReq.getResult();
-
-        // revoked certs.
-        for (int i = 0; i < revoked.length; i++) {
-            IArgBlock repeat = CMS.createArgBlock();
-
-            repeat.set(SERIAL_NO, revoked[i].getSerialNumber());
-            params.addRepeatRecord(repeat);
-        }
-
-        return params;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java b/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
deleted file mode 100644
index 508a8df70..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
+++ /dev/null
@@ -1,761 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.security.PublicKey;
-import java.util.Calendar;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.provider.RSAPublicKey;
-import netscape.security.x509.CRLExtensions;
-import netscape.security.x509.CRLReasonExtension;
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.Extension;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509Key;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.dbs.certdb.IRevocationInfo;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-import com.netscape.cmsutil.ldap.LDAPUtil;
-
-/**
- * Search for certificates matching complex query filter
- *
- * @version $Revision$, $Date$
- */
-public class SrchCerts extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -5876805830088921643L;
-    private final static String TPL_FILE = "srchCert.template";
-    private final static String PROP_MAX_SEARCH_RETURNS = "maxSearchReturns";
-
-    private final static String CURRENT_TIME = "currentTime";
-    private final static int MAX_RESULTS = 1000;
-
-    private ICertificateRepository mCertDB = null;
-    private X500Name mAuthName = null;
-    private String mFormPath = null;
-    private int mMaxReturns = MAX_RESULTS;
-    private int mTimeLimits = 30; /* in seconds */
-    private boolean mUseClientFilter = false;
-
-    /**
-     * Constructs query key servlet.
-     */
-    public SrchCerts() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses srchCert.template
-     * to render the response
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        // override success to render own template.
-        mTemplates.remove(ICMSRequest.SUCCESS);
-
-        if (mAuthority instanceof ISubsystem) {
-            ISubsystem sub = mAuthority;
-            IConfigStore authConfig = sub.getConfigStore();
-
-            if (authConfig != null) {
-                try {
-                    mMaxReturns = authConfig.getInteger(PROP_MAX_SEARCH_RETURNS, MAX_RESULTS);
-                } catch (EBaseException e) {
-                    // do nothing
-                }
-            }
-        }
-        if (mAuthority instanceof ICertificateAuthority) {
-            ICertificateAuthority ca = (ICertificateAuthority) mAuthority;
-
-            mCertDB = ca.getCertificateRepository();
-            mAuthName = ca.getX500Name();
-        }
-
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-
-        /* Server-Side time limit */
-        try {
-            int maxResults = Integer.parseInt(sc.getInitParameter("maxResults"));
-            if (maxResults < mMaxReturns)
-                mMaxReturns = maxResults;
-        } catch (Exception e) {
-            /* do nothing, just use the default if integer parsing failed */
-        }
-        try {
-            mTimeLimits = Integer.parseInt(sc.getInitParameter("timeLimits"));
-        } catch (Exception e) {
-            /* do nothing, just use the default if integer parsing failed */
-        }
-
-        /* useClientFilter should be off by default. We keep
-           this parameter around so that we do not break
-           the client applications that submits raw LDAP
-           filter into this servlet.  */
-        if (sc.getInitParameter("useClientFilter") != null &&
-                sc.getInitParameter("useClientFilter").equalsIgnoreCase("true")) {
-            mUseClientFilter = true;
-        }
-    }
-
-    private boolean isOn(HttpServletRequest req, String name) {
-        String inUse = req.getParameter(name);
-        if (inUse == null) {
-            return false;
-        }
-        if (inUse.equals("on")) {
-            return true;
-        }
-        return false;
-    }
-
-    private boolean isOff(HttpServletRequest req, String name) {
-        String inUse = req.getParameter(name);
-        if (inUse == null) {
-            return false;
-        }
-        if (inUse.equals("off")) {
-            return true;
-        }
-        return false;
-    }
-
-    private void buildCertStatusFilter(HttpServletRequest req, StringBuffer filter) {
-        if (!isOn(req, "statusInUse")) {
-            return;
-        }
-        String status = req.getParameter("status");
-        filter.append("(certStatus=");
-        filter.append(status);
-        filter.append(")");
-    }
-
-    private void buildProfileFilter(HttpServletRequest req, StringBuffer filter) {
-        if (!isOn(req, "profileInUse")) {
-            return;
-        }
-        String profile = req.getParameter("profile");
-        filter.append("(certMetaInfo=profileId:");
-        filter.append(profile);
-        filter.append(")");
-    }
-
-    private void buildBasicConstraintsFilter(HttpServletRequest req, StringBuffer filter) {
-        if (!isOn(req, "basicConstraintsInUse")) {
-            return;
-        }
-        filter.append("(x509cert.BasicConstraints.isCA=on)");
-    }
-
-    private void buildSerialNumberRangeFilter(HttpServletRequest req, StringBuffer filter) {
-        if (!isOn(req, "serialNumberRangeInUse")) {
-            return;
-        }
-        boolean changed = false;
-        String serialFrom = req.getParameter("serialFrom");
-        if (serialFrom != null && !serialFrom.equals("")) {
-            filter.append("(certRecordId>=" + serialFrom + ")");
-            changed = true;
-        }
-        String serialTo = req.getParameter("serialTo");
-        if (serialTo != null && !serialTo.equals("")) {
-            filter.append("(certRecordId<=" + serialTo + ")");
-            changed = true;
-        }
-        if (!changed) {
-            filter.append("(certRecordId=*)");
-        }
-    }
-
-    private void buildAVAFilter(HttpServletRequest req, String paramName,
-                                 String avaName, StringBuffer lf, String match) {
-        String val = req.getParameter(paramName);
-        if (val != null && !val.equals("")) {
-            if (match != null && match.equals("exact")) {
-                lf.append("(|");
-                lf.append("(x509cert.subject=*");
-                lf.append(avaName);
-                lf.append("=");
-                lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeRDNValue(val)));
-                lf.append(",*)");
-                lf.append("(x509cert.subject=*");
-                lf.append(avaName);
-                lf.append("=");
-                lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeRDNValue(val)));
-                lf.append(")");
-                lf.append(")");
-            } else {
-                lf.append("(x509cert.subject=*");
-                lf.append(avaName);
-                lf.append("=");
-                lf.append("*");
-                lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeRDNValue(val)));
-                lf.append("*)");
-            }
-        }
-    }
-
-    private void buildSubjectFilter(HttpServletRequest req, StringBuffer filter) {
-        if (!isOn(req, "subjectInUse")) {
-            return;
-        }
-        StringBuffer lf = new StringBuffer();
-        String match = req.getParameter("match");
-
-        buildAVAFilter(req, "eMail", "E", lf, match);
-        buildAVAFilter(req, "commonName", "CN", lf, match);
-        buildAVAFilter(req, "userID", "UID", lf, match);
-        buildAVAFilter(req, "orgUnit", "OU", lf, match);
-        buildAVAFilter(req, "org", "O", lf, match);
-        buildAVAFilter(req, "locality", "L", lf, match);
-        buildAVAFilter(req, "state", "ST", lf, match);
-        buildAVAFilter(req, "country", "C", lf, match);
-
-        if (lf.length() == 0) {
-            filter.append("(x509cert.subject=*)");
-            return;
-        }
-        if (match.equals("exact")) {
-            filter.append("(&");
-            filter.append(lf);
-            filter.append(")");
-        } else {
-            filter.append("(|");
-            filter.append(lf);
-            filter.append(")");
-        }
-    }
-
-    private void buildRevokedByFilter(HttpServletRequest req,
-                                      StringBuffer filter) {
-        if (!isOn(req, "revokedByInUse")) {
-            return;
-        }
-        String revokedBy = req.getParameter("revokedBy");
-        if (revokedBy == null || revokedBy.equals("")) {
-            filter.append("(certRevokedBy=*)");
-        } else {
-            filter.append("(certRevokedBy=");
-            filter.append(revokedBy);
-            filter.append(")");
-        }
-    }
-
-    private void buildDateFilter(HttpServletRequest req, String prefix,
-                                   String outStr, long adjustment,
-                                   StringBuffer filter) {
-        long epoch = 0;
-        try {
-            epoch = Long.parseLong(req.getParameter(prefix));
-        } catch (NumberFormatException e) {
-            // exception safely ignored
-        }
-        Calendar from = Calendar.getInstance();
-        from.setTimeInMillis(epoch);
-        CMS.debug("buildDateFilter epoch=" + req.getParameter(prefix));
-        CMS.debug("buildDateFilter from=" + from);
-        filter.append("(");
-        filter.append(outStr);
-        filter.append(Long.toString(from.getTimeInMillis() + adjustment));
-        filter.append(")");
-    }
-
-    private void buildRevokedOnFilter(HttpServletRequest req,
-                                      StringBuffer filter) {
-        if (!isOn(req, "revokedOnInUse")) {
-            return;
-        }
-        buildDateFilter(req, "revokedOnFrom", "certRevokedOn>=", 0, filter);
-        buildDateFilter(req, "revokedOnTo", "certRevokedOn<=", 86399999,
-                        filter);
-    }
-
-    private void buildRevocationReasonFilter(HttpServletRequest req,
-                                             StringBuffer filter) {
-        if (!isOn(req, "revocationReasonInUse")) {
-            return;
-        }
-        String reasons = req.getParameter("revocationReason");
-        if (reasons == null) {
-            return;
-        }
-        String queryCertFilter = null;
-        StringTokenizer st = new StringTokenizer(reasons, ",");
-        if (st.hasMoreTokens()) {
-            filter.append("(|");
-            while (st.hasMoreTokens()) {
-                String token = st.nextToken();
-                if (queryCertFilter == null) {
-                    queryCertFilter = "";
-                }
-                filter.append("(x509cert.certRevoInfo=");
-                filter.append(token);
-                filter.append(")");
-            }
-            filter.append(")");
-        }
-    }
-
-    private void buildIssuedByFilter(HttpServletRequest req,
-                                      StringBuffer filter) {
-        if (!isOn(req, "issuedByInUse")) {
-            return;
-        }
-        String issuedBy = req.getParameter("issuedBy");
-        if (issuedBy == null || issuedBy.equals("")) {
-            filter.append("(certIssuedBy=*)");
-        } else {
-            filter.append("(certIssuedBy=");
-            filter.append(issuedBy);
-            filter.append(")");
-        }
-    }
-
-    private void buildIssuedOnFilter(HttpServletRequest req,
-                                      StringBuffer filter) {
-        if (!isOn(req, "issuedOnInUse")) {
-            return;
-        }
-        buildDateFilter(req, "issuedOnFrom", "certCreateTime>=", 0, filter);
-        buildDateFilter(req, "issuedOnTo", "certCreateTime<=", 86399999,
-                        filter);
-    }
-
-    private void buildValidNotBeforeFilter(HttpServletRequest req,
-                                      StringBuffer filter) {
-        if (!isOn(req, "validNotBeforeInUse")) {
-            return;
-        }
-        buildDateFilter(req, "validNotBeforeFrom", "x509cert.notBefore>=",
-                        0, filter);
-        buildDateFilter(req, "validNotBeforeTo", "x509cert.notBefore<=",
-                        86399999, filter);
-    }
-
-    private void buildValidNotAfterFilter(HttpServletRequest req,
-                                      StringBuffer filter) {
-        if (!isOn(req, "validNotAfterInUse")) {
-            return;
-        }
-        buildDateFilter(req, "validNotAfterFrom", "x509cert.notAfter>=",
-                        0, filter);
-        buildDateFilter(req, "validNotAfterTo", "x509cert.notAfter<=",
-                        86399999, filter);
-    }
-
-    private void buildValidityLengthFilter(HttpServletRequest req,
-                                      StringBuffer filter) {
-        if (!isOn(req, "validityLengthInUse")) {
-            return;
-        }
-        String op = req.getParameter("validityOp");
-        long count = 0;
-        try {
-            count = Long.parseLong(req.getParameter("count"));
-        } catch (NumberFormatException e) {
-            // safely ignore
-        }
-        long unit = 0;
-        try {
-            unit = Long.parseLong(req.getParameter("unit"));
-        } catch (NumberFormatException e) {
-            // safely ignore
-        }
-        filter.append("(");
-        filter.append("x509cert.duration");
-        filter.append(op);
-        filter.append(count * unit);
-        filter.append(")");
-    }
-
-    private void buildCertTypeFilter(HttpServletRequest req,
-                                      StringBuffer filter) {
-        if (!isOn(req, "certTypeInUse")) {
-            return;
-        }
-        if (isOn(req, "SSLClient")) {
-            filter.append("(x509cert.nsExtension.SSLClient=on)");
-        } else if (isOff(req, "SSLClient")) {
-            filter.append("(x509cert.nsExtension.SSLClient=off)");
-        }
-        if (isOn(req, "SSLServer")) {
-            filter.append("(x509cert.nsExtension.SSLServer=on)");
-        } else if (isOff(req, "SSLServer")) {
-            filter.append("(x509cert.nsExtension.SSLServer=off)");
-        }
-        if (isOn(req, "SecureEmail")) {
-            filter.append("(x509cert.nsExtension.SecureEmail=on)");
-        } else if (isOff(req, "SecureEmail")) {
-            filter.append("(x509cert.nsExtension.SecureEmail=off)");
-        }
-        if (isOn(req, "SubordinateSSLCA")) {
-            filter.append("(x509cert.nsExtension.SubordinateSSLCA=on)");
-        } else if (isOff(req, "SubordinateSSLCA")) {
-            filter.append("(x509cert.nsExtension.SubordinateSSLCA=off)");
-        }
-        if (isOn(req, "SubordinateEmailCA")) {
-            filter.append("(x509cert.nsExtension.SubordinateEmailCA=on)");
-        } else if (isOff(req, "SubordinateEmailCA")) {
-            filter.append("(x509cert.nsExtension.SubordinateEmailCA=off)");
-        }
-    }
-
-    public String buildFilter(HttpServletRequest req) {
-        String queryCertFilter = req.getParameter("queryCertFilter");
-
-        StringBuffer filter = new StringBuffer();
-        buildSerialNumberRangeFilter(req, filter);
-        buildSubjectFilter(req, filter);
-        buildRevokedByFilter(req, filter);
-        buildRevokedOnFilter(req, filter);
-        buildRevocationReasonFilter(req, filter);
-        buildIssuedByFilter(req, filter);
-        buildIssuedOnFilter(req, filter);
-        buildValidNotBeforeFilter(req, filter);
-        buildValidNotAfterFilter(req, filter);
-        buildValidityLengthFilter(req, filter);
-        buildCertTypeFilter(req, filter);
-        buildCertStatusFilter(req, filter);
-        buildProfileFilter(req, filter);
-        buildBasicConstraintsFilter(req, filter);
-
-        if (mUseClientFilter) {
-            CMS.debug("useClientFilter=true");
-        } else {
-            CMS.debug("useClientFilter=false");
-            CMS.debug("client queryCertFilter = " + queryCertFilter);
-            queryCertFilter = "(&" + filter.toString() + ")";
-        }
-        CMS.debug("queryCertFilter = " + queryCertFilter);
-        return queryCertFilter;
-    }
-
-    /**
-     * Serves HTTP request. This format of this request is as follows:
-     * queryCert?
-     * [maxCount=<number>]
-     * [queryFilter=<filter>]
-     * [revokeAll=<filter>]
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "list");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        String revokeAll = null;
-        EBaseException error = null;
-        int maxResults = -1;
-        int timeLimit = -1;
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock ctx = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        try {
-            revokeAll = req.getParameter("revokeAll");
-
-            String maxResultsStr = req.getParameter("maxResults");
-
-            if (maxResultsStr != null && maxResultsStr.length() > 0)
-                maxResults = Integer.parseInt(maxResultsStr);
-            String timeLimitStr = req.getParameter("timeLimit");
-
-            if (timeLimitStr != null && timeLimitStr.length() > 0)
-                timeLimit = Integer.parseInt(timeLimitStr);
-
-            String queryCertFilter = buildFilter(req);
-            process(argSet, header, queryCertFilter,
-                    revokeAll, maxResults, timeLimit, req, resp, locale[0]);
-        } catch (NumberFormatException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
-            error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
-        } catch (EBaseException e) {
-            error = e;
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            if (error == null) {
-                String xmlOutput = req.getParameter("xml");
-                if (xmlOutput != null && xmlOutput.equals("true")) {
-                    outputXML(resp, argSet);
-                } else {
-                    cmsReq.setStatus(ICMSRequest.SUCCESS);
-                    resp.setContentType("text/html");
-                    form.renderOutput(out, argSet);
-                }
-            } else {
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                cmsReq.setError(error);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-    }
-
-    /**
-     * Process the key search.
-     */
-    private void process(CMSTemplateParams argSet, IArgBlock header,
-            String filter, String revokeAll,
-            int maxResults, int timeLimit,
-            HttpServletRequest req, HttpServletResponse resp,
-            Locale locale)
-            throws EBaseException {
-        try {
-            long startTime = CMS.getCurrentDate().getTime();
-
-            if (filter.indexOf(CURRENT_TIME, 0) > -1) {
-                filter = insertCurrentTime(filter);
-            }
-
-            // xxx the filter includes serial number range???
-            if (maxResults == -1 || maxResults > mMaxReturns) {
-                CMS.debug("Resetting maximum of returned results from " + maxResults + " to " + mMaxReturns);
-                maxResults = mMaxReturns;
-            }
-            if (timeLimit == -1 || timeLimit > mTimeLimits) {
-                CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits);
-                timeLimit = mTimeLimits;
-            }
-            CMS.debug("Start searching ... "
-                    + "filter=" + filter + " maxreturns=" + maxResults + " timelimit=" + timeLimit);
-            Enumeration<ICertRecord> e = mCertDB.searchCertificates(filter, maxResults, timeLimit);
-
-            int count = 0;
-
-            while (e != null && e.hasMoreElements()) {
-                ICertRecord rec = e.nextElement();
-
-                if (rec != null) {
-                    count++;
-                    IArgBlock rarg = CMS.createArgBlock();
-
-                    fillRecordIntoArg(rec, rarg);
-                    argSet.addRepeatRecord(rarg);
-                }
-            }
-
-            long endTime = CMS.getCurrentDate().getTime();
-
-            header.addStringValue("op", req.getParameter("op"));
-            if (mAuthName != null)
-                header.addStringValue("issuerName", mAuthName.toString());
-            header.addStringValue("time", Long.toString(endTime - startTime));
-            header.addStringValue("serviceURL", req.getRequestURI());
-            header.addStringValue("queryFilter", filter);
-            if (revokeAll != null)
-                header.addStringValue("revokeAll", revokeAll);
-            header.addIntegerValue("totalRecordCount", count);
-            header.addIntegerValue("maxSize", maxResults);
-        } catch (EBaseException e) {
-            CMS.getLogMessage("CMSGW_ERROR_LISTCERTS", e.toString());
-            throw e;
-        }
-        return;
-    }
-
-    private String insertCurrentTime(String filter) {
-        Date now = null;
-        StringBuffer newFilter = new StringBuffer();
-        int k = 0;
-        int i = filter.indexOf(CURRENT_TIME, k);
-
-        while (i > -1) {
-            if (now == null)
-                now = new Date();
-            newFilter.append(filter.substring(k, i));
-            newFilter.append(now.getTime());
-            k = i + CURRENT_TIME.length();
-            i = filter.indexOf(CURRENT_TIME, k);
-        }
-        if (k > 0) {
-            newFilter.append(filter.substring(k, filter.length()));
-        }
-        return newFilter.toString();
-    }
-
-    /**
-     * Fills cert record into argument block.
-     */
-    private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg)
-            throws EBaseException {
-
-        X509CertImpl xcert = rec.getCertificate();
-
-        if (xcert != null) {
-            fillX509RecordIntoArg(rec, rarg);
-        }
-    }
-
-    private void fillX509RecordIntoArg(ICertRecord rec, IArgBlock rarg)
-            throws EBaseException {
-
-        X509CertImpl cert = rec.getCertificate();
-
-        rarg.addIntegerValue("version", cert.getVersion());
-        rarg.addStringValue("serialNumber", cert.getSerialNumber().toString(16));
-        rarg.addStringValue("serialNumberDecimal", cert.getSerialNumber().toString());
-
-        String subject = cert.getSubjectDN().toString();
-
-        if (subject.equals("")) {
-            rarg.addStringValue("subject", " ");
-        } else {
-            rarg.addStringValue("subject", subject);
-
-        }
-
-        rarg.addStringValue("type", "X.509");
-
-        try {
-            PublicKey pKey = cert.getPublicKey();
-            X509Key key = null;
-
-            if (pKey instanceof CertificateX509Key) {
-                CertificateX509Key certKey = (CertificateX509Key) pKey;
-
-                key = (X509Key) certKey.get(CertificateX509Key.KEY);
-            }
-            if (pKey instanceof X509Key) {
-                key = (X509Key) pKey;
-            }
-            rarg.addStringValue("subjectPublicKeyAlgorithm", key.getAlgorithmId().getOID().toString());
-            if (key.getAlgorithmId().toString().equalsIgnoreCase("RSA")) {
-                RSAPublicKey rsaKey = new RSAPublicKey(key.getEncoded());
-
-                rarg.addIntegerValue("subjectPublicKeyLength", rsaKey.getKeySize());
-            }
-        } catch (Exception e) {
-            rarg.addStringValue("subjectPublicKeyAlgorithm", null);
-            rarg.addIntegerValue("subjectPublicKeyLength", 0);
-        }
-
-        rarg.addLongValue("validNotBefore", cert.getNotBefore().getTime() / 1000);
-        rarg.addLongValue("validNotAfter", cert.getNotAfter().getTime() / 1000);
-        rarg.addStringValue("signatureAlgorithm", cert.getSigAlgOID());
-        String issuedBy = rec.getIssuedBy();
-
-        if (issuedBy == null)
-            issuedBy = "";
-        rarg.addStringValue("issuedBy", issuedBy); // cert.getIssuerDN().toString()
-        rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000);
-
-        rarg.addStringValue("revokedBy",
-                ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy()));
-        if (rec.getRevokedOn() == null) {
-            rarg.addStringValue("revokedOn", null);
-        } else {
-            rarg.addLongValue("revokedOn", rec.getRevokedOn().getTime() / 1000);
-
-            IRevocationInfo revocationInfo = rec.getRevocationInfo();
-
-            if (revocationInfo != null) {
-                CRLExtensions crlExts = revocationInfo.getCRLEntryExtensions();
-
-                if (crlExts != null) {
-                    Enumeration<Extension> enum1 = crlExts.getElements();
-                    int reason = 0;
-
-                    while (enum1.hasMoreElements()) {
-                        Extension ext = enum1.nextElement();
-
-                        if (ext instanceof CRLReasonExtension) {
-                            reason = ((CRLReasonExtension) ext).getReason().toInt();
-                            break;
-                        }
-                    }
-                    rarg.addIntegerValue("revocationReason", reason);
-                }
-            }
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java b/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java
deleted file mode 100644
index e39b66555..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java
+++ /dev/null
@@ -1,529 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.CRLExtensions;
-import netscape.security.x509.CRLReasonExtension;
-import netscape.security.x509.InvalidityDateExtension;
-import netscape.security.x509.RevocationReason;
-import netscape.security.x509.RevokedCertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.ca.EErrorPublishCRL;
-import com.netscape.certsrv.ca.ICRLIssuingPoint;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.ILdapRule;
-import com.netscape.certsrv.publish.IPublisherProcessor;
-import com.netscape.certsrv.util.IStatsSubsystem;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Force the CRL to be updated now.
- *
- * @version $Revision$, $Date$
- */
-public class UpdateCRL extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -1182106454856991246L;
-    private final static String TPL_FILE = "updateCRL.template";
-
-    private static Vector<String> mTesting = new Vector<String>();
-
-    private String mFormPath = null;
-    private ICertificateAuthority mCA = null;
-
-    /**
-     * Constructs UpdateCRL servlet.
-     */
-    public UpdateCRL() {
-        super();
-    }
-
-    /**
-     * Initializes the servlet. This servlet uses updateCRL.template
-     * to render the result
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-        if (mAuthority instanceof ICertificateAuthority)
-            mCA = (ICertificateAuthority) mAuthority;
-
-        // override success to do output orw own template.
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param signatureAlgorithm the algorithm to use to sign the CRL
-     * <li>http.param waitForUpdate true/false - should the servlet wait until the CRL update is complete?
-     * <li>http.param clearCRLCache true/false - should the CRL cache cleared before the CRL is generated?
-     * <li>http.param crlIssuingPoint the CRL Issuing Point to Update
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
-        if (statsSub != null) {
-            statsSub.startTiming("crl", true /* main action */);
-        }
-
-        IAuthToken authToken = authenticate(cmsReq);
-        AuthzToken authzToken = null;
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "update");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            if (statsSub != null) {
-                statsSub.endTiming("crl");
-            }
-            return;
-        }
-
-        EBaseException error = null;
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            if (statsSub != null) {
-                statsSub.endTiming("crl");
-            }
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        try {
-            String signatureAlgorithm =
-                    req.getParameter("signatureAlgorithm");
-
-            process(argSet, header, req, resp,
-                    signatureAlgorithm, locale[0]);
-        } catch (EBaseException e) {
-            error = e;
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            if (error == null) {
-                String xmlOutput = req.getParameter("xml");
-                if (xmlOutput != null && xmlOutput.equals("true")) {
-                    outputXML(resp, argSet);
-                } else {
-                    resp.setContentType("text/html");
-                    form.renderOutput(out, argSet);
-                    cmsReq.setStatus(ICMSRequest.SUCCESS);
-                }
-            } else {
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                cmsReq.setError(error);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
-                            e.toString()));
-            if (statsSub != null) {
-                statsSub.endTiming("crl");
-            }
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-        if (statsSub != null) {
-            statsSub.endTiming("crl");
-        }
-    }
-
-    private CRLExtensions crlEntryExtensions(String reason, String invalidity) {
-        CRLExtensions entryExts = new CRLExtensions();
-
-        CRLReasonExtension crlReasonExtn = null;
-        if (reason != null && reason.length() > 0) {
-            try {
-                RevocationReason revReason = RevocationReason.fromInt(Integer.parseInt(reason));
-                if (revReason == null)
-                    revReason = RevocationReason.UNSPECIFIED;
-                crlReasonExtn = new CRLReasonExtension(revReason);
-            } catch (Exception e) {
-                CMS.debug("Invalid revocation reason: " + reason);
-            }
-        }
-
-        InvalidityDateExtension invalidityDateExtn = null;
-        if (invalidity != null && invalidity.length() > 0) {
-            long now = System.currentTimeMillis();
-            Date invalidityDate = null;
-            try {
-                long backInTime = Long.parseLong(invalidity);
-                invalidityDate = new Date(now - (backInTime * 60000));
-            } catch (Exception e) {
-                CMS.debug("Invalid invalidity time offset: " + invalidity);
-            }
-            if (invalidityDate != null) {
-                try {
-                    invalidityDateExtn = new InvalidityDateExtension(invalidityDate);
-                } catch (Exception e) {
-                    CMS.debug("Error creating invalidity extension: " + e);
-                }
-            }
-        }
-
-        if (crlReasonExtn != null) {
-            try {
-                entryExts.set(crlReasonExtn.getName(), crlReasonExtn);
-            } catch (Exception e) {
-                CMS.debug("Error adding revocation reason extension to entry extensions: " + e);
-            }
-        }
-
-        if (invalidityDateExtn != null) {
-            try {
-                entryExts.set(invalidityDateExtn.getName(), invalidityDateExtn);
-            } catch (Exception e) {
-                CMS.debug("Error adding invalidity date extension to entry extensions: " + e);
-            }
-        }
-
-        return entryExts;
-    }
-
-    private void addInfo(CMSTemplateParams argSet, ICRLIssuingPoint crlIssuingPoint, long cacheUpdate) {
-        IArgBlock rarg = CMS.createArgBlock();
-
-        rarg.addLongValue("cacheUpdate", cacheUpdate);
-
-        String crlNumbers = crlIssuingPoint.getCRLNumber().toString();
-        BigInteger deltaNumber = crlIssuingPoint.getDeltaCRLNumber();
-        String crlSizes = "" + crlIssuingPoint.getCRLSize();
-        if (deltaNumber != null && deltaNumber.compareTo(BigInteger.ZERO) > 0) {
-            if (crlNumbers != null)
-                crlNumbers += ",";
-            if (crlNumbers != null)
-                crlNumbers += deltaNumber.toString();
-            if (crlSizes != null)
-                crlSizes += "," + crlIssuingPoint.getDeltaCRLSize();
-        }
-        rarg.addStringValue("crlNumbers", crlNumbers);
-        rarg.addStringValue("crlSizes", crlSizes);
-
-        StringBuffer crlSplits = new StringBuffer();
-        Vector<Long> splits = crlIssuingPoint.getSplitTimes();
-        for (int i = 0; i < splits.size(); i++) {
-            crlSplits.append(splits.elementAt(i));
-            if (i + 1 < splits.size())
-                crlSplits.append(",");
-        }
-        rarg.addStringValue("crlSplits", crlSplits.toString());
-
-        argSet.addRepeatRecord(rarg);
-    }
-
-    private void process(CMSTemplateParams argSet, IArgBlock header,
-            HttpServletRequest req,
-            HttpServletResponse resp,
-            String signatureAlgorithm,
-            Locale locale)
-            throws EBaseException {
-        long startTime = CMS.getCurrentDate().getTime();
-        String waitForUpdate =
-                req.getParameter("waitForUpdate");
-        String clearCache =
-                req.getParameter("clearCRLCache");
-        String crlIssuingPointId =
-                req.getParameter("crlIssuingPoint");
-        String test = req.getParameter("test");
-        String add = req.getParameter("add");
-        String from = req.getParameter("from");
-        String by = req.getParameter("by");
-        String reason = req.getParameter("reason");
-        String invalidity = req.getParameter("invalidity");
-        String results = req.getParameter("results");
-
-        if (crlIssuingPointId != null) {
-            Enumeration<ICRLIssuingPoint> ips = mCA.getCRLIssuingPoints();
-
-            while (ips.hasMoreElements()) {
-                ICRLIssuingPoint ip = ips.nextElement();
-
-                if (crlIssuingPointId.equals(ip.getId())) {
-                    break;
-                }
-                if (!ips.hasMoreElements())
-                    crlIssuingPointId = null;
-            }
-        }
-        if (crlIssuingPointId == null) {
-            crlIssuingPointId = ICertificateAuthority.PROP_MASTER_CRL;
-        }
-
-        ICRLIssuingPoint crlIssuingPoint =
-                mCA.getCRLIssuingPoint(crlIssuingPointId);
-        header.addStringValue("crlIssuingPoint", crlIssuingPointId);
-        IPublisherProcessor lpm = mCA.getPublisherProcessor();
-
-        if (crlIssuingPoint != null) {
-            if (clearCache != null && clearCache.equals("true") &&
-                    crlIssuingPoint.isCRLGenerationEnabled() &&
-                    crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE &&
-                    crlIssuingPoint.isCRLIssuingPointInitialized()
-                                == ICRLIssuingPoint.CRL_IP_INITIALIZED) {
-                crlIssuingPoint.clearCRLCache();
-            }
-            if (waitForUpdate != null && waitForUpdate.equals("true") &&
-                    crlIssuingPoint.isCRLGenerationEnabled() &&
-                    crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE &&
-                    crlIssuingPoint.isCRLIssuingPointInitialized()
-                                == ICRLIssuingPoint.CRL_IP_INITIALIZED) {
-                if (test != null && test.equals("true") &&
-                        crlIssuingPoint.isCRLCacheTestingEnabled() &&
-                        (!mTesting.contains(crlIssuingPointId))) {
-                    CMS.debug("CRL test started.");
-                    mTesting.add(crlIssuingPointId);
-                    BigInteger addLen = null;
-                    BigInteger startFrom = null;
-                    if (add != null && add.length() > 0 &&
-                            from != null && from.length() > 0) {
-                        try {
-                            addLen = new BigInteger(add);
-                            startFrom = new BigInteger(from);
-                        } catch (Exception e) {
-                        }
-                    }
-                    if (addLen != null && startFrom != null) {
-                        Date revocationDate = CMS.getCurrentDate();
-                        String err = null;
-
-                        CRLExtensions entryExts = crlEntryExtensions(reason, invalidity);
-
-                        BigInteger serialNumber = startFrom;
-                        BigInteger counter = addLen;
-                        BigInteger stepBy = null;
-                        if (by != null && by.length() > 0) {
-                            try {
-                                stepBy = new BigInteger(by);
-                            } catch (Exception e) {
-                            }
-                        }
-
-                        long t1 = System.currentTimeMillis();
-                        long t2 = 0;
-
-                        while (counter.compareTo(BigInteger.ZERO) > 0) {
-                            RevokedCertImpl revokedCert =
-                                    new RevokedCertImpl(serialNumber, revocationDate, entryExts);
-                            crlIssuingPoint.addRevokedCert(serialNumber, revokedCert);
-                            serialNumber = serialNumber.add(BigInteger.ONE);
-                            counter = counter.subtract(BigInteger.ONE);
-
-                            if ((counter.compareTo(BigInteger.ZERO) == 0) ||
-                                    (stepBy != null && ((counter.mod(stepBy)).compareTo(BigInteger.ZERO) == 0))) {
-                                t2 = System.currentTimeMillis();
-                                long t0 = t2 - t1;
-                                t1 = t2;
-                                try {
-                                    if (signatureAlgorithm != null) {
-                                        crlIssuingPoint.updateCRLNow(signatureAlgorithm);
-                                    } else {
-                                        crlIssuingPoint.updateCRLNow();
-                                    }
-                                } catch (Throwable e) {
-                                    counter = BigInteger.ZERO;
-                                    err = e.toString();
-                                }
-                                if (results != null && results.equals("1")) {
-                                    addInfo(argSet, crlIssuingPoint, t0);
-                                }
-                            }
-                        }
-                        if (err != null) {
-                            header.addStringValue("crlUpdate", "Failure");
-                            header.addStringValue("error", err);
-                        } else {
-                            header.addStringValue("crlUpdate", "Success");
-                        }
-                    } else {
-                        CMS.debug("CRL test error: missing parameters.");
-                        header.addStringValue("crlUpdate", "missingParameters");
-                    }
-
-                    mTesting.remove(crlIssuingPointId);
-                    CMS.debug("CRL test finished.");
-                } else if (test != null && test.equals("true") &&
-                           crlIssuingPoint.isCRLCacheTestingEnabled() &&
-                           mTesting.contains(crlIssuingPointId)) {
-                    header.addStringValue("crlUpdate", "testingInProgress");
-                } else if (test != null && test.equals("true") &&
-                           (!crlIssuingPoint.isCRLCacheTestingEnabled())) {
-                    header.addStringValue("crlUpdate", "testingNotEnabled");
-                } else {
-                    try {
-                        EBaseException publishError = null;
-
-                        try {
-                            long now1 = System.currentTimeMillis();
-
-                            if (signatureAlgorithm != null) {
-                                crlIssuingPoint.updateCRLNow(signatureAlgorithm);
-                            } else {
-                                crlIssuingPoint.updateCRLNow();
-                            }
-
-                            long now2 = System.currentTimeMillis();
-
-                            header.addStringValue("time", "" + (now2 - now1));
-                        } catch (EErrorPublishCRL e) {
-                            publishError = e;
-                        }
-
-                        if (lpm != null && lpm.enabled()) {
-                            Enumeration<ILdapRule> rules = lpm.getRules(IPublisherProcessor.PROP_LOCAL_CRL);
-                            if (rules != null && rules.hasMoreElements()) {
-                                if (publishError != null) {
-                                    header.addStringValue("crlPublished", "Failure");
-                                    header.addStringValue("error", publishError.toString(locale));
-                                } else {
-                                    header.addStringValue("crlPublished", "Success");
-                                }
-                            }
-                        }
-
-                        // for audit log
-                        SessionContext sContext = SessionContext.getContext();
-                        String agentId = (String) sContext.get(SessionContext.USER_ID);
-                        IAuthToken authToken = (IAuthToken) sContext.get(SessionContext.AUTH_TOKEN);
-                        String authMgr = AuditFormat.NOAUTH;
-
-                        if (authToken != null) {
-                            authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
-                        }
-                        long endTime = CMS.getCurrentDate().getTime();
-
-                        if (crlIssuingPoint.getNextUpdate() != null) {
-                            mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.CRLUPDATEFORMAT,
-                                    new Object[] {
-                                            AuditFormat.FROMAGENT + " agentID: " + agentId,
-                                            authMgr,
-                                            "completed",
-                                            crlIssuingPoint.getId(),
-                                            crlIssuingPoint.getCRLNumber(),
-                                            crlIssuingPoint.getLastUpdate(),
-                                            crlIssuingPoint.getNextUpdate(),
-                                            Long.toString(crlIssuingPoint.getCRLSize())
-                                                    + " time: " + (endTime - startTime) }
-                                    );
-                        } else {
-                            mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.CRLUPDATEFORMAT,
-                                    new Object[] {
-                                            AuditFormat.FROMAGENT + " agentID: " + agentId,
-                                            authMgr,
-                                            "completed",
-                                            crlIssuingPoint.getId(),
-                                            crlIssuingPoint.getCRLNumber(),
-                                            crlIssuingPoint.getLastUpdate(),
-                                            "not set",
-                                            Long.toString(crlIssuingPoint.getCRLSize())
-                                                    + " time: " + (endTime - startTime) }
-                                    );
-                        }
-                    } catch (EBaseException e) {
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_UPDATE_CRL", e.toString()));
-                        if ((lpm != null) && lpm.enabled() && (e instanceof ELdapException)) {
-                            header.addStringValue("crlPublished", "Failure");
-                            header.addStringValue("error", e.toString(locale));
-                        } else {
-                            throw e;
-                        }
-                    }
-                }
-            } else {
-                if (crlIssuingPoint.isCRLIssuingPointInitialized() != ICRLIssuingPoint.CRL_IP_INITIALIZED) {
-                    header.addStringValue("crlUpdate", "notInitialized");
-                } else if (crlIssuingPoint.isCRLUpdateInProgress()
-                           != ICRLIssuingPoint.CRL_UPDATE_DONE ||
-                           crlIssuingPoint.isManualUpdateSet()) {
-                    header.addStringValue("crlUpdate", "inProgress");
-                } else if (!crlIssuingPoint.isCRLGenerationEnabled()) {
-                    header.addStringValue("crlUpdate", "Disabled");
-                } else {
-                    crlIssuingPoint.setManualUpdate(signatureAlgorithm);
-                    header.addStringValue("crlUpdate", "Scheduled");
-                }
-            }
-        }
-        return;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java b/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java
deleted file mode 100644
index a662f8e7b..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java
+++ /dev/null
@@ -1,747 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.X509CRLImpl;
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.MetaInfo;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.ca.ICRLIssuingPoint;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
-import com.netscape.certsrv.dbs.crldb.ICRLRepository;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.IPublisherProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Update the configured LDAP server with specified objects
- *
- * @version $Revision$, $Date$
- */
-public class UpdateDir extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 3063889978908136789L;
-    private final static String TPL_FILE = "updateDir.template";
-    private final static int UPDATE_ALL = 0;
-    private final static int UPDATE_CRL = 1;
-    private final static int UPDATE_CA = 2;
-    private final static int UPDATE_VALID = 3;
-    private final static int VALID_FROM = 4;
-    private final static int VALID_TO = 5;
-    private final static int UPDATE_EXPIRED = 6;
-    private final static int EXPIRED_FROM = 7;
-    private final static int EXPIRED_TO = 8;
-    private final static int UPDATE_REVOKED = 9;
-    private final static int REVOKED_FROM = 10;
-    private final static int REVOKED_TO = 11;
-    private final static int CHECK_FLAG = 12;
-    private final static String[] updateName =
-        { "updateAll", "updateCRL", "updateCA",
-                "updateValid", "validFrom", "validTo",
-                "updateExpired", "expiredFrom", "expiredTo",
-                "updateRevoked", "revokedFrom", "revokedTo",
-                "checkFlag" };
-
-    private String mFormPath = null;
-    private ICertificateAuthority mCA = null;
-    private IPublisherProcessor mPublisherProcessor = null;
-    private ICRLRepository mCRLRepository = null;
-    private boolean mClonedCA = false;
-
-    /**
-     * Constructs UpdateDir servlet.
-     */
-    public UpdateDir() {
-        super();
-    }
-
-    /**
-     * Initialize the servlet. This servlet uses the template
-     * 'updateDir.template' to render the response
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-
-        if (mAuthority != null) {
-            mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-            if (mAuthority instanceof ICertificateAuthority) {
-                mCA = (ICertificateAuthority) mAuthority;
-                mPublisherProcessor = mCA.getPublisherProcessor();
-                mCRLRepository = mCA.getCRLRepository();
-            }
-
-            // override success to do output orw own template.
-            mTemplates.remove(ICMSRequest.SUCCESS);
-            if (mOutputTemplatePath != null) {
-                mFormPath = mOutputTemplatePath;
-            }
-        }
-    }
-
-    /**
-     * Process the HTTP request.
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "update");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        EBaseException error = null;
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        try {
-            String crlIssuingPointId = req.getParameter("crlIssuingPoint");
-
-            if (mPublisherProcessor == null ||
-                    !mPublisherProcessor.enabled())
-                throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_PUB_MODULE"));
-
-            String[] updateValue = new String[updateName.length];
-
-            for (int i = 0; i < updateName.length; i++) {
-                updateValue[i] = req.getParameter(updateName[i]);
-            }
-
-            String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", "");
-            String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", "");
-            if (masterHost != null && masterHost.length() > 0 &&
-                    masterPort != null && masterPort.length() > 0) {
-                mClonedCA = true;
-            }
-
-            process(argSet, header, req, resp, crlIssuingPointId, updateValue, locale[0]);
-        } catch (EBaseException e) {
-            error = e;
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            if (error == null) {
-                String xmlOutput = req.getParameter("xml");
-                if (xmlOutput != null && xmlOutput.equals("true")) {
-                    outputXML(resp, argSet);
-                } else {
-                    resp.setContentType("text/html");
-                    form.renderOutput(out, argSet);
-                    cmsReq.setStatus(ICMSRequest.SUCCESS);
-                }
-            } else {
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                cmsReq.setError(error);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-    }
-
-    private void updateCRLIssuingPoint(
-            IArgBlock header,
-            String crlIssuingPointId,
-            ICRLIssuingPoint crlIssuingPoint,
-            Locale locale) {
-        SessionContext sc = SessionContext.getContext();
-
-        sc.put(ICRLIssuingPoint.SC_ISSUING_POINT_ID, crlIssuingPointId);
-        sc.put(ICRLIssuingPoint.SC_IS_DELTA_CRL, "false");
-        ICRLIssuingPointRecord crlRecord = null;
-
-        try {
-            if (mCRLRepository != null) {
-                crlRecord = mCRLRepository.readCRLIssuingPointRecord(crlIssuingPointId);
-            }
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_CRL_RECORD", e.toString()));
-        }
-
-        if (crlRecord == null) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
-            header.addStringValue("crlPublished", "Failure");
-            header.addStringValue("crlError",
-                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
-        } else {
-            String publishDN = (crlIssuingPoint != null) ? crlIssuingPoint.getPublishDN() : null;
-            byte[] crlbytes = crlRecord.getCRL();
-
-            if (crlbytes == null) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", ""));
-                header.addStringValue("crlPublished", "Failure");
-                header.addStringValue("crlError",
-                        new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
-            } else {
-                X509CRLImpl crl = null;
-
-                try {
-                    crl = new X509CRLImpl(crlbytes);
-                } catch (Exception e) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_CRL", e.toString()));
-                }
-
-                if (crl == null) {
-                    header.addStringValue("crlPublished", "Failure");
-                    header.addStringValue("crlError",
-                            new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
-                } else {
-                    try {
-                        if (publishDN != null) {
-                            mPublisherProcessor.publishCRL(publishDN, crl);
-                        } else {
-                            mPublisherProcessor.publishCRL(crl, crlIssuingPointId);
-                        }
-                        header.addStringValue("crlPublished", "Success");
-                    } catch (ELdapException e) {
-                        header.addStringValue("crlPublished", "Failure");
-                        header.addStringValue("crlError", e.toString(locale));
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR_PUBLISH_CRL", e.toString()));
-                    }
-                }
-            }
-
-            sc.put(ICRLIssuingPoint.SC_IS_DELTA_CRL, "true");
-            // handle delta CRL if any
-            byte[] deltaCrlBytes = crlRecord.getDeltaCRL();
-
-            if (deltaCrlBytes != null) {
-                X509CRLImpl deltaCrl = null;
-
-                try {
-                    deltaCrl = new X509CRLImpl(deltaCrlBytes);
-                } catch (Exception e) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_DELTA_CRL", e.toString()));
-                }
-
-                boolean goodDelta = false;
-                if (mClonedCA) {
-                    BigInteger crlNumber = crlRecord.getCRLNumber();
-                    BigInteger deltaNumber = crlRecord.getDeltaCRLNumber();
-                    Long deltaCRLSize = crlRecord.getDeltaCRLSize();
-                    if (deltaCRLSize != null && deltaCRLSize.longValue() > -1 &&
-                            crlNumber != null && deltaNumber != null &&
-                            deltaNumber.compareTo(crlNumber) >= 0) {
-                        goodDelta = true;
-                    }
-                }
-
-                if (deltaCrl != null && ((mClonedCA && goodDelta) ||
-                        (crlIssuingPoint != null &&
-                        crlIssuingPoint.isThisCurrentDeltaCRL(deltaCrl)))) {
-                    try {
-                        if (publishDN != null) {
-                            mPublisherProcessor.publishCRL(publishDN, deltaCrl);
-                        } else {
-                            mPublisherProcessor.publishCRL(deltaCrl, crlIssuingPointId);
-                        }
-                    } catch (ELdapException e) {
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_PUBLISH_DELTA_CRL", e.toString()));
-                    }
-                }
-            }
-        } // if
-    }
-
-    private void process(CMSTemplateParams argSet, IArgBlock header,
-            HttpServletRequest req,
-            HttpServletResponse resp,
-            String crlIssuingPointId,
-            String[] updateValue,
-            Locale locale)
-            throws EBaseException {
-        // all or crl
-        if ((updateValue[UPDATE_ALL] != null &&
-                updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
-                (updateValue[UPDATE_CRL] != null &&
-                updateValue[UPDATE_CRL].equalsIgnoreCase("yes"))) {
-            // check if received issuing point ID is known to the server
-            if (crlIssuingPointId != null) {
-                Enumeration<ICRLIssuingPoint> ips = mCA.getCRLIssuingPoints();
-
-                while (ips.hasMoreElements()) {
-                    ICRLIssuingPoint ip = ips.nextElement();
-
-                    if (crlIssuingPointId.equals(ip.getId())) {
-                        break;
-                    }
-                    if (!ips.hasMoreElements())
-                        crlIssuingPointId = null;
-                }
-            }
-            if (crlIssuingPointId == null) {
-                // publish all issuing points
-                if (mClonedCA && mCRLRepository != null) {
-                    Vector<String> ipNames = mCRLRepository.getIssuingPointsNames();
-                    if (ipNames != null && ipNames.size() > 0) {
-                        for (int i = 0; i < ipNames.size(); i++) {
-                            String ipName = ipNames.elementAt(i);
-
-                            updateCRLIssuingPoint(header, ipName, null, locale);
-                        }
-                    }
-                } else {
-                    Enumeration<ICRLIssuingPoint> oips = mCA.getCRLIssuingPoints();
-
-                    while (oips.hasMoreElements()) {
-                        ICRLIssuingPoint oip = oips.nextElement();
-
-                        updateCRLIssuingPoint(header, oip.getId(), oip, locale);
-                    }
-                }
-            } else {
-                ICRLIssuingPoint crlIssuingPoint =
-                        mCA.getCRLIssuingPoint(crlIssuingPointId);
-
-                updateCRLIssuingPoint(header, crlIssuingPointId,
-                        crlIssuingPoint, locale);
-            }
-        }
-
-        ICertificateRepository certificateRepository = mCA.getCertificateRepository();
-
-        // all or ca
-        if ((updateValue[UPDATE_ALL] != null &&
-                updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
-                (updateValue[UPDATE_CA] != null &&
-                updateValue[UPDATE_CA].equalsIgnoreCase("yes"))) {
-            X509CertImpl caCert = mCA.getSigningUnit().getCertImpl();
-
-            try {
-                mPublisherProcessor.publishCACert(caCert);
-                header.addStringValue("caCertPublished", "Success");
-            } catch (ELdapException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR_PUBLISH_CACERT_1",
-                        caCert.getSerialNumber().toString(16), e.toString()));
-                header.addStringValue("caCertPublished", "Failure");
-                header.addStringValue("caCertError", e.toString(locale));
-            }
-        }
-
-        // all or valid
-        if ((updateValue[UPDATE_ALL] != null &&
-                updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
-                (updateValue[UPDATE_VALID] != null &&
-                updateValue[UPDATE_VALID].equalsIgnoreCase("yes"))) {
-            if (certificateRepository != null) {
-                if (updateValue[VALID_FROM].startsWith("0x")) {
-                    updateValue[VALID_FROM] = hexToDecimal(updateValue[VALID_FROM]);
-                }
-                if (updateValue[VALID_TO].startsWith("0x")) {
-                    updateValue[VALID_TO] = hexToDecimal(updateValue[VALID_TO]);
-                }
-                Enumeration<ICertRecord> validCerts = null;
-
-                if (updateValue[CHECK_FLAG] != null &&
-                        updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
-                    validCerts =
-                            certificateRepository.getValidNotPublishedCertificates(
-                                    updateValue[VALID_FROM],
-                                    updateValue[VALID_TO]);
-                } else {
-                    validCerts =
-                            certificateRepository.getValidCertificates(
-                                    updateValue[VALID_FROM],
-                                    updateValue[VALID_TO]);
-                }
-                int i = 0;
-                int l = 0;
-                String validCertsError = "";
-
-                if (validCerts != null) {
-                    while (validCerts.hasMoreElements()) {
-                        ICertRecord certRecord =
-                                validCerts.nextElement();
-                        //X509CertImpl cert = certRecord.getCertificate();
-                        X509CertImpl cert = null;
-                        Object o = certRecord.getCertificate();
-
-                        if (o instanceof X509CertImpl)
-                            cert = (X509CertImpl) o;
-
-                        MetaInfo metaInfo = null;
-                        String ridString = null;
-
-                        metaInfo = (MetaInfo) certRecord.get(ICertRecord.ATTR_META_INFO);
-                        if (metaInfo == null) {
-                            // ca's self signed signing cert and
-                            // server cert has no related request and
-                            // have no metaInfo
-                            log(ILogger.LL_FAILURE,
-                                    CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
-                                            cert.getSerialNumber().toString(16)));
-                        } else {
-                            ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
-                        }
-
-                        IRequest r = null;
-
-                        if (ridString != null) {
-                            RequestId rid = new RequestId(ridString);
-
-                            r = mCA.getRequestQueue().findRequest(rid);
-                        }
-
-                        try {
-                            l++;
-                            SessionContext sc = SessionContext.getContext();
-
-                            if (r == null) {
-                                if (CMS.isEncryptionCert(cert))
-                                    sc.put("isEncryptionCert", "true");
-                                else
-                                    sc.put("isEncryptionCert", "false");
-                                mPublisherProcessor.publishCert(cert, null);
-                            } else {
-                                if (CMS.isEncryptionCert(cert))
-                                    r.setExtData("isEncryptionCert", "true");
-                                else
-                                    r.setExtData("isEncryptionCert", "false");
-                                mPublisherProcessor.publishCert(cert, r);
-                            }
-                            i++;
-                        } catch (Exception e) {
-                            log(ILogger.LL_FAILURE,
-                                    CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT",
-                                            certRecord.getSerialNumber().toString(16),
-                                            e.toString()));
-                            validCertsError +=
-                                    "Failed to publish certificate: 0x" +
-                                            certRecord.getSerialNumber().toString(16) +
-                                            ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;";
-                        }
-                    }
-                }
-                if (i > 0 && i == l) {
-                    header.addStringValue("validCertsPublished",
-                            "Success");
-                    if (i == 1)
-                        header.addStringValue("validCertsError", i +
-                                " valid certificate is published in the directory.");
-                    else
-                        header.addStringValue("validCertsError", i +
-                                " valid certificates are published in the directory.");
-                } else {
-                    if (l == 0) {
-                        header.addStringValue("validCertsPublished", "No");
-                    } else {
-                        header.addStringValue("validCertsPublished", "Failure");
-                        header.addStringValue("validCertsError",
-                                validCertsError);
-                    }
-                }
-            } else {
-                header.addStringValue("validCertsPublished", "Failure");
-                header.addStringValue("validCertsError", "Certificate repository is unavailable.");
-            }
-        }
-
-        // all or expired
-        if ((updateValue[UPDATE_ALL] != null &&
-                updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
-                (updateValue[UPDATE_EXPIRED] != null &&
-                updateValue[UPDATE_EXPIRED].equalsIgnoreCase("yes"))) {
-            if (certificateRepository != null) {
-                if (updateValue[EXPIRED_FROM].startsWith("0x")) {
-                    updateValue[EXPIRED_FROM] = hexToDecimal(updateValue[EXPIRED_FROM]);
-                }
-                if (updateValue[EXPIRED_TO].startsWith("0x")) {
-                    updateValue[EXPIRED_TO] = hexToDecimal(updateValue[EXPIRED_TO]);
-                }
-                Enumeration<ICertRecord> expiredCerts = null;
-
-                if (updateValue[CHECK_FLAG] != null &&
-                        updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
-                    expiredCerts =
-                            certificateRepository.getExpiredPublishedCertificates(
-                                    updateValue[EXPIRED_FROM],
-                                    updateValue[EXPIRED_TO]);
-                } else {
-                    expiredCerts =
-                            certificateRepository.getExpiredCertificates(
-                                    updateValue[EXPIRED_FROM],
-                                    updateValue[EXPIRED_TO]);
-                }
-                int i = 0;
-                int l = 0;
-                StringBuffer expiredCertsError = new StringBuffer();
-
-                if (expiredCerts != null) {
-                    while (expiredCerts.hasMoreElements()) {
-                        ICertRecord certRecord = expiredCerts.nextElement();
-                        //X509CertImpl cert = certRecord.getCertificate();
-                        X509CertImpl cert = null;
-                        Object o = certRecord.getCertificate();
-
-                        if (o instanceof X509CertImpl)
-                            cert = (X509CertImpl) o;
-
-                        MetaInfo metaInfo = null;
-                        String ridString = null;
-
-                        metaInfo = (MetaInfo) certRecord.get(ICertRecord.ATTR_META_INFO);
-                        if (metaInfo == null) {
-                            // ca's self signed signing cert and
-                            // server cert has no related request and
-                            // have no metaInfo
-                            log(ILogger.LL_FAILURE,
-                                    CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
-                                            cert.getSerialNumber().toString(16)));
-                        } else {
-                            ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
-                        }
-
-                        IRequest r = null;
-
-                        if (ridString != null) {
-                            RequestId rid = new RequestId(ridString);
-
-                            r = mCA.getRequestQueue().findRequest(rid);
-                        }
-
-                        try {
-                            l++;
-                            if (r == null) {
-                                mPublisherProcessor.unpublishCert(cert, null);
-                            } else {
-                                mPublisherProcessor.unpublishCert(cert, r);
-                            }
-                            i++;
-                        } catch (Exception e) {
-                            log(ILogger.LL_FAILURE,
-                                    CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT",
-                                            certRecord.getSerialNumber().toString(16),
-                                            e.toString()));
-                            expiredCertsError.append(
-                                    "Failed to unpublish certificate: 0x");
-                            expiredCertsError.append(
-                                    certRecord.getSerialNumber().toString(16));
-                            expiredCertsError.append(
-                                    ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;");
-                        }
-                    }
-                }
-                if (i > 0 && i == l) {
-                    header.addStringValue("expiredCertsUnpublished", "Success");
-                    if (i == 1)
-                        header.addStringValue("expiredCertsError", i +
-                                " expired certificate is unpublished in the directory.");
-                    else
-                        header.addStringValue("expiredCertsError", i +
-                                " expired certificates are unpublished in the directory.");
-                } else {
-                    if (l == 0) {
-                        header.addStringValue("expiredCertsUnpublished", "No");
-                    } else {
-                        header.addStringValue("expiredCertsUnpublished", "Failure");
-                        header.addStringValue("expiredCertsError",
-                                expiredCertsError.toString());
-                    }
-                }
-            } else {
-                header.addStringValue("expiredCertsUnpublished", "Failure");
-                header.addStringValue("expiredCertsError", "Certificate repository is unavailable.");
-            }
-        }
-
-        // all or revoked
-        if ((updateValue[UPDATE_ALL] != null &&
-                updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
-                (updateValue[UPDATE_REVOKED] != null &&
-                updateValue[UPDATE_REVOKED].equalsIgnoreCase("yes"))) {
-            if (certificateRepository != null) {
-                if (updateValue[REVOKED_FROM].startsWith("0x")) {
-                    updateValue[REVOKED_FROM] = hexToDecimal(updateValue[REVOKED_FROM]);
-                }
-                if (updateValue[REVOKED_TO].startsWith("0x")) {
-                    updateValue[REVOKED_TO] = hexToDecimal(updateValue[REVOKED_TO]);
-                }
-                Enumeration<ICertRecord> revokedCerts = null;
-
-                if (updateValue[CHECK_FLAG] != null &&
-                        updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
-                    revokedCerts =
-                            certificateRepository.getRevokedPublishedCertificates(
-                                    updateValue[REVOKED_FROM],
-                                    updateValue[REVOKED_TO]);
-                } else {
-                    revokedCerts =
-                            certificateRepository.getRevokedCertificates(
-                                    updateValue[REVOKED_FROM],
-                                    updateValue[REVOKED_TO]);
-                }
-                int i = 0;
-                int l = 0;
-                String revokedCertsError = "";
-
-                if (revokedCerts != null) {
-                    while (revokedCerts.hasMoreElements()) {
-                        ICertRecord certRecord = revokedCerts.nextElement();
-                        //X509CertImpl cert = certRecord.getCertificate();
-                        X509CertImpl cert = null;
-                        Object o = certRecord.getCertificate();
-
-                        if (o instanceof X509CertImpl)
-                            cert = (X509CertImpl) o;
-
-                        MetaInfo metaInfo = null;
-                        String ridString = null;
-
-                        metaInfo = (MetaInfo) certRecord.get(ICertRecord.ATTR_META_INFO);
-                        if (metaInfo == null) {
-                            // ca's self signed signing cert and
-                            // server cert has no related request and
-                            // have no metaInfo
-                            log(ILogger.LL_FAILURE,
-                                    CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
-                                            cert.getSerialNumber().toString(16)));
-                        } else {
-                            ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
-                        }
-
-                        IRequest r = null;
-
-                        if (ridString != null) {
-                            RequestId rid = new RequestId(ridString);
-
-                            r = mCA.getRequestQueue().findRequest(rid);
-                        }
-
-                        try {
-                            l++;
-                            if (r == null) {
-                                mPublisherProcessor.unpublishCert(cert, null);
-                            } else {
-                                mPublisherProcessor.unpublishCert(cert, r);
-                            }
-                            i++;
-                        } catch (Exception e) {
-                            log(ILogger.LL_FAILURE,
-                                    CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT",
-                                            certRecord.getSerialNumber().toString(16),
-                                            e.toString()));
-                            revokedCertsError +=
-                                    "Failed to unpublish certificate: 0x" +
-                                            certRecord.getSerialNumber().toString(16) +
-                                            ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;";
-                        }
-                    }
-                }
-                if (i > 0 && i == l) {
-                    header.addStringValue("revokedCertsUnpublished", "Success");
-                    if (i == 1)
-                        header.addStringValue("revokedCertsError", i +
-                                " revoked certificate is unpublished in the directory.");
-                    else
-                        header.addStringValue("revokedCertsError", i +
-                                " revoked certificates are unpublished in the directory.");
-                } else {
-                    if (l == 0) {
-                        header.addStringValue("revokedCertsUnpublished", "No");
-                    } else {
-                        header.addStringValue("revokedCertsUnpublished", "Failure");
-                        header.addStringValue("revokedCertsError",
-                                revokedCertsError);
-                    }
-                }
-            } else {
-                header.addStringValue("revokedCertsUnpublished", "Failure");
-                header.addStringValue("revokedCertsError", "Certificate repository is unavailable.");
-            }
-        }
-
-        return;
-    }
-
-    private String hexToDecimal(String hex) {
-        String newHex = hex.substring(2);
-        BigInteger bi = new BigInteger(newHex, 16);
-
-        return bi.toString();
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
deleted file mode 100644
index 30c07d1c1..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
+++ /dev/null
@@ -1,2133 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert.scep;
-
-import java.io.ByteArrayInputStream;
-import java.io.FileOutputStream;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.PublicKey;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.Random;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPAttributeSet;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.security.pkcs.PKCS10;
-import netscape.security.pkcs.PKCS10Attribute;
-import netscape.security.pkcs.PKCS10Attributes;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.AVA;
-import netscape.security.x509.CertAttrSet;
-import netscape.security.x509.CertificateChain;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.DNSName;
-import netscape.security.x509.Extension;
-import netscape.security.x509.GeneralName;
-import netscape.security.x509.GeneralNameInterface;
-import netscape.security.x509.GeneralNames;
-import netscape.security.x509.IPAddressName;
-import netscape.security.x509.KeyUsageExtension;
-import netscape.security.x509.OIDMap;
-import netscape.security.x509.RDN;
-import netscape.security.x509.SubjectAlternativeNameExtension;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X500NameAttrMap;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.NoSuchTokenException;
-import org.mozilla.jss.asn1.ANY;
-import org.mozilla.jss.asn1.ASN1Util;
-import org.mozilla.jss.asn1.BIT_STRING;
-import org.mozilla.jss.asn1.INTEGER;
-import org.mozilla.jss.asn1.InvalidBERException;
-import org.mozilla.jss.asn1.SEQUENCE;
-import org.mozilla.jss.crypto.Cipher;
-import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.crypto.EncryptionAlgorithm;
-import org.mozilla.jss.crypto.IVParameterSpec;
-import org.mozilla.jss.crypto.KeyGenAlgorithm;
-import org.mozilla.jss.crypto.KeyGenerator;
-import org.mozilla.jss.crypto.KeyWrapAlgorithm;
-import org.mozilla.jss.crypto.KeyWrapper;
-import org.mozilla.jss.crypto.ObjectNotFoundException;
-import org.mozilla.jss.crypto.SymmetricKey;
-import org.mozilla.jss.crypto.TokenException;
-import org.mozilla.jss.pkcs7.IssuerAndSerialNumber;
-import org.mozilla.jss.pkix.cert.Certificate;
-import org.mozilla.jss.util.IncorrectPasswordException;
-import org.mozilla.jss.util.PasswordCallback;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthCredentials;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.EInvalidCredentials;
-import com.netscape.certsrv.authentication.EMissingCredential;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.Constants;
-import com.netscape.certsrv.ldap.ILdapConnFactory;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileAuthenticator;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileSubsystem;
-import com.netscape.certsrv.publish.IPublisherProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.profile.SSLClientCertProvider;
-import com.netscape.cmsutil.scep.CRSPKIMessage;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * This servlet deals with PKCS#10-based certificate requests from
- * CRS, now called SCEP, and defined at:
- * http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt
- *
- * The router is hardcoded to look for the http://host:80/cgi-bin/pkiclient.exe
- *
- * The HTTP parameters are 'operation' and 'message'
- * operation can be either 'GetCACert' or 'PKIOperation'
- *
- * @version $Revision$, $Date$
- */
-public class CRSEnrollment extends HttpServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 8483002540957382369L;
-    protected IProfileSubsystem mProfileSubsystem = null;
-    protected String mProfileId = null;
-    protected ICertAuthority mAuthority;
-    protected IConfigStore mConfig = null;
-    protected IAuthSubsystem mAuthSubsystem;
-    protected String mAppendDN = null;
-    protected String mEntryObjectclass = null;
-    protected boolean mCreateEntry = false;
-    protected boolean mFlattenDN = false;
-
-    private String mAuthManagerName;
-    private String mSubstoreName;
-    private boolean mEnabled = false;
-    private boolean mUseCA = true;
-    private String mNickname = null;
-    private String mTokenName = "";
-    private String mHashAlgorithm = "SHA1";
-    private String mHashAlgorithmList = null;
-    private String[] mAllowedHashAlgorithm;
-    private String mConfiguredEncryptionAlgorithm = "DES3";
-    private String mEncryptionAlgorithm = "DES3";
-    private String mEncryptionAlgorithmList = null;
-    private String[] mAllowedEncryptionAlgorithm;
-    private Random mRandom = null;
-    private int mNonceSizeLimit = 0;
-    protected ILogger mLogger = CMS.getLogger();
-    private ICertificateAuthority ca;
-    /* for hashing challenge password */
-    protected MessageDigest mSHADigest = null;
-
-    private static final String PROP_SUBSTORENAME = "substorename";
-    private static final String PROP_AUTHORITY = "authority";
-    private static final String PROP_CRSAUTHMGR = "authName";
-    private static final String PROP_APPENDDN = "appendDN";
-    private static final String PROP_CREATEENTRY = "createEntry";
-    private static final String PROP_FLATTENDN = "flattenDN";
-    private static final String PROP_ENTRYOC = "entryObjectclass";
-
-    // URL parameters
-    private static final String URL_OPERATION = "operation";
-    private static final String URL_MESSAGE = "message";
-
-    // possible values for 'operation'
-    private static final String OP_GETCACERT = "GetCACert";
-    private static final String OP_PKIOPERATION = "PKIOperation";
-
-    public static final String AUTH_PASSWORD = "pwd";
-
-    public static final String AUTH_CREDS = "AuthCreds";
-    public static final String AUTH_TOKEN = "AuthToken";
-    public static final String AUTH_FAILED = "AuthFailed";
-
-    public static final String SANE_DNSNAME = "DNSName";
-    public static final String SANE_IPADDRESS = "IPAddress";
-
-    public static final String CERTINFO = "CertInfo";
-    public static final String SUBJECTNAME = "SubjectName";
-
-    public static ObjectIdentifier OID_UNSTRUCTUREDNAME = null;
-    public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS = null;
-    public static ObjectIdentifier OID_SERIALNUMBER = null;
-
-    public CRSEnrollment() {
-    }
-
-    public static Hashtable<String, String> toHashtable(HttpServletRequest req) {
-        Hashtable<String, String> httpReqHash = new Hashtable<String, String>();
-        Enumeration<String> names = req.getParameterNames();
-        while (names.hasMoreElements()) {
-            String name = names.nextElement();
-            httpReqHash.put(name, req.getParameter(name));
-        }
-        return httpReqHash;
-    }
-
-    public void init(ServletConfig sc) {
-        // Find the CertificateAuthority we should use for CRS.
-        String crsCA = sc.getInitParameter(PROP_AUTHORITY);
-        if (crsCA == null)
-            crsCA = "ca";
-        mAuthority = (ICertAuthority) CMS.getSubsystem(crsCA);
-        ca = (ICertificateAuthority) mAuthority;
-
-        if (mAuthority == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CANT_FIND_AUTHORITY", crsCA));
-        }
-
-        try {
-            if (mAuthority instanceof ISubsystem) {
-                IConfigStore authorityConfig = ((ISubsystem) mAuthority).getConfigStore();
-                IConfigStore scepConfig = authorityConfig.getSubStore("scep");
-                mEnabled = scepConfig.getBoolean("enable", false);
-                mHashAlgorithm = scepConfig.getString("hashAlgorithm", "SHA1");
-                mConfiguredEncryptionAlgorithm = scepConfig.getString("encryptionAlgorithm", "DES3");
-                mNonceSizeLimit = scepConfig.getInteger("nonceSizeLimit", 0);
-                mHashAlgorithmList = scepConfig.getString("allowedHashAlgorithms", "SHA1,SHA256,SHA512");
-                mAllowedHashAlgorithm = mHashAlgorithmList.split(",");
-                mEncryptionAlgorithmList = scepConfig.getString("allowedEncryptionAlgorithms", "DES3");
-                mAllowedEncryptionAlgorithm = mEncryptionAlgorithmList.split(",");
-                mNickname = scepConfig.getString("nickname", ca.getNickname());
-                if (mNickname.equals(ca.getNickname())) {
-                    mTokenName = ca.getSigningUnit().getTokenName();
-                } else {
-                    mTokenName = scepConfig.getString("tokenname", "");
-                    mUseCA = false;
-                }
-                if (!(mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) ||
-                        mTokenName.equalsIgnoreCase("Internal Key Storage Token") || mTokenName.length() == 0)) {
-                    int i = mNickname.indexOf(':');
-                    if (!((i > -1) && (mTokenName.length() == i) && (mNickname.startsWith(mTokenName)))) {
-                        mNickname = mTokenName + ":" + mNickname;
-                    }
-                }
-            }
-        } catch (EBaseException e) {
-            CMS.debug("CRSEnrollment: init: EBaseException: " + e);
-        }
-        mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm;
-        CMS.debug("CRSEnrollment: init: SCEP support is " + ((mEnabled) ? "enabled" : "disabled") + ".");
-        CMS.debug("CRSEnrollment: init: SCEP nickname: " + mNickname);
-        CMS.debug("CRSEnrollment: init:   CA nickname: " + ca.getNickname());
-        CMS.debug("CRSEnrollment: init:    Token name: " + mTokenName);
-        CMS.debug("CRSEnrollment: init: Is SCEP using CA keys: " + mUseCA);
-        CMS.debug("CRSEnrollment: init: mNonceSizeLimit: " + mNonceSizeLimit);
-        CMS.debug("CRSEnrollment: init: mHashAlgorithm: " + mHashAlgorithm);
-        CMS.debug("CRSEnrollment: init: mHashAlgorithmList: " + mHashAlgorithmList);
-        for (int i = 0; i < mAllowedHashAlgorithm.length; i++) {
-            mAllowedHashAlgorithm[i] = mAllowedHashAlgorithm[i].trim();
-            CMS.debug("CRSEnrollment: init: mAllowedHashAlgorithm[" + i + "]=" + mAllowedHashAlgorithm[i]);
-        }
-        CMS.debug("CRSEnrollment: init: mEncryptionAlgorithm: " + mEncryptionAlgorithm);
-        CMS.debug("CRSEnrollment: init: mEncryptionAlgorithmList: " + mEncryptionAlgorithmList);
-        for (int i = 0; i < mAllowedEncryptionAlgorithm.length; i++) {
-            mAllowedEncryptionAlgorithm[i] = mAllowedEncryptionAlgorithm[i].trim();
-            CMS.debug("CRSEnrollment: init: mAllowedEncryptionAlgorithm[" + i + "]=" + mAllowedEncryptionAlgorithm[i]);
-        }
-
-        try {
-            mProfileSubsystem = (IProfileSubsystem) CMS.getSubsystem("profile");
-            mProfileId = sc.getInitParameter("profileId");
-            CMS.debug("CRSEnrollment: init: mProfileId=" + mProfileId);
-
-            mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-            mAuthManagerName = sc.getInitParameter(PROP_CRSAUTHMGR);
-            mAppendDN = sc.getInitParameter(PROP_APPENDDN);
-            String tmp = sc.getInitParameter(PROP_CREATEENTRY);
-            if (tmp != null && tmp.trim().equalsIgnoreCase("true"))
-                mCreateEntry = true;
-            else
-                mCreateEntry = false;
-            tmp = sc.getInitParameter(PROP_FLATTENDN);
-            if (tmp != null && tmp.trim().equalsIgnoreCase("true"))
-                mFlattenDN = true;
-            else
-                mFlattenDN = false;
-            mEntryObjectclass = sc.getInitParameter(PROP_ENTRYOC);
-            if (mEntryObjectclass == null)
-                mEntryObjectclass = "cep";
-            mSubstoreName = sc.getInitParameter(PROP_SUBSTORENAME);
-            if (mSubstoreName == null)
-                mSubstoreName = "default";
-        } catch (Exception e) {
-        }
-
-        OID_UNSTRUCTUREDNAME = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDNAME");
-        OID_UNSTRUCTUREDADDRESS = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDADDRESS");
-        OID_SERIALNUMBER = X500NameAttrMap.getDefault().getOid("SERIALNUMBER");
-
-        try {
-            mSHADigest = MessageDigest.getInstance("SHA1");
-        } catch (NoSuchAlgorithmException e) {
-        }
-
-        mRandom = new Random();
-    }
-
-    /**
-     *
-     * Service a CRS Request. It all starts here. This is where the message from the
-     * router is processed
-     *
-     * @param httpReq The HttpServletRequest.
-     * @param httpResp The HttpServletResponse.
-     *
-     */
-    public void service(HttpServletRequest httpReq,
-                      HttpServletResponse httpResp)
-            throws ServletException {
-        boolean running_state = CMS.isInRunningState();
-        if (!running_state)
-            throw new ServletException(
-                    "CMS server is not ready to serve.");
-
-        String operation = null;
-        String message = null;
-        mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm;
-
-        // Parse the URL from the HTTP Request. Split it up into
-        // a structure which enables us to read the form elements
-        IArgBlock input = CMS.createArgBlock(toHashtable(httpReq));
-
-        try {
-            // Read in two form parameters - the router sets these
-            operation = (String) input.get(URL_OPERATION);
-            CMS.debug("operation=" + operation);
-            message = (String) input.get(URL_MESSAGE);
-            CMS.debug("message=" + message);
-
-            if (!mEnabled) {
-                CMS.debug("CRSEnrollment: SCEP support is disabled.");
-                throw new ServletException("SCEP support is disabled.");
-            }
-            if (operation == null) {
-                // 'operation' is mandatory.
-                throw new ServletException("Bad request: operation missing from URL");
-            }
-
-            /**
-             * the router can make two kinds of requests
-             * 1) simple request for CA cert
-             * 2) encoded, signed, enveloped request for anything else (PKIOperation)
-             */
-
-            if (operation.equals(OP_GETCACERT)) {
-                handleGetCACert(httpReq, httpResp);
-            } else if (operation.equals(OP_PKIOPERATION)) {
-                String decodeMode = (String) input.get("decode");
-                if (decodeMode == null || decodeMode.equals("false")) {
-                    handlePKIOperation(httpReq, httpResp, message);
-                } else {
-                    decodePKIMessage(httpReq, httpResp, message);
-                }
-            } else {
-                CMS.debug("Invalid operation " + operation);
-                throw new ServletException("unknown operation requested: " + operation);
-            }
-
-        } catch (ServletException e) {
-            CMS.debug("ServletException " + e);
-            throw new ServletException(e.getMessage().toString());
-        } catch (Exception e) {
-            CMS.debug("Service exception " + e);
-            log(ILogger.LL_FAILURE, e.getMessage());
-        }
-
-    }
-
-    /**
-     * Log a message to the system log
-     */
-
-    private void log(int level, String msg) {
-
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    level, "CEP Enrollment: " + msg);
-    }
-
-    private boolean isAlgorithmAllowed(String[] allowedAlgorithm, String algorithm) {
-        boolean allowed = false;
-
-        if (algorithm != null && algorithm.length() > 0) {
-            for (int i = 0; i < allowedAlgorithm.length; i++) {
-                if (algorithm.equalsIgnoreCase(allowedAlgorithm[i])) {
-                    allowed = true;
-                }
-            }
-        }
-
-        return allowed;
-    }
-
-    public IAuthToken authenticate(AuthCredentials credentials, IProfileAuthenticator authenticator,
-            HttpServletRequest request) throws EBaseException {
-
-        // build credential
-        Enumeration<String> authNames = authenticator.getValueNames();
-
-        if (authNames != null) {
-            while (authNames.hasMoreElements()) {
-                String authName = authNames.nextElement();
-
-                credentials.set(authName, request.getParameter(authName));
-            }
-        }
-
-        credentials.set("clientHost", request.getRemoteHost());
-        IAuthToken authToken = authenticator.authenticate(credentials);
-        if (authToken == null) {
-            return null;
-        }
-        SessionContext sc = SessionContext.getContext();
-        if (sc != null) {
-            sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
-            String userid = authToken.getInString(IAuthToken.USER_ID);
-            if (userid != null) {
-                sc.put(SessionContext.USER_ID, userid);
-            }
-        }
-
-        return authToken;
-    }
-
-    /**
-     * Return the CA certificate back to the requestor.
-     * This needs to be changed so that if the CA has a certificate chain,
-     * the whole thing should get packaged as a PKIMessage (degnerate PKCS7 - no
-     * signerInfo)
-     */
-
-    public void handleGetCACert(HttpServletRequest httpReq,
-                              HttpServletResponse httpResp)
-            throws ServletException {
-        java.security.cert.X509Certificate[] chain = null;
-
-        CertificateChain certChain = mAuthority.getCACertChain();
-
-        try {
-            if (certChain == null) {
-                throw new ServletException("Internal Error: cannot get CA Cert");
-            }
-
-            chain = certChain.getChain();
-
-            byte[] bytes = null;
-
-            int i = 0;
-            String message = httpReq.getParameter(URL_MESSAGE);
-            CMS.debug("handleGetCACert message=" + message);
-            if (message != null) {
-                try {
-                    int j = Integer.parseInt(message);
-                    if (j < chain.length) {
-                        i = j;
-                    }
-                } catch (NumberFormatException e1) {
-                }
-            }
-            CMS.debug("handleGetCACert selected chain=" + i);
-
-            if (mUseCA) {
-                bytes = chain[i].getEncoded();
-            } else {
-                CryptoContext cx = new CryptoContext();
-                bytes = cx.getSigningCert().getEncoded();
-            }
-
-            httpResp.setContentType("application/x-x509-ca-cert");
-
-            // The following code may be used one day to encode
-            // the RA/CA cert chain for RA mode, but it will need some
-            // work.
-
-            /******
-             * SET certs = new SET();
-             * for (int i=0; i<chain.length; i++) {
-             * ANY cert = new ANY(chain[i].getEncoded());
-             * certs.addElement(cert);
-             * }
-             *
-             * SignedData crsd = new SignedData(
-             * new SET(), // empty set of digestAlgorithmID's
-             * new ContentInfo(
-             * new OBJECT_IDENTIFIER(new long[] {1,2,840,113549,1,7,1}),
-             * null), //empty content
-             * certs,
-             * null, // no CRL's
-             * new SET() // empty SignerInfos
-             * );
-             *
-             * ContentInfo wrap = new ContentInfo(ContentInfo.SIGNED_DATA, crsd);
-             *
-             * ByteArrayOutputStream baos = new ByteArrayOutputStream();
-             * wrap.encode(baos);
-             *
-             * bytes = baos.toByteArray();
-             *
-             * httpResp.setContentType("application/x-x509-ca-ra-cert");
-             *****/
-
-            httpResp.setContentLength(bytes.length);
-            httpResp.getOutputStream().write(bytes);
-            httpResp.getOutputStream().flush();
-
-            CMS.debug("Output certificate chain:");
-            CMS.debug(bytes);
-        } catch (Exception e) {
-            CMS.debug("handleGetCACert exception " + e);
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_SENDING_DER_ENCODE_CERT", e.getMessage()));
-            throw new ServletException("Failed sending DER encoded version of CA cert to client");
-        }
-
-    }
-
-    public String getPasswordFromP10(PKCS10 p10) {
-        PKCS10Attributes p10atts = p10.getAttributes();
-        Enumeration<PKCS10Attribute> e = p10atts.getElements();
-
-        try {
-            while (e.hasMoreElements()) {
-                PKCS10Attribute p10a = e.nextElement();
-                CertAttrSet attr = p10a.getAttributeValue();
-
-                if (attr.getName().equals(ChallengePassword.NAME)) {
-                    if (attr.get(ChallengePassword.PASSWORD) != null) {
-                        return (String) attr.get(ChallengePassword.PASSWORD);
-                    }
-                }
-            }
-        } catch (Exception e1) {
-            // do nothing
-        }
-        return null;
-    }
-
-    /**
-     * If the 'operation' is 'PKIOperation', the 'message' part of the URL is a
-     * PKIMessage structure. We decode it to see what type message it is.
-     */
-
-    /**
-     * Decodes the PKI message and return information to RA.
-     */
-    public void decodePKIMessage(HttpServletRequest httpReq,
-                                 HttpServletResponse httpResp,
-                                 String msg)
-            throws ServletException {
-
-        CryptoContext cx = null;
-
-        CRSPKIMessage req = null;
-
-        byte[] decodedPKIMessage;
-        byte[] response = null;
-        String responseData = "";
-
-        decodedPKIMessage = Utils.base64decode(msg);
-
-        try {
-            ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage);
-
-            // We make two CRSPKIMessages. One of them, is the request, so we initialize
-            // it from the DER given to us from the router.
-            // The second is the response, and we'll fill this in as we go.
-
-            if (decodedPKIMessage.length < 50) {
-                throw new ServletException("CRS request is too small to be a real request (" +
-                        decodedPKIMessage.length + " bytes)");
-            }
-            try {
-                req = new CRSPKIMessage(is);
-                String ea = req.getEncryptionAlgorithm();
-                if (!isAlgorithmAllowed(mAllowedEncryptionAlgorithm, ea)) {
-                    CMS.debug("CRSEnrollment: decodePKIMessage:  Encryption algorithm '" + ea +
-                            "' is not allowed (" + mEncryptionAlgorithmList + ").");
-                    throw new ServletException("Encryption algorithm '" + ea +
-                                           "' is not allowed (" + mEncryptionAlgorithmList + ").");
-                }
-                String da = req.getDigestAlgorithmName();
-                if (!isAlgorithmAllowed(mAllowedHashAlgorithm, da)) {
-                    CMS.debug("CRSEnrollment: decodePKIMessage:  Hashing algorithm '" + da +
-                            "' is not allowed (" + mHashAlgorithmList + ").");
-                    throw new ServletException("Hashing algorithm '" + da +
-                                           "' is not allowed (" + mHashAlgorithmList + ").");
-                }
-                if (ea != null) {
-                    mEncryptionAlgorithm = ea;
-                }
-            } catch (Exception e) {
-                CMS.debug(e);
-                throw new ServletException("Could not decode the request.");
-            }
-
-            // Create a new crypto context for doing all the crypto operations
-            cx = new CryptoContext();
-
-            // Verify Signature on message (throws exception if sig bad)
-            verifyRequest(req, cx);
-            unwrapPKCS10(req, cx);
-
-            IProfile profile = mProfileSubsystem.getProfile(mProfileId);
-            if (profile == null) {
-                CMS.debug("Profile '" + mProfileId + "' not found.");
-                throw new ServletException("Profile '" + mProfileId + "' not found.");
-            } else {
-                CMS.debug("Found profile '" + mProfileId + "'.");
-            }
-
-            IProfileAuthenticator authenticator = null;
-            try {
-                CMS.debug("Retrieving authenticator");
-                authenticator = profile.getAuthenticator();
-                if (authenticator == null) {
-                    CMS.debug("Authenticator not found.");
-                    throw new ServletException("Authenticator not found.");
-                } else {
-                    CMS.debug("Got authenticator=" + authenticator.getClass().getName());
-                }
-            } catch (EProfileException e) {
-                throw new ServletException("Authenticator not found.");
-            }
-            AuthCredentials credentials = new AuthCredentials();
-            IAuthToken authToken = null;
-            // for ssl authentication; pass in servlet for retrieving
-            // ssl client certificates
-            SessionContext context = SessionContext.getContext();
-
-            // insert profile context so that input parameter can be retrieved
-            context.put("sslClientCertProvider", new SSLClientCertProvider(httpReq));
-
-            try {
-                authToken = authenticate(credentials, authenticator, httpReq);
-            } catch (Exception e) {
-                CMS.debug("Authentication failure: " + e.getMessage());
-                throw new ServletException("Authentication failure: " + e.getMessage());
-            }
-            if (authToken == null) {
-                CMS.debug("Authentication failure.");
-                throw new ServletException("Authentication failure.");
-            }
-
-            // Deal with Transaction ID
-            String transactionID = req.getTransactionID();
-            responseData = responseData +
-                    "<TransactionID>" + transactionID + "</TransactionID>";
-
-            // End-User or RA's IP address
-            responseData = responseData +
-                    "<RemoteAddr>" + httpReq.getRemoteAddr() + "</RemoteAddr>";
-
-            responseData = responseData +
-                    "<RemoteHost>" + httpReq.getRemoteHost() + "</RemoteHost>";
-
-            // Deal with message type
-            String mt = req.getMessageType();
-            responseData = responseData +
-                    "<MessageType>" + mt + "</MessageType>";
-
-            PKCS10 p10 = req.getP10();
-            X500Name p10subject = p10.getSubjectName();
-            responseData = responseData +
-                    "<SubjectName>" + p10subject.toString() + "</SubjectName>";
-
-            String pkcs10Attr = "";
-            PKCS10Attributes p10atts = p10.getAttributes();
-            Enumeration<PKCS10Attribute> e = p10atts.getElements();
-
-            while (e.hasMoreElements()) {
-                PKCS10Attribute p10a = e.nextElement();
-                CertAttrSet attr = p10a.getAttributeValue();
-
-                if (attr.getName().equals(ChallengePassword.NAME)) {
-                    if (attr.get(ChallengePassword.PASSWORD) != null) {
-                        pkcs10Attr =
-                                pkcs10Attr
-                                        +
-                                         "<ChallengePassword><Password>"
-                                        + (String) attr.get(ChallengePassword.PASSWORD)
-                                        + "</Password></ChallengePassword>";
-                    }
-
-                }
-                String extensionsStr = "";
-                if (attr.getName().equals(ExtensionsRequested.NAME)) {
-
-                    Enumeration<Extension> exts = ((ExtensionsRequested) attr).getExtensions().elements();
-                    while (exts.hasMoreElements()) {
-                        Extension ext = exts.nextElement();
-
-                        if (ext.getExtensionId().equals(
-                                OIDMap.getOID(SubjectAlternativeNameExtension.IDENT))) {
-                            SubjectAlternativeNameExtension sane = new SubjectAlternativeNameExtension(
-                                    Boolean.valueOf(false), // noncritical
-                                    ext.getExtensionValue());
-
-                            @SuppressWarnings("unchecked")
-                            Vector<GeneralNameInterface> v =
-                                    (Vector<GeneralNameInterface>) sane
-                                            .get(SubjectAlternativeNameExtension.SUBJECT_NAME);
-
-                            Enumeration<GeneralNameInterface> gne = v.elements();
-
-                            StringBuffer subjAltNameStr = new StringBuffer();
-                            while (gne.hasMoreElements()) {
-                                GeneralNameInterface gni = gne.nextElement();
-                                if (gni instanceof GeneralName) {
-                                    GeneralName genName = (GeneralName) gni;
-
-                                    String gn = genName.toString();
-                                    int colon = gn.indexOf(':');
-                                    String gnType = gn.substring(0, colon).trim();
-                                    String gnValue = gn.substring(colon + 1).trim();
-
-                                    subjAltNameStr.append("<");
-                                    subjAltNameStr.append(gnType);
-                                    subjAltNameStr.append(">");
-                                    subjAltNameStr.append(gnValue);
-                                    subjAltNameStr.append("</");
-                                    subjAltNameStr.append(gnType);
-                                    subjAltNameStr.append(">");
-                                }
-                            } // while
-                            extensionsStr = "<SubjAltName>" +
-                                    subjAltNameStr.toString() + "</SubjAltName>";
-                        } // if
-                    } // while
-                    pkcs10Attr = pkcs10Attr +
-                                         "<Extensions>" + extensionsStr + "</Extensions>";
-                } // if extensions
-            } // while
-            responseData = responseData +
-                    "<PKCS10>" + pkcs10Attr + "</PKCS10>";
-
-        } catch (ServletException e) {
-            throw new ServletException(e.getMessage().toString());
-        } catch (CRSInvalidSignatureException e) {
-            CMS.debug("handlePKIMessage exception " + e);
-            CMS.debug(e);
-        } catch (Exception e) {
-            CMS.debug("handlePKIMessage exception " + e);
-            CMS.debug(e);
-            throw new ServletException("Failed to process message in CEP servlet: " + e.getMessage());
-        }
-
-        // We have now processed the request, and need to make the response message
-
-        try {
-
-            responseData = "<XMLResponse>" + responseData + "</XMLResponse>";
-            // Get the response coding
-            response = responseData.getBytes();
-
-            // Encode the httpResp into B64
-            httpResp.setContentType("application/xml");
-            httpResp.setContentLength(response.length);
-            httpResp.getOutputStream().write(response);
-            httpResp.getOutputStream().flush();
-
-            int i1 = responseData.indexOf("<Password>");
-            if (i1 > -1) {
-                i1 += 10; // 10 is a length of "<Password>"
-                int i2 = responseData.indexOf("</Password>", i1);
-                if (i2 > -1) {
-                    responseData = responseData.substring(0, i1) + "********" +
-                                 responseData.substring(i2, responseData.length());
-                }
-            }
-
-            CMS.debug("Output (decoding) PKIOperation response:");
-            CMS.debug(responseData);
-        } catch (Exception e) {
-            throw new ServletException("Failed to create response for CEP message" + e.getMessage());
-        }
-
-    }
-
-    /**
-     * finds a request with this transaction ID.
-     * If could not find any request - return null
-     * If could only find 'rejected' or 'cancelled' requests, return null
-     * If found 'pending' or 'completed' request - return that request
-     */
-
-    public void handlePKIOperation(HttpServletRequest httpReq,
-                                 HttpServletResponse httpResp,
-                                 String msg)
-            throws ServletException {
-
-        CryptoContext cx = null;
-
-        CRSPKIMessage req = null;
-        CRSPKIMessage crsResp = null;
-
-        byte[] decodedPKIMessage;
-        byte[] response = null;
-        X509CertImpl cert = null;
-
-        decodedPKIMessage = Utils.base64decode(msg);
-
-        try {
-            ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage);
-
-            // We make two CRSPKIMessages. One of them, is the request, so we initialize
-            // it from the DER given to us from the router.
-            // The second is the response, and we'll fill this in as we go.
-
-            if (decodedPKIMessage.length < 50) {
-                throw new ServletException("CRS request is too small to be a real request (" +
-                        decodedPKIMessage.length + " bytes)");
-            }
-            try {
-                req = new CRSPKIMessage(is);
-                String ea = req.getEncryptionAlgorithm();
-                if (!isAlgorithmAllowed(mAllowedEncryptionAlgorithm, ea)) {
-                    CMS.debug("CRSEnrollment: handlePKIOperation:  Encryption algorithm '" + ea +
-                            "' is not allowed (" + mEncryptionAlgorithmList + ").");
-                    throw new ServletException("Encryption algorithm '" + ea +
-                                           "' is not allowed (" + mEncryptionAlgorithmList + ").");
-                }
-                String da = req.getDigestAlgorithmName();
-                if (!isAlgorithmAllowed(mAllowedHashAlgorithm, da)) {
-                    CMS.debug("CRSEnrollment: handlePKIOperation:  Hashing algorithm '" + da +
-                            "' is not allowed (" + mHashAlgorithmList + ").");
-                    throw new ServletException("Hashing algorithm '" + da +
-                                           "' is not allowed (" + mHashAlgorithmList + ").");
-                }
-                if (ea != null) {
-                    mEncryptionAlgorithm = ea;
-                }
-                crsResp = new CRSPKIMessage();
-            } catch (ServletException e) {
-                throw new ServletException(e.getMessage().toString());
-            } catch (Exception e) {
-                CMS.debug(e);
-                throw new ServletException("Could not decode the request.");
-            }
-            crsResp.setMessageType(CRSPKIMessage.mType_CertRep);
-
-            // Create a new crypto context for doing all the crypto operations
-            cx = new CryptoContext();
-
-            // Verify Signature on message (throws exception if sig bad)
-            verifyRequest(req, cx);
-
-            // Deal with Transaction ID
-            String transactionID = req.getTransactionID();
-            if (transactionID == null) {
-                throw new ServletException("Error: malformed PKIMessage - missing transactionID");
-            } else {
-                crsResp.setTransactionID(transactionID);
-            }
-
-            // Deal with Nonces
-            byte[] sn = req.getSenderNonce();
-            if (sn == null) {
-                throw new ServletException("Error: malformed PKIMessage - missing sendernonce");
-            } else {
-                if (mNonceSizeLimit > 0 && sn.length > mNonceSizeLimit) {
-                    byte[] snLimited = (mNonceSizeLimit > 0) ? new byte[mNonceSizeLimit] : null;
-                    System.arraycopy(sn, 0, snLimited, 0, mNonceSizeLimit);
-                    crsResp.setRecipientNonce(snLimited);
-                } else {
-                    crsResp.setRecipientNonce(sn);
-                }
-                byte[] serverNonce = new byte[16];
-                mRandom.nextBytes(serverNonce);
-                crsResp.setSenderNonce(serverNonce);
-                // crsResp.setSenderNonce(new byte[] {0});
-            }
-
-            // Deal with message type
-            String mt = req.getMessageType();
-            if (mt == null) {
-                throw new ServletException("Error: malformed PKIMessage - missing messageType");
-            }
-
-            // now run appropriate code, depending on message type
-            if (mt.equals(CRSPKIMessage.mType_PKCSReq)) {
-                CMS.debug("Processing PKCSReq");
-                try {
-                    // Check if there is an existing request. If this returns non-null,
-                    // then the request is 'active' (either pending or completed) in
-                    // which case, we compare the hash of the new request to the hash of the
-                    // one in the queue - if they are the same, I return the state of the
-                    // original request - as if it was 'getCertInitial' message.
-                    // If the hashes are different, then the user attempted to enroll
-                    // for a new request with the same txid, which is not allowed -
-                    // so we return 'failure'.
-
-                    IRequest cmsRequest = findRequestByTransactionID(req.getTransactionID(), true);
-
-                    // If there was no request (with a cert) with this transaction ID,
-                    // process it as a new request
-
-                    cert = handlePKCSReq(httpReq, cmsRequest, req, crsResp, cx);
-
-                } catch (CRSFailureException e) {
-                    throw new ServletException("Couldn't handle CEP request (PKCSReq) - " + e.getMessage());
-                }
-            } else if (mt.equals(CRSPKIMessage.mType_GetCertInitial)) {
-                CMS.debug("Processing GetCertInitial");
-                cert = handleGetCertInitial(req, crsResp);
-            } else {
-                CMS.debug("Invalid request type " + mt);
-            }
-        } catch (ServletException e) {
-            throw new ServletException(e.getMessage().toString());
-        } catch (CRSInvalidSignatureException e) {
-            CMS.debug("handlePKIMessage exception " + e);
-            CMS.debug(e);
-            crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
-        } catch (Exception e) {
-            CMS.debug("handlePKIMessage exception " + e);
-            CMS.debug(e);
-            throw new ServletException("Failed to process message in CEP servlet: " + e.getMessage());
-        }
-
-        // We have now processed the request, and need to make the response message
-
-        try {
-            // make the response
-            processCertRep(cx, cert, crsResp, req);
-
-            // Get the response coding
-            response = crsResp.getResponse();
-
-            // Encode the crsResp into B64
-            httpResp.setContentType("application/x-pki-message");
-            httpResp.setContentLength(response.length);
-            httpResp.getOutputStream().write(response);
-            httpResp.getOutputStream().flush();
-
-            CMS.debug("Output PKIOperation response:");
-            CMS.debug(CMS.BtoA(response));
-        } catch (Exception e) {
-            throw new ServletException("Failed to create response for CEP message" + e.getMessage());
-        }
-
-    }
-
-    /**
-     * finds a request with this transaction ID.
-     * If could not find any request - return null
-     * If could only find 'rejected' or 'cancelled' requests, return null
-     * If found 'pending' or 'completed' request - return that request
-     */
-
-    public IRequest findRequestByTransactionID(String txid, boolean ignoreRejected)
-            throws EBaseException {
-
-        /* Check if certificate request has been completed */
-
-        IRequestQueue rq = ca.getRequestQueue();
-        IRequest foundRequest = null;
-
-        Enumeration<RequestId> rids = rq.findRequestsBySourceId(txid);
-        if (rids == null) {
-            return null;
-        }
-
-        while (rids.hasMoreElements()) {
-            RequestId rid = rids.nextElement();
-            if (rid == null) {
-                continue;
-            }
-
-            IRequest request = rq.findRequest(rid);
-            if (request == null) {
-                continue;
-            }
-            if (!ignoreRejected ||
-                    request.getRequestStatus().equals(RequestStatus.PENDING) ||
-                    request.getRequestStatus().equals(RequestStatus.COMPLETE)) {
-                if (foundRequest != null) {
-                }
-                foundRequest = request;
-            }
-        }
-        return foundRequest;
-    }
-
-    /**
-     * Called if the router is requesting us to send it its certificate
-     * Examine request queue for a request matching the transaction ID.
-     * Ignore any rejected or cancelled requests.
-     *
-     * If a request is found in the pending state, the response should be
-     * 'pending'
-     *
-     * If a request is found in the completed state, the response should be
-     * to return the certificate
-     *
-     * If no request is found, the response should be to return null
-     *
-     */
-
-    public X509CertImpl handleGetCertInitial(CRSPKIMessage req, CRSPKIMessage resp) {
-        IRequest foundRequest = null;
-
-        // already done by handlePKIOperation
-        // resp.setRecipientNonce(req.getSenderNonce());
-        // resp.setSenderNonce(null);
-
-        try {
-            foundRequest = findRequestByTransactionID(req.getTransactionID(), false);
-        } catch (EBaseException e) {
-        }
-
-        if (foundRequest == null) {
-            resp.setFailInfo(CRSPKIMessage.mFailInfo_badCertId);
-            resp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-            return null;
-        }
-
-        return makeResponseFromRequest(req, resp, foundRequest);
-    }
-
-    public void verifyRequest(CRSPKIMessage req, CryptoContext cx)
-            throws CRSInvalidSignatureException {
-
-        // Get Signed Data
-
-        @SuppressWarnings("unused")
-        byte[] reqAAbytes = req.getAA(); // check for errors
-
-        @SuppressWarnings("unused")
-        byte[] reqAAsig = req.getAADigest(); // check for errors
-
-    }
-
-    /**
-     * Create an entry for this user in the publishing directory
-     *
-     */
-
-    private boolean createEntry(String dn) {
-        boolean result = false;
-
-        IPublisherProcessor ldapPub = mAuthority.getPublisherProcessor();
-        if (ldapPub == null || !ldapPub.enabled()) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_CREATE_ENTRY_FROM_CEP"));
-
-            return result;
-        }
-
-        ILdapConnFactory connFactory = ldapPub.getLdapConnModule().getLdapConnFactory();
-        if (connFactory == null) {
-            return result;
-        }
-
-        LDAPConnection connection = null;
-        try {
-            connection = connFactory.getConn();
-            String[] objectclasses = { "top", mEntryObjectclass };
-            LDAPAttribute ocAttrs = new LDAPAttribute("objectclass", objectclasses);
-
-            LDAPAttributeSet attrSet = new LDAPAttributeSet();
-            attrSet.add(ocAttrs);
-
-            LDAPEntry newEntry = new LDAPEntry(dn, attrSet);
-            connection.add(newEntry);
-            result = true;
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAIL_CREAT_ENTRY_EXISTS", dn));
-        } finally {
-            try {
-                connFactory.returnConn(connection);
-            } catch (Exception f) {
-            }
-        }
-        return result;
-    }
-
-    /**
-     * Here we decrypt the PKCS10 message from the client
-     *
-     */
-
-    public void unwrapPKCS10(CRSPKIMessage req, CryptoContext cx)
-            throws ServletException,
-             CryptoManager.NotInitializedException,
-             CryptoContext.CryptoContextException,
-             CRSFailureException {
-
-        byte[] decryptedP10bytes = null;
-        SymmetricKey sk;
-        SymmetricKey skinternal;
-        SymmetricKey.Type skt;
-        KeyWrapper kw;
-        Cipher cip;
-        EncryptionAlgorithm ea;
-
-        // Unwrap the session key with the Cert server key
-        try {
-            kw = cx.getKeyWrapper();
-
-            kw.initUnwrap(cx.getPrivateKey(), null);
-
-            skt = SymmetricKey.Type.DES;
-            ea = EncryptionAlgorithm.DES_CBC;
-            if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
-                skt = SymmetricKey.Type.DES3;
-                ea = EncryptionAlgorithm.DES3_CBC;
-            }
-
-            sk = kw.unwrapSymmetric(req.getWrappedKey(),
-                              skt,
-                              SymmetricKey.Usage.DECRYPT,
-                              0); // keylength is ignored
-
-            skinternal = cx.getDESKeyGenerator().clone(sk);
-
-            cip = skinternal.getOwningToken().getCipherContext(ea);
-
-            cip.initDecrypt(skinternal, (new IVParameterSpec(req.getIV())));
-
-            decryptedP10bytes = cip.doFinal(req.getEncryptedPkcs10());
-            CMS.debug("decryptedP10bytes:");
-            CMS.debug(decryptedP10bytes);
-
-            req.setP10(new PKCS10(decryptedP10bytes));
-        } catch (Exception e) {
-            CMS.debug("failed to unwrap PKCS10 " + e);
-            throw new CRSFailureException("Could not unwrap PKCS10 blob: " + e.getMessage());
-        }
-
-    }
-
-    private void getDetailFromRequest(CRSPKIMessage req, CRSPKIMessage crsResp)
-            throws CRSFailureException {
-
-        SubjectAlternativeNameExtension sane = null;
-
-        try {
-            PKCS10 p10 = req.getP10();
-
-            if (p10 == null) {
-                crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
-                crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-                throw new CRSFailureException("Failed to decode pkcs10 from CEP request");
-            }
-
-            AuthCredentials authCreds = new AuthCredentials();
-
-            // Here, we make a new CertInfo - it's a new start for a certificate
-
-            X509CertInfo certInfo = CMS.getDefaultX509CertInfo();
-
-            // get some stuff out of the request
-            X509Key key = p10.getSubjectPublicKeyInfo();
-            X500Name p10subject = p10.getSubjectName();
-
-            X500Name subject = null;
-
-            // The following code will copy all the attributes
-            // into the AuthCredentials so they can be used for
-            // authentication
-            //
-            // Optionally, you can re-map the subject name from:
-            //   one RDN, with many AVA's    to
-            //   many RDN's with one AVA in each.
-
-            Enumeration<RDN> rdne = p10subject.getRDNs();
-            Vector<RDN> rdnv = new Vector<RDN>();
-
-            Hashtable<String, String> sanehash = new Hashtable<String, String>();
-
-            X500NameAttrMap xnap = X500NameAttrMap.getDefault();
-            while (rdne.hasMoreElements()) {
-                RDN rdn = rdne.nextElement();
-                int i = 0;
-                AVA[] oldavas = rdn.getAssertion();
-                for (i = 0; i < rdn.getAssertionLength(); i++) {
-                    AVA[] newavas = new AVA[1];
-                    newavas[0] = oldavas[i];
-
-                    authCreds.set(xnap.getName(oldavas[i].getOid()),
-                            oldavas[i].getValue().getAsString());
-
-                    if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDNAME)) {
-
-                        sanehash.put(SANE_DNSNAME, oldavas[i].getValue().getAsString());
-                    }
-                    if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDADDRESS)) {
-                        sanehash.put(SANE_IPADDRESS, oldavas[i].getValue().getAsString());
-                    }
-
-                    RDN newrdn = new RDN(newavas);
-                    if (mFlattenDN) {
-                        rdnv.addElement(newrdn);
-                    }
-                }
-            }
-
-            if (mFlattenDN)
-                subject = new X500Name(rdnv);
-            else
-                subject = p10subject;
-
-            // create default key usage extension
-            KeyUsageExtension kue = new KeyUsageExtension();
-            kue.set(KeyUsageExtension.DIGITAL_SIGNATURE, Boolean.valueOf(true));
-            kue.set(KeyUsageExtension.KEY_ENCIPHERMENT, Boolean.valueOf(true));
-
-            PKCS10Attributes p10atts = p10.getAttributes();
-            Enumeration<PKCS10Attribute> e = p10atts.getElements();
-
-            while (e.hasMoreElements()) {
-                PKCS10Attribute p10a = e.nextElement();
-                CertAttrSet attr = p10a.getAttributeValue();
-
-                if (attr.getName().equals(ChallengePassword.NAME)) {
-                    if (attr.get(ChallengePassword.PASSWORD) != null) {
-                        req.put(AUTH_PASSWORD, attr.get(ChallengePassword.PASSWORD));
-                        req.put(ChallengePassword.NAME,
-                                hashPassword(
-                                    (String) attr.get(ChallengePassword.PASSWORD)));
-                    }
-                }
-
-                if (attr.getName().equals(ExtensionsRequested.NAME)) {
-
-                    Enumeration<Extension> exts = ((ExtensionsRequested) attr).getExtensions().elements();
-                    while (exts.hasMoreElements()) {
-                        Extension ext = exts.nextElement();
-
-                        if (ext.getExtensionId().equals(
-                                OIDMap.getOID(KeyUsageExtension.IDENT))) {
-
-                            kue = new KeyUsageExtension(
-                                    new Boolean(false), // noncritical
-                                    ext.getExtensionValue());
-                        }
-
-                        if (ext.getExtensionId().equals(
-                                OIDMap.getOID(SubjectAlternativeNameExtension.IDENT))) {
-                            sane = new SubjectAlternativeNameExtension(
-                                    new Boolean(false), // noncritical
-                                    ext.getExtensionValue());
-
-                            @SuppressWarnings("unchecked")
-                            Vector<GeneralNameInterface> v =
-                                    (Vector<GeneralNameInterface>) sane
-                                            .get(SubjectAlternativeNameExtension.SUBJECT_NAME);
-
-                            Enumeration<GeneralNameInterface> gne = v.elements();
-
-                            while (gne.hasMoreElements()) {
-                                GeneralNameInterface gni = gne.nextElement();
-                                if (gni instanceof GeneralName) {
-                                    GeneralName genName = (GeneralName) gni;
-
-                                    String gn = genName.toString();
-                                    int colon = gn.indexOf(':');
-                                    String gnType = gn.substring(0, colon).trim();
-                                    String gnValue = gn.substring(colon + 1).trim();
-
-                                    authCreds.set(gnType, gnValue);
-                                }
-                            }
-                        }
-                    }
-                }
-            }
-
-            if (authCreds != null)
-                req.put(AUTH_CREDS, authCreds);
-
-            try {
-                if (sane == null)
-                    sane = makeDefaultSubjectAltName(sanehash);
-            } catch (Exception sane_e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME",
-                        sane_e.getMessage()));
-            }
-
-            try {
-                if (mAppendDN != null && !mAppendDN.equals("")) {
-
-                    new X500Name(subject.toString()); // check for errors
-
-                    subject = new X500Name(subject.toString().concat("," + mAppendDN));
-                }
-
-            } catch (Exception sne) {
-                log(ILogger.LL_INFO,
-                        "Unable to use appendDN parameter: "
-                                + mAppendDN + ". Error is " + sne.getMessage() + " Using unmodified subjectname");
-            }
-
-            if (subject != null)
-                req.put(SUBJECTNAME, subject);
-
-            if (key == null || subject == null) {
-                // log
-                //throw new ERegistrationException(RegistrationResources.ERROR_MALFORMED_P10);
-            }
-
-            certInfo.set(X509CertInfo.VERSION,
-                           new CertificateVersion(CertificateVersion.V3));
-
-            certInfo.set(X509CertInfo.SUBJECT,
-                           new CertificateSubjectName(subject));
-
-            certInfo.set(X509CertInfo.KEY,
-                           new CertificateX509Key(key));
-
-            CertificateExtensions ext = new CertificateExtensions();
-
-            if (kue != null) {
-                ext.set(KeyUsageExtension.NAME, kue);
-            }
-
-            // add subjectAltName extension, if present
-            if (sane != null) {
-                ext.set(SubjectAlternativeNameExtension.NAME, sane);
-            }
-
-            certInfo.set(X509CertInfo.EXTENSIONS, ext);
-
-            req.put(CERTINFO, certInfo);
-        } catch (Exception e) {
-            crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
-            crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-            return;
-        } // NEED TO FIX
-    }
-
-    private SubjectAlternativeNameExtension makeDefaultSubjectAltName(Hashtable<String, String> ht) {
-
-        // if no subjectaltname extension was requested, we try to make it up
-        // from some of the elements of the subject name
-
-        int itemCount = ht.size();
-        GeneralNameInterface[] gn = new GeneralNameInterface[ht.size()];
-
-        itemCount = 0;
-        Enumeration<String> en = ht.keys();
-        while (en.hasMoreElements()) {
-            String key = en.nextElement();
-            if (key.equals(SANE_DNSNAME)) {
-                gn[itemCount++] = new DNSName(ht.get(key));
-            }
-            if (key.equals(SANE_IPADDRESS)) {
-                gn[itemCount++] = new IPAddressName(ht.get(key));
-            }
-        }
-
-        try {
-            return new SubjectAlternativeNameExtension(new GeneralNames(gn));
-        } catch (Exception e) {
-            log(ILogger.LL_INFO, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME",
-                    e.getMessage()));
-            return null;
-        }
-    }
-
-    // Perform authentication
-
-    /*
-     * if the authentication is set up for CEP, and the user provides
-     * some credential, an attempt is made to authenticate the user
-     * If this fails, this method will return true
-     * If it is sucessful, this method will return true and
-     * an authtoken will be in the request
-     *
-     * If authentication is not configured, this method will
-     * return false. The request will be processed in the usual
-     * way, but no authtoken will be in the request.
-     *
-     * In other word, this method returns true if the request
-     * should be aborted, false otherwise.
-     */
-
-    private boolean authenticateUser(CRSPKIMessage req) {
-        boolean authenticationFailed = true;
-
-        if (mAuthManagerName == null) {
-            return false;
-        }
-
-        String password = (String) req.get(AUTH_PASSWORD);
-
-        AuthCredentials authCreds = (AuthCredentials) req.get(AUTH_CREDS);
-
-        if (authCreds == null) {
-            authCreds = new AuthCredentials();
-        }
-
-        // authtoken starts as null
-        AuthToken token = null;
-
-        if (password != null && !password.equals("")) {
-            try {
-                authCreds.set(AUTH_PASSWORD, password);
-            } catch (Exception e) {
-            }
-        }
-
-        try {
-            token = (AuthToken) mAuthSubsystem.authenticate(authCreds, mAuthManagerName);
-            authCreds.delete(AUTH_PASSWORD);
-            // if we got here, the authenticate call must not have thrown
-            // an exception
-            authenticationFailed = false;
-        } catch (EInvalidCredentials ex) {
-            // Invalid credentials - we must reject the request
-            authenticationFailed = true;
-        } catch (EMissingCredential mc) {
-            // Misssing credential - we'll log, and process manually
-            authenticationFailed = false;
-        } catch (EBaseException ex) {
-            // If there's some other error, we'll reject
-            // So, we just continue on, - AUTH_TOKEN will not be set.
-        }
-
-        if (token != null) {
-            req.put(AUTH_TOKEN, token);
-        }
-
-        return authenticationFailed;
-    }
-
-    private boolean areFingerprintsEqual(IRequest req, Hashtable<String, byte[]> fingerprints) {
-
-        Hashtable<String, String> old_fprints = req.getExtDataInHashtable(IRequest.FINGERPRINTS);
-        if (old_fprints == null) {
-            return false;
-        }
-
-        byte[] old_md5 = CMS.AtoB(old_fprints.get("MD5"));
-        byte[] new_md5 = fingerprints.get("MD5");
-
-        if (old_md5.length != new_md5.length)
-            return false;
-
-        for (int i = 0; i < old_md5.length; i++) {
-            if (old_md5[i] != new_md5[i])
-                return false;
-        }
-        return true;
-    }
-
-    public X509CertImpl handlePKCSReq(HttpServletRequest httpReq,
-                                 IRequest cmsRequest, CRSPKIMessage req,
-                                    CRSPKIMessage crsResp, CryptoContext cx)
-            throws ServletException,
-             CryptoManager.NotInitializedException,
-             CRSFailureException {
-
-        try {
-            unwrapPKCS10(req, cx);
-            Hashtable<String, byte[]> fingerprints = makeFingerPrints(req);
-
-            if (cmsRequest != null) {
-                if (areFingerprintsEqual(cmsRequest, fingerprints)) {
-                    CMS.debug("created response from request");
-                    return makeResponseFromRequest(req, crsResp, cmsRequest);
-                } else {
-                    CMS.debug("duplicated transaction id");
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_DUP_TRANS_ID"));
-                    crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest);
-                    crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-                    return null;
-                }
-            }
-
-            getDetailFromRequest(req, crsResp);
-            boolean authFailed = authenticateUser(req);
-
-            if (authFailed) {
-                CMS.debug("authentication failed");
-                log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_AUTH"));
-                crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badIdentity);
-                crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-
-                // perform audit log
-                String auditMessage = CMS.getLogMessage(
-                            "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5",
-                            httpReq.getRemoteAddr(),
-                            ILogger.FAILURE,
-                            req.getTransactionID(),
-                            "CRSEnrollment",
-                            ILogger.SIGNED_AUDIT_EMPTY_VALUE);
-                ILogger signedAuditLogger = CMS.getSignedAuditLogger();
-                if (signedAuditLogger != null) {
-                    signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-                            null, ILogger.S_SIGNED_AUDIT,
-                            ILogger.LL_SECURITY, auditMessage);
-                }
-
-                return null;
-            } else {
-                IRequest ireq = postRequest(httpReq, req, crsResp);
-
-                CMS.debug("created response");
-                return makeResponseFromRequest(req, crsResp, ireq);
-            }
-        } catch (CryptoContext.CryptoContextException e) {
-            CMS.debug("failed to decrypt the request " + e);
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_DECRYPT_PKCS10",
-                    e.getMessage()));
-            crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
-            crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-        } catch (EBaseException e) {
-            CMS.debug("operation failure - " + e);
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERNOLL_FAIL_NO_NEW_REQUEST_POSTED",
-                    e.getMessage()));
-            crsResp.setFailInfo(CRSPKIMessage.mFailInfo_internalCAError);
-            crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-        }
-        return null;
-    }
-
-    //////   post the request
-
-    /*
-      needed:
-
-      token (authtoken)
-      certInfo
-      fingerprints       x
-      req.transactionID
-      crsResp
-    */
-
-    private IRequest postRequest(HttpServletRequest httpReq, CRSPKIMessage req, CRSPKIMessage crsResp)
-            throws EBaseException {
-        X500Name subject = (X500Name) req.get(SUBJECTNAME);
-
-        if (mCreateEntry) {
-            if (subject == null) {
-                CMS.debug("CRSEnrollment::postRequest() - subject is null!");
-                return null;
-            }
-            createEntry(subject.toString());
-        }
-
-        // use profile framework to handle SCEP
-        if (mProfileId != null) {
-            PKCS10 pkcs10data = req.getP10();
-            String pkcs10blob = CMS.BtoA(pkcs10data.toByteArray());
-
-            // XXX authentication handling
-            CMS.debug("Found profile=" + mProfileId);
-            IProfile profile = mProfileSubsystem.getProfile(mProfileId);
-            if (profile == null) {
-                CMS.debug("profile " + mProfileId + " not found");
-                return null;
-            }
-            IProfileContext ctx = profile.createContext();
-
-            IProfileAuthenticator authenticator = null;
-            try {
-                CMS.debug("Retrieving authenticator");
-                authenticator = profile.getAuthenticator();
-                if (authenticator == null) {
-                    CMS.debug("No authenticator Found");
-                } else {
-                    CMS.debug("Got authenticator=" + authenticator.getClass().getName());
-                }
-            } catch (EProfileException e) {
-                // authenticator not installed correctly
-            }
-
-            IAuthToken authToken = null;
-
-            // for ssl authentication; pass in servlet for retrieving
-            // ssl client certificates
-            SessionContext context = SessionContext.getContext();
-
-            // insert profile context so that input parameter can be retrieved
-            context.put("profileContext", ctx);
-            context.put("sslClientCertProvider",
-                    new SSLClientCertProvider(httpReq));
-
-            String p10Password = getPasswordFromP10(pkcs10data);
-            AuthCredentials credentials = new AuthCredentials();
-            credentials.set("UID", httpReq.getRemoteAddr());
-            credentials.set("PWD", p10Password);
-
-            if (authenticator == null) {
-                // XXX - to help caRouterCert to work, we need to
-                // add authentication to caRouterCert
-                authToken = new AuthToken(null);
-            } else {
-                authToken = authenticate(credentials, authenticator, httpReq);
-            }
-
-            IRequest reqs[] = null;
-            CMS.debug("CRSEnrollment: Creating profile requests");
-            ctx.set(IEnrollProfile.CTX_CERT_REQUEST_TYPE, "pkcs10");
-            ctx.set(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob);
-            Locale locale = Locale.getDefault();
-            reqs = profile.createRequests(ctx, locale);
-            if (reqs == null) {
-                CMS.debug("CRSEnrollment: No request has been created");
-                return null;
-            } else {
-                CMS.debug("CRSEnrollment: Request (" + reqs.length + ") have been created");
-            }
-            // set transaction id
-            reqs[0].setSourceId(req.getTransactionID());
-            reqs[0].setExtData("profile", "true");
-            reqs[0].setExtData("profileId", mProfileId);
-            reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST_TYPE, IEnrollProfile.REQ_TYPE_PKCS10);
-            reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob);
-            reqs[0].setExtData("requestor_name", "");
-            reqs[0].setExtData("requestor_email", "");
-            reqs[0].setExtData("requestor_phone", "");
-            reqs[0].setExtData("profileRemoteHost", httpReq.getRemoteHost());
-            reqs[0].setExtData("profileRemoteAddr", httpReq.getRemoteAddr());
-            reqs[0].setExtData("profileApprovedBy", profile.getApprovedBy());
-
-            CMS.debug("CRSEnrollment: Populating inputs");
-            profile.populateInput(ctx, reqs[0]);
-            CMS.debug("CRSEnrollment: Populating requests");
-            profile.populate(reqs[0]);
-
-            CMS.debug("CRSEnrollment: Submitting request");
-            profile.submit(authToken, reqs[0]);
-            CMS.debug("CRSEnrollment: Done submitting request");
-            profile.getRequestQueue().markAsServiced(reqs[0]);
-            CMS.debug("CRSEnrollment: Request marked as serviced");
-
-            return reqs[0];
-
-        }
-
-        IRequestQueue rq = ca.getRequestQueue();
-        IRequest pkiReq = rq.newRequest(IRequest.ENROLLMENT_REQUEST);
-
-        AuthToken token = (AuthToken) req.get(AUTH_TOKEN);
-        if (token != null) {
-            pkiReq.setExtData(IRequest.AUTH_TOKEN, token);
-        }
-
-        pkiReq.setExtData(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE, IRequest.CEP_CERT);
-        X509CertInfo certInfo = (X509CertInfo) req.get(CERTINFO);
-        pkiReq.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { certInfo });
-        pkiReq.setExtData("cepsubstore", mSubstoreName);
-
-        try {
-            String chpwd = (String) req.get(ChallengePassword.NAME);
-            if (chpwd != null) {
-                pkiReq.setExtData("challengePhrase",
-                        chpwd);
-            }
-        } catch (Exception pwex) {
-        }
-
-        Hashtable<?, ?> fingerprints = (Hashtable<?, ?>) req.get(IRequest.FINGERPRINTS);
-        if (fingerprints.size() > 0) {
-            Hashtable<String, String> encodedPrints = new Hashtable<String, String>(fingerprints.size());
-            Enumeration<?> e = fingerprints.keys();
-            while (e.hasMoreElements()) {
-                String key = (String) e.nextElement();
-                byte[] value = (byte[]) fingerprints.get(key);
-                encodedPrints.put(key, CMS.BtoA(value));
-            }
-            pkiReq.setExtData(IRequest.FINGERPRINTS, encodedPrints);
-        }
-
-        pkiReq.setSourceId(req.getTransactionID());
-
-        rq.processRequest(pkiReq);
-
-        crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
-
-        mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.ENROLLMENTFORMAT,
-                            new Object[] {
-                                    pkiReq.getRequestId(),
-                                    AuditFormat.FROMROUTER,
-                                    mAuthManagerName == null ? AuditFormat.NOAUTH : mAuthManagerName,
-                                    "pending",
-                                    subject,
-                                    "" }
-                            );
-
-        return pkiReq;
-    }
-
-    public Hashtable<String, byte[]> makeFingerPrints(CRSPKIMessage req) {
-        Hashtable<String, byte[]> fingerprints = new Hashtable<String, byte[]>();
-
-        MessageDigest md;
-        String[] hashes = new String[] { "MD2", "MD5", "SHA1", "SHA256", "SHA512" };
-        PKCS10 p10 = req.getP10();
-
-        for (int i = 0; i < hashes.length; i++) {
-            try {
-                md = MessageDigest.getInstance(hashes[i]);
-                md.update(p10.getCertRequestInfo());
-                fingerprints.put(hashes[i], md.digest());
-            } catch (NoSuchAlgorithmException nsa) {
-            }
-        }
-
-        if (fingerprints != null) {
-            req.put(IRequest.FINGERPRINTS, fingerprints);
-        }
-        return fingerprints;
-    }
-
-    // Take a look to see if the request was successful, and fill
-    // in the response message
-
-    private X509CertImpl makeResponseFromRequest(CRSPKIMessage crsReq, CRSPKIMessage crsResp,
-                                      IRequest pkiReq) {
-
-        X509CertImpl issuedCert = null;
-
-        RequestStatus status = pkiReq.getRequestStatus();
-
-        String profileId = pkiReq.getExtDataInString("profileId");
-        if (profileId != null) {
-            CMS.debug("CRSEnrollment: Found profile request");
-            X509CertImpl cert =
-                    pkiReq.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
-            if (cert == null) {
-                CMS.debug("CRSEnrollment: No certificate has been found");
-            } else {
-                CMS.debug("CRSEnrollment: Found certificate");
-            }
-            crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
-            return cert;
-        }
-
-        if (status.equals(RequestStatus.COMPLETE)) {
-            Integer success = pkiReq.getExtDataInInteger(IRequest.RESULT);
-
-            if (success.equals(IRequest.RES_SUCCESS)) {
-                // The cert was issued, lets send it back to the router
-                X509CertImpl[] issuedCertBuf =
-                        pkiReq.getExtDataInCertArray(IRequest.ISSUED_CERTS);
-                if (issuedCertBuf == null || issuedCertBuf.length == 0) {
-                    //  writeError("Internal Error: Bad operation",httpReq,httpResp);
-                    CMS.debug("CRSEnrollment::makeResponseFromRequest() - " +
-                               "Bad operation");
-                    return null;
-                }
-                issuedCert = issuedCertBuf[0];
-                crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
-
-            } else { // status is not 'success' - there must've been a problem
-
-                crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-                crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badAlg);
-            }
-        } else if (status == RequestStatus.REJECTED ||
-                 status == RequestStatus.CANCELED) {
-            crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-            crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest);
-        } else { // not complete
-            crsResp.setPKIStatus(CRSPKIMessage.mStatus_PENDING);
-        }
-
-        return issuedCert;
-    }
-
-    protected String hashPassword(String pwd) {
-        String salt = "lala123";
-        byte[] pwdDigest = mSHADigest.digest((salt + pwd).getBytes());
-        String b64E = Utils.base64encode(pwdDigest);
-        return "{SHA}" + b64E;
-    }
-
-    /**
-     * Make the CRSPKIMESSAGE response
-     */
-
-    private void processCertRep(CryptoContext cx,
-                              X509CertImpl issuedCert,
-                              CRSPKIMessage crsResp,
-                              CRSPKIMessage crsReq)
-            throws CRSFailureException {
-        byte[] msgdigest = null;
-        byte[] encryptedDesKey = null;
-
-        try {
-            if (issuedCert != null) {
-
-                SymmetricKey sk;
-                SymmetricKey skinternal;
-
-                KeyGenAlgorithm kga = KeyGenAlgorithm.DES;
-                EncryptionAlgorithm ea = EncryptionAlgorithm.DES_CBC;
-                if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
-                    kga = KeyGenAlgorithm.DES3;
-                    ea = EncryptionAlgorithm.DES3_CBC;
-                }
-
-                // 1. Make the Degenerated PKCS7 with the recipient's certificate in it
-
-                byte toBeEncrypted[] =
-                        crsResp.makeSignedRep(1, // version
-                                issuedCert.getEncoded()
-                                      );
-
-                // 2. Encrypt the above byte array with a new random DES key
-
-                sk = cx.getDESKeyGenerator().generate();
-
-                skinternal = cx.getInternalToken().getKeyGenerator(kga).clone(sk);
-
-                byte[] padded = Cipher.pad(toBeEncrypted, ea.getBlockSize());
-
-                // This should be changed to generate proper DES IV.
-
-                Cipher cipher = cx.getInternalToken().getCipherContext(ea);
-                IVParameterSpec desIV =
-                        new IVParameterSpec(new byte[] {
-                                (byte) 0xff, (byte) 0x00,
-                                (byte) 0xff, (byte) 0x00,
-                                (byte) 0xff, (byte) 0x00,
-                                (byte) 0xff, (byte) 0x00 });
-
-                cipher.initEncrypt(sk, desIV);
-                byte[] encryptedData = cipher.doFinal(padded);
-
-                crsResp.makeEncryptedContentInfo(desIV.getIV(), encryptedData, mEncryptionAlgorithm);
-
-                // 3. Extract the recipient's public key
-
-                PublicKey rcpPK = crsReq.getSignerPublicKey();
-
-                // 4. Encrypt the DES key with the public key
-
-                // we have to move the key onto the interal token.
-                //skinternal = cx.getInternalKeyStorageToken().cloneKey(sk);
-                skinternal = cx.getInternalToken().cloneKey(sk);
-
-                KeyWrapper kw = cx.getInternalKeyWrapper();
-                kw.initWrap(rcpPK, null);
-                encryptedDesKey = kw.wrap(skinternal);
-
-                crsResp.setRcpIssuerAndSerialNumber(crsReq.getSgnIssuerAndSerialNumber());
-                crsResp.makeRecipientInfo(0, encryptedDesKey);
-
-            }
-
-            byte[] ed = crsResp.makeEnvelopedData(0);
-
-            // 7. Make Digest of SignedData Content
-            MessageDigest md = MessageDigest.getInstance(mHashAlgorithm);
-            msgdigest = md.digest(ed);
-
-            crsResp.setMsgDigest(msgdigest);
-
-        }
-
-        catch (Exception e) {
-            throw new CRSFailureException("Failed to create inner response to CEP message: " + e.getMessage());
-        }
-
-        // 5. Make a RecipientInfo
-
-        // The issuer name & serial number here, should be that of
-        // the EE's self-signed Certificate
-        // [I can get it from the req blob, but later, I should
-        //  store the recipient's self-signed certificate with the request
-        //  so I can get at it later. I need to do this to support
-        //  'PENDING']
-
-        try {
-
-            // 8. Make Authenticated Attributes
-            // we can just pull the transaction ID out of the request.
-            // Later, we will have to put it out of the Request queue,
-            // so we can support PENDING
-            crsResp.setTransactionID(crsReq.getTransactionID());
-            // recipientNonce and SenderNonce have already been set
-
-            crsResp.makeAuthenticatedAttributes();
-            //      crsResp.makeAuthenticatedAttributes_old();
-
-            // now package up the rest of the SignerInfo
-            {
-                byte[] signingcertbytes = cx.getSigningCert().getEncoded();
-
-                Certificate.Template sgncert_t = new Certificate.Template();
-                Certificate sgncert =
-                        (Certificate) sgncert_t.decode(new ByteArrayInputStream(signingcertbytes));
-
-                IssuerAndSerialNumber sgniasn =
-                        new IssuerAndSerialNumber(sgncert.getInfo().getIssuer(),
-                                          sgncert.getInfo().getSerialNumber());
-
-                crsResp.setSgnIssuerAndSerialNumber(sgniasn);
-
-                // 10. Make SignerInfo
-                crsResp.makeSignerInfo(1, cx.getPrivateKey(), mHashAlgorithm);
-
-                // 11. Make SignedData
-                crsResp.makeSignedData(1, signingcertbytes, mHashAlgorithm);
-
-                crsResp.debug();
-            }
-        } catch (Exception e) {
-            throw new CRSFailureException("Failed to create outer response to CEP request: " + e.getMessage());
-        }
-
-        // if debugging, dump out the response into a file
-
-    }
-
-    class CryptoContext {
-        private CryptoManager cm;
-        private CryptoToken internalToken;
-        private CryptoToken keyStorageToken;
-        private CryptoToken internalKeyStorageToken;
-        private KeyGenerator DESkg;
-        private Enumeration<?> externalTokens = null;
-        private org.mozilla.jss.crypto.X509Certificate signingCert;
-        private org.mozilla.jss.crypto.PrivateKey signingCertPrivKey;
-
-        @SuppressWarnings("unused")
-        private int signingCertKeySize;
-
-        class CryptoContextException extends Exception {
-            /**
-         *
-         */
-            private static final long serialVersionUID = -1124116326126256475L;
-
-            public CryptoContextException() {
-                super();
-            }
-
-            public CryptoContextException(String s) {
-                super(s);
-            }
-        }
-
-        public CryptoContext()
-                throws CryptoContextException {
-            try {
-                KeyGenAlgorithm kga = KeyGenAlgorithm.DES;
-                if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
-                    kga = KeyGenAlgorithm.DES3;
-                }
-                cm = CryptoManager.getInstance();
-                internalToken = cm.getInternalCryptoToken();
-                DESkg = internalToken.getKeyGenerator(kga);
-                if (mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) ||
-                        mTokenName.equalsIgnoreCase("Internal Key Storage Token") ||
-                        mTokenName.length() == 0) {
-                    keyStorageToken = cm.getInternalKeyStorageToken();
-                    internalKeyStorageToken = keyStorageToken;
-                    CMS.debug("CRSEnrollment: CryptoContext: internal token name: '" + mTokenName + "'");
-                } else {
-                    keyStorageToken = cm.getTokenByName(mTokenName);
-                    internalKeyStorageToken = null;
-                }
-                if (!mUseCA && internalKeyStorageToken == null) {
-                    PasswordCallback cb = CMS.getPasswordCallback();
-                    keyStorageToken.login(cb); // ONE_TIME by default.
-                }
-                signingCert = cm.findCertByNickname(mNickname);
-                signingCertPrivKey = cm.findPrivKeyByCert(signingCert);
-                byte[] encPubKeyInfo = signingCert.getPublicKey().getEncoded();
-                SEQUENCE.Template outer = SEQUENCE.getTemplate();
-                outer.addElement(ANY.getTemplate()); // algid
-                outer.addElement(BIT_STRING.getTemplate());
-                SEQUENCE outerSeq = (SEQUENCE) ASN1Util.decode(outer, encPubKeyInfo);
-                BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1);
-                byte[] encPubKey = bs.getBits();
-                if (bs.getPadCount() != 0) {
-                    throw new CryptoContextException(
-                            "Internal error: Invalid Public key. Not an integral number of bytes.");
-                }
-                SEQUENCE.Template inner = new SEQUENCE.Template();
-                inner.addElement(INTEGER.getTemplate());
-                inner.addElement(INTEGER.getTemplate());
-                SEQUENCE pubKeySeq = (SEQUENCE) ASN1Util.decode(inner, encPubKey);
-                INTEGER modulus = (INTEGER) pubKeySeq.elementAt(0);
-                signingCertKeySize = modulus.bitLength();
-
-                try {
-                    FileOutputStream fos = new FileOutputStream("pubkey.der");
-                    fos.write(signingCert.getPublicKey().getEncoded());
-                    fos.close();
-                } catch (Exception e) {
-                }
-
-            } catch (InvalidBERException e) {
-                throw new CryptoContextException(
-                        "Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate");
-            } catch (CryptoManager.NotInitializedException e) {
-                throw new CryptoContextException("Crypto Manager not initialized");
-            } catch (NoSuchAlgorithmException e) {
-                throw new CryptoContextException("Cannot create DES key generator");
-            } catch (ObjectNotFoundException e) {
-                throw new CryptoContextException("Certificate not found: " + ca.getNickname());
-            } catch (TokenException e) {
-                throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage());
-            } catch (NoSuchTokenException e) {
-                throw new CryptoContextException("Crypto Token not found: " + e.getMessage());
-            } catch (IncorrectPasswordException e) {
-                throw new CryptoContextException("Incorrect Password.");
-            }
-        }
-
-        public KeyGenerator getDESKeyGenerator() {
-            return DESkg;
-        }
-
-        public CryptoToken getInternalToken() {
-            return internalToken;
-        }
-
-        public void setExternalTokens(Enumeration<?> tokens) {
-            externalTokens = tokens;
-        }
-
-        public Enumeration<?> getExternalTokens() {
-            return externalTokens;
-        }
-
-        public CryptoToken getInternalKeyStorageToken() {
-            return internalKeyStorageToken;
-        }
-
-        public CryptoToken getKeyStorageToken() {
-            return keyStorageToken;
-        }
-
-        public CryptoManager getCryptoManager() {
-            return cm;
-        }
-
-        public KeyWrapper getKeyWrapper()
-                throws CryptoContextException {
-            try {
-                return signingCertPrivKey.getOwningToken().getKeyWrapper(KeyWrapAlgorithm.RSA);
-            } catch (TokenException e) {
-                throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage());
-            } catch (NoSuchAlgorithmException e) {
-                throw new CryptoContextException(e.getMessage());
-            }
-        }
-
-        public KeyWrapper getInternalKeyWrapper()
-                throws CryptoContextException {
-            try {
-                return getInternalToken().getKeyWrapper(KeyWrapAlgorithm.RSA);
-            } catch (TokenException e) {
-                throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage());
-            } catch (NoSuchAlgorithmException e) {
-                throw new CryptoContextException(e.getMessage());
-            }
-        }
-
-        public org.mozilla.jss.crypto.PrivateKey getPrivateKey() {
-            return signingCertPrivKey;
-        }
-
-        public org.mozilla.jss.crypto.X509Certificate getSigningCert() {
-            return signingCert;
-        }
-
-    }
-
-    /* General failure. The request/response cannot be processed. */
-
-    class CRSFailureException extends Exception {
-        /**
-     *
-     */
-        private static final long serialVersionUID = 1962741611501549051L;
-
-        public CRSFailureException() {
-            super();
-        }
-
-        public CRSFailureException(String s) {
-            super(s);
-        }
-    }
-
-    class CRSInvalidSignatureException extends Exception {
-        /**
-     *
-     */
-        private static final long serialVersionUID = 9096408193567657944L;
-
-        public CRSInvalidSignatureException() {
-            super();
-        }
-
-        public CRSInvalidSignatureException(String s) {
-            super(s);
-        }
-    }
-
-    class CRSPolicyException extends Exception {
-        /**
-     *
-     */
-        private static final long serialVersionUID = 5846593800658787396L;
-
-        public CRSPolicyException() {
-            super();
-        }
-
-        public CRSPolicyException(String s) {
-            super(s);
-        }
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java b/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
deleted file mode 100644
index 5c7ac856f..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
+++ /dev/null
@@ -1,141 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert.scep;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.security.cert.CertificateException;
-import java.util.Enumeration;
-import java.util.Vector;
-
-import netscape.security.util.DerValue;
-import netscape.security.x509.CertAttrSet;
-
-/**
- * Class for handling the decoding of a SCEP Challenge Password
- * object. Currently this class cannot be used for encoding
- * thus some fo the methods are unimplemented
- */
-public class ChallengePassword implements CertAttrSet {
-
-    public static final String NAME = "ChallengePassword";
-    public static final String PASSWORD = "password";
-
-    private String cpw;
-
-    /**
-     * Get the password marshalled in this object
-     *
-     * @return the challenge password
-     */
-    public String toString() {
-        return cpw;
-    }
-
-    /**
-     * Create a ChallengePassword object
-     *
-     * @param stuff (must be of type byte[]) a DER-encoded by array following
-     *            The ASN.1 template for ChallenegePassword specified in the SCEP
-     *            documentation
-     * @throws IOException if the DER encoded byt array was malformed, or if it
-     *             did not match the template
-     */
-
-    public ChallengePassword(Object stuff)
-            throws IOException {
-
-        ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff);
-        try {
-            decode(is);
-        } catch (Exception e) {
-            throw new IOException(e.getMessage());
-        }
-
-    }
-
-    /**
-     * Currently Unimplemented
-     */
-    public void encode(OutputStream out)
-            throws CertificateException, IOException {
-    }
-
-    public void decode(InputStream in)
-            throws CertificateException, IOException {
-        DerValue derVal = new DerValue(in);
-
-        construct(derVal);
-
-    }
-
-    private void construct(DerValue derVal) throws IOException {
-        try {
-            cpw = derVal.getPrintableString();
-        } catch (NullPointerException e) {
-            cpw = "";
-        }
-    }
-
-    /**
-     * Currently Unimplemented
-     */
-    public void set(String name, Object obj)
-            throws CertificateException, IOException {
-    }
-
-    /**
-     * Get an attribute of this object.
-     *
-     * @param name the name of the attribute of this object to get. The only
-     *            supported attribute is "password"
-     */
-    public Object get(String name)
-            throws CertificateException, IOException {
-        if (name.equalsIgnoreCase(PASSWORD)) {
-            return cpw;
-        } else {
-            throw new IOException("Attribute name not recognized by " +
-                                  "CertAttrSet: ChallengePassword");
-        }
-    }
-
-    /**
-     * Currently Unimplemented
-     */
-    public void delete(String name)
-            throws CertificateException, IOException {
-    }
-
-    /**
-     * @return an empty set of elements
-     */
-    public Enumeration<String> getAttributeNames() {
-        return (new Vector<String>()).elements();
-    }
-
-    /**
-     * @return the String "ChallengePassword"
-     */
-    public String getName() {
-        return NAME;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java b/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java
deleted file mode 100644
index 3cb88f3f8..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java
+++ /dev/null
@@ -1,176 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert.scep;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.security.cert.CertificateException;
-import java.util.Enumeration;
-import java.util.Vector;
-
-import netscape.security.util.DerInputStream;
-import netscape.security.util.DerValue;
-import netscape.security.x509.CertAttrSet;
-import netscape.security.x509.Extension;
-
-public class ExtensionsRequested implements CertAttrSet {
-
-    public static final String NAME = "EXTENSIONS_REQUESTED";
-
-    public static final String KUE_DIGITAL_SIGNATURE = "kue_digital_signature";
-    public static final String KUE_KEY_ENCIPHERMENT = "kue_key_encipherment";
-
-    private String kue_digital_signature = "false";
-    private String kue_key_encipherment = "false";
-
-    private Vector<Extension> exts = new Vector<Extension>();
-
-    public ExtensionsRequested(Object stuff) throws IOException {
-        ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff);
-
-        try {
-            decode(is);
-        } catch (Exception e) {
-            e.printStackTrace();
-            throw new IOException(e.getMessage());
-        }
-    }
-
-    public void encode(OutputStream out)
-            throws CertificateException, IOException {
-    }
-
-    public void decode(InputStream in)
-            throws CertificateException, IOException {
-        DerValue derVal = new DerValue(in);
-
-        construct(derVal);
-    }
-
-    public void set(String name, Object obj)
-            throws CertificateException, IOException {
-    }
-
-    public Object get(String name)
-            throws CertificateException, IOException {
-        if (name.equalsIgnoreCase(KUE_DIGITAL_SIGNATURE)) {
-            return kue_digital_signature;
-        }
-        if (name.equalsIgnoreCase(KUE_KEY_ENCIPHERMENT)) {
-            return kue_key_encipherment;
-        }
-
-        throw new IOException("Unsupported attribute queried");
-    }
-
-    public void delete(String name)
-            throws CertificateException, IOException {
-    }
-
-    public Enumeration<String> getAttributeNames() {
-        return (new Vector<String>()).elements();
-    }
-
-    public String getName() {
-        return NAME;
-    }
-
-    /**
-     * construct - expects this in the inputstream (from the router):
-     *
-     * 211 30 31: SEQUENCE {
-     * 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9 8'
-     * 225 31 17: SET {
-     * 227 04 15: OCTET STRING, encapsulates {
-     * 229 30 13: SEQUENCE {
-     * 231 30 11: SEQUENCE {
-     * 233 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
-     * 238 04 4: OCTET STRING
-     * : 03 02 05 A0
-     * : }
-     * : }
-     * : }
-     *
-     * or this (from IRE client):
-     *
-     * 262 30 51: SEQUENCE {
-     * 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840 113549 1 9 14)
-     * 275 31 38: SET {
-     * 277 30 36: SEQUENCE {
-     * 279 30 34: SEQUENCE {
-     * 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
-     * 286 04 27: OCTET STRING
-     * : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61
-     * : 61 61 2E 6D 63 6F 6D 2E 63 6F 6D
-     * : }
-     * : }
-     * : }
-     * : }
-     */
-    private void construct(DerValue dv) throws IOException {
-
-        DerInputStream stream = null;
-
-        try { // try decoding as sequence first
-
-            stream = dv.toDerInputStream();
-
-            stream.getDerValue(); // consume stream
-            stream.reset();
-
-            stream.getSequence(2); // consume stream
-        } catch (IOException ioe) {
-            // if it failed, the outer sequence may be
-            // encapsulated in an octet string, as in the first
-            // example above
-
-            byte[] octet_string = dv.getOctetString();
-
-            // Make a new input stream from the byte array,
-            // and re-parse it as a sequence.
-
-            dv = new DerValue(octet_string);
-
-            stream = dv.toDerInputStream();
-            stream.getSequence(2); // consume stream
-        }
-
-        // now, the stream will be in the correct format
-        stream.reset();
-
-        while (true) {
-            DerValue ext_dv = null;
-            try {
-                ext_dv = stream.getDerValue();
-            } catch (IOException ex) {
-                break;
-            }
-
-            Extension ext = new Extension(ext_dv);
-            exts.addElement(ext);
-        }
-
-    }
-
-    public Vector<Extension> getExtensions() {
-        return exts;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java b/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java
deleted file mode 100644
index 32ae0fcc8..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java
+++ /dev/null
@@ -1,109 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-import java.util.Enumeration;
-import java.util.Hashtable;
-
-import com.netscape.certsrv.authentication.EAuthException;
-import com.netscape.certsrv.authentication.IAuthCredentials;
-import com.netscape.certsrv.base.IArgBlock;
-
-/**
- * Authentication Credentials as input to the authMgr
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public class AuthCredentials implements IAuthCredentials {
-    /**
-     *
-     */
-    private static final long serialVersionUID = -5995164231849154265L;
-    private Hashtable<String, Object> authCreds = null;
-    // Inserted by bskim
-    private IArgBlock argblk = null;
-
-    // Insert end
-
-    public AuthCredentials() {
-        authCreds = new Hashtable<String, Object>();
-    }
-
-    /**
-     * sets a credential with credential name and the credential
-     *
-     * @param name credential name
-     * @param cred credential
-     * @exception com.netscape.certsrv.base.EBaseException NullPointerException
-     */
-    public void set(String name, Object cred) throws EAuthException {
-        if (cred == null) {
-            throw new EAuthException("AuthCredentials.set()");
-        }
-
-        authCreds.put(name, cred);
-    }
-
-    /**
-     * returns the credential to which the specified name is mapped in this
-     * credential set
-     *
-     * @param name credential name
-     * @return the named authentication credential
-     */
-    public Object get(String name) {
-        return authCreds.get(name);
-    }
-
-    /**
-     * removes the name and its corresponding credential from this
-     * credential set. This method does nothing if the named
-     * credential is not in the credential set.
-     *
-     * @param name credential name
-     */
-    public void delete(String name) {
-        authCreds.remove(name);
-    }
-
-    /**
-     * returns an enumeration of the credential names in this credential
-     * set. Use the Enumeration methods on the returned object to
-     * fetch the elements sequentially.
-     *
-     * @return an enumeration of the names in this credential set
-     * @see java.util.Enumeration
-     */
-    public Enumeration<String> getElements() {
-        return authCreds.keys();
-    }
-
-    // Inserted by bskim
-    public void setArgBlock(IArgBlock blk) {
-        argblk = blk;
-        return;
-    }
-
-    // Insert end
-
-    public IArgBlock getArgBlock() {
-        return argblk;
-    }
-    // Insert end
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java b/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java
deleted file mode 100644
index f1320f44a..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java
+++ /dev/null
@@ -1,1106 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.PublicKey;
-import java.util.Date;
-import java.util.Hashtable;
-
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.CRLExtensions;
-import netscape.security.x509.CRLReasonExtension;
-import netscape.security.x509.CertificateChain;
-import netscape.security.x509.InvalidityDateExtension;
-import netscape.security.x509.RevocationReason;
-import netscape.security.x509.RevokedCertImpl;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509Key;
-
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.asn1.ANY;
-import org.mozilla.jss.asn1.ASN1Util;
-import org.mozilla.jss.asn1.ENUMERATED;
-import org.mozilla.jss.asn1.GeneralizedTime;
-import org.mozilla.jss.asn1.INTEGER;
-import org.mozilla.jss.asn1.InvalidBERException;
-import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
-import org.mozilla.jss.asn1.OCTET_STRING;
-import org.mozilla.jss.asn1.SEQUENCE;
-import org.mozilla.jss.asn1.SET;
-import org.mozilla.jss.asn1.UTF8String;
-import org.mozilla.jss.crypto.DigestAlgorithm;
-import org.mozilla.jss.crypto.SignatureAlgorithm;
-import org.mozilla.jss.pkcs11.PK11PubKey;
-import org.mozilla.jss.pkix.cert.Certificate;
-import org.mozilla.jss.pkix.cmc.CMCCertId;
-import org.mozilla.jss.pkix.cmc.CMCStatusInfo;
-import org.mozilla.jss.pkix.cmc.GetCert;
-import org.mozilla.jss.pkix.cmc.OtherInfo;
-import org.mozilla.jss.pkix.cmc.OtherMsg;
-import org.mozilla.jss.pkix.cmc.PendInfo;
-import org.mozilla.jss.pkix.cmc.ResponseBody;
-import org.mozilla.jss.pkix.cmc.TaggedAttribute;
-import org.mozilla.jss.pkix.cmmf.RevRequest;
-import org.mozilla.jss.pkix.cms.ContentInfo;
-import org.mozilla.jss.pkix.cms.EncapsulatedContentInfo;
-import org.mozilla.jss.pkix.cms.IssuerAndSerialNumber;
-import org.mozilla.jss.pkix.cms.SignedData;
-import org.mozilla.jss.pkix.cms.SignerIdentifier;
-import org.mozilla.jss.pkix.cms.SignerInfo;
-import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier;
-import org.mozilla.jss.pkix.primitive.Name;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.ISharedToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestStatus;
-
-/**
- * Utility CMCOutputTemplate
- *
- * @version $ $, $Date$
- */
-public class CMCOutputTemplate {
-    public CMCOutputTemplate() {
-    }
-
-    public void createFullResponseWithFailedStatus(HttpServletResponse resp,
-            SEQUENCE bpids, int code, UTF8String s) {
-        SEQUENCE controlSeq = new SEQUENCE();
-        SEQUENCE cmsSeq = new SEQUENCE();
-        SEQUENCE otherMsgSeq = new SEQUENCE();
-
-        int bpid = 1;
-        OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
-                new INTEGER(code), null);
-        CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(
-                new INTEGER(CMCStatusInfo.FAILED),
-                bpids, s, otherInfo);
-        TaggedAttribute tagattr = new TaggedAttribute(
-                new INTEGER(bpid++),
-                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-        controlSeq.addElement(tagattr);
-
-        try {
-            ResponseBody respBody = new ResponseBody(controlSeq,
-                    cmsSeq, otherMsgSeq);
-
-            SET certs = new SET();
-            ContentInfo contentInfo = getContentInfo(respBody, certs);
-            if (contentInfo == null)
-                return;
-            ByteArrayOutputStream fos = new ByteArrayOutputStream();
-            contentInfo.encode(fos);
-            fos.close();
-            byte[] contentBytes = fos.toByteArray();
-
-            resp.setContentType("application/pkcs7-mime");
-            resp.setContentLength(contentBytes.length);
-            OutputStream os = resp.getOutputStream();
-            os.write(contentBytes);
-            os.flush();
-        } catch (Exception e) {
-            CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: " + e.toString());
-            return;
-        }
-    }
-
-    public void createFullResponse(HttpServletResponse resp, IRequest[] reqs,
-            String cert_request_type, int[] error_codes) {
-
-        SEQUENCE controlSeq = new SEQUENCE();
-        SEQUENCE cmsSeq = new SEQUENCE();
-        SEQUENCE otherMsgSeq = new SEQUENCE();
-        SessionContext context = SessionContext.getContext();
-
-        // set status info control for simple enrollment request
-        // in rfc 2797: body list value is 1
-        int bpid = 1;
-        SEQUENCE pending_bpids = null;
-        SEQUENCE success_bpids = null;
-        SEQUENCE failed_bpids = null;
-        if (cert_request_type.equals("crmf") ||
-                cert_request_type.equals("pkcs10")) {
-            String reqId = reqs[0].getRequestId().toString();
-            OtherInfo otherInfo = null;
-            if (error_codes[0] == 2) {
-                PendInfo pendInfo = new PendInfo(reqId, new Date());
-                otherInfo = new OtherInfo(OtherInfo.PEND, null,
-                        pendInfo);
-            } else {
-                otherInfo = new OtherInfo(OtherInfo.FAIL,
-                        new INTEGER(OtherInfo.BAD_REQUEST), null);
-            }
-
-            SEQUENCE bpids = new SEQUENCE();
-            bpids.addElement(new INTEGER(1));
-            CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING,
-                    bpids, (String) null, otherInfo);
-            TaggedAttribute tagattr = new TaggedAttribute(
-                    new INTEGER(bpid++),
-                    OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-            controlSeq.addElement(tagattr);
-        } else if (cert_request_type.equals("cmc")) {
-            pending_bpids = new SEQUENCE();
-            success_bpids = new SEQUENCE();
-            failed_bpids = new SEQUENCE();
-            if (reqs != null) {
-                for (int i = 0; i < reqs.length; i++) {
-                    if (error_codes[i] == 0) {
-                        success_bpids.addElement(new INTEGER(
-                                reqs[i].getExtDataInBigInteger("bodyPartId")));
-                    } else if (error_codes[i] == 2) {
-                        pending_bpids.addElement(new INTEGER(
-                                reqs[i].getExtDataInBigInteger("bodyPartId")));
-                    } else {
-                        failed_bpids.addElement(new INTEGER(
-                                reqs[i].getExtDataInBigInteger("bodyPartId")));
-                    }
-                }
-            }
-
-            TaggedAttribute tagattr = null;
-            CMCStatusInfo cmcStatusInfo = null;
-            SEQUENCE identityBpids = (SEQUENCE) context.get("identityProof");
-            if (identityBpids != null && identityBpids.size() > 0) {
-                OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
-                        new INTEGER(OtherInfo.BAD_IDENTITY), null);
-                cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
-                        identityBpids, (String) null, otherInfo);
-                tagattr = new TaggedAttribute(
-                        new INTEGER(bpid++),
-                        OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                controlSeq.addElement(tagattr);
-            }
-
-            SEQUENCE POPLinkWitnessBpids = (SEQUENCE) context.get("POPLinkWitness");
-            if (POPLinkWitnessBpids != null && POPLinkWitnessBpids.size() > 0) {
-                OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
-                        new INTEGER(OtherInfo.BAD_REQUEST), null);
-                cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
-                        POPLinkWitnessBpids, (String) null, otherInfo);
-                tagattr = new TaggedAttribute(
-                        new INTEGER(bpid++),
-                        OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                controlSeq.addElement(tagattr);
-            }
-
-            if (pending_bpids.size() > 0) {
-                cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING,
-                        pending_bpids, (String) null, null);
-                tagattr = new TaggedAttribute(
-                        new INTEGER(bpid++),
-                        OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                controlSeq.addElement(tagattr);
-            }
-
-            if (success_bpids.size() > 0) {
-                boolean confirmRequired = false;
-                try {
-                    confirmRequired =
-                            CMS.getConfigStore().getBoolean("cmc.cert.confirmRequired",
-                                    false);
-                } catch (Exception e) {
-                }
-                if (confirmRequired) {
-                    CMS.debug("CMCOutputTemplate: confirmRequired in the request");
-                    cmcStatusInfo =
-                            new CMCStatusInfo(CMCStatusInfo.CONFIRM_REQUIRED,
-                                    success_bpids, (String) null, null);
-                } else {
-                    cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
-                            success_bpids, (String) null, null);
-                }
-                tagattr = new TaggedAttribute(
-                        new INTEGER(bpid++),
-                        OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                controlSeq.addElement(tagattr);
-            }
-
-            if (failed_bpids.size() > 0) {
-                OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
-                        new INTEGER(OtherInfo.BAD_REQUEST), null);
-                cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
-                        failed_bpids, (String) null, otherInfo);
-                tagattr = new TaggedAttribute(
-                        new INTEGER(bpid++),
-                        OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                controlSeq.addElement(tagattr);
-            }
-        }
-
-        SET certs = new SET();
-
-        try {
-            // deal with controls
-            Integer nums = (Integer) (context.get("numOfControls"));
-            if (nums != null && nums.intValue() > 0) {
-                TaggedAttribute attr =
-                        (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
-                if (attr != null) {
-                    try {
-                        processGetCertControl(attr, certs);
-                    } catch (EBaseException ee) {
-                        CMS.debug("CMCOutputTemplate: " + ee.toString());
-                        OtherInfo otherInfo1 = new OtherInfo(OtherInfo.FAIL,
-                                new INTEGER(OtherInfo.BAD_CERT_ID), null);
-                        SEQUENCE bpids1 = new SEQUENCE();
-                        bpids1.addElement(attr.getBodyPartID());
-                        CMCStatusInfo cmcStatusInfo1 = new CMCStatusInfo(
-                                new INTEGER(CMCStatusInfo.FAILED),
-                                bpids1, null, otherInfo1);
-                        TaggedAttribute tagattr1 = new TaggedAttribute(
-                                new INTEGER(bpid++),
-                                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo1);
-                        controlSeq.addElement(tagattr1);
-                    }
-                }
-
-                attr =
-                        (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_dataReturn));
-                if (attr != null)
-                    bpid = processDataReturnControl(attr, controlSeq, bpid);
-
-                attr =
-                        (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_transactionId);
-                if (attr != null)
-                    bpid = processTransactionControl(attr, controlSeq, bpid);
-
-                attr =
-                        (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_senderNonce);
-                if (attr != null)
-                    bpid = processSenderNonceControl(attr, controlSeq, bpid);
-
-                attr =
-                        (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_QueryPending);
-                if (attr != null)
-                    bpid = processQueryPendingControl(attr, controlSeq, bpid);
-
-                attr =
-                        (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance);
-
-                if (attr != null)
-                    bpid = processConfirmCertAcceptanceControl(attr, controlSeq,
-                            bpid);
-
-                attr =
-                        (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_revokeRequest);
-
-                if (attr != null)
-                    bpid = processRevokeRequestControl(attr, controlSeq,
-                            bpid);
-            }
-
-            if (success_bpids != null && success_bpids.size() > 0) {
-                for (int i = 0; i < reqs.length; i++) {
-                    if (error_codes[i] == 0) {
-                        X509CertImpl impl =
-                                (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT));
-                        byte[] bin = impl.getEncoded();
-                        Certificate.Template certTemplate = new Certificate.Template();
-                        Certificate cert = (Certificate) certTemplate.decode(
-                                new ByteArrayInputStream(bin));
-                        certs.addElement(cert);
-                    }
-                }
-            }
-
-            ResponseBody respBody = new ResponseBody(controlSeq,
-                    cmsSeq, otherMsgSeq);
-
-            ContentInfo contentInfo = getContentInfo(respBody, certs);
-            ByteArrayOutputStream fos = new ByteArrayOutputStream();
-            contentInfo.encode(fos);
-            fos.close();
-            byte[] contentBytes = fos.toByteArray();
-
-            resp.setContentType("application/pkcs7-mime");
-            resp.setContentLength(contentBytes.length);
-            OutputStream os = resp.getOutputStream();
-            os.write(contentBytes);
-            os.flush();
-        } catch (java.security.cert.CertificateEncodingException e) {
-            CMS.debug("CMCOutputTemplate exception: " + e.toString());
-        } catch (InvalidBERException e) {
-            CMS.debug("CMCOutputTemplate exception: " + e.toString());
-        } catch (IOException e) {
-            CMS.debug("CMCOutputTemplate exception: " + e.toString());
-        } catch (Exception e) {
-            CMS.debug("Exception: " + e.toString());
-        }
-    }
-
-    private ContentInfo getContentInfo(ResponseBody respBody, SET certs) {
-        try {
-            ICertificateAuthority ca = null;
-            // add CA cert chain
-            ca = (ICertificateAuthority) CMS.getSubsystem("ca");
-            CertificateChain certchains = ca.getCACertChain();
-            java.security.cert.X509Certificate[] chains = certchains.getChain();
-
-            for (int i = 0; i < chains.length; i++) {
-                Certificate.Template certTemplate = new Certificate.Template();
-                Certificate cert = (Certificate) certTemplate.decode(
-                        new ByteArrayInputStream(chains[i].getEncoded()));
-                certs.addElement(cert);
-            }
-
-            EncapsulatedContentInfo enContentInfo = new EncapsulatedContentInfo(
-                    OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody);
-            org.mozilla.jss.crypto.X509Certificate x509CAcert = null;
-            x509CAcert = ca.getCaX509Cert();
-            X509CertImpl caimpl = new X509CertImpl(x509CAcert.getEncoded());
-            X500Name issuerName = (X500Name) caimpl.getIssuerDN();
-            byte[] issuerByte = issuerName.getEncoded();
-            ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte);
-            Name issuer = (Name) Name.getTemplate().decode(istream);
-            IssuerAndSerialNumber ias = new IssuerAndSerialNumber(
-                    issuer, new INTEGER(x509CAcert.getSerialNumber().toString()));
-            SignerIdentifier si = new SignerIdentifier(
-                    SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
-            // use CA instance's default signature and digest algorithm
-            SignatureAlgorithm signAlg = ca.getDefaultSignatureAlgorithm();
-            org.mozilla.jss.crypto.PrivateKey privKey =
-                    CryptoManager.getInstance().findPrivKeyByCert(x509CAcert);
-            /*
-                        org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType();
-                        if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.RSA ) ) {
-                            signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest;
-                        } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) {
-                            signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest;
-                        } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) {
-                             signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest;
-                        } else {
-                            CMS.debug( "CMCOutputTemplate::getContentInfo() - "
-                                     + "signAlg is unsupported!" );
-                            return null;
-                        }
-            */
-            DigestAlgorithm digestAlg = signAlg.getDigestAlg();
-            MessageDigest msgDigest = null;
-            byte[] digest = null;
-
-            msgDigest = MessageDigest.getInstance(digestAlg.toString());
-
-            ByteArrayOutputStream ostream = new ByteArrayOutputStream();
-
-            respBody.encode(ostream);
-            digest = msgDigest.digest(ostream.toByteArray());
-
-            SignerInfo signInfo = new
-                    SignerInfo(si, null, null,
-                            OBJECT_IDENTIFIER.id_cct_PKIResponse,
-                            digest, signAlg, privKey);
-            SET signInfos = new SET();
-
-            signInfos.addElement(signInfo);
-
-            SET digestAlgs = new SET();
-
-            if (digestAlg != null) {
-                AlgorithmIdentifier ai = new
-                        AlgorithmIdentifier(digestAlg.toOID(), null);
-
-                digestAlgs.addElement(ai);
-            }
-            SignedData signedData = new SignedData(digestAlgs,
-                    enContentInfo, certs, null, signInfos);
-
-            ContentInfo contentInfo = new ContentInfo(signedData);
-            CMS.debug("CMCOutputTemplate::getContentInfo() - done");
-            return contentInfo;
-        } catch (Exception e) {
-            CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: " + e.toString());
-        }
-        return null;
-    }
-
-    public void createSimpleResponse(HttpServletResponse resp, IRequest[] reqs) {
-        SET certs = new SET();
-        SessionContext context = SessionContext.getContext();
-        try {
-            TaggedAttribute attr =
-                    (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
-            processGetCertControl(attr, certs);
-        } catch (Exception e) {
-            CMS.debug("CMCOutputTemplate: No certificate is found.");
-        }
-
-        SET digestAlgorithms = new SET();
-        SET signedInfos = new SET();
-
-        // oid for id-data
-        OBJECT_IDENTIFIER oid = new OBJECT_IDENTIFIER("1.2.840.113549.1.7.1");
-        EncapsulatedContentInfo enContentInfo = new EncapsulatedContentInfo(oid, null);
-
-        try {
-            if (reqs != null) {
-                for (int i = 0; i < reqs.length; i++) {
-                    X509CertImpl impl =
-                            (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT));
-                    byte[] bin = impl.getEncoded();
-                    Certificate.Template certTemplate = new Certificate.Template();
-                    Certificate cert =
-                            (Certificate) certTemplate.decode(new ByteArrayInputStream(bin));
-
-                    certs.addElement(cert);
-                }
-
-                // Get CA certs
-                ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
-                CertificateChain certchains = ca.getCACertChain();
-                java.security.cert.X509Certificate[] chains = certchains.getChain();
-
-                for (int i = 0; i < chains.length; i++) {
-                    Certificate.Template certTemplate = new Certificate.Template();
-                    Certificate cert = (Certificate) certTemplate.decode(
-                            new ByteArrayInputStream(chains[i].getEncoded()));
-                    certs.addElement(cert);
-                }
-            }
-
-            if (certs.size() == 0)
-                return;
-            SignedData signedData = new SignedData(digestAlgorithms,
-                    enContentInfo, certs, null, signedInfos);
-
-            ContentInfo contentInfo = new ContentInfo(signedData);
-            ByteArrayOutputStream fos = new ByteArrayOutputStream();
-            contentInfo.encode(fos);
-            fos.close();
-            byte[] contentBytes = fos.toByteArray();
-
-            resp.setContentType("application/pkcs7-mime");
-            resp.setContentLength(contentBytes.length);
-            OutputStream os = resp.getOutputStream();
-            os.write(contentBytes);
-            os.flush();
-        } catch (java.security.cert.CertificateEncodingException e) {
-            CMS.debug("CMCOutputTemplate exception: " + e.toString());
-        } catch (InvalidBERException e) {
-            CMS.debug("CMCOutputTemplate exception: " + e.toString());
-        } catch (IOException e) {
-            CMS.debug("CMCOutputTemplate exception: " + e.toString());
-        }
-    }
-
-    private int processConfirmCertAcceptanceControl(
-            TaggedAttribute attr, SEQUENCE controlSeq, int bpid) {
-        if (attr != null) {
-            INTEGER bodyId = attr.getBodyPartID();
-            SEQUENCE seq = new SEQUENCE();
-            seq.addElement(bodyId);
-            SET values = attr.getValues();
-            if (values != null && values.size() > 0) {
-                try {
-                    CMCCertId cmcCertId =
-                            (CMCCertId) (ASN1Util.decode(CMCCertId.getTemplate(),
-                                    ASN1Util.encode(values.elementAt(0))));
-                    BigInteger serialno = cmcCertId.getSerial();
-                    SEQUENCE issuers = cmcCertId.getIssuer();
-                    //ANY issuer = (ANY)issuers.elementAt(0);
-                    ANY issuer =
-                            (ANY) (ASN1Util.decode(ANY.getTemplate(),
-                                    ASN1Util.encode(issuers.elementAt(0))));
-                    byte[] b = issuer.getEncoded();
-                    X500Name n = new X500Name(b);
-                    ICertificateAuthority ca = null;
-                    ca = (ICertificateAuthority) CMS.getSubsystem("ca");
-                    X500Name caName = ca.getX500Name();
-                    boolean confirmAccepted = false;
-                    if (n.toString().equalsIgnoreCase(caName.toString())) {
-                        CMS.debug("CMCOutputTemplate: Issuer names are equal");
-                        ICertificateRepository repository = ca.getCertificateRepository();
-                        try {
-                            repository.getX509Certificate(serialno);
-                        } catch (EBaseException ee) {
-                            CMS.debug("CMCOutputTemplate: Certificate in the confirm acceptance control was not found");
-                        }
-                    }
-                    CMCStatusInfo cmcStatusInfo = null;
-                    if (confirmAccepted) {
-                        CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate exists in the certificate repository.");
-                        cmcStatusInfo =
-                                new CMCStatusInfo(CMCStatusInfo.SUCCESS, seq,
-                                        (String) null, null);
-                    } else {
-                        CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate does not exist in the certificate repository.");
-                        OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
-                                new INTEGER(OtherInfo.BAD_CERT_ID), null);
-                        cmcStatusInfo =
-                                new CMCStatusInfo(CMCStatusInfo.FAILED, seq,
-                                        (String) null, otherInfo);
-                    }
-                    TaggedAttribute statustagattr = new TaggedAttribute(
-                            new INTEGER(bpid++),
-                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                    controlSeq.addElement(statustagattr);
-                } catch (Exception e) {
-                    CMS.debug("CMCOutputTemplate exception: " + e.toString());
-                }
-            }
-        }
-        return bpid;
-    }
-
-    private void processGetCertControl(TaggedAttribute attr, SET certs)
-            throws InvalidBERException, java.security.cert.CertificateEncodingException,
-            IOException, EBaseException {
-        if (attr != null) {
-            SET vals = attr.getValues();
-
-            if (vals.size() == 1) {
-                GetCert getCert =
-                        (GetCert) (ASN1Util.decode(GetCert.getTemplate(),
-                                ASN1Util.encode(vals.elementAt(0))));
-                BigInteger serialno = getCert.getSerialNumber();
-                ANY issuer = getCert.getIssuer();
-                byte b[] = issuer.getEncoded();
-                X500Name n = new X500Name(b);
-                ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
-                X500Name caName = ca.getX500Name();
-                if (!n.toString().equalsIgnoreCase(caName.toString())) {
-                    CMS.debug("CMCOutputTemplate: Issuer names are equal in the GetCert Control");
-                    throw new EBaseException("Certificate is not found");
-                }
-                ICertificateRepository repository =
-                        ca.getCertificateRepository();
-                X509CertImpl impl = repository.getX509Certificate(serialno);
-                byte[] bin = impl.getEncoded();
-                Certificate.Template certTemplate = new Certificate.Template();
-                Certificate cert =
-                        (Certificate) certTemplate.decode(new ByteArrayInputStream(bin));
-                certs.addElement(cert);
-            }
-        }
-    }
-
-    private int processQueryPendingControl(TaggedAttribute attr,
-            SEQUENCE controlSeq, int bpid) {
-        if (attr != null) {
-            SET values = attr.getValues();
-            if (values != null && values.size() > 0) {
-                SEQUENCE pending_bpids = new SEQUENCE();
-                SEQUENCE success_bpids = new SEQUENCE();
-                SEQUENCE failed_bpids = new SEQUENCE();
-                for (int i = 0; i < values.size(); i++) {
-                    try {
-                        INTEGER reqId = (INTEGER)
-                                ASN1Util.decode(INTEGER.getTemplate(),
-                                        ASN1Util.encode(values.elementAt(i)));
-                        String requestId = new String(reqId.toByteArray());
-
-                        ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
-                        IRequestQueue queue = ca.getRequestQueue();
-                        IRequest r = queue.findRequest(new RequestId(requestId));
-                        if (r != null) {
-                            RequestStatus status = r.getRequestStatus();
-                            if (status.equals(RequestStatus.PENDING)) {
-                                pending_bpids.addElement(reqId);
-                            } else if (status.equals(RequestStatus.APPROVED)) {
-                                success_bpids.addElement(reqId);
-                            } else if (status.equals(RequestStatus.REJECTED)) {
-                                failed_bpids.addElement(reqId);
-                            }
-                        }
-                    } catch (Exception e) {
-                    }
-                }
-
-                if (pending_bpids.size() > 0) {
-                    CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING,
-                            pending_bpids, (String) null, null);
-                    TaggedAttribute tagattr = new TaggedAttribute(
-                            new INTEGER(bpid++),
-                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                    controlSeq.addElement(tagattr);
-                }
-                if (success_bpids.size() > 0) {
-                    CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
-                            pending_bpids, (String) null, null);
-                    TaggedAttribute tagattr = new TaggedAttribute(
-                            new INTEGER(bpid++),
-                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                    controlSeq.addElement(tagattr);
-                }
-
-                if (failed_bpids.size() > 0) {
-                    CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
-                            pending_bpids, (String) null, null);
-                    TaggedAttribute tagattr = new TaggedAttribute(
-                            new INTEGER(bpid++),
-                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                    controlSeq.addElement(tagattr);
-                }
-
-            }
-        }
-        return bpid;
-    }
-
-    private int processTransactionControl(TaggedAttribute attr,
-            SEQUENCE controlSeq, int bpid) {
-        if (attr != null) {
-            SET transIds = attr.getValues();
-            if (transIds != null) {
-                TaggedAttribute tagattr = new TaggedAttribute(
-                        new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId,
-                        transIds);
-                controlSeq.addElement(tagattr);
-            }
-        }
-
-        return bpid;
-    }
-
-    private int processSenderNonceControl(TaggedAttribute attr,
-            SEQUENCE controlSeq, int bpid) {
-        if (attr != null) {
-            SET sNonce = attr.getValues();
-            if (sNonce != null) {
-                TaggedAttribute tagattr = new TaggedAttribute(
-                        new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce,
-                        sNonce);
-                controlSeq.addElement(tagattr);
-                Date date = new Date();
-                String salt = "lala123" + date.toString();
-                byte[] dig;
-                try {
-                    MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1");
-                    dig = SHA1Digest.digest(salt.getBytes());
-                } catch (NoSuchAlgorithmException ex) {
-                    dig = salt.getBytes();
-                }
-
-                String b64E = CMS.BtoA(dig);
-                tagattr = new TaggedAttribute(
-                        new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce,
-                        new OCTET_STRING(b64E.getBytes()));
-                controlSeq.addElement(tagattr);
-            }
-        }
-
-        return bpid;
-    }
-
-    private int processDataReturnControl(TaggedAttribute attr,
-            SEQUENCE controlSeq, int bpid) throws InvalidBERException {
-
-        if (attr != null) {
-            SET vals = attr.getValues();
-
-            if (vals.size() > 0) {
-                OCTET_STRING str =
-                        (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(),
-                                ASN1Util.encode(vals.elementAt(0))));
-                TaggedAttribute tagattr = new TaggedAttribute(
-                        new INTEGER(bpid++),
-                        OBJECT_IDENTIFIER.id_cmc_dataReturn, str);
-                controlSeq.addElement(tagattr);
-            }
-        }
-
-        return bpid;
-    }
-
-    private int processRevokeRequestControl(TaggedAttribute attr,
-            SEQUENCE controlSeq, int bpid) throws InvalidBERException, EBaseException,
-            IOException {
-        boolean revoke = false;
-        SessionContext context = SessionContext.getContext();
-        if (attr != null) {
-            INTEGER attrbpid = attr.getBodyPartID();
-            CMCStatusInfo cmcStatusInfo = null;
-            SET vals = attr.getValues();
-            if (vals.size() > 0) {
-                RevRequest revRequest =
-                        (RevRequest) (ASN1Util.decode(new RevRequest.Template(),
-                                ASN1Util.encode(vals.elementAt(0))));
-                OCTET_STRING str = revRequest.getSharedSecret();
-                INTEGER pid = attr.getBodyPartID();
-                TaggedAttribute tagattr = null;
-                INTEGER revokeCertSerial = revRequest.getSerialNumber();
-                BigInteger revokeSerial = new BigInteger(revokeCertSerial.toByteArray());
-                if (str == null) {
-                    boolean needVerify = true;
-                    try {
-                        needVerify = CMS.getConfigStore().getBoolean("cmc.revokeCert.verify", true);
-                    } catch (Exception e) {
-                    }
-
-                    if (needVerify) {
-                        Integer num1 = (Integer) context.get("numOfOtherMsgs");
-                        int num = num1.intValue();
-                        for (int i = 0; i < num; i++) {
-                            OtherMsg data = (OtherMsg) context.get("otherMsg" + i);
-                            INTEGER dpid = data.getBodyPartID();
-                            if (pid.longValue() == dpid.longValue()) {
-                                ANY msgValue = data.getOtherMsgValue();
-                                SignedData msgData =
-                                        (SignedData) msgValue.decodeWith(SignedData.getTemplate());
-                                if (!verifyRevRequestSignature(msgData)) {
-                                    OtherInfo otherInfo =
-                                            new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK),
-                                                    null);
-                                    SEQUENCE failed_bpids = new SEQUENCE();
-                                    failed_bpids.addElement(attrbpid);
-                                    cmcStatusInfo =
-                                            new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null,
-                                                    otherInfo);
-                                    tagattr = new TaggedAttribute(
-                                            new INTEGER(bpid++),
-                                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                                    controlSeq.addElement(tagattr);
-                                    return bpid;
-                                }
-                            }
-                        }
-                    }
-
-                    revoke = true;
-                    // check shared secret
-                } else {
-                    ISharedToken tokenClass = null;
-                    boolean sharedSecretFound = true;
-                    String name = null;
-                    try {
-                        name = CMS.getConfigStore().getString("cmc.revokeCert.sharedSecret.class");
-                    } catch (EPropertyNotFound e) {
-                        CMS.debug("EnrollProfile: Failed to find the token class in the configuration file.");
-                        sharedSecretFound = false;
-                    } catch (EBaseException e) {
-                        CMS.debug("EnrollProfile: Failed to find the token class in the configuration file.");
-                        sharedSecretFound = false;
-                    }
-
-                    try {
-                        tokenClass = (ISharedToken) Class.forName(name).newInstance();
-                    } catch (ClassNotFoundException e) {
-                        CMS.debug("EnrollProfile: Failed to find class name: " + name);
-                        sharedSecretFound = false;
-                    } catch (InstantiationException e) {
-                        CMS.debug("EnrollProfile: Failed to instantiate class: " + name);
-                        sharedSecretFound = false;
-                    } catch (IllegalAccessException e) {
-                        CMS.debug("EnrollProfile: Illegal access: " + name);
-                        sharedSecretFound = false;
-                    }
-
-                    if (!sharedSecretFound) {
-                        CMS.debug("CMCOutputTemplate: class for shared secret was not found.");
-                        OtherInfo otherInfo =
-                                new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null);
-                        SEQUENCE failed_bpids = new SEQUENCE();
-                        failed_bpids.addElement(attrbpid);
-                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
-                        tagattr = new TaggedAttribute(
-                                new INTEGER(bpid++),
-                                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                        controlSeq.addElement(tagattr);
-                        return bpid;
-                    }
-
-                    String sharedSecret = null;
-                    if (tokenClass != null) {
-                        sharedSecret = tokenClass.getSharedToken(revokeSerial);
-                    }
-
-                    if (sharedSecret == null) {
-                        CMS.debug("CMCOutputTemplate: class for shared secret was not found.");
-                        OtherInfo otherInfo =
-                                new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null);
-                        SEQUENCE failed_bpids = new SEQUENCE();
-                        failed_bpids.addElement(attrbpid);
-                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
-                        tagattr = new TaggedAttribute(
-                                new INTEGER(bpid++),
-                                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                        controlSeq.addElement(tagattr);
-                        return bpid;
-                    }
-
-                    byte[] strb = str.toByteArray();
-                    String clientSC = new String(strb);
-                    if (clientSC.equals(sharedSecret)) {
-                        CMS.debug("CMCOutputTemplate: Both client and server shared secret are the same, can go ahead to revoke certificate.");
-                        revoke = true;
-                    } else {
-                        CMS.debug("CMCOutputTemplate: Both client and server shared secret are not the same, cant revoke certificate.");
-                        OtherInfo otherInfo =
-                                new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null);
-                        SEQUENCE failed_bpids = new SEQUENCE();
-                        failed_bpids.addElement(attrbpid);
-                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
-                        tagattr = new TaggedAttribute(
-                                new INTEGER(bpid++),
-                                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                        controlSeq.addElement(tagattr);
-                        return bpid;
-                    }
-                }
-
-                if (revoke) {
-                    ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
-                    ICertificateRepository repository = ca.getCertificateRepository();
-                    ICertRecord record = null;
-                    try {
-                        record = repository.readCertificateRecord(revokeSerial);
-                    } catch (EBaseException ee) {
-                        CMS.debug("CMCOutputTemplate: Exception: " + ee.toString());
-                    }
-
-                    if (record == null) {
-                        CMS.debug("CMCOutputTemplate: The certificate is not found");
-                        OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_CERT_ID), null);
-                        SEQUENCE failed_bpids = new SEQUENCE();
-                        failed_bpids.addElement(attrbpid);
-                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
-                        tagattr = new TaggedAttribute(
-                                new INTEGER(bpid++),
-                                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                        controlSeq.addElement(tagattr);
-                        return bpid;
-                    }
-
-                    if (record.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
-                        CMS.debug("CMCOutputTemplate: The certificate is already revoked.");
-                        SEQUENCE success_bpids = new SEQUENCE();
-                        success_bpids.addElement(attrbpid);
-                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
-                                success_bpids, (String) null, null);
-                        tagattr = new TaggedAttribute(
-                                new INTEGER(bpid++),
-                                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                        controlSeq.addElement(tagattr);
-                        return bpid;
-                    }
-                    X509CertImpl impl = record.getCertificate();
-                    X509CertImpl[] impls = new X509CertImpl[1];
-                    impls[0] = impl;
-                    ENUMERATED n = revRequest.getReason();
-                    RevocationReason reason = toRevocationReason(n);
-                    CRLReasonExtension crlReasonExtn = new CRLReasonExtension(reason);
-                    CRLExtensions entryExtn = new CRLExtensions();
-                    GeneralizedTime t = revRequest.getInvalidityDate();
-                    InvalidityDateExtension invalidityDateExtn = null;
-                    if (t != null) {
-                        invalidityDateExtn = new InvalidityDateExtension(t.toDate());
-                        entryExtn.set(invalidityDateExtn.getName(), invalidityDateExtn);
-                    }
-                    if (crlReasonExtn != null) {
-                        entryExtn.set(crlReasonExtn.getName(), crlReasonExtn);
-                    }
-
-                    RevokedCertImpl revCertImpl =
-                            new RevokedCertImpl(impl.getSerialNumber(), CMS.getCurrentDate(), entryExtn);
-                    RevokedCertImpl[] revCertImpls = new RevokedCertImpl[1];
-                    revCertImpls[0] = revCertImpl;
-                    IRequestQueue queue = ca.getRequestQueue();
-                    IRequest revReq = queue.newRequest(IRequest.REVOCATION_REQUEST);
-                    revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
-                    revReq.setExtData(IRequest.REVOKED_REASON,
-                            Integer.valueOf(reason.toInt()));
-                    UTF8String utfstr = revRequest.getComment();
-                    if (utfstr != null)
-                        revReq.setExtData(IRequest.REQUESTOR_COMMENTS, utfstr.toString());
-                    revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
-                    queue.processRequest(revReq);
-                    RequestStatus stat = revReq.getRequestStatus();
-                    if (stat == RequestStatus.COMPLETE) {
-                        Integer result = revReq.getExtDataInInteger(IRequest.RESULT);
-                        CMS.debug("CMCOutputTemplate: revReq result = " + result);
-                        if (result.equals(IRequest.RES_ERROR)) {
-                            CMS.debug("CMCOutputTemplate: revReq exception: " +
-                                    revReq.getExtDataInString(IRequest.ERROR));
-                            OtherInfo otherInfo =
-                                    new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_REQUEST), null);
-                            SEQUENCE failed_bpids = new SEQUENCE();
-                            failed_bpids.addElement(attrbpid);
-                            cmcStatusInfo =
-                                    new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
-                            tagattr = new TaggedAttribute(
-                                    new INTEGER(bpid++),
-                                    OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                            controlSeq.addElement(tagattr);
-                            return bpid;
-                        }
-                    }
-
-                    ILogger logger = CMS.getLogger();
-                    String initiative = AuditFormat.FROMUSER;
-                    logger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL,
-                            AuditFormat.DOREVOKEFORMAT, new Object[] {
-                                    revReq.getRequestId(), initiative, "completed",
-                                    impl.getSubjectDN(),
-                                    impl.getSerialNumber().toString(16),
-                                    reason.toString() });
-                    CMS.debug("CMCOutputTemplate: Certificate get revoked.");
-                    SEQUENCE success_bpids = new SEQUENCE();
-                    success_bpids.addElement(attrbpid);
-                    cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
-                            success_bpids, (String) null, null);
-                    tagattr = new TaggedAttribute(
-                            new INTEGER(bpid++),
-                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                    controlSeq.addElement(tagattr);
-                    return bpid;
-                } else {
-                    OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null);
-                    SEQUENCE failed_bpids = new SEQUENCE();
-                    failed_bpids.addElement(attrbpid);
-                    cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
-                    tagattr = new TaggedAttribute(
-                            new INTEGER(bpid++),
-                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                    controlSeq.addElement(tagattr);
-                    return bpid;
-                }
-            }
-        }
-
-        return bpid;
-    }
-
-    private RevocationReason toRevocationReason(ENUMERATED n) {
-        long code = n.getValue();
-        if (code == RevRequest.aACompromise.getValue())
-            return RevocationReason.UNSPECIFIED;
-        else if (code == RevRequest.affiliationChanged.getValue())
-            return RevocationReason.AFFILIATION_CHANGED;
-        else if (code == RevRequest.cACompromise.getValue())
-            return RevocationReason.CA_COMPROMISE;
-        else if (code == RevRequest.certificateHold.getValue())
-            return RevocationReason.CERTIFICATE_HOLD;
-        else if (code == RevRequest.cessationOfOperation.getValue())
-            return RevocationReason.CESSATION_OF_OPERATION;
-        else if (code == RevRequest.keyCompromise.getValue())
-            return RevocationReason.KEY_COMPROMISE;
-        else if (code == RevRequest.privilegeWithdrawn.getValue())
-            return RevocationReason.UNSPECIFIED;
-        else if (code == RevRequest.removeFromCRL.getValue())
-            return RevocationReason.REMOVE_FROM_CRL;
-        else if (code == RevRequest.superseded.getValue())
-            return RevocationReason.SUPERSEDED;
-        else if (code == RevRequest.unspecified.getValue())
-            return RevocationReason.UNSPECIFIED;
-        return RevocationReason.UNSPECIFIED;
-    }
-
-    private boolean verifyRevRequestSignature(SignedData msgData) {
-        try {
-            EncapsulatedContentInfo ci = msgData.getContentInfo();
-            OCTET_STRING content = ci.getContent();
-            ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray());
-            TaggedAttribute tattr = (TaggedAttribute) (new TaggedAttribute.Template()).decode(s);
-            SET values = tattr.getValues();
-            RevRequest revRequest = null;
-            if (values != null && values.size() > 0)
-                revRequest =
-                        (RevRequest) (ASN1Util.decode(new RevRequest.Template(),
-                                ASN1Util.encode(values.elementAt(0))));
-
-            SET dias = msgData.getDigestAlgorithmIdentifiers();
-            int numDig = dias.size();
-            Hashtable<String, byte[]> digs = new Hashtable<String, byte[]>();
-            for (int i = 0; i < numDig; i++) {
-                AlgorithmIdentifier dai =
-                        (AlgorithmIdentifier) dias.elementAt(i);
-                String name =
-                        DigestAlgorithm.fromOID(dai.getOID()).toString();
-                MessageDigest md =
-                        MessageDigest.getInstance(name);
-                byte[] digest = md.digest(content.toByteArray());
-                digs.put(name, digest);
-            }
-
-            SET sis = msgData.getSignerInfos();
-            int numSis = sis.size();
-            for (int i = 0; i < numSis; i++) {
-                org.mozilla.jss.pkix.cms.SignerInfo si =
-                        (org.mozilla.jss.pkix.cms.SignerInfo) sis.elementAt(i);
-                String name = si.getDigestAlgorithm().toString();
-                byte[] digest = digs.get(name);
-                if (digest == null) {
-                    MessageDigest md = MessageDigest.getInstance(name);
-                    ByteArrayOutputStream ostream = new ByteArrayOutputStream();
-                    revRequest.encode(ostream);
-                    digest = md.digest(ostream.toByteArray());
-                }
-                SignerIdentifier sid = si.getSignerIdentifier();
-                if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
-                    org.mozilla.jss.pkix.cms.IssuerAndSerialNumber issuerAndSerialNumber =
-                            sid.getIssuerAndSerialNumber();
-                    java.security.cert.X509Certificate cert = null;
-                    if (msgData.hasCertificates()) {
-                        SET certs = msgData.getCertificates();
-                        int numCerts = certs.size();
-                        for (int j = 0; j < numCerts; j++) {
-                            org.mozilla.jss.pkix.cert.Certificate certJss =
-                                    (Certificate) certs.elementAt(j);
-                            org.mozilla.jss.pkix.cert.CertificateInfo certI =
-                                    certJss.getInfo();
-                            Name issuer = certI.getIssuer();
-                            byte[] issuerB = ASN1Util.encode(issuer);
-                            INTEGER sn = certI.getSerialNumber();
-                            if (new String(issuerB).equalsIgnoreCase(new String(ASN1Util.encode(issuerAndSerialNumber
-                                    .getIssuer()))) &&
-                                    sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) {
-                                ByteArrayOutputStream os = new ByteArrayOutputStream();
-                                certJss.encode(os);
-                                cert = new X509CertImpl(os.toByteArray());
-                                break;
-                            }
-                        }
-                    }
-
-                    if (cert != null) {
-                        PublicKey pbKey = cert.getPublicKey();
-                        PK11PubKey pubK = PK11PubKey.fromSPKI(((X509Key) pbKey).getKey());
-                        si.verify(digest, ci.getContentType(), pubK);
-                        return true;
-                    }
-                }
-            }
-
-            return false;
-        } catch (Exception e) {
-            CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: " + e.toString());
-            return false;
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/CMSFile.java b/base/common/src/com/netscape/cms/servlet/common/CMSFile.java
deleted file mode 100644
index 7f73ce8d3..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/CMSFile.java
+++ /dev/null
@@ -1,102 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * CMSFile represents a file from the filesystem cached in memory
- *
- * @version $Revision$, $Date$
- */
-public class CMSFile {
-    protected String mAbsPath;
-    protected long mLastModified;
-    protected byte[] mContent;
-    protected long mLastAccess = 0;
-
-    protected ILogger mLogger = CMS.getLogger();
-
-    protected CMSFile() {
-    }
-
-    public CMSFile(File file) throws IOException, EBaseException {
-        mAbsPath = file.getAbsolutePath();
-        mLastModified = file.lastModified();
-        fillContent(file);
-    }
-
-    private void fillContent(File file) throws IOException {
-        int fileSize = (int) file.length();
-
-        mContent = new byte[fileSize];
-        FileInputStream fileIn = new FileInputStream(file);
-        int actualSize = fileIn.read(mContent);
-        fileIn.close();
-
-        if (actualSize != fileSize) {
-            byte[] actualContent = new byte[actualSize];
-
-            System.arraycopy(mContent, 0, actualContent, 0, actualSize);
-            mContent = actualContent;
-        }
-    }
-
-    public String getAbsPath() {
-        return mAbsPath;
-    }
-
-    public byte[] getContent() {
-        return mContent;
-    }
-
-    public long getLastModified() {
-        return mLastModified;
-    }
-
-    public synchronized long getLastAccess() {
-        return mLastAccess;
-    }
-
-    public synchronized void setLastAccess(long lastAccess) {
-        mLastAccess = lastAccess;
-    }
-
-    protected void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, level, ILogger.S_OTHER, "CMSgateway:" + msg);
-    }
-
-    public String toString() {
-        try {
-            return new String(mContent, "UTF8");
-        } catch (UnsupportedEncodingException e) {
-            return new String(mContent);
-        }
-    }
-
-    public String toString(String enc) throws UnsupportedEncodingException {
-        return new String(mContent, enc);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java b/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java
deleted file mode 100644
index a27a3dd43..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java
+++ /dev/null
@@ -1,161 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Hashtable;
-
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-
-/**
- * CMSFileLoader - file cache.
- *
- * @version $Revision$, $Date$
- */
-
-public class CMSFileLoader {
-    // default max size
-    public final int MAX_SIZE = 200;
-    // default number of files to clear when max is reached.
-    public final int CLEAR_SIZE = 50;
-    // max size property
-    public final String PROP_MAX_SIZE = "maxSize";
-    // clear size property
-    public final String PROP_CLEAR_SIZE = "clearSize";
-    // property to cache templates only
-    public final String PROP_CACHE_TEMPLATES_ONLY = "cacheTemplatesOnly";
-
-    // hash of files to their content.
-    private Hashtable<String, CMSFile> mLoadedFiles = new Hashtable<String, CMSFile>();
-
-    // max number of files
-    private int mMaxSize = MAX_SIZE;
-
-    // number of files to clear when max is reached.
-    private int mClearSize = CLEAR_SIZE;
-
-    // whether to cache templates and forms only.
-    @SuppressWarnings("unused")
-    private boolean mCacheTemplatesOnly = true;
-
-    public CMSFileLoader() {
-    }
-
-    public void init(IConfigStore config) throws EBaseException {
-        mMaxSize = config.getInteger(PROP_MAX_SIZE, MAX_SIZE);
-        mClearSize = config.getInteger(PROP_CLEAR_SIZE, CLEAR_SIZE);
-        mCacheTemplatesOnly =
-                config.getBoolean(PROP_CACHE_TEMPLATES_ONLY, true);
-    }
-
-    // Changed by bskim
-    //public byte[] get(String absPath) throws EBaseException, IOException {
-    //	File file = new File(absPath);
-    //	return get(file);
-    //}
-    public byte[] get(String absPath, String enc) throws EBaseException, IOException {
-        File file = new File(absPath);
-
-        return get(file, enc);
-    }
-
-    // Change end
-
-    // Changed by bskim
-    //public byte[] get(File file) throws EBaseException, IOException {
-    //	CMSFile cmsFile = getCMSFile(file);
-    public byte[] get(File file, String enc) throws EBaseException, IOException {
-        CMSFile cmsFile = getCMSFile(file, enc);
-
-        // Change end
-        return cmsFile.getContent();
-    }
-
-    // Changed by bskim
-    //public CMSFile getCMSFile(File file) throws EBaseException, IOException {
-    public CMSFile getCMSFile(File file, String enc) throws EBaseException, IOException {
-        // Change end
-        String absPath = file.getAbsolutePath();
-        long modified = file.lastModified();
-        CMSFile cmsFile = mLoadedFiles.get(absPath);
-        long lastModified = (cmsFile == null ? 0 : cmsFile.getLastModified());
-
-        // new file.
-        if (cmsFile == null || modified != lastModified) {
-            // Changed by bskim
-            //cmsFile = updateFile(absPath, file);
-            cmsFile = updateFile(absPath, file, enc);
-            // Change end
-        }
-        cmsFile.setLastAccess(System.currentTimeMillis());
-        return cmsFile;
-    }
-
-    // Changed by bskim
-    //private CMSFile updateFile(String absPath, File file)
-    private CMSFile updateFile(String absPath, File file, String enc)
-            // Change end
-            throws EBaseException, IOException {
-        // clear if cache size exceeded.
-        if (mLoadedFiles.size() >= mMaxSize) {
-            clearSomeFiles();
-        }
-
-        CMSFile cmsFile = null;
-
-        // check if file is a js template or plain template by its first String
-        if (absPath.endsWith(CMSTemplate.SUFFIX)) {
-            // Changed by bskim
-            //cmsFile = new CMSTemplate(file);
-            cmsFile = new CMSTemplate(file, enc);
-            // End of Change
-        } else {
-            cmsFile = new CMSFile(file);
-        }
-        mLoadedFiles.put(absPath, cmsFile); // replace old one if any.
-        return cmsFile;
-    }
-
-    private synchronized void clearSomeFiles() {
-
-        // recheck this in case some other thread has cleared it.
-        if (mLoadedFiles.size() < mMaxSize)
-            return;
-
-        // remove the LRU files.
-        // XXX could be optimized more.
-        Enumeration<CMSFile> elements = mLoadedFiles.elements();
-
-        for (int i = mClearSize; i > 0; i--) {
-            long lru = java.lang.Long.MAX_VALUE;
-            CMSFile lruFile = null;
-
-            while (elements.hasMoreElements()) {
-                CMSFile cmsFile = elements.nextElement();
-
-                if (cmsFile.getLastAccess() < lru) {
-                    lruFile = cmsFile;
-                }
-                mLoadedFiles.remove(lruFile.getAbsPath());
-            }
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java b/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java
deleted file mode 100644
index 32264c01e..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java
+++ /dev/null
@@ -1,44 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-import java.util.ListResourceBundle;
-
-/**
- * A class represents a resource bundle for cms gateway.
- * <P>
- *
- * @version $Revision$, $Date$
- * @see java.util.ListResourceBundle
- */
-public class CMSGWResources extends ListResourceBundle {
-
-    /**
-     * Returns the content of this resource.
-     */
-    public Object[][] getContents() {
-        return contents;
-    }
-
-    /*
-     * Constants. The suffix represents the number of
-     * possible parameters.
-     */
-
-    static final Object[][] contents = {};
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java b/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java
deleted file mode 100644
index 3c8f88e89..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java
+++ /dev/null
@@ -1,370 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-import java.io.File;
-import java.io.IOException;
-import java.security.cert.X509Certificate;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.StringTokenizer;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.IAuthCredentials;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * This class is to hold some general method for servlets.
- *
- * @version $Revision$, $Date$
- */
-public class CMSGateway {
-    public final static String PROP_CMSGATEWAY = "cmsgateway";
-    private final static String PROP_ENABLE_ADMIN_ENROLL = "enableAdminEnroll";
-
-    public static final String CERT_ATTR =
-            "javax.servlet.request.X509Certificate";
-
-    protected static CMSFileLoader mFileLoader = new CMSFileLoader();
-
-    protected static boolean mEnableFileServing;
-    private static boolean mEnableAdminEnroll = true;
-    private static IConfigStore mConfig = null;
-
-    // system logger.
-    protected static ILogger mLogger = CMS.getLogger();
-
-    static {
-        mEnableFileServing = true;
-        mConfig = CMS.getConfigStore().getSubStore(PROP_CMSGATEWAY);
-        try {
-            mEnableAdminEnroll =
-                    mConfig.getBoolean(PROP_ENABLE_ADMIN_ENROLL, false);
-        } catch (EBaseException e) {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_BAD_CONFIG_PARAM"));
-        }
-    }
-
-    public CMSGateway() {
-    }
-
-    public static Hashtable<String, String> toHashtable(HttpServletRequest req) {
-        Hashtable<String, String> httpReqHash = new Hashtable<String, String>();
-        Enumeration<String> names = req.getParameterNames();
-
-        while (names.hasMoreElements()) {
-            String name = names.nextElement();
-
-            httpReqHash.put(name, req.getParameter(name));
-        }
-
-        String ip = req.getRemoteAddr();
-        if (ip != null)
-            httpReqHash.put("clientHost", ip);
-        return httpReqHash;
-    }
-
-    public static boolean getEnableAdminEnroll() {
-        return mEnableAdminEnroll;
-    }
-
-    public static void setEnableAdminEnroll(boolean enableAdminEnroll)
-            throws EBaseException {
-        IConfigStore mainConfig = CMS.getConfigStore();
-
-        //!!! Is it thread safe? xxxx
-        mEnableAdminEnroll = enableAdminEnroll;
-        mConfig.putBoolean(PROP_ENABLE_ADMIN_ENROLL, enableAdminEnroll);
-        mainConfig.commit(true);
-    }
-
-    public static void disableAdminEnroll() throws EBaseException {
-        setEnableAdminEnroll(false);
-
-        /* need to do this in web.xml and restart ws
-         removeServlet("/ca/adminEnroll", "AdminEnroll");
-         initGateway();
-         */
-    }
-
-    /**
-     * construct a authentication credentials to pass into authentication
-     * manager.
-     */
-    public static AuthCredentials getAuthCreds(
-            IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert)
-            throws EBaseException {
-        // get credentials from http parameters.
-        if (authMgr == null)
-            return null;
-        String[] reqCreds = authMgr.getRequiredCreds();
-        AuthCredentials creds = new AuthCredentials();
-
-        if (clientCert instanceof java.security.cert.X509Certificate) {
-            try {
-                clientCert = new netscape.security.x509.X509CertImpl(clientCert.getEncoded());
-            } catch (Exception e) {
-                CMS.debug("CMSGateway: getAuthCreds " + e.toString());
-            }
-        }
-
-        for (int i = 0; i < reqCreds.length; i++) {
-            String reqCred = reqCreds[i];
-
-            if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) {
-                // cert could be null;
-                creds.set(reqCred, new X509Certificate[] { clientCert }
-                        );
-            } else {
-                String value = argBlock.getValueAsString(reqCred);
-
-                creds.set(reqCred, value); // value could be null;
-            }
-        }
-
-        creds.set("clientHost", argBlock.getValueAsString("clientHost"));
-        // Inserted by bskim
-        creds.setArgBlock(argBlock);
-        // Insert end
-        return creds;
-    }
-
-    protected final static String AUTHMGR_PARAM = "authenticator";
-
-    public static AuthToken checkAuthManager(
-            HttpServletRequest httpReq, IArgBlock httpParams,
-            X509Certificate cert, String authMgrName)
-            throws EBaseException {
-        IArgBlock httpArgs = httpParams;
-
-        if (httpArgs == null)
-            httpArgs = CMS.createArgBlock(toHashtable(httpReq));
-
-        IAuthSubsystem authSub = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-
-        String authMgr_http = httpArgs.getValueAsString(
-                AUTHMGR_PARAM, null);
-
-        if (authMgr_http != null) {
-            authMgrName = authMgr_http;
-        }
-
-        if (authMgrName == null || authMgrName.length() == 0) {
-            throw new EBaseException(CMS.getLogMessage("BASE_INTERNAL_ERROR_1",
-                        CMS.getLogMessage("CMSGW_AUTH_MAN_EXPECTED")));
-        }
-
-        IAuthManager authMgr =
-                authSub.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
-
-        authMgr = authSub.getAuthManager(authMgrName);
-        if (authMgr == null)
-            return null;
-        IAuthCredentials creds =
-                getAuthCreds(authMgr, CMS.createArgBlock(toHashtable(httpReq)), cert);
-        AuthToken authToken = null;
-
-        try {
-            authToken = (AuthToken) authMgr.authenticate(creds);
-        } catch (EBaseException e) {
-            throw e;
-        } catch (Exception e) {
-            CMS.debug("CMSGateway: " + e);
-            // catch all errors from authentication manager.
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_AUTH_ERROR_2",
-                        e.toString(), e.getMessage()));
-        }
-        return authToken;
-    }
-
-    public static void renderTemplate(
-            String templateName,
-            HttpServletRequest req,
-            HttpServletResponse resp,
-            ServletConfig servletConfig,
-            CMSFileLoader fileLoader)
-            throws EBaseException, IOException {
-        CMSTemplate template =
-                getTemplate(templateName, req,
-                        servletConfig, fileLoader, new Locale[1]);
-        ServletOutputStream out = resp.getOutputStream();
-
-        template.renderOutput(out, new CMSTemplateParams(null, null));
-    }
-
-    // XXX TBD move this to a utility function too.
-
-    public static Locale getLocale(String lang) {
-        int dash = lang.indexOf('-');
-
-        if (dash == -1)
-            return new Locale(lang, "");
-        else
-            return new Locale(lang.substring(0, dash), lang.substring(dash + 1));
-    }
-
-    /**
-     * @param req http servlet request
-     * @param realpathFile the file to get.
-     * @param locale array of at least one to be filled with locale found.
-     */
-    public static File getLangFile(
-            HttpServletRequest req, File realpathFile, Locale[] locale)
-            throws IOException {
-        File file = null;
-        String acceptLang = req.getHeader("accept-language");
-
-        if (acceptLang != null && !acceptLang.equals("")) {
-            StringTokenizer tokenizer = new StringTokenizer(acceptLang, ",");
-            int numLangs = tokenizer.countTokens();
-
-            if (numLangs > 0) {
-                // languages are searched in order.
-                String parent = realpathFile.getParent();
-
-                if (parent == null) {
-                    parent = "." + File.separatorChar;
-                }
-                String name = realpathFile.getName();
-
-                if (name == null) { // filename should never be null.
-                    throw new IOException("file has no name");
-                }
-                int i;
-
-                for (i = 0; i < numLangs; i++) {
-                    String lang = null;
-                    String token = tokenizer.nextToken();
-
-                    int semicolon = token.indexOf(';');
-
-                    if (semicolon == -1) {
-                        lang = token.trim();
-                    } else {
-                        if (semicolon < 2)
-                            continue; // protocol error.
-                        lang = token.substring(0, semicolon).trim();
-                    }
-                    // if browser locale is the same as default locale,
-                    // use the default form. (is this the right thing to do ?)
-                    Locale l = getLocale(lang);
-
-                    if (Locale.getDefault().equals(l)) {
-                        locale[0] = l;
-                        file = realpathFile;
-                        break;
-                    }
-
-                    String langfilepath =
-                            parent + File.separatorChar +
-                                    lang + File.separatorChar + name;
-
-                    file = new File(langfilepath);
-                    if (file.exists()) {
-                        locale[0] = getLocale(lang);
-                        break;
-                    }
-                }
-                // if no file for lang was found use default
-                if (i == numLangs) {
-                    file = realpathFile;
-                    locale[0] = Locale.getDefault();
-                }
-            }
-        } else {
-            // use default if accept-language is not availabe
-            file = realpathFile;
-            locale[0] = Locale.getDefault();
-        }
-        return file;
-    }
-
-    /**
-     * get a template
-     */
-    protected static CMSTemplate getTemplate(
-            String templateName,
-            HttpServletRequest httpReq,
-            ServletConfig servletConfig,
-            CMSFileLoader fileLoader,
-            Locale[] locale)
-            throws EBaseException, IOException {
-        // this converts to system dependent file seperator char.
-        if (servletConfig == null) {
-            CMS.debug("CMSGateway:getTemplate() - servletConfig is null!");
-            return null;
-        }
-        if (servletConfig.getServletContext() == null) {
-        }
-        if (templateName == null) {
-        }
-        String realpath =
-                servletConfig.getServletContext().getRealPath("/" + templateName);
-        File realpathFile = new File(realpath);
-        File templateFile =
-                getLangFile(httpReq, realpathFile, locale);
-        CMSTemplate template =
-                //(CMSTemplate)fileLoader.getCMSFile(templateFile);
-                (CMSTemplate) fileLoader.getCMSFile(templateFile, httpReq.getCharacterEncoding());
-
-        return template;
-    }
-
-    /**
-     * Get the If-Modified-Since header and compare it to the millisecond
-     * epoch value passed in. If there is no header, or there is a problem
-     * parsing the value, or if the file has been modified this will return
-     * true, indicating the file has changed.
-     *
-     * @param lastModified The time value in milliseconds past the epoch to
-     *            compare the If-Modified-Since header to.
-     */
-    public static boolean modifiedSince(HttpServletRequest req, long lastModified) {
-        long ifModSinceStr;
-
-        try {
-            ifModSinceStr = req.getDateHeader("If-Modified-Since");
-        } catch (IllegalArgumentException e) {
-            return true;
-        }
-
-        if (ifModSinceStr < 0) {
-            return true;
-        }
-
-        if (ifModSinceStr < lastModified) {
-            return true; // Data must be resent
-        }
-
-        return false; // Data has not been modified
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java b/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java
deleted file mode 100644
index 4e3d3c0bc..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java
+++ /dev/null
@@ -1,60 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-/**
- * handy class containing cms templates to load & fill.
- *
- * @version $Revision$, $Date$
- */
-public class CMSLoadTemplate {
-    public String mPropName;
-    public String mFillerPropName;
-    public String mTemplateName;
-    public ICMSTemplateFiller mFiller;
-
-    public CMSLoadTemplate() {
-    }
-
-    public CMSLoadTemplate(
-            String propName, String fillerPropName,
-            String templateName, ICMSTemplateFiller filler) {
-
-        mPropName = propName;
-        mFillerPropName = fillerPropName;
-        mTemplateName = templateName;
-        mFiller = filler;
-    }
-
-    public String getPropName() {
-        return mPropName;
-    }
-
-    public String getFillerPropName() {
-        return mFillerPropName;
-    }
-
-    public String getTemplateName() {
-        return mTemplateName;
-    }
-
-    public ICMSTemplateFiller getTemplateFiller() {
-        return mFiller;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java b/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java
deleted file mode 100644
index 5ac640952..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java
+++ /dev/null
@@ -1,293 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-import java.util.Hashtable;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestStatus;
-
-/**
- * This represents a user request.
- *
- * @version $Revision$, $Date$
- */
-public class CMSRequest implements ICMSRequest {
-
-    private static final String RESULT = "cmsRequestResult";
-
-    // Reason message for request failure
-    private String reason = null;
-
-    // http parameters - handier than getting directly from http request.
-    private IArgBlock mHttpParams = null;
-
-    // http headers & other info.
-    private HttpServletRequest mHttpReq = null;
-
-    // http response.
-    private HttpServletResponse mHttpResp = null;
-
-    // http servlet config.
-    private ServletConfig mServletConfig = null;
-
-    // http servlet context.
-    private ServletContext mServletContext = null;
-
-    // permanent request in request queue.
-    private IRequest mRequest = null;
-
-    // whether request processed successfully
-    private Integer mStatus = SUCCESS;
-
-    // exception message containing error that occured.
-    // note exception could also be thrown seperately.
-    private String mError = null;
-
-    // any error description.
-    private Vector<String> mErrorDescr = null;
-
-    // any request resulting data;
-    Object mResult = null;
-    Hashtable<String, Object> mResults = new Hashtable<String, Object>();
-
-    /**
-     * Constructor
-     */
-    public CMSRequest() {
-    }
-
-    // set methods use by servlets.
-
-    /**
-     * set the HTTP parameters
-     */
-    public void setHttpParams(IArgBlock httpParams) {
-        mHttpParams = httpParams;
-    }
-
-    /**
-     * set the Request aobject associated with this session
-     */
-    public void setIRequest(IRequest request) {
-        mRequest = request;
-    }
-
-    /**
-     * set the HTTP Request object associated with this session
-     */
-    public void setHttpReq(HttpServletRequest httpReq) {
-        mHttpReq = httpReq;
-    }
-
-    /**
-     * set the HTTP Response object which is used to create the
-     * HTTP response which is sent back to the user
-     */
-    public void setHttpResp(HttpServletResponse httpResp) {
-        mHttpResp = httpResp;
-    }
-
-    /**
-     * set the servlet configuration. The servlet configuration is
-     * read from the WEB-APPS/web.xml file under the &lt;servlet&gt;
-     * XML definition. The parameters are delimited by init-param
-     * param-name/param-value options as described in the servlet
-     * documentation.
-     */
-    public void setServletConfig(ServletConfig servletConfig) {
-        mServletConfig = servletConfig;
-    }
-
-    /*
-     * set the servlet context. the servletcontext has detail
-     * about the currently running request
-     */
-    public void setServletContext(ServletContext servletContext) {
-        mServletContext = servletContext;
-    }
-
-    /**
-     * Set request status.
-     *
-     * @param status request status. Allowed values are
-     *            UNAUTHORIZED, SUCCESS, REJECTED, PENDING, ERROR, SVC_PENDING
-     * @throws IllegalArgumentException if status is not one of the above values
-     */
-    public void setStatus(Integer status) {
-        if (!status.equals(UNAUTHORIZED) &&
-                !status.equals(SUCCESS) &&
-                !status.equals(REJECTED) &&
-                !status.equals(PENDING) &&
-                !status.equals(ERROR) &&
-                !status.equals(SVC_PENDING) &&
-                !status.equals(EXCEPTION)) {
-            throw new IllegalArgumentException(CMS.getLogMessage("CMSGW_BAD_REQ_STATUS"));
-        }
-        mStatus = status;
-    }
-
-    public void setError(EBaseException error) {
-        mError = error.toString();
-    }
-
-    public void setError(String error) {
-        mError = error;
-    }
-
-    public void setErrorDescription(String descr) {
-        if (mErrorDescr == null)
-            mErrorDescr = new Vector<String>();
-        mErrorDescr.addElement(descr);
-    }
-
-    public void setResult(Object result) {
-        mResult = result;
-        mResults.put(RESULT, result);
-    }
-
-    public void setResult(String name, Object result) {
-        mResults.put(name, result);
-    }
-
-    public IArgBlock getHttpParams() {
-        return mHttpParams;
-    }
-
-    public HttpServletRequest getHttpReq() {
-        return mHttpReq;
-    }
-
-    public HttpServletResponse getHttpResp() {
-        return mHttpResp;
-    }
-
-    public ServletConfig getServletConfig() {
-        return mServletConfig;
-    }
-
-    public ServletContext getServletContext() {
-        return mServletContext;
-    }
-
-    public IRequest getIRequest() {
-        return mRequest;
-    }
-
-    public Integer getStatus() {
-        return mStatus;
-    }
-
-    public String getError() {
-        return mError;
-    }
-
-    public Vector<String> getErrorDescr() {
-        return mErrorDescr;
-    }
-
-    public Object getResult() {
-        return mResult;
-    }
-
-    public Object getResult(String name) {
-        return mResults.get(name);
-    }
-
-    public void setReason(String reason) {
-        this.reason = reason;
-    }
-
-    public String getReason() {
-        return reason;
-    }
-
-    // handy routines for IRequest.
-
-    public void setExtData(String type, String value) {
-        if (mRequest != null) {
-            mRequest.setExtData(type, value);
-        }
-    }
-
-    public String getExtData(String type) {
-        if (mRequest != null) {
-            return mRequest.getExtDataInString(type);
-        } else {
-            return null;
-        }
-    }
-
-    // policy errors; set on rejection or possibly deferral.
-    public Vector<String> getPolicyMessages() {
-        if (mRequest != null) {
-            return mRequest.getExtDataInStringVector(IRequest.ERRORS);
-        }
-        return null;
-    }
-
-    /**
-     * set default CMS status according to IRequest status.
-     */
-    public void setIRequestStatus() throws EBaseException {
-        if (mRequest == null) {
-            EBaseException e =
-                    new ECMSGWException(CMS.getLogMessage("CMSGW_MISSING_REQUEST"));
-
-            throw e;
-        }
-
-        RequestStatus status = mRequest.getRequestStatus();
-
-        // completed equivalent to success by default.
-        if (status == RequestStatus.COMPLETE) {
-            mStatus = ICMSRequest.SUCCESS;
-            return;
-        }
-        // unexpected resulting request status.
-        if (status == RequestStatus.REJECTED) {
-            mStatus = ICMSRequest.REJECTED;
-            return;
-        } // pending or service pending.
-        else if (status == RequestStatus.PENDING) {
-            mStatus = ICMSRequest.PENDING;
-            return;
-        } else if (status == RequestStatus.SVC_PENDING) {
-            mStatus = ICMSRequest.SVC_PENDING;
-            return;
-        } else {
-            RequestId reqId = mRequest.getRequestId();
-
-            throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_UNEXPECTED_REQUEST_STATUS_2",
-                            status.toString(), reqId.toString()));
-        }
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java b/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java
deleted file mode 100644
index 336032dd3..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java
+++ /dev/null
@@ -1,593 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.io.OutputStream;
-import java.io.OutputStreamWriter;
-import java.io.PrintWriter;
-import java.io.StringWriter;
-import java.io.UnsupportedEncodingException;
-import java.math.BigInteger;
-import java.util.Enumeration;
-
-import javax.servlet.ServletOutputStream;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.logging.ILogger;
-
-/**
- * File templates. This implementation will take
- * an HTML file with a special customer tag
- * &lt;CMS_TEMPLATE&gt; and replace the tag with
- * a series of javascript variable definitions
- * (depending on the servlet)
- *
- * @version $Revision$, $Date$
- */
-public class CMSTemplate extends CMSFile {
-
-    public static final String SUFFIX = ".template";
-
-    /*==========================================================
-     * variables
-     *==========================================================*/
-
-    /* public vaiables */
-    public String mPreOutput;
-    public String mPostOutput;
-    public static final String TEMPLATE_TAG = "<CMS_TEMPLATE>";
-
-    /* Character set for i18n */
-
-    /* Will be set by CMSServlet.getTemplate() */
-    private String mCharset = null;
-
-    /*==========================================================
-     * constructors
-     *==========================================================*/
-
-    /**
-     * Constructor
-     *
-     * @param file template file to load
-     * @param charset character set
-     * @throws IOException if the there was an error opening the file
-     */
-    public CMSTemplate(File file, String charset) throws IOException, EBaseException {
-        mCharset = charset;
-        mAbsPath = file.getAbsolutePath();
-        mLastModified = file.lastModified();
-        try {
-            init(file);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_CANT_LOAD_TEMPLATE", mAbsPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_ERROR_LOADING_TEMPLATE"));
-        }
-        String content = mPreOutput + mPostOutput;
-
-        mContent = content.getBytes(mCharset);
-    }
-
-    /*==========================================================
-     * public methods
-     *==========================================================*/
-
-    /* *
-     * Load the form from the file and setup the
-     * pre/post output buffer if it is a template
-     * file. Otherwise, only post output buffer is
-     * filled.
-     * @param template the template file to load
-     * @return true if successful
-     */
-    public boolean init(File template) throws EBaseException, IOException {
-        /* load template */
-        String content = loadFile(template);
-
-        if (content == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_TEMPLATE_EMPTY", mAbsPath));
-            throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_TEMPLATE_NO_CONTENT_1", mAbsPath));
-        }
-
-        /* if template file, find template tag substring and set
-         * pre/post output string
-         */
-        int location = content.indexOf(TEMPLATE_TAG);
-
-        if (location == -1) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage(
-                    "CMSGW_TEMPLATE_MISSING", mAbsPath, TEMPLATE_TAG));
-            throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_MISSING_TEMPLATE_TAG_2",
-                            TEMPLATE_TAG, mAbsPath));
-        }
-        mPreOutput = content.substring(0, location);
-        mPostOutput = content.substring(TEMPLATE_TAG.length() + location);
-
-        return true;
-    }
-
-    /**
-     * Write a javascript representation of 'input'
-     * surrounded by SCRIPT tags to the outputstream
-     *
-     * @param rout the outputstream to write to
-     * @param input the parameters to write
-     */
-    public void renderOutput(OutputStream rout, CMSTemplateParams input)
-            throws IOException {
-        Enumeration<String> e = null;
-        Enumeration<IArgBlock> q = null;
-        IArgBlock r = null;
-        CMSTemplateParams data = input;
-
-        try (HTTPOutputStreamWriter http_out = (mCharset == null ?
-                new HTTPOutputStreamWriter(rout): new HTTPOutputStreamWriter(rout, mCharset))) {
-            templateLine out = new templateLine();
-
-            // Output the prolog
-            out.print(mPreOutput);
-
-            // Output the header data
-            out.println("<SCRIPT LANGUAGE=\"JavaScript\">");
-            out.println("var header = new Object();");
-            out.println("var fixed = new Object();");
-            out.println("var recordSet = new Array;");
-            out.println("var result = new Object();");
-
-            // hack
-            out.println("var httpParamsCount = 0;");
-            out.println("var httpHeadersCount = 0;");
-            out.println("var authTokenCount = 0;");
-            out.println("var serverAttrsCount = 0;");
-            out.println("header.HTTP_PARAMS = new Array;");
-            out.println("header.HTTP_HEADERS = new Array;");
-            out.println("header.AUTH_TOKEN = new Array;");
-            out.println("header.SERVER_ATTRS = new Array;");
-
-            r = data.getHeader();
-            if (r != null) {
-                e = r.elements();
-                while (e.hasMoreElements()) {
-                    String n = e.nextElement();
-                    Object v = r.getValue(n);
-
-                    out.println("header." + n + " = " + renderValue(v) + ";");
-                }
-            }
-
-            // Output the fixed data
-            r = data.getFixed();
-            if (r != null) {
-                e = r.elements();
-                while (e.hasMoreElements()) {
-                    String n = e.nextElement();
-                    Object v = r.getValue(n);
-
-                    out.println("fixed." + n + " = " + renderValue(v) + ";");
-                }
-            }
-
-            // Output the query data
-            q = data.queryRecords();
-            if (q != null && q.hasMoreElements()) {
-                out.println("var recordCount = 0;");
-                out.println("var record;");
-                while (q.hasMoreElements()) {
-                    out.println("record = new Object;");
-                    out.println("record.HTTP_PARAMS = new Array;");
-                    out.println("record.HTTP_HEADERS = new Array;");
-                    out.println("record.AUTH_TOKEN = new Array;");
-                    out.println("record.SERVER_ATTRS = new Array;");
-
-                    // Get a query record
-                    r = q.nextElement();
-                    e = r.elements();
-                    while (e.hasMoreElements()) {
-                        String n = e.nextElement();
-                        Object v = r.getValue(n);
-
-                        out.println("record." + n + "=" + renderValue(v) + ";");
-                    }
-                    out.println("recordSet[recordCount++] = record;");
-                }
-                out.println("record.recordSet = recordSet;");
-            }
-
-            //if (headerBlock)
-            out.println("result.header = header;");
-            //if (fixedBlock)
-            out.println("result.fixed = fixed;");
-            //if (queryBlock)
-            out.println("result.recordSet = recordSet;");
-            out.println("</SCRIPT>");
-            out.println(mPostOutput);
-            http_out.print(out.toString());
-
-        } catch (EBaseException ex) {
-            throw new IOException(ex.getMessage());
-        }
-    }
-
-    /**
-     * Ouput the pre-amble HTML Header including
-     * the pre-output buffer.
-     *
-     * @param out output stream specified
-     * @return success or error
-     */
-    public boolean outputProlog(PrintWriter out) {
-
-        //Debug.trace("FormCache:outputProlog");
-
-        /* output pre-output buffer */
-        out.print(mPreOutput);
-
-        /* output JavaScript variables and objects */
-        out.println("<SCRIPT LANGUAGE=\"JavaScript\">");
-        out.println("var header = new Object();");
-        out.println("var result = new Object();");
-
-        return true;
-    }
-
-    /**
-     * Output the post HTML tags and post-output
-     * buffer.
-     *
-     * @param out output stream specified
-     * @return success or error
-     */
-    public boolean outputEpilog(PrintWriter out) {
-
-        out.println("</SCRIPT>");
-        out.println(mPostOutput);
-
-        return true;
-    }
-
-    /**
-     * @return full path of template
-     */
-    public String getTemplateName() {
-        return mAbsPath;
-    }
-
-    // inherit getabspath, getContent, get last access and set last access
-
-    /*==========================================================
-     * private methods
-     *==========================================================*/
-
-    /* load file into string */
-    private String loadFile(File template) throws IOException {
-
-        // Debug.trace("FormCache:loadFile");
-
-        /* create input stream, can throw IOException */
-        FileInputStream inStream = new FileInputStream(template);
-        InputStreamReader inReader = new InputStreamReader(inStream, mCharset);
-        ;
-        BufferedReader in = new BufferedReader(inReader);
-        StringBuffer buf = new StringBuffer();
-        String line;
-
-        while ((line = in.readLine()) != null) {
-            buf.append(line);
-            buf.append('\n');
-        }
-        try {
-            in.close();
-            inStream.close();
-        } catch (IOException e) {
-            log(ILogger.LL_WARN,
-                    CMS.getLogMessage("CMSGW_ERR_CLOSE_TEMPL_FILE", mAbsPath, e.getMessage()));
-        }
-        return buf.toString();
-    }
-
-    private String renderValue(Object v) {
-        String s = null;
-
-        // Figure out the type of object
-        if (v instanceof IRawJS) {
-            s = v.toString();
-        } else if (v instanceof String) {
-            if (v.equals(""))
-                s = "null";
-            else
-                s = "\"" + escapeJavaScriptString((String) v) + "\"";
-        } else if (v instanceof Integer) {
-            s = ((Integer) v).toString();
-        } else if (v instanceof Boolean) {
-
-            if (((Boolean) v).booleanValue() == true) {
-                s = "true";
-            } else {
-                s = "false";
-            }
-        } else if (v instanceof BigInteger) {
-            s = ((BigInteger) v).toString(10);
-        } else if (v instanceof Character &&
-                ((Character) v).equals(Character.valueOf((char) 0))) {
-            s = "null";
-        } else {
-            s = "\"" + v.toString() + "\"";
-        }
-
-        return s;
-    }
-
-    /**
-     * Escape the contents of src string in preparation to be enclosed in
-     * double quotes as a JavaScript String Literal within an <script>
-     * portion of an HTML document.
-     * stevep - performance improvements - about 4 times faster than before.
-     */
-    public static String escapeJavaScriptString(String v) {
-        int l = v.length();
-        char in[] = new char[l];
-        char out[] = new char[l * 4];
-        int j = 0;
-
-        v.getChars(0, l, in, 0);
-
-        for (int i = 0; i < l; i++) {
-            char c = in[i];
-
-            if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) {
-                out[j++] = c;
-                continue;
-            }
-
-            if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' ||
-                    in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' ||
-                    in[i + 1] == '<' || in[i + 1] == '>' ||
-                    in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) {
-                if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' &&
-                        (in[i + 3] == 'c' || in[i + 3] == 'e')) {
-                    out[j++] = '\\';
-                    out[j++] = in[i + 1];
-                    out[j++] = in[i + 2];
-                    out[j++] = in[i + 3];
-                    i += 3;
-                } else {
-                    out[j++] = '\\';
-                    out[j++] = in[i + 1];
-                    i++;
-                }
-                continue;
-            }
-
-            switch (c) {
-            case '\n':
-                out[j++] = '\\';
-                out[j++] = 'n';
-                break;
-
-            case '\\':
-                out[j++] = '\\';
-                out[j++] = '\\';
-                break;
-
-            case '\"':
-                out[j++] = '\\';
-                out[j++] = '\"';
-                break;
-
-            case '\r':
-                out[j++] = '\\';
-                out[j++] = 'r';
-                break;
-
-            case '\f':
-                out[j++] = '\\';
-                out[j++] = 'f';
-                break;
-
-            case '\t':
-                out[j++] = '\\';
-                out[j++] = 't';
-                break;
-
-            case '<':
-                out[j++] = '\\';
-                out[j++] = 'x';
-                out[j++] = '3';
-                out[j++] = 'c';
-                break;
-
-            case '>':
-                out[j++] = '\\';
-                out[j++] = 'x';
-                out[j++] = '3';
-                out[j++] = 'e';
-                break;
-
-            default:
-                out[j++] = c;
-            }
-        }
-        return new String(out, 0, j);
-    }
-
-    /**
-     * Like escapeJavaScriptString(String s) but also escape '[' for
-     * HTML processing.
-     */
-    public static String escapeJavaScriptStringHTML(String v) {
-        int l = v.length();
-        char in[] = new char[l];
-        char out[] = new char[l * 4];
-        int j = 0;
-
-        v.getChars(0, l, in, 0);
-
-        for (int i = 0; i < l; i++) {
-            char c = in[i];
-
-            if (c > 0x5C) {
-                out[j++] = c;
-                continue;
-            }
-
-            if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' ||
-                    in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' ||
-                    in[i + 1] == '<' || in[i + 1] == '>' ||
-                    in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) {
-                if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' &&
-                        (in[i + 3] == 'c' || in[i + 3] == 'e')) {
-                    out[j++] = '\\';
-                    out[j++] = in[i + 1];
-                    out[j++] = in[i + 2];
-                    out[j++] = in[i + 3];
-                    i += 3;
-                } else {
-                    out[j++] = '\\';
-                    out[j++] = in[i + 1];
-                    i++;
-                }
-                continue;
-            }
-
-            switch (c) {
-            case '\n':
-                out[j++] = '\\';
-                out[j++] = 'n';
-                break;
-
-            case '\\':
-                out[j++] = '\\';
-                out[j++] = '\\';
-                break;
-
-            case '\"':
-                out[j++] = '\\';
-                out[j++] = '\"';
-                break;
-
-            case '\r':
-                out[j++] = '\\';
-                out[j++] = 'r';
-                break;
-
-            case '\f':
-                out[j++] = '\\';
-                out[j++] = 'f';
-                break;
-
-            case '\t':
-                out[j++] = '\\';
-                out[j++] = 't';
-                break;
-
-            case '<':
-                out[j++] = '\\';
-                out[j++] = 'x';
-                out[j++] = '3';
-                out[j++] = 'c';
-                break;
-            case '>':
-                out[j++] = '\\';
-                out[j++] = 'x';
-                out[j++] = '3';
-                out[j++] = 'e';
-                break;
-
-            default:
-                out[j++] = c;
-            }
-        }
-        return new String(out, 0, j);
-    }
-
-    /**
-     * for debugging, return contents that would've been outputed.
-     */
-    public String getOutput(CMSTemplateParams input)
-            throws IOException {
-        debugOutputStream out = new debugOutputStream();
-
-        renderOutput(out, input);
-        return out.toString();
-    }
-
-    private class HTTPOutputStreamWriter extends OutputStreamWriter {
-        public HTTPOutputStreamWriter(OutputStream out)
-                throws UnsupportedEncodingException {
-            super(out);
-        }
-
-        public HTTPOutputStreamWriter(OutputStream out, String enc)
-                throws UnsupportedEncodingException {
-            super(out, enc);
-        }
-
-        public void print(String s) throws IOException {
-            write(s, 0, s.length());
-            flush();
-            return;
-        }
-    }
-
-    private class templateLine {
-        private StringBuffer s = new StringBuffer();
-
-        void println(String p) {
-            s.append('\n');
-            s.append(p);
-        }
-
-        void print(String p) {
-            s.append(p);
-        }
-
-        public String toString() {
-            return s.toString();
-        }
-
-    }
-
-    private static class debugOutputStream extends ServletOutputStream {
-        private StringWriter mStringWriter = new StringWriter();
-
-        public debugOutputStream() {
-            super();
-        }
-
-        public void write(int b) throws IOException {
-            mStringWriter.write(b);
-        }
-
-        public String toString() {
-            return mStringWriter.toString();
-        }
-
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java b/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java
deleted file mode 100644
index 50c5e824f..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java
+++ /dev/null
@@ -1,70 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-import java.util.Enumeration;
-import java.util.Vector;
-
-import com.netscape.certsrv.base.IArgBlock;
-
-/**
- * Holds template parameters
- *
- * @version $Revision$, $Date$
- */
-public class CMSTemplateParams {
-    private IArgBlock mHeader = null;
-    private IArgBlock mFixed = null;
-    private Vector<IArgBlock> mRepeat = new Vector<IArgBlock>();
-
-    public CMSTemplateParams() {
-    }
-
-    public CMSTemplateParams(IArgBlock header, IArgBlock fixed) {
-        mHeader = header;
-        mFixed = fixed;
-    }
-
-    public void setHeader(IArgBlock h) {
-        mHeader = h;
-    }
-
-    public IArgBlock getHeader() {
-        return mHeader;
-    }
-
-    public void setFixed(IArgBlock f) {
-        mFixed = f;
-    }
-
-    public IArgBlock getFixed() {
-        return mFixed;
-    }
-
-    public void addRepeatRecord(IArgBlock r) {
-        mRepeat.addElement(r);
-    }
-
-    public void clearRepeatRecords() {
-        mRepeat = new Vector<IArgBlock>();
-    }
-
-    public Enumeration<IArgBlock> queryRecords() {
-        return mRepeat.elements();
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java b/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java
deleted file mode 100644
index 2c24c112a..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java
+++ /dev/null
@@ -1,74 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-import com.netscape.certsrv.base.EBaseException;
-
-/**
- * A class represents a CMS gateway exception.
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public class ECMSGWException extends EBaseException {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 7546430025179838019L;
-    /**
-     * CA resource class name.
-     */
-    private static final String CMSGW_RESOURCES = CMSGWResources.class.getName();
-
-    /**
-     * Constructs a CMS Gateway exception.
-     * <P>
-     */
-    public ECMSGWException(String msgFormat) {
-        super(msgFormat);
-    }
-
-    /**
-     * Constructs a CMSGW exception.
-     * <P>
-     */
-    public ECMSGWException(String msgFormat, String param) {
-        super(msgFormat, param);
-    }
-
-    /**
-     * Constructs a CMSGW exception.
-     * <P>
-     */
-    public ECMSGWException(String msgFormat, Exception e) {
-        super(msgFormat, e);
-    }
-
-    /**
-     * Constructs a CMSGW exception.
-     * <P>
-     */
-    public ECMSGWException(String msgFormat, Object params[]) {
-        super(msgFormat, params);
-    }
-
-    protected String getBundleName() {
-        return CMSGW_RESOURCES;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java b/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java
deleted file mode 100644
index 29e106ae9..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java
+++ /dev/null
@@ -1,102 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-
-/**
- * Default error template filler
- *
- * @version $Revision$, $Date$
- */
-public class GenErrorTemplateFiller implements ICMSTemplateFiller {
-    public GenErrorTemplateFiller() {
-    }
-
-    /**
-     * fill error details and description if any.
-     *
-     * @param cmsReq the CMS Request.
-     * @param authority the authority
-     * @param locale the locale of template.
-     * @param e unexpected error. ignored.
-     */
-    public CMSTemplateParams getTemplateParams(
-            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams params = new CMSTemplateParams(null, fixed);
-
-        // request status if any.
-        if (cmsReq != null) {
-            Integer sts = cmsReq.getStatus();
-
-            if (sts != null)
-                fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
-        } else {
-            CMS.debug("GenErrorTemplateFiller::getTemplateParams() - " +
-                       "cmsReq is null!");
-            return null;
-        }
-
-        // error
-        String ex = cmsReq.getError();
-
-        // Changed by beomsuk
-        /*if (ex == null)
-         ex = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR"));
-         fixed.set(ICMSTemplateFiller.ERROR, ex.toString(locale));
-         */
-        if ((ex == null) && (cmsReq.getReason() == null))
-            ex = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")).toString();
-        else if (ex != null)
-            fixed.set(ICMSTemplateFiller.ERROR, ex);
-        else if (cmsReq.getReason() != null)
-            fixed.set(ICMSTemplateFiller.ERROR, cmsReq.getReason());
-        // Change end
-
-        // error description if any.
-        Vector<String> descr = cmsReq.getErrorDescr();
-
-        if (descr != null) {
-            Enumeration<String> num = descr.elements();
-
-            while (num.hasMoreElements()) {
-                String elem = num.nextElement();
-                //System.out.println("Setting description "+elem.toString());
-                IArgBlock argBlock = CMS.createArgBlock();
-
-                argBlock.set(ICMSTemplateFiller.ERROR_DESCR,
-                        elem);
-                params.addRepeatRecord(argBlock);
-            }
-        }
-
-        // this authority
-        if (authority != null)
-            fixed.set(ICMSTemplateFiller.AUTHORITY,
-                    authority.getOfficialName());
-        return params;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java b/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java
deleted file mode 100644
index 83a2d8cf0..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java
+++ /dev/null
@@ -1,286 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.Date;
-import java.util.Locale;
-
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertImpl;
-
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.asn1.INTEGER;
-import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
-import org.mozilla.jss.asn1.OCTET_STRING;
-import org.mozilla.jss.asn1.SEQUENCE;
-import org.mozilla.jss.asn1.SET;
-import org.mozilla.jss.crypto.DigestAlgorithm;
-import org.mozilla.jss.crypto.SignatureAlgorithm;
-import org.mozilla.jss.pkix.cmc.CMCStatusInfo;
-import org.mozilla.jss.pkix.cmc.OtherInfo;
-import org.mozilla.jss.pkix.cmc.PendInfo;
-import org.mozilla.jss.pkix.cmc.ResponseBody;
-import org.mozilla.jss.pkix.cmc.TaggedAttribute;
-import org.mozilla.jss.pkix.cms.ContentInfo;
-import org.mozilla.jss.pkix.cms.EncapsulatedContentInfo;
-import org.mozilla.jss.pkix.cms.IssuerAndSerialNumber;
-import org.mozilla.jss.pkix.cms.SignedData;
-import org.mozilla.jss.pkix.cms.SignerIdentifier;
-import org.mozilla.jss.pkix.cms.SignerInfo;
-import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier;
-import org.mozilla.jss.pkix.primitive.Name;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestId;
-
-/**
- * default Pending template filler
- *
- * @version $Revision$, $Date$
- */
-public class GenPendingTemplateFiller implements ICMSTemplateFiller {
-    public static String FULL_RESPONSE = "cmcFullEnrollmentResponse";
-
-    public GenPendingTemplateFiller() {
-    }
-
-    /**
-     * fill error details and description if any.
-     *
-     * @param cmsReq CMS Request
-     * @param authority this authority
-     * @param locale locale of template.
-     * @param e unexpected exception e. ignored.
-     */
-    public CMSTemplateParams getTemplateParams(
-            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams params = new CMSTemplateParams(null, fixed);
-
-        if (cmsReq == null) {
-            return null;
-        }
-
-        // request status if any.
-        Integer sts = cmsReq.getStatus();
-
-        if (sts != null)
-            fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
-
-        // request id
-        IRequest req = cmsReq.getIRequest();
-
-        if (req != null) {
-            RequestId reqId = req.getRequestId();
-
-            fixed.set(ICMSTemplateFiller.REQUEST_ID, reqId);
-            // set pendInfo, CMCStatusInfo
-            IArgBlock httpParams = cmsReq.getHttpParams();
-
-            if (doFullResponse(httpParams)) {
-                SEQUENCE controlSeq = new SEQUENCE();
-                int bpid = 1;
-                PendInfo pendInfo = new PendInfo(reqId.toString(), new
-                        Date());
-                OtherInfo otherInfo = new
-                        OtherInfo(OtherInfo.PEND, null, pendInfo);
-                SEQUENCE bpids = new SEQUENCE();
-                String[] reqIdArray =
-                        req.getExtDataInStringArray(IRequest.CMC_REQIDS);
-
-                for (int i = 0; i < reqIdArray.length; i++) {
-                    bpids.addElement(new INTEGER(reqIdArray[i]));
-                }
-                CMCStatusInfo cmcStatusInfo = new
-                        CMCStatusInfo(CMCStatusInfo.PENDING, bpids,
-                                (String) null, otherInfo);
-                TaggedAttribute ta = new TaggedAttribute(new
-                        INTEGER(bpid++),
-                        OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
-                        cmcStatusInfo);
-
-                controlSeq.addElement(ta);
-                // copy transactionID, senderNonce,
-                // create recipientNonce
-                // create responseInfo if regInfo exist
-                String[] transIds =
-                        req.getExtDataInStringArray(IRequest.CMC_TRANSID);
-                SET ids = new SET();
-
-                for (int i = 0; i < transIds.length; i++) {
-                    ids.addElement(new INTEGER(transIds[i]));
-                }
-                ta = new TaggedAttribute(new
-                            INTEGER(bpid++),
-                            OBJECT_IDENTIFIER.id_cmc_transactionId,
-                            ids);
-                controlSeq.addElement(ta);
-
-                String[] senderNonce = req.getExtDataInStringArray(IRequest.CMC_SENDERNONCE);
-                SET nonces = new SET();
-
-                for (int i = 0; i < senderNonce.length; i++) {
-                    nonces.addElement(new OCTET_STRING(senderNonce[i].getBytes()));
-                }
-                ta = new TaggedAttribute(new
-                            INTEGER(bpid++),
-                            OBJECT_IDENTIFIER.id_cmc_recipientNonce,
-                            nonces);
-                controlSeq.addElement(ta);
-                req.setExtData(IRequest.CMC_RECIPIENTNONCE, senderNonce);
-
-                Date date = CMS.getCurrentDate();
-                String salt = "lala123" + date.toString();
-                byte[] dig;
-
-                try {
-                    MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1");
-
-                    dig = SHA1Digest.digest(salt.getBytes());
-                } catch (NoSuchAlgorithmException ex) {
-                    dig = salt.getBytes();
-                }
-                String b64E = CMS.BtoA(dig);
-                String[] newNonce = { b64E };
-
-                ta = new TaggedAttribute(new
-                            INTEGER(bpid++),
-                            OBJECT_IDENTIFIER.id_cmc_senderNonce,
-                            new OCTET_STRING(newNonce[0].getBytes()));
-                controlSeq.addElement(ta);
-                req.setExtData(IRequest.CMC_SENDERNONCE, newNonce);
-
-                ResponseBody rb = new ResponseBody(controlSeq, new
-                        SEQUENCE(), new
-                        SEQUENCE());
-                EncapsulatedContentInfo ci = new
-                        EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse,
-                                rb);
-                org.mozilla.jss.crypto.X509Certificate x509cert = null;
-
-                if (authority instanceof ICertificateAuthority) {
-                    x509cert = ((ICertificateAuthority) authority).getCaX509Cert();
-                } else if (authority instanceof IRegistrationAuthority) {
-                    x509cert = ((IRegistrationAuthority) authority).getRACert();
-                }
-                if (x509cert == null)
-                    return params;
-                try {
-                    X509CertImpl cert = new X509CertImpl(x509cert.getEncoded());
-                    ByteArrayInputStream issuer1 = new
-                            ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded());
-                    Name issuer = (Name) Name.getTemplate().decode(issuer1);
-                    IssuerAndSerialNumber ias = new
-                            IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString()));
-                    SignerIdentifier si = new
-                            SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
-
-                    // SHA1 is the default digest Alg for now.
-                    DigestAlgorithm digestAlg = null;
-                    SignatureAlgorithm signAlg = null;
-                    org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509cert);
-                    org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType();
-
-                    if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA)) {
-                        signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest;
-                    } else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA)) {
-                        signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest;
-                    } else {
-                        CMS.debug("GenPendingTemplateFiller::getTemplateParams() - "
-                                 + "keyType " + keyType.toString()
-                                 + " is unsupported!");
-                        return null;
-                    }
-
-                    MessageDigest SHADigest = null;
-                    byte[] digest = null;
-
-                    try {
-                        SHADigest = MessageDigest.getInstance("SHA1");
-                        digestAlg = DigestAlgorithm.SHA1;
-
-                        ByteArrayOutputStream ostream = new ByteArrayOutputStream();
-
-                        rb.encode(ostream);
-                        digest = SHADigest.digest(ostream.toByteArray());
-                    } catch (NoSuchAlgorithmException ex) {
-                        //log("digest fail");
-                    }
-
-                    SignerInfo signInfo = new
-                            SignerInfo(si, null, null,
-                                    OBJECT_IDENTIFIER.id_cct_PKIResponse,
-                                    digest, signAlg,
-                                    privKey);
-                    SET signInfos = new SET();
-
-                    signInfos.addElement(signInfo);
-
-                    SET digestAlgs = new SET();
-
-                    if (digestAlg != null) {
-                        AlgorithmIdentifier ai = new
-                                AlgorithmIdentifier(digestAlg.toOID(),
-                                        null);
-
-                        digestAlgs.addElement(ai);
-                    }
-
-                    SignedData fResponse = new
-                            SignedData(digestAlgs, ci,
-                                    null, null, signInfos);
-                    ContentInfo fullResponse = new
-                            ContentInfo(ContentInfo.SIGNED_DATA, fResponse);
-                    ByteArrayOutputStream ostream = new
-                            ByteArrayOutputStream();
-
-                    fullResponse.encode(ostream);
-                    byte[] fr = ostream.toByteArray();
-
-                    fixed.set(FULL_RESPONSE, CMS.BtoA(fr));
-                } catch (Exception e1) {
-                    e1.printStackTrace();
-                }
-            }
-        }
-        // this authority
-        if (authority != null)
-            fixed.set(ICMSTemplateFiller.AUTHORITY,
-                    authority.getOfficialName());
-        return params;
-    }
-
-    /**
-     * handy routine to check if client want full enrollment response
-     */
-    public static boolean doFullResponse(IArgBlock httpParams) {
-        if (httpParams.getValueAsBoolean("fullResponse", false))
-            return true;
-        else
-            return false;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java b/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java
deleted file mode 100644
index 95631ba5e..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java
+++ /dev/null
@@ -1,92 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * default Service Pending template filler
- *
- * @version $Revision$, $Date$
- */
-public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
-    public final static String POLICY_MESSAGE = "policyMessage";
-
-    public GenRejectedTemplateFiller() {
-    }
-
-    /**
-     * @param cmsReq CMS Request
-     * @param authority this authority
-     * @param locale locale of template.
-     * @param e unexpected exception e. ignored.
-     */
-    public CMSTemplateParams getTemplateParams(
-            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams params = new CMSTemplateParams(null, fixed);
-
-        // request status if any.
-        if (cmsReq != null) {
-            Integer sts = cmsReq.getStatus();
-
-            if (sts != null)
-                fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
-        } else {
-            CMS.debug("GenRejectedTemplateFiller::getTemplateParams() - " +
-                       "cmsReq is null!");
-            return null;
-        }
-
-        // request id
-        IRequest req = cmsReq.getIRequest();
-
-        if (req != null) {
-            fixed.set(ICMSTemplateFiller.REQUEST_ID, req.getRequestId());
-
-            // policy errors (rejection reasons)
-            Vector<String> messages = req.getExtDataInStringVector(IRequest.ERRORS);
-
-            if (messages != null) {
-                Enumeration<String> msgs = messages.elements();
-
-                while (msgs.hasMoreElements()) {
-                    String ex = msgs.nextElement();
-                    IArgBlock messageArgBlock = CMS.createArgBlock();
-
-                    messageArgBlock.set(POLICY_MESSAGE, ex);
-                    params.addRepeatRecord(messageArgBlock);
-                }
-            }
-        }
-
-        // this authority
-
-        if (authority != null)
-            fixed.set(ICMSTemplateFiller.AUTHORITY,
-                    authority.getOfficialName());
-        return params;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java b/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java
deleted file mode 100644
index bf164977d..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java
+++ /dev/null
@@ -1,63 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-import java.util.Locale;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.base.IArgBlock;
-
-/**
- * default Success template filler
- *
- * @version $Revision$, $Date$
- */
-public class GenSuccessTemplateFiller implements ICMSTemplateFiller {
-
-    public GenSuccessTemplateFiller() {
-    }
-
-    /**
-     * fill error details and description if any.
-     *
-     * @param cmsReq CMS Request
-     * @param authority this authority
-     * @param locale locale of template.
-     * @param e unexpected exception e. ignored.
-     */
-    public CMSTemplateParams getTemplateParams(
-            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams params = new CMSTemplateParams(null, fixed);
-
-        // request status if any.
-        if (cmsReq != null) {
-            Integer sts = cmsReq.getStatus();
-
-            if (sts != null)
-                fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
-        }
-
-        // this authority
-        if (authority != null)
-            fixed.set(ICMSTemplateFiller.AUTHORITY,
-                    authority.getOfficialName());
-        return params;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java b/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java
deleted file mode 100644
index 275980cf1..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java
+++ /dev/null
@@ -1,79 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-import java.util.Locale;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.request.IRequest;
-
-/**
- * default Service Pending template filler
- *
- * @version $Revision$, $Date$
- */
-public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller {
-    public static final String REMOTE_AUTHORITY = "remoteAuthority";
-
-    public GenSvcPendingTemplateFiller() {
-    }
-
-    /**
-     * fill error details and description if any.
-     *
-     * @param cmsReq CMS Request
-     * @param authority this authority
-     * @param locale locale of template.
-     * @param e unexpected exception e. ignored.
-     */
-    public CMSTemplateParams getTemplateParams(
-            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams params = new CMSTemplateParams(null, fixed);
-
-        // request status if any.
-        if (cmsReq != null) {
-            Integer sts = cmsReq.getStatus();
-
-            if (sts != null)
-                fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
-
-            // request id
-            IRequest req = cmsReq.getIRequest();
-
-            if (req != null) {
-                fixed.set(ICMSTemplateFiller.REQUEST_ID, req.getRequestId());
-
-                // remote authority we're waiting for
-                String remoteAuthority =
-                        req.getExtDataInString(IRequest.REMOTE_SERVICE_AUTHORITY);
-
-                if (remoteAuthority != null)
-                    fixed.set(REMOTE_AUTHORITY, remoteAuthority);
-            }
-        }
-
-        // this authority
-        if (authority != null)
-            fixed.set(ICMSTemplateFiller.AUTHORITY,
-                    authority.getOfficialName());
-        return params;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java b/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java
deleted file mode 100644
index 48a4a54ea..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java
+++ /dev/null
@@ -1,67 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-import java.util.Locale;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.base.IArgBlock;
-
-/**
- * default Unauthorized template filler
- *
- * @version $Revision$, $Date$
- */
-public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller {
-
-    public GenUnauthorizedTemplateFiller() {
-    }
-
-    /**
-     * fill error details and description if any.
-     *
-     * @param cmsReq CMS Request
-     * @param authority this authority
-     * @param locale locale of template.
-     * @param e unexpected exception e. ignored.
-     */
-    public CMSTemplateParams getTemplateParams(
-            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams params = new CMSTemplateParams(null, fixed);
-
-        // request status if any.
-        if (cmsReq != null) {
-            Integer sts = cmsReq.getStatus();
-
-            if (sts != null)
-                fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
-        }
-
-        // set unauthorized error
-        fixed.set(ICMSTemplateFiller.ERROR,
-                new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED")));
-
-        // this authority
-        if (authority != null)
-            fixed.set(ICMSTemplateFiller.AUTHORITY,
-                    authority.getOfficialName());
-        return params;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java b/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java
deleted file mode 100644
index cf0b0a063..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java
+++ /dev/null
@@ -1,77 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-import java.util.Locale;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-
-/**
- * default unexpected error template filler
- *
- * @version $Revision$, $Date$
- */
-public class GenUnexpectedErrorTemplateFiller implements ICMSTemplateFiller {
-
-    public GenUnexpectedErrorTemplateFiller() {
-    }
-
-    /**
-     * fill error details and description if any.
-     *
-     * @param cmsReq CMS Request
-     * @param authority this authority
-     * @param locale locale of template.
-     * @param e unexpected exception e. ignored.
-     */
-    public CMSTemplateParams getTemplateParams(
-            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams params = new CMSTemplateParams(null, fixed);
-
-        // When an exception occurs the exit is non-local which probably
-        // will leave the requestStatus value set to something other
-        // than CMSRequest.EXCEPTION, so force the requestStatus to
-        // EXCEPTION since it must be that if we're here.
-        Integer sts = ICMSRequest.EXCEPTION;
-        if (cmsReq != null)
-            cmsReq.setStatus(sts);
-        fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
-
-        // the unexpected error (exception)
-        if (e == null)
-            e = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR"));
-        String errMsg = null;
-
-        if (e instanceof EBaseException)
-            errMsg = ((EBaseException) e).toString(locale);
-        else
-            errMsg = e.toString();
-        fixed.set(ICMSTemplateFiller.EXCEPTION, errMsg);
-
-        // this authority
-        if (authority != null)
-            fixed.set(ICMSTemplateFiller.AUTHORITY,
-                    authority.getOfficialName());
-        return params;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java b/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java
deleted file mode 100644
index 27bcf308d..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java
+++ /dev/null
@@ -1,49 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-import java.util.Locale;
-
-import com.netscape.certsrv.authority.IAuthority;
-
-/**
- * This interface represents a template filler.
- *
- * @version $Revision$, $Date$
- */
-public interface ICMSTemplateFiller {
-    // common template variables.
-    public final static String ERROR = "errorDetails";
-    public final static String ERROR_DESCR = "errorDescription";
-    public final static String EXCEPTION = "unexpectedError";
-
-    public static final String HOST = "host";
-    public static final String PORT = "port";
-    public static final String SCHEME = "scheme";
-
-    public static final String AUTHORITY = "authorityName";
-
-    public static final String REQUEST_STATUS = "requestStatus";
-
-    public static final String KEYREC_ID = "keyrecId";
-    public static final String REQUEST_ID = "requestId";
-
-    public CMSTemplateParams getTemplateParams(
-            CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e)
-            throws Exception;
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/IRawJS.java b/base/common/src/com/netscape/cms/servlet/common/IRawJS.java
deleted file mode 100644
index e5714f727..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/IRawJS.java
+++ /dev/null
@@ -1,26 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-/**
- * This represents raw JS parameters.
- *
- * @version $Revision$, $Date$
- */
-public interface IRawJS {
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java b/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java
deleted file mode 100644
index 53ddc4c88..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java
+++ /dev/null
@@ -1,111 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-import java.util.Locale;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.ISubsystem;
-
-/**
- * A class represents a certificate server kernel. This
- * kernel contains a list of resident subsystems such
- * as logging, security, remote administration. Additional
- * subsystems can be loaded into this kernel by specifying
- * parameters in the configuration store.
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public class IndexTemplateFiller implements ICMSTemplateFiller {
-
-    // input parameters
-
-    // output parameters
-    private final static String OUT_TYPE = "type";
-    private final static String OUT_ID = "id";
-    private final static String OUT_TOTAL_COUNT = "totalCount";
-
-    public IndexTemplateFiller() {
-    }
-
-    public CMSTemplateParams getTemplateParams(
-            CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) {
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock ctx = CMS.createArgBlock();
-        CMSTemplateParams params = new CMSTemplateParams(header, ctx);
-
-        ISubsystem ca = CMS.getSubsystem("ca");
-        ISubsystem ra = CMS.getSubsystem("ra");
-        ISubsystem kra = CMS.getSubsystem("kra");
-        ISubsystem ocsp = CMS.getSubsystem("ocsp");
-        ISubsystem tks = CMS.getSubsystem("tks");
-
-        IArgBlock rarg = null;
-        int count = 0;
-
-        if (ca != null) {
-            rarg = CMS.createArgBlock();
-            rarg.addStringValue(OUT_TYPE, "CertificateAuthority");
-            rarg.addStringValue(OUT_ID, "ca");
-            params.addRepeatRecord(rarg);
-            count++;
-        }
-        if (ra != null) {
-            rarg = CMS.createArgBlock();
-            rarg.addStringValue(OUT_TYPE, "RegistrationAuthority");
-            rarg.addStringValue(OUT_ID, "ra");
-            params.addRepeatRecord(rarg);
-            count++;
-        }
-        if (ocsp != null) {
-            rarg = CMS.createArgBlock();
-            rarg.addStringValue(OUT_TYPE, "OCSPAuthority");
-            rarg.addStringValue(OUT_ID, "ocsp");
-            params.addRepeatRecord(rarg);
-            count++;
-        }
-        if (kra != null) {
-            rarg = CMS.createArgBlock();
-            rarg.addStringValue(OUT_TYPE, "KeyRecoveryAuthority");
-            rarg.addStringValue(OUT_ID, "kra");
-            params.addRepeatRecord(rarg);
-            count++;
-        }
-        if (tks != null) {
-            rarg = CMS.createArgBlock();
-            rarg.addStringValue(OUT_TYPE, "TKSAuthority");
-            rarg.addStringValue(OUT_ID, "tks");
-            params.addRepeatRecord(rarg);
-            count++;
-        }
-        // information about what is selected is provided
-        // from the caller. This parameter (selected) is used
-        // by header servlet
-        try {
-            header.addStringValue("selected",
-                    cmsReq.getHttpParams().getValueAsString("selected"));
-        } catch (EBaseException ex) {
-        }
-        header.addIntegerValue(OUT_TOTAL_COUNT, count);
-        return params;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/RawJS.java b/base/common/src/com/netscape/cms/servlet/common/RawJS.java
deleted file mode 100644
index 03a4e7e2b..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/RawJS.java
+++ /dev/null
@@ -1,35 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-/**
- * This represents raw JS parameters.
- *
- * @version $Revision$, $Date$
- */
-public class RawJS implements IRawJS {
-    private String mRawJSstr = null;
-
-    public RawJS(String s) {
-        mRawJSstr = s;
-    }
-
-    public String toString() {
-        return mRawJSstr;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/common/ServletUtils.java b/base/common/src/com/netscape/cms/servlet/common/ServletUtils.java
deleted file mode 100644
index a709b6b02..000000000
--- a/base/common/src/com/netscape/cms/servlet/common/ServletUtils.java
+++ /dev/null
@@ -1,148 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.common;
-
-import java.util.StringTokenizer;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authorization.IAuthzSubsystem;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-
-/**
- * Utility class
- *
- * @version $Revision$, $Date$
- */
-public class ServletUtils {
-
-    public final static String AUTHZ_SRC_LDAP = "ldap";
-    public final static String AUTHZ_SRC_TYPE = "sourceType";
-    public final static String AUTHZ_CONFIG_STORE = "authz";
-    public final static String AUTHZ_SRC_XML = "web.xml";
-    public final static String PROP_AUTHZ_MGR = "AuthzMgr";
-    public final static String PROP_ACL = "ACLinfo";
-    public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz";
-    public final static String AUTHZ_MGR_LDAP = "DirAclAuthz";
-
-    public static String initializeAuthz(ServletConfig sc,
-            IAuthzSubsystem authz, String id) throws ServletException {
-        String srcType = AUTHZ_SRC_LDAP;
-
-        try {
-            IConfigStore authzConfig =
-                    CMS.getConfigStore().getSubStore(AUTHZ_CONFIG_STORE);
-
-            srcType = authzConfig.getString(AUTHZ_SRC_TYPE, AUTHZ_SRC_LDAP);
-        } catch (EBaseException e) {
-            CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_FAIL_SRC_TYPE"));
-        }
-
-        String aclMethod = null;
-
-        if (srcType.equalsIgnoreCase(AUTHZ_SRC_XML)) {
-            CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", ""));
-            aclMethod = sc.getInitParameter(PROP_AUTHZ_MGR);
-            if (aclMethod != null &&
-                    aclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) {
-                String aclInfo = sc.getInitParameter(PROP_ACL);
-
-                if (aclInfo != null) {
-                    try {
-                        addACLInfo(authz, aclMethod, aclInfo);
-                    } catch (EBaseException ee) {
-                        throw new ServletException(
-                                "failed to init authz info from xml config file");
-                    }
-
-                    CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE",
-                            id));
-                } else {
-                    CMS.debug(CMS.getLogMessage(
-                            "ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL, id,
-                            AUTHZ_MGR_LDAP));
-                }
-            } else {
-                CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC",
-                        PROP_AUTHZ_MGR, id, AUTHZ_MGR_LDAP));
-            }
-        } else {
-            aclMethod = AUTHZ_MGR_LDAP;
-            CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTH_LDAP_NOT_XML", id));
-        }
-
-        return aclMethod;
-    }
-
-    public static void addACLInfo(IAuthzSubsystem authz, String aclMethod,
-            String aclInfo) throws EBaseException {
-
-        StringTokenizer tokenizer = new StringTokenizer(aclInfo, "#");
-
-        while (tokenizer.hasMoreTokens()) {
-            String acl = tokenizer.nextToken();
-
-            authz.authzMgrAccessInit(aclMethod, acl);
-        }
-    }
-
-    public static String getACLMethod(String aclInfo, String authzMgr, String id) throws EBaseException {
-        String srcType = AUTHZ_SRC_LDAP;
-        IAuthzSubsystem authz = (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ);
-
-        try {
-            IConfigStore authzConfig = CMS.getConfigStore().getSubStore(AUTHZ_CONFIG_STORE);
-            srcType = authzConfig.getString(AUTHZ_SRC_TYPE, AUTHZ_SRC_LDAP);
-        } catch (EBaseException e) {
-            CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_FAIL_SRC_TYPE"));
-        }
-
-        String aclMethod = null;
-
-        if (srcType.equalsIgnoreCase(AUTHZ_SRC_XML)) {
-            CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", ""));
-            try {
-                aclMethod = authzMgr;
-            } catch (Exception e) {
-                // TODO Auto-generated catch block
-                e.printStackTrace();
-            }
-            if (aclMethod != null && aclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) {
-                if (aclInfo != null) {
-                    addACLInfo(authz, aclMethod, aclInfo);
-                    CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE", id));
-                } else {
-                    CMS.debug(CMS.getLogMessage(
-                            "ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL, id,
-                            AUTHZ_MGR_LDAP));
-                }
-            } else {
-                CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC",
-                        PROP_AUTHZ_MGR, id, AUTHZ_MGR_LDAP));
-            }
-        } else {
-            aclMethod = AUTHZ_MGR_LDAP;
-            CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTH_LDAP_NOT_XML", id));
-        }
-
-        return aclMethod;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java b/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
deleted file mode 100644
index 5634cfd55..000000000
--- a/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
+++ /dev/null
@@ -1,580 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.connector;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStream;
-import java.io.OutputStreamWriter;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthCredentials;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.EInvalidCredentials;
-import com.netscape.certsrv.authentication.IAuthManager;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.connector.IPKIMessage;
-import com.netscape.certsrv.connector.IRequestEncoder;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-
-/**
- * Clone servlet - part of the Clone Authority (CLA)
- * processes Revoked certs from its dependant clone CAs
- * service request and return status.
- *
- * @version $Revision$, $Date$
- */
-public class CloneServlet extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = -3474557834182380981L;
-    public static final String INFO = "Clone Servlet";
-    public final static String PROP_AUTHORITY = "authority";
-    protected ServletConfig mConfig = null;
-    protected IAuthority mAuthority = null;
-    protected IRequestEncoder mReqEncoder = null;
-    protected IAuthSubsystem mAuthSubsystem = null;
-    protected ILogger mLogger = CMS.getLogger();
-
-    public CloneServlet() {
-    }
-
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mConfig = sc;
-        String authority = sc.getInitParameter(PROP_AUTHORITY);
-
-        if (authority != null)
-            mAuthority = (IAuthority)
-                    CMS.getSubsystem(authority);
-        mReqEncoder = CMS.getHttpRequestEncoder();
-        mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-    }
-
-    public void service(HttpServletRequest req,
-            HttpServletResponse resp) throws ServletException, IOException {
-        boolean running_state = CMS.isInRunningState();
-
-        if (!running_state)
-            throw new IOException(
-                    "CMS server is not ready to serve.");
-
-        CMSRequest cmsRequest = newCMSRequest();
-
-        // set argblock
-        cmsRequest.setHttpParams(CMS.createArgBlock(toHashtable(req)));
-
-        // set http request
-        cmsRequest.setHttpReq(req);
-
-        // set http response
-        cmsRequest.setHttpResp(resp);
-
-        // set servlet config.
-        cmsRequest.setServletConfig(mConfig);
-
-        // set servlet context.
-        cmsRequest.setServletContext(mConfig.getServletContext());
-
-        char[] content = null;
-        String encodedreq = null;
-        String method = null;
-        int len = -1;
-        IPKIMessage msg = null;
-        IPKIMessage replymsg = null;
-
-        // NOTE must read all bufer before redoing handshake for
-        // ssl client auth for client auth to work.
-
-        // get request method
-        method = req.getMethod();
-
-        // get content length
-        len = req.getContentLength();
-
-        // get content, a base 64 encoded serialized request.
-        if (len > 0) {
-            InputStream in = req.getInputStream();
-            InputStreamReader inreader = new InputStreamReader(in, "UTF8");
-            BufferedReader reader = new BufferedReader(inreader, len);
-
-            content = new char[len];
-            int done = reader.read(content, 0, len);
-            int total = done;
-
-            while (done >= 0 && total < len) {
-                done = reader.read(content, total, len - total);
-                total += done;
-            }
-            reader.close();
-            encodedreq = new String(content);
-        }
-
-        // force client auth handshake, validate clone CA (CCA)
-        // and get CCA's Id.
-        // NOTE must do this after all contents are read for ssl
-        // redohandshake to work
-
-        X509Certificate peerCert;
-
-        try {
-            peerCert = getPeerCert(req);
-        } catch (EBaseException e) {
-            mAuthority.log(ILogger.LL_SECURITY,
-                    CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
-            resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
-        if (peerCert == null) {
-            // XXX log something here.
-            resp.sendError(HttpServletResponse.SC_FORBIDDEN);
-            return;
-        }
-
-        // authenticate clone CA (CCA)
-
-        String CCA_Id = null;
-        String CCAUserId = null;
-        IAuthToken token = null;
-
-        try {
-            // cfu +++ authenticate checks both SUBJECT and Signer SUBJECT
-            CMS.debug("CloneServlet: about to authenticate");
-            token = authenticate(peerCert);
-            // cfu maybe don't need CCA_Id, because the above check
-            //			was good enough
-            CCAUserId = token.getInString("userid");
-            CCA_Id = peerCert.getSubjectDN().toString();
-        } catch (EInvalidCredentials e) {
-            // already logged.
-            resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        } catch (EBaseException e) {
-            // already logged.
-            resp.sendError(HttpServletResponse.SC_FORBIDDEN);
-            return;
-        }
-
-        mAuthority.log(ILogger.LL_INFO,
-                "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN());
-
-        // authorize, any authenticated user are authorized
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, token,
-                        mAuthzResourceName, "submit");
-        } catch (Exception e) {
-            // do nothing for now
-        }
-
-        if (authzToken == null) {
-            cmsRequest.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        // after cert validated, check http request.
-        if (!method.equalsIgnoreCase("POST")) {
-            resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
-            return;
-        }
-        if (len <= 0) {
-            resp.sendError(HttpServletResponse.SC_LENGTH_REQUIRED);
-            return;
-        }
-
-        // now process CCA request - should just be posting revoked
-        //		certs for now
-
-        try {
-            // decode request.
-            CMS.debug("Cloneservlet: before decoding request, encodedreq= " + encodedreq);
-            msg = (IPKIMessage) mReqEncoder.decode(encodedreq);
-            // process request
-            CMS.debug("Cloneservlet: decoded request");
-            replymsg = processRequest(CCA_Id, CCAUserId, msg, token);
-        } catch (IOException e) {
-            e.printStackTrace();
-            mAuthority.log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
-            resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
-            return;
-        } catch (EBaseException e) {
-            mAuthority.log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
-            resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-            return;
-        }
-
-        // encode reply
-        String encodedrep = mReqEncoder.encode(replymsg);
-
-        resp.setStatus(HttpServletResponse.SC_OK);
-        resp.setContentType("text/html");
-        resp.setContentLength(encodedrep.length());
-
-        // send reply
-        OutputStream out = resp.getOutputStream();
-        OutputStreamWriter writer = new OutputStreamWriter(out, "UTF8");
-
-        writer.write(encodedrep);
-        writer.flush();
-        writer.close();
-        out.flush();
-    }
-
-    //cfu ++change this to just check the subject and signer
-    protected IAuthToken authenticate(
-            X509Certificate peerCert)
-            throws EBaseException {
-        try {
-            // XXX using agent authentication now since we're only
-            // verifying that the cert belongs to a user in the db.
-            // XXX change this to ACL in the future.
-
-            // build JAVA X509Certificate from peerCert.
-            X509CertImpl cert = new X509CertImpl(peerCert.getEncoded());
-
-            AuthCredentials creds = new AuthCredentials();
-
-            creds.set(IAuthManager.CRED_SSL_CLIENT_CERT,
-                    new X509Certificate[] { cert }
-                    );
-
-            IAuthToken token = mAuthSubsystem.authenticate(creds,
-                    IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
-
-            return token;
-        } catch (CertificateException e) {
-            mAuthority.log(ILogger.LL_SECURITY,
-                    CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
-        } catch (EInvalidCredentials e) {
-            mAuthority.log(ILogger.LL_SECURITY,
-                    CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
-            throw e;
-        } catch (EBaseException e) {
-            mAuthority.log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
-            throw e;
-        }
-    }
-
-    protected IPKIMessage processRequest(
-            String source, String sourceUserId, IPKIMessage msg, IAuthToken token)
-            throws EBaseException {
-        IPKIMessage replymsg = null;
-        IRequestQueue queue = mAuthority.getRequestQueue();
-        String srcid = source + ":" + msg.getReqId();
-
-        mAuthority.log(ILogger.LL_INFO, "CFU: in CloneServlet processRequest");
-
-        // find request in request queue and return result.
-        RequestId thisreqid = queue.findRequestBySourceId(srcid);
-        IRequest thisreq = null;
-
-        if (thisreqid != null) {
-            thisreq = queue.findRequest(thisreqid);
-            if (thisreq == null) {
-                // strange case.
-                String errormsg = "Cannot find request in request queue " + thisreqid;
-
-                mAuthority.log(ILogger.LL_FAILURE, errormsg);
-                throw new EBaseException(errormsg);
-            } else {
-                mAuthority.log(ILogger.LL_INFO,
-                        "Found request " + thisreqid + " for " + srcid);
-                replymsg = CMS.getHttpPKIMessage();
-                replymsg.fromRequest(thisreq);
-                return replymsg;
-            }
-        }
-
-        // if not found process request.
-        thisreq = queue.newRequest(msg.getReqType());
-        thisreq.setSourceId(srcid);
-        msg.toRequest(thisreq);
-        thisreq.setExtData(IRequest.AUTH_TOKEN, token);
-
-        // setting requestor type must come after copy contents. because
-        // requestor is a regular attribute.
-        thisreq.setExtData(IRequest.REQUESTOR_TYPE,
-                IRequest.REQUESTOR_RA);
-        mAuthority.log(ILogger.LL_INFO, "Processing remote request " + srcid);
-
-        // Set this so that request's updateBy is recorded
-        SessionContext s = SessionContext.getContext();
-
-        if (s.get(SessionContext.USER_ID) == null) {
-            s.put(SessionContext.USER_ID, sourceUserId);
-        }
-
-        queue.processRequest(thisreq);
-        replymsg = CMS.getHttpPKIMessage();
-        replymsg.fromRequest(thisreq);
-
-        //for audit log
-        String agentID = sourceUserId;
-        String initiative = AuditFormat.FROMRA + " trustedManagerID: " +
-                agentID + " remote reqID " + msg.getReqId();
-        String authMgr = AuditFormat.NOAUTH;
-
-        if (token != null) {
-            authMgr =
-                    token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
-        }
-
-        // Get the certificate info from the request
-        X509CertInfo certInfo[] = thisreq.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-        try {
-            if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) {
-                if (certInfo != null) {
-                    for (int i = 0; i < certInfo.length; i++) {
-                        mLogger.log(ILogger.EV_AUDIT,
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.FORMAT,
-                                new Object[] {
-                                        thisreq.getRequestType(),
-                                        thisreq.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        thisreq.getRequestStatus(),
-                                        certInfo[i].get(X509CertInfo.SUBJECT),
-                                        "" }
-                                );
-                    }
-                } else {
-                    mLogger.log(ILogger.EV_AUDIT,
-                            ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.NODNFORMAT,
-                            new Object[] {
-                                    thisreq.getRequestType(),
-                                    thisreq.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    thisreq.getRequestStatus() }
-                            );
-                }
-            } else {
-                if (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) {
-                    Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
-
-                    if (result.equals(IRequest.RES_ERROR)) {
-                        CMS.debug("CloneServlet: error in CLA_CERT4CRL_REQUEST");
-                    } else {
-                        // the success.
-                        CMS.debug("CloneServlet: success in CLA_CERT4CRL_REQUEST");
-                    }
-                }
-
-                /* cfu ---
-                 if (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) {
-                 // XXX make the repeat record.
-                // Get the certificate(s) from the request
-                X509CertImpl issuedCerts[] =
-                (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS);
-                // return potentially more than one certificates.
-                if (issuedCerts != null) {
-                for (int i = 0; i < issuedCerts.length; i++) {
-                mLogger.log(ILogger.EV_AUDIT,
-                ILogger.S_OTHER,
-                AuditFormat.LEVEL,
-                AuditFormat.FORMAT,
-                new Object[] {
-                thisreq.getRequestType(),
-                thisreq.getRequestId() ,
-                initiative ,
-                authMgr ,
-                "completed",
-                issuedCerts[i].getSubjectDN() ,
-                "cert issued serial number: 0x" +
-                issuedCerts[i].getSerialNumber().toString(16)}
-                );
-                }
-                } else {
-                mLogger.log(ILogger.EV_AUDIT,
-                ILogger.S_OTHER,
-                AuditFormat.LEVEL,
-                AuditFormat.NODNFORMAT,
-                new Object[] {
-                thisreq.getRequestType(),
-                thisreq.getRequestId() ,
-                initiative ,
-                authMgr ,
-                "completed"}
-                );
-                }
-                } else if (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) {
-                X509CertImpl[] certs = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS);
-                X509CertImpl old_cert = certs[0];
-                certs = (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS);
-                X509CertImpl renewed_cert = certs[0];
-                if (old_cert != null && renewed_cert != null) {
-                mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                AuditFormat.LEVEL,
-                AuditFormat.RENEWALFORMAT,
-                new Object[] {
-                thisreq.getRequestId(),
-                initiative ,
-                authMgr ,
-                "completed",
-                old_cert.getSubjectDN() ,
-                old_cert.getSerialNumber().toString(16) ,
-                "new serial number: 0x" +
-                renewed_cert.getSerialNumber().toString(16)}
-                );
-                } else {
-                mLogger.log(ILogger.EV_AUDIT,
-                ILogger.S_OTHER,
-                AuditFormat.LEVEL,
-                AuditFormat.NODNFORMAT,
-                new Object[] {
-                thisreq.getRequestType(),
-                thisreq.getRequestId() ,
-                initiative ,
-                authMgr ,
-                "completed with error"}
-                );
-                }
-                } else if (thisreq.getRequestType().equals(IRequest.REVOCATION_REQUEST)) {
-                X509CertImpl[] oldCerts = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS);
-                RevokedCertImpl crlentries[] =
-                (RevokedCertImpl[])thisreq.get(IRequest.REVOKED_CERTS);
-                CRLExtensions crlExts = crlentries[0].getExtensions();
-                int reason = 0;
-                if (crlExts != null) {
-                Enumeration enum = crlExts.getElements();
-                while(enum.hasMoreElements()){
-                Extension ext = (Extension) enum.nextElement();
-                if (ext instanceof CRLReasonExtension) {
-                reason = ((CRLReasonExtension)ext).getReason().toInt
-                ();
-                break;
-                }
-                }
-                }
-
-                int count = oldCerts.length;
-                Integer result = (Integer)thisreq.get(IRequest.RESULT);
-                if (result.equals(IRequest.RES_ERROR)) {
-                EBaseException ex = (EBaseException)thisreq.get(IRequest.ERROR);
-                EBaseException[] svcErrors =
-                (EBaseException[])thisreq.get(IRequest.SVCERRORS);
-                if (svcErrors != null && svcErrors.length > 0) {
-                for (int i = 0; i < svcErrors.length; i++) {
-                EBaseException err = svcErrors[i];
-                if (err != null) {
-                for (int j = 0; j < count; j++) {
-                if (oldCerts[j] != null) {
-                mLogger.log(ILogger.EV_AUDIT,
-                ILogger.S_OTHER,
-                AuditFormat.LEVEL,
-                AuditFormat.DOREVOKEFORMAT,
-                new Object[] {
-                thisreq.getRequestId(),
-                initiative ,
-                "completed with error: " +
-                err.toString() ,
-                oldCerts[j].getSubjectDN() ,
-                oldCerts[j].getSerialNumber().toString(16),
-                RevocationReason.fromInt(reason).toString()}
-                );
-                }
-                }
-                }
-                }
-                }
-                } else {
-                // the success.
-                for (int j = 0; j < count; j++) {
-                if (oldCerts[j] != null) {
-                mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                AuditFormat.LEVEL,
-                AuditFormat.DOREVOKEFORMAT,
-                new Object[] {
-                thisreq.getRequestId(),
-                initiative ,
-                "completed" ,
-                oldCerts[j].getSubjectDN() ,
-                oldCerts[j].getSerialNumber().toString(16),
-                RevocationReason.fromInt(reason).toString()}
-                );
-                }
-                }
-                }
-                } else {
-                mLogger.log(ILogger.EV_AUDIT,
-                ILogger.S_OTHER,
-                AuditFormat.LEVEL,
-                AuditFormat.NODNFORMAT,
-                new Object[] {
-                thisreq.getRequestType(),
-                thisreq.getRequestId() ,
-                initiative ,
-                authMgr ,
-                "completed"}
-                );
-                }
-                cfu */
-            }
-        } catch (IOException e) {
-        } catch (CertificateException e) {
-        }
-
-        return replymsg;
-    }
-
-    protected X509Certificate
-            getPeerCert(HttpServletRequest req) throws EBaseException {
-        return getSSLClientCertificate(req);
-    }
-
-    public String getServletInfo() {
-        return INFO;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java b/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
deleted file mode 100644
index 5f1fc4805..000000000
--- a/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
+++ /dev/null
@@ -1,1115 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.connector;
-
-import java.io.BufferedReader;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStream;
-import java.io.OutputStreamWriter;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.Enumeration;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.CRLExtensions;
-import netscape.security.x509.CRLReasonExtension;
-import netscape.security.x509.CertificateAlgorithmId;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.Extension;
-import netscape.security.x509.RevocationReason;
-import netscape.security.x509.RevokedCertImpl;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.EInvalidCredentials;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.connector.IPKIMessage;
-import com.netscape.certsrv.connector.IRequestEncoder;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.profile.IProfileSubsystem;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * Connector servlet
- * process requests from remote authority -
- * service request or return status.
- *
- * @version $Revision$, $Date$
- */
-public class ConnectorServlet extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 1221916495803185863L;
-    public static final String INFO = "Connector Servlet";
-    public final static String PROP_AUTHORITY = "authority";
-    protected ServletConfig mConfig = null;
-    protected IAuthority mAuthority = null;
-    protected IRequestEncoder mReqEncoder = null;
-    protected IAuthSubsystem mAuthSubsystem = null;
-    protected ILogger mLogger = CMS.getLogger();
-
-    protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
-    private final static String SIGNED_AUDIT_PROTECTION_METHOD_SSL = "ssl";
-    private final static String LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS =
-            "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5";
-    private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST =
-            "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5";
-    private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
-            "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
-
-    private final static byte EOL[] = { Character.LINE_SEPARATOR };
-
-    public ConnectorServlet() {
-    }
-
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mConfig = sc;
-        String authority = sc.getInitParameter(PROP_AUTHORITY);
-
-        if (authority != null)
-            mAuthority = (IAuthority)
-                    CMS.getSubsystem(authority);
-        mReqEncoder = CMS.getHttpRequestEncoder();
-
-        mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-    }
-
-    public void service(HttpServletRequest request,
-            HttpServletResponse response)
-            throws ServletException, IOException {
-
-        boolean running_state = CMS.isInRunningState();
-
-        if (!running_state)
-            throw new IOException(
-                    "CMS server is not ready to serve.");
-
-        HttpServletRequest req = request;
-        HttpServletResponse resp = response;
-
-        CMSRequest cmsRequest = newCMSRequest();
-
-        // set argblock
-        cmsRequest.setHttpParams(CMS.createArgBlock(toHashtable(request)));
-
-        // set http request
-        cmsRequest.setHttpReq(request);
-
-        // set http response
-        cmsRequest.setHttpResp(response);
-
-        // set servlet config.
-        cmsRequest.setServletConfig(mConfig);
-
-        // set servlet context.
-        cmsRequest.setServletContext(mConfig.getServletContext());
-
-        char[] content = null;
-        String encodedreq = null;
-        String method = null;
-        int len = -1;
-        IPKIMessage msg = null;
-        IPKIMessage replymsg = null;
-
-        // NOTE must read all bufer before redoing handshake for
-        // ssl client auth for client auth to work.
-
-        // get request method
-        method = req.getMethod();
-
-        // get content length
-        len = request.getContentLength();
-
-        // get content, a base 64 encoded serialized request.
-        if (len > 0) {
-            InputStream in = request.getInputStream();
-            InputStreamReader inreader = new InputStreamReader(in, "UTF8");
-            BufferedReader reader = new BufferedReader(inreader, len);
-
-            content = new char[len];
-            int done = reader.read(content, 0, len);
-            int total = done;
-
-            while (done >= 0 && total < len) {
-                done = reader.read(content, total, len - total);
-                total += done;
-            }
-            reader.close();
-            encodedreq = new String(content);
-        }
-
-        // force client auth handshake, validate RA and get RA's Id.
-        // NOTE must do this after all contents are read for ssl
-        // redohandshake to work
-
-        X509Certificate peerCert;
-
-        try {
-            peerCert = getPeerCert(req);
-        } catch (EBaseException e) {
-            mAuthority.log(ILogger.LL_SECURITY,
-                    CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
-            resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
-        if (peerCert == null) {
-            // XXX log something here.
-            resp.sendError(HttpServletResponse.SC_FORBIDDEN);
-            return;
-        }
-
-        // authenticate RA
-
-        String RA_Id = null;
-        String raUserId = null;
-        IAuthToken token = null;
-
-        try {
-            token = authenticate(request);
-            raUserId = token.getInString("userid");
-            RA_Id = peerCert.getSubjectDN().toString();
-        } catch (EInvalidCredentials e) {
-            // already logged.
-            resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        } catch (EBaseException e) {
-            // already logged.
-            resp.sendError(HttpServletResponse.SC_FORBIDDEN);
-            return;
-        }
-
-        mAuthority.log(ILogger.LL_INFO,
-                "Remote Authority authenticated: " + peerCert.getSubjectDN());
-
-        // authorize
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, token,
-                        mAuthzResourceName, "submit");
-        } catch (Exception e) {
-            // do nothing for now
-        }
-
-        if (authzToken == null) {
-            cmsRequest.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        // after cert validated, check http request.
-        if (!method.equalsIgnoreCase("POST")) {
-            resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
-            return;
-        }
-        if (len <= 0) {
-            resp.sendError(HttpServletResponse.SC_LENGTH_REQUIRED);
-            return;
-        }
-
-        // now process request.
-
-        CMS.debug("ConnectorServlet: process request RA_Id=" + RA_Id);
-        try {
-            // decode request.
-            msg = (IPKIMessage) mReqEncoder.decode(encodedreq);
-            // process request
-            replymsg = processRequest(RA_Id, raUserId, msg, token);
-        } catch (IOException e) {
-            CMS.debug("ConnectorServlet: service " + e.toString());
-            CMS.debug(e);
-            mAuthority.log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
-            resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
-            return;
-        } catch (EBaseException e) {
-            CMS.debug("ConnectorServlet: service " + e.toString());
-            CMS.debug(e);
-            mAuthority.log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
-            resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-            return;
-        } catch (Exception e) {
-            CMS.debug("ConnectorServlet: service " + e.toString());
-            CMS.debug(e);
-        }
-
-        CMS.debug("ConnectorServlet: done processRequest");
-
-        // encode reply
-        try {
-            String encodedrep = mReqEncoder.encode(replymsg);
-
-            resp.setStatus(HttpServletResponse.SC_OK);
-            resp.setContentType("text/html");
-            resp.setContentLength(encodedrep.length());
-
-            // send reply
-            OutputStream out = response.getOutputStream();
-            OutputStreamWriter writer = new OutputStreamWriter(out, "UTF8");
-
-            writer.write(encodedrep);
-            writer.flush();
-            writer.close();
-            out.flush();
-        } catch (Exception e) {
-            CMS.debug("ConnectorServlet: error writing e=" + e.toString());
-        }
-        CMS.debug("ConnectorServlet: send response RA_Id=" + RA_Id);
-    }
-
-    public static boolean isProfileRequest(IRequest request) {
-        String profileId = request.getExtDataInString("profileId");
-
-        if (profileId == null || profileId.equals(""))
-            return false;
-        else
-            return true;
-    }
-
-    public void normalizeProfileRequest(IRequest request) {
-        // if it is profile request, we need to normalize the
-        // x509certinfo from ra into request
-        X509CertInfo info = null;
-        ByteArrayOutputStream byteStream;
-
-        try {
-            info = request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
-
-            //   request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0"));
-            CertificateX509Key certKey = (CertificateX509Key) info.get(X509CertInfo.KEY);
-            if (certKey != null) {
-                byteStream = new ByteArrayOutputStream();
-                certKey.encode(byteStream);
-                request.setExtData(IEnrollProfile.REQUEST_KEY,
-                        byteStream.toByteArray());
-            }
-
-            CertificateSubjectName certSubject = (CertificateSubjectName)
-                    info.get(X509CertInfo.SUBJECT);
-            if (certSubject != null) {
-                request.setExtData(IEnrollProfile.REQUEST_SUBJECT_NAME,
-                        certSubject);
-            }
-
-            CertificateValidity certValidity = (CertificateValidity)
-                    info.get(X509CertInfo.VALIDITY);
-            if (certValidity != null) {
-                byteStream = new ByteArrayOutputStream();
-                certValidity.encode(byteStream);
-                request.setExtData(IEnrollProfile.REQUEST_VALIDITY,
-                        byteStream.toByteArray());
-            }
-
-            CertificateExtensions extensions = (CertificateExtensions)
-                    info.get(X509CertInfo.EXTENSIONS);
-            if (extensions != null) {
-                request.setExtData(IEnrollProfile.REQUEST_EXTENSIONS,
-                        extensions);
-            }
-
-            CertificateAlgorithmId certAlg = (CertificateAlgorithmId)
-                    info.get(X509CertInfo.ALGORITHM_ID);
-            if (certAlg != null) {
-                ByteArrayOutputStream certAlgOut = new ByteArrayOutputStream();
-                certAlg.encode(certAlgOut);
-                request.setExtData(IEnrollProfile.REQUEST_SIGNING_ALGORITHM,
-                        certAlgOut.toByteArray());
-            }
-        } catch (Exception e) {
-            CMS.debug("ConnectorServlet: profile normalization " +
-                    e.toString());
-        }
-
-        String profileId = request.getExtDataInString("profileId");
-        IProfileSubsystem ps = (IProfileSubsystem)
-                CMS.getSubsystem("profile");
-        IEnrollProfile profile = null;
-
-        // profile subsystem may not be available. In case of KRA for
-        // example
-        if (ps == null) {
-            CMS.debug("ConnectorServlet: Profile Subsystem not found ");
-            return;
-        }
-        try {
-            profile = (IEnrollProfile) (ps.getProfile(profileId));
-            profile.setDefaultCertInfo(request);
-        } catch (EProfileException e) {
-            CMS.debug("ConnectorServlet: normalizeProfileRequest Exception: " + e.toString());
-        }
-        if (profile == null) {
-            CMS.debug("ConnectorServlet: Profile not found " + profileId);
-            return;
-        }
-    }
-
-    /**
-     * Process request
-     * <P>
-     *
-     * (Certificate Request - all "agent" profile cert requests made through a connector)
-     * <P>
-     *
-     * (Certificate Request Processed - all automated "agent" profile based cert acceptance made through a connector)
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a profile cert request is made (before
-     * approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been
-     * through the approval process
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS used when inter-CIMC_Boundary data transfer is
-     * successful (this is used when data does not need to be captured)
-     * </ul>
-     *
-     * @param source string containing source
-     * @param sourceUserId string containing source user ID
-     * @param msg PKI message
-     * @param token the authentication token
-     * @exception EBaseException an error has occurred
-     * @return PKI message
-     */
-    protected IPKIMessage processRequest(
-            String source, String sourceUserId, IPKIMessage msg, IAuthToken token)
-            throws EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = sourceUserId;
-        String auditProtectionMethod = SIGNED_AUDIT_PROTECTION_METHOD_SSL;
-        String auditRequestType = msg.getReqType();
-        String auditRequesterID = msg.getReqId();
-
-        // additional parms for LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
-        String auditCertificateSubjectName = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        String subject = null;
-
-        // additional parms for LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED
-        String auditInfoCertValue = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-
-        // "normalize" the "auditSubjectID"
-        if (auditSubjectID != null) {
-            auditSubjectID = auditSubjectID.trim();
-        } else {
-            auditSubjectID = ILogger.UNIDENTIFIED;
-        }
-
-        // "normalize" the "auditRequestType"
-        if (auditRequestType != null) {
-            auditRequestType = auditRequestType.trim();
-        } else {
-            auditRequestType = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        // "normalize" the "auditRequesterID"
-        if (auditRequesterID != null) {
-            auditRequesterID = auditRequesterID.trim();
-        } else {
-            auditRequesterID = ILogger.UNIDENTIFIED;
-        }
-
-        IPKIMessage replymsg = null;
-
-        try {
-            IRequestQueue queue = mAuthority.getRequestQueue();
-            String srcid = source + ":" + msg.getReqId();
-
-            // find request in request queue and return result.
-            RequestId thisreqid = queue.findRequestBySourceId(srcid);
-            IRequest thisreq = null;
-
-            if (thisreqid != null) {
-                thisreq = queue.findRequest(thisreqid);
-                if (thisreq == null) {
-                    // strange case.
-                    String errormsg = "Cannot find request in request queue " +
-                            thisreqid;
-
-                    mAuthority.log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage(
-                                    "CMSGW_REQUEST_ID_NOT_FOUND_1",
-                                    thisreqid.toString()));
-
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditProtectionMethod,
-                                auditRequestType,
-                                auditRequesterID);
-
-                    audit(auditMessage);
-
-                    // NOTE:  The signed audit event
-                    //        LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
-                    //        does not yet matter at this point!
-
-                    throw new EBaseException(errormsg);
-                } else {
-                    mAuthority.log(ILogger.LL_INFO,
-                            "Found request " + thisreqid + " for " + srcid);
-                    replymsg = CMS.getHttpPKIMessage();
-                    replymsg.fromRequest(thisreq);
-
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
-                                auditSubjectID,
-                                ILogger.SUCCESS,
-                                auditProtectionMethod,
-                                auditRequestType,
-                                auditRequesterID);
-
-                    audit(auditMessage);
-
-                    // NOTE:  The signed audit event
-                    //        LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
-                    //        does not yet matter at this point!
-
-                    return replymsg;
-                }
-            }
-
-            // if not found process request.
-            thisreq = queue.newRequest(msg.getReqType());
-            CMS.debug("ConnectorServlet: created requestId=" +
-                    thisreq.getRequestId().toString());
-            thisreq.setSourceId(srcid);
-
-            // NOTE:  For the following signed audit message, since we only
-            //        care about the "msg.toRequest( thisreq );" command, and
-            //        since this command does not throw an EBaseException
-            //        (which is the only exception designated by this method),
-            //        then this code does NOT need to be contained within its
-            //        own special try/catch block.
-            msg.toRequest(thisreq);
-
-            if (isProfileRequest(thisreq)) {
-                X509CertInfo info =
-                                    thisreq.getExtDataInCertInfo(
-                                            IEnrollProfile.REQUEST_CERTINFO);
-
-                try {
-                    CertificateSubjectName sn = (CertificateSubjectName)
-                            info.get(X509CertInfo.SUBJECT);
-
-                    // if the cert subject name is NOT MISSING, retrieve the
-                    // actual "auditCertificateSubjectName" and "normalize"
-                    // it
-                    if (sn != null) {
-                        subject = sn.toString();
-                        if (subject != null) {
-                            // NOTE:  This is ok even if the cert subject
-                            //        name is "" (empty)!
-                            auditCertificateSubjectName = subject.trim();
-                        }
-                    }
-
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditRequesterID,
-                            auditProfileID(),
-                            auditCertificateSubjectName);
-
-                    audit(auditMessage);
-                } catch (CertificateException e) {
-                    CMS.debug("ConnectorServlet: processRequest "
-                             + e.toString());
-
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRequesterID,
-                            auditProfileID(),
-                            auditCertificateSubjectName);
-
-                    audit(auditMessage);
-                } catch (IOException e) {
-                    CMS.debug("ConnectorServlet: processRequest "
-                             + e.toString());
-
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRequesterID,
-                            auditProfileID(),
-                            auditCertificateSubjectName);
-
-                    audit(auditMessage);
-                }
-            }
-
-            thisreq.setExtData(IRequest.AUTH_TOKEN, token);
-
-            // setting requestor type must come after copy contents. because
-            // requestor is a regular attribute.
-            thisreq.setExtData(IRequest.REQUESTOR_TYPE,
-                    IRequest.REQUESTOR_RA);
-            mAuthority.log(ILogger.LL_INFO, "Processing remote request " +
-                    srcid);
-
-            // Set this so that request's updateBy is recorded
-            SessionContext s = SessionContext.getContext();
-
-            if (s.get(SessionContext.USER_ID) == null) {
-                s.put(SessionContext.USER_ID, sourceUserId);
-            }
-
-            if (s.get(SessionContext.REQUESTER_ID) == null) {
-                s.put(SessionContext.REQUESTER_ID, msg.getReqId());
-            }
-
-            CMS.debug("ConnectorServlet: calling processRequest instance=" +
-                    thisreq);
-            if (isProfileRequest(thisreq)) {
-                normalizeProfileRequest(thisreq);
-            }
-
-            try {
-                queue.processRequest(thisreq);
-
-                if (isProfileRequest(thisreq)) {
-                    // reset the "auditInfoCertValue"
-                    auditInfoCertValue = auditInfoCertValue(thisreq);
-
-                    if (auditInfoCertValue != null) {
-                        if (!(auditInfoCertValue.equals(
-                                   ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
-                            // store a message in the signed audit log file
-                            auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                    auditSubjectID,
-                                    ILogger.SUCCESS,
-                                    auditRequesterID,
-                                    ILogger.SIGNED_AUDIT_ACCEPTANCE,
-                                    auditInfoCertValue);
-
-                            audit(auditMessage);
-                        }
-                    }
-                }
-            } catch (EBaseException eAudit1) {
-                if (isProfileRequest(thisreq)) {
-                    // reset the "auditInfoCertValue"
-                    auditInfoCertValue = auditInfoCertValue(thisreq);
-
-                    if (auditInfoCertValue != null) {
-                        if (!(auditInfoCertValue.equals(
-                                   ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
-                            // store a message in the signed audit log file
-                            auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditRequesterID,
-                                    ILogger.SIGNED_AUDIT_ACCEPTANCE,
-                                    auditInfoCertValue);
-
-                            audit(auditMessage);
-                        }
-                    }
-                }
-
-                // rethrow EBaseException to primary catch clause
-                // within this method
-                throw eAudit1;
-            }
-
-            replymsg = CMS.getHttpPKIMessage();
-            replymsg.fromRequest(thisreq);
-
-            CMS.debug("ConnectorServlet: replymsg.reqStatus=" +
-                    replymsg.getReqStatus());
-
-            //for audit log
-            String agentID = sourceUserId;
-            String initiative = AuditFormat.FROMRA + " trustedManagerID: " +
-                    agentID + " remote reqID " + msg.getReqId();
-            String authMgr = AuditFormat.NOAUTH;
-
-            if (token != null) {
-                authMgr =
-                        token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
-            }
-
-            if (isProfileRequest(thisreq)) {
-                // XXX audit log
-                CMS.debug("ConnectorServlet: done requestId=" +
-                        thisreq.getRequestId().toString());
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditProtectionMethod,
-                            auditRequestType,
-                            auditRequesterID);
-
-                audit(auditMessage);
-
-                // NOTE:  The signed audit event
-                //        LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
-                //        has already been logged at this point!
-
-                return replymsg;
-            }
-
-            // Get the certificate info from the request
-            X509CertInfo x509Info[] = thisreq.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-            try {
-                if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) {
-                    if (x509Info != null) {
-                        for (int i = 0; i < x509Info.length; i++) {
-                            mLogger.log(ILogger.EV_AUDIT,
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
-                                    new Object[] {
-                                            thisreq.getRequestType(),
-                                            thisreq.getRequestId(),
-                                            initiative,
-                                            authMgr,
-                                            thisreq.getRequestStatus(),
-                                            x509Info[i].get(X509CertInfo.SUBJECT),
-                                            "" }
-                                    );
-                        }
-                    } else {
-                        mLogger.log(ILogger.EV_AUDIT,
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.NODNFORMAT,
-                                new Object[] {
-                                        thisreq.getRequestType(),
-                                        thisreq.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        thisreq.getRequestStatus() }
-                                );
-                    }
-                } else {
-                    if (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) {
-                        // XXX make the repeat record.
-                        // Get the certificate(s) from the request
-                        X509CertImpl x509Certs[] = null;
-
-                        if (x509Info != null)
-                            x509Certs =
-                                    thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS);
-
-                        // return potentially more than one certificates.
-                        if (x509Certs != null) {
-                            for (int i = 0; i < x509Certs.length; i++) {
-                                mLogger.log(ILogger.EV_AUDIT,
-                                        ILogger.S_OTHER,
-                                        AuditFormat.LEVEL,
-                                        AuditFormat.FORMAT,
-                                        new Object[] {
-                                                thisreq.getRequestType(),
-                                                thisreq.getRequestId(),
-                                                initiative,
-                                                authMgr,
-                                                "completed",
-                                                x509Certs[i].getSubjectDN(),
-                                                "cert issued serial number: 0x" +
-                                                        x509Certs[i].getSerialNumber().toString(16) }
-                                        );
-                            }
-                        } else {
-                            mLogger.log(ILogger.EV_AUDIT,
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.NODNFORMAT,
-                                    new Object[] {
-                                            thisreq.getRequestType(),
-                                            thisreq.getRequestId(),
-                                            initiative,
-                                            authMgr,
-                                            "completed" }
-                                    );
-                        }
-                    } else if (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) {
-                        X509CertImpl[] certs =
-                                thisreq.getExtDataInCertArray(IRequest.OLD_CERTS);
-                        X509CertImpl old_cert = certs[0];
-
-                        certs = thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS);
-                        X509CertImpl renewed_cert = certs[0];
-
-                        if (old_cert != null && renewed_cert != null) {
-                            mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.RENEWALFORMAT,
-                                    new Object[] {
-                                            thisreq.getRequestId(),
-                                            initiative,
-                                            authMgr,
-                                            "completed",
-                                            old_cert.getSubjectDN(),
-                                            old_cert.getSerialNumber().toString(16),
-                                            "new serial number: 0x" +
-                                                    renewed_cert.getSerialNumber().toString(16) }
-                                    );
-                        } else {
-                            mLogger.log(ILogger.EV_AUDIT,
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.NODNFORMAT,
-                                    new Object[] {
-                                            thisreq.getRequestType(),
-                                            thisreq.getRequestId(),
-                                            initiative,
-                                            authMgr,
-                                            "completed with error" }
-                                    );
-                        }
-                    } else if (thisreq.getRequestType().equals(IRequest.REVOCATION_REQUEST)) {
-                        Certificate[] oldCerts =
-                                thisreq.getExtDataInCertArray(IRequest.OLD_CERTS);
-                        RevokedCertImpl crlentries[] =
-                                thisreq.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS);
-                        CRLExtensions crlExts = crlentries[0].getExtensions();
-                        int reason = 0;
-
-                        if (crlExts != null) {
-                            Enumeration<Extension> enum1 = crlExts.getElements();
-
-                            while (enum1.hasMoreElements()) {
-                                Extension ext = enum1.nextElement();
-
-                                if (ext instanceof CRLReasonExtension) {
-                                    reason = ((CRLReasonExtension) ext).getReason().toInt();
-                                    break;
-                                }
-                            }
-                        }
-
-                        int count = oldCerts.length;
-                        Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
-
-                        if (result.equals(IRequest.RES_ERROR)) {
-                            String[] svcErrors =
-                                    thisreq.getExtDataInStringArray(IRequest.SVCERRORS);
-
-                            if (svcErrors != null && svcErrors.length > 0) {
-                                for (int i = 0; i < svcErrors.length; i++) {
-                                    String err = svcErrors[i];
-
-                                    if (err != null) {
-                                        for (int j = 0; j < count; j++) {
-                                            if (oldCerts[j] != null) {
-                                                if (oldCerts[j] instanceof X509CertImpl) {
-                                                    X509CertImpl cert = (X509CertImpl) oldCerts[j];
-
-                                                    mLogger.log(ILogger.EV_AUDIT,
-                                                            ILogger.S_OTHER,
-                                                            AuditFormat.LEVEL,
-                                                            AuditFormat.DOREVOKEFORMAT,
-                                                            new Object[] {
-                                                                    thisreq.getRequestId(),
-                                                                    initiative,
-                                                                    "completed with error: " +
-                                                                            err,
-                                                                    cert.getSubjectDN(),
-                                                                    cert.getSerialNumber().toString(16),
-                                                                    RevocationReason.fromInt(reason).toString() }
-                                                            );
-                                                }
-                                            }
-                                        }
-                                    }
-                                }
-                            }
-                        } else {
-                            // the success.
-                            for (int j = 0; j < count; j++) {
-                                if (oldCerts[j] != null) {
-                                    if (oldCerts[j] instanceof X509CertImpl) {
-                                        X509CertImpl cert = (X509CertImpl) oldCerts[j];
-
-                                        mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                                AuditFormat.LEVEL,
-                                                AuditFormat.DOREVOKEFORMAT,
-                                                new Object[] {
-                                                        thisreq.getRequestId(),
-                                                        initiative,
-                                                        "completed",
-                                                        cert.getSubjectDN(),
-                                                        cert.getSerialNumber().toString(16),
-                                                        RevocationReason.fromInt(reason).toString() }
-                                                );
-                                    }
-                                }
-                            }
-                        }
-                    } else {
-                        mLogger.log(ILogger.EV_AUDIT,
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.NODNFORMAT,
-                                new Object[] {
-                                        thisreq.getRequestType(),
-                                        thisreq.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        "completed" }
-                                );
-                    }
-                }
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditProtectionMethod,
-                            auditRequestType,
-                            auditRequesterID);
-
-                audit(auditMessage);
-            } catch (IOException e) {
-                CMS.debug("ConnectorServlet: process " + e.toString());
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditProtectionMethod,
-                            auditRequestType,
-                            auditRequesterID);
-
-                audit(auditMessage);
-            } catch (CertificateException e) {
-                CMS.debug("ConnectorServlet: process " + e.toString());
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditProtectionMethod,
-                            auditRequestType,
-                            auditRequesterID);
-
-                audit(auditMessage);
-            } catch (Exception e) {
-                CMS.debug("ConnectorServlet: process " + e.toString());
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditProtectionMethod,
-                            auditRequestType,
-                            auditRequesterID);
-
-                audit(auditMessage);
-            } finally {
-                SessionContext.releaseContext();
-            }
-
-            // NOTE:  The signed audit event
-            //        LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
-            //        has already been logged at this point!
-
-            return replymsg;
-        } catch (EBaseException e) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditProtectionMethod,
-                        auditRequestType,
-                        auditRequesterID);
-
-            audit(auditMessage);
-
-            // NOTE:  The signed audit event
-            //        LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
-            //        has either already been logged, or
-            //        does not yet matter at this point!
-
-            return replymsg;
-        }
-    }
-
-    protected X509Certificate
-            getPeerCert(HttpServletRequest req) throws EBaseException {
-        return getSSLClientCertificate(req);
-    }
-
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Signed Audit Log
-     *
-     * This method is inherited by all extended "CMSServlet"s,
-     * and is called to store messages to the signed audit log.
-     * <P>
-     *
-     * @param msg signed audit log message
-     */
-    protected void audit(String msg) {
-        // in this case, do NOT strip preceding/trailing whitespace
-        // from passed-in String parameters
-
-        if (mSignedAuditLogger == null) {
-            return;
-        }
-
-        mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-                null,
-                ILogger.S_SIGNED_AUDIT,
-                ILogger.LL_SECURITY,
-                msg);
-    }
-
-    /**
-     * Signed Audit Log Profile ID
-     *
-     * This method is inherited by all extended "EnrollProfile"s,
-     * and is called to obtain the "ProfileID" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @return id string containing the signed audit log message ProfileID
-     */
-    protected String auditProfileID() {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        String profileID = getId();
-
-        if (profileID != null) {
-            profileID = profileID.trim();
-        } else {
-            profileID = ILogger.UNIDENTIFIED;
-        }
-
-        return profileID;
-    }
-
-    /**
-     * Signed Audit Log Info Certificate Value
-     *
-     * This method is called to obtain the certificate from the passed in
-     * "X509CertImpl" for a signed audit log message.
-     * <P>
-     *
-     * @param request a Request containing an X509CertImpl
-     * @return cert string containing the certificate
-     */
-    private String auditInfoCertValue(IRequest request) {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        X509CertImpl x509cert = request.getExtDataInCert(
-                IEnrollProfile.REQUEST_ISSUED_CERT);
-
-        if (x509cert == null) {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        byte rawData[] = null;
-
-        try {
-            rawData = x509cert.getEncoded();
-        } catch (CertificateEncodingException e) {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        String cert = null;
-
-        // convert "rawData" into "base64Data"
-        if (rawData != null) {
-            String base64Data = null;
-
-            base64Data = Utils.base64encode(rawData).trim();
-
-            StringBuffer sb = new StringBuffer();
-            // extract all line separators from the "base64Data"
-            for (int i = 0; i < base64Data.length(); i++) {
-                if (base64Data.substring(i, i).getBytes() != EOL) {
-                    sb.append(base64Data.substring(i, i));
-                }
-            }
-            cert = sb.toString();
-        }
-
-        if (cert != null) {
-            cert = cert.trim();
-
-            if (cert.equals("")) {
-                return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-            } else {
-                return cert;
-            }
-        } else {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java b/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
deleted file mode 100644
index 3d0ad4c62..000000000
--- a/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
+++ /dev/null
@@ -1,336 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.connector;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.Hashtable;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IPrettyPrintFormat;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-
-/**
- * GenerateKeyPairServlet
- * handles "server-side key pair generation" requests from the
- * netkey RA.
- *
- * @author Christina Fu (cfu)
- * @version $Revision$, $Date$
- */
-//XXX add auditing later
-public class GenerateKeyPairServlet extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 4308385291961910458L;
-    private final static String INFO = "GenerateKeyPairServlet";
-    public final static String PROP_AUTHORITY = "authority";
-    protected ServletConfig mConfig = null;
-    protected IAuthority mAuthority = null;
-    public static int ERROR = 1;
-    IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":");
-    protected IAuthSubsystem mAuthSubsystem = null;
-    protected ILogger mLogger = CMS.getLogger();
-    private Hashtable<String, String> supportedECCurves_ht = null;
-
-    /**
-     * Constructs GenerateKeyPair servlet.
-     *
-     */
-    public GenerateKeyPairServlet() {
-        super();
-    }
-
-    public void init(ServletConfig config) throws ServletException {
-        super.init(config);
-        mConfig = config;
-        IConfigStore sconfig = CMS.getConfigStore();
-        String authority = config.getInitParameter(PROP_AUTHORITY);
-
-        if (authority != null)
-            mAuthority = (IAuthority)
-                    CMS.getSubsystem(authority);
-
-        mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-        // supported EC cuves by the smart cards
-        String curveList = null;
-        try {
-            curveList = sconfig.getString("kra.keygen.curvelist",
-                              "nistp256,nistp384,nistp521");
-        } catch (EBaseException e) {
-            curveList = "nistp256,nistp384,nistp521";
-        }
-
-        supportedECCurves_ht = new Hashtable<String, String>();
-        String[] supportedECCurves = curveList.split(",");
-        for ( int i = 0; i < supportedECCurves.length; i++) {
-            supportedECCurves_ht.put(supportedECCurves[i], supportedECCurves[i]);
-        }
-
-    }
-
-    /**
-     * Returns serlvet information.
-     *
-     * @return name of this servlet
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /*
-     * processServerSideKeyGen -
-     *   handles netkey DRM serverside keygen.
-     * netkey operations:
-     *  1. generate keypair (archive user priv key)
-     *  2. unwrap des key with transport key, then url decode it
-     *  3. wrap user priv key with des key
-     *  4. send the following to RA:
-     *      * des key wrapped(user priv key)
-     *      * user public key
-     *     (note: RA should have kek-wrapped des key from TKS)
-     *      * recovery blob (used for recovery)
-     */
-    private void processServerSideKeyGen(HttpServletRequest req,
-            HttpServletResponse resp) throws EBaseException {
-        IRequestQueue queue = mAuthority.getRequestQueue();
-        IRequest thisreq = null;
-
-        boolean missingParam = false;
-        String status = "0";
-
-        CMS.debug("processServerSideKeyGen begins:");
-
-        String rCUID = req.getParameter("CUID");
-        String rUserid = req.getParameter("userid");
-        String rdesKeyString = req.getParameter("drm_trans_desKey");
-        String rArchive = req.getParameter("archive");
-        String rKeysize = req.getParameter("keysize");
-        String rKeytype = req.getParameter("keytype");
-        String rKeycurve = req.getParameter("eckeycurve");
-
-        if ((rCUID == null) || (rCUID.equals(""))) {
-            CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: CUID");
-            missingParam = true;
-        }
-
-        if ((rUserid == null) || (rUserid.equals(""))) {
-            CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: userid");
-            missingParam = true;
-        }
-
-        // if not specified, default to RSA
-        if ((rKeytype == null) || (rKeytype.equals(""))) {
-            rKeytype = "RSA";
-        }
-
-        // keysize is for non-EC (EC uses keycurve)
-        if (!rKeytype.equals("EC") && ((rKeysize == null) || (rKeysize.equals("")))) {
-            rKeysize = "1024"; // default to 1024
-        }
-
-        if (rKeytype.equals("EC")) {
-            if ((rKeycurve == null) || (rKeycurve.equals(""))) {
-                rKeycurve = "nistp256";
-            }
-            // is the specified curve supported?
-            boolean isSupportedCurve = supportedECCurves_ht.containsKey(rKeycurve);
-            if (isSupportedCurve == false) {
-                CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): unsupported curve:"+ rKeycurve);
-                missingParam = true;
-            } else {
-                CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): curve to be generated:"+ rKeycurve);
-            }
-        }
-
-        if ((rdesKeyString == null) ||
-                (rdesKeyString.equals(""))) {
-            CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: DRM-transportKey-wrapped DES key");
-            missingParam = true;
-        }
-
-        if ((rArchive == null) || (rArchive.equals(""))) {
-            CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing key archival flag 'archive' ,default to true");
-            rArchive = "true";
-        }
-
-        if (!missingParam) {
-            thisreq = queue.newRequest(IRequest.NETKEY_KEYGEN_REQUEST);
-
-            thisreq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_NETKEY_RA);
-            thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID);
-            thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid);
-            thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString);
-            thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive);
-            thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize);
-            thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_TYPE, rKeytype);
-            thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_EC_CURVE, rKeycurve);
-
-            queue.processRequest(thisreq);
-            Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
-            if (result != null) {
-                // sighs!  tps thinks 0 is good, and DRM thinks 1 is good
-                if (result.intValue() == 1)
-                    status = "0";
-                else
-                    status = result.toString();
-            } else
-                status = "7";
-
-            CMS.debug("processServerSideKeygen finished");
-        } // ! missingParam
-
-        String value = "";
-
-        resp.setContentType("text/html");
-
-        String wrappedPrivKeyString = "";
-        String publicKeyString = "";
-
-        if (thisreq == null) {
-            CMS.debug("GenerateKeyPairServlet::processServerSideKeyGen() - "
-                     + "thisreq is null!");
-            throw new EBaseException("thisreq is null");
-        }
-
-        publicKeyString = thisreq.getExtDataInString("public_key");
-        wrappedPrivKeyString = thisreq.getExtDataInString("wrappedUserPrivate");
-
-        String ivString = thisreq.getExtDataInString("iv_s");
-
-        /*
-          if (selectedToken == null)
-          status = "4";
-        */
-        if (!status.equals("0"))
-            value = "status=" + status;
-        else {
-            StringBuffer sb = new StringBuffer();
-            sb.append("status=0&");
-            sb.append("wrapped_priv_key=");
-            sb.append(wrappedPrivKeyString);
-            sb.append("&iv_param=");
-            sb.append(ivString);
-            sb.append("&public_key=");
-            sb.append(publicKeyString);
-            value = sb.toString();
-
-        }
-        CMS.debug("processServerSideKeyGen:outputString.encode " + value);
-
-        try {
-            resp.setContentLength(value.length());
-            CMS.debug("GenerateKeyPairServlet:outputString.length " + value.length());
-            OutputStream ooss = resp.getOutputStream();
-            ooss.write(value.getBytes());
-            ooss.flush();
-            mRenderResult = false;
-        } catch (IOException e) {
-            CMS.debug("GenerateKeyPairServlet: " + e.toString());
-        }
-    }
-
-    /*
-
-     *   For GenerateKeyPair:
-     *
-     *   input:
-     *   CUID=value0
-     *   trans-wrapped-desKey=value1
-     *
-     *   output:
-     *   status=value0
-     *   publicKey=value1
-     *   desKey-wrapped-userPrivateKey=value2
-     *   proofOfArchival=value3
-     */
-
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "execute");
-        } catch (Exception e) {
-        }
-
-        if (authzToken == null) {
-
-            try {
-                resp.setContentType("text/html");
-                String value = "unauthorized=";
-                CMS.debug("GenerateKeyPairServlet: Unauthorized");
-
-                resp.setContentLength(value.length());
-                OutputStream ooss = resp.getOutputStream();
-                ooss.write(value.getBytes());
-                ooss.flush();
-                mRenderResult = false;
-            } catch (Exception e) {
-                CMS.debug("GenerateKeyPairServlet: " + e.toString());
-            }
-
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        // begin Netkey serverSideKeyGen and archival
-        CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called");
-        processServerSideKeyGen(req, resp);
-        return;
-        // end Netkey functions
-
-    }
-
-    /**
-     * XXX remember tocheck peer SSL cert and get RA id later
-     *
-     * Serves HTTP admin request.
-     *
-     * @param req HTTP request
-     * @param resp HTTP response
-     */
-    public void service(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException {
-        super.service(req, resp);
-
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java b/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java
deleted file mode 100644
index ebcd42c14..000000000
--- a/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java
+++ /dev/null
@@ -1,327 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.connector;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IPrettyPrintFormat;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-
-/**
- * TokenKeyRecoveryServlet
- * handles "key recovery service" requests from the
- * netkey TPS
- *
- * @author Christina Fu (cfu)
- * @version $Revision$, $Date$
- */
-//XXX add auditing later
-public class TokenKeyRecoveryServlet extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -2322410659376501336L;
-    private final static String INFO = "TokenKeyRecoveryServlet";
-    public final static String PROP_AUTHORITY = "authority";
-    protected ServletConfig mConfig = null;
-    protected IAuthority mAuthority = null;
-    public static int ERROR = 1;
-    IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":");
-    protected IAuthSubsystem mAuthSubsystem = null;
-
-    /**
-     * Constructs TokenKeyRecovery servlet.
-     *
-     */
-    public TokenKeyRecoveryServlet() {
-        super();
-    }
-
-    public void init(ServletConfig config) throws ServletException {
-        super.init(config);
-        mConfig = config;
-        String authority = config.getInitParameter(PROP_AUTHORITY);
-
-        if (authority != null)
-            mAuthority = (IAuthority)
-                    CMS.getSubsystem(authority);
-
-        mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-    }
-
-    /**
-     * Returns serlvet information.
-     *
-     * @return name of this servlet
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Process the HTTP request.
-     *
-     * @param s The URL to decode
-     */
-    protected String URLdecode(String s) {
-        if (s == null)
-            return null;
-        ByteArrayOutputStream out = new ByteArrayOutputStream(s.length());
-
-        for (int i = 0; i < s.length(); i++) {
-            int c = s.charAt(i);
-
-            if (c == '+') {
-                out.write(' ');
-            } else if (c == '%') {
-                int c1 = Character.digit(s.charAt(++i), 16);
-                int c2 = Character.digit(s.charAt(++i), 16);
-
-                out.write((char) (c1 * 16 + c2));
-            } else {
-                out.write(c);
-            }
-        } // end for
-        return out.toString();
-    }
-
-    /*
-     * processTokenKeyRecovery
-     *   handles netkey key recovery requests
-     * input params are:
-     *  CUID - the CUID of the old token where the keys/certs were initially for
-     *  userid - the userid that belongs to both the old token and the new token
-     *  drm_trans_desKey - the des key generated for the NEW token
-     *                            wrapped with DRM transport key
-     *  cert - the user cert corresponding to the key to be recovered
-     *
-     * operations:
-     *  1. unwrap des key with transport key, then url decode it
-     *  2. retrieve user private key
-     *  3. wrap user priv key with des key
-     *  4. send the following to RA:
-     *      * des key wrapped(user priv key)
-     *     (note: RA should have kek-wrapped des key from TKS)
-     *      * recovery blob (used for recovery)
-     *
-     * output params are:
-     *   status=value0
-     *   publicKey=value1
-     *   desKey-wrapped-userPrivateKey=value2
-     */
-    private void processTokenKeyRecovery(HttpServletRequest req,
-            HttpServletResponse resp) throws EBaseException {
-        IRequestQueue queue = mAuthority.getRequestQueue();
-        IRequest thisreq = null;
-
-        //        IConfigStore sconfig = CMS.getConfigStore();
-        boolean missingParam = false;
-        String status = "0";
-
-        CMS.debug("processTokenKeyRecovery begins:");
-
-        String rCUID = req.getParameter("CUID");
-        String rUserid = req.getParameter("userid");
-        String rdesKeyString = req.getParameter("drm_trans_desKey");
-        String rCert = req.getParameter("cert");
-
-        if ((rCUID == null) || (rCUID.equals(""))) {
-            CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: CUID");
-            missingParam = true;
-        }
-
-        if ((rUserid == null) || (rUserid.equals(""))) {
-            CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: userid");
-            missingParam = true;
-        }
-
-        if ((rdesKeyString == null) ||
-                (rdesKeyString.equals(""))) {
-            CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: DRM-transportKey-wrapped des key");
-            missingParam = true;
-        }
-
-        if ((rCert == null) || (rCert.equals(""))) {
-            CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: cert");
-            missingParam = true;
-        }
-
-        if (!missingParam) {
-            thisreq = queue.newRequest(IRequest.NETKEY_KEYRECOVERY_REQUEST);
-
-            thisreq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_NETKEY_RA);
-            thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID);
-            thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid);
-            thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString);
-            thisreq.setExtData(IRequest.NETKEY_ATTR_USER_CERT, rCert);
-
-            //XXX auto process for netkey
-            queue.processRequest(thisreq);
-            //	    IService svc = (IService) new TokenKeyRecoveryService(kra);
-            //	    svc.serviceRequest(thisreq);
-
-            Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
-            if (result != null) {
-                // sighs!  tps thinks 0 is good, and drm thinks 1 is good
-                if (result.intValue() == 1)
-                    status = "0";
-                else
-                    status = result.toString();
-            } else
-                status = "7";
-
-            CMS.debug("processTokenKeyRecovery finished");
-        } // ! missingParam
-
-        String value = "";
-
-        resp.setContentType("text/html");
-
-        String wrappedPrivKeyString = "";
-        String publicKeyString = "";
-        String ivString = "";
-        /* if is RECOVERY_PROTOTYPE
-            String recoveryBlobString = "";
-
-            IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord");
-            byte publicKey_b[] = kr.getPublicKeyData();
-
-            BigInteger serialNo = kr.getSerialNumber();
-
-            String serialNumberString =
-                com.netscape.cmsutil.util.Utils.SpecialEncode(serialNo.toByteArray());
-
-            recoveryBlobString = (String)
-                thisreq.get("recoveryBlob");
-        */
-
-        if (thisreq == null) {
-            CMS.debug("TokenKeyRecoveryServlet::processTokenKeyRecovery() - "
-                     + "thisreq is null!");
-            throw new EBaseException("thisreq is null");
-        }
-
-        publicKeyString = thisreq.getExtDataInString("public_key");
-        wrappedPrivKeyString = thisreq.getExtDataInString("wrappedUserPrivate");
-
-        ivString = thisreq.getExtDataInString("iv_s");
-        /*
-          if (selectedToken == null)
-          status = "4";
-        */
-        if (!status.equals("0"))
-            value = "status=" + status;
-        else {
-            StringBuffer sb = new StringBuffer();
-            sb.append("status=0&");
-            sb.append("wrapped_priv_key=");
-            sb.append(wrappedPrivKeyString);
-            sb.append("&public_key=");
-            sb.append(publicKeyString);
-            sb.append("&iv_param=");
-            sb.append(ivString);
-            value = sb.toString();
-
-        }
-        CMS.debug("ProcessTokenKeyRecovery:outputString.encode " + value);
-
-        try {
-            resp.setContentLength(value.length());
-            CMS.debug("TokenKeyRecoveryServlet:outputString.length " + value.length());
-            OutputStream ooss = resp.getOutputStream();
-            ooss.write(value.getBytes());
-            ooss.flush();
-            mRenderResult = false;
-        } catch (IOException e) {
-            CMS.debug("TokenKeyRecoveryServlet: " + e.toString());
-        }
-    }
-
-    /*
-     *   For TokenKeyRecovery
-     *
-     *   input:
-     *   CUID=value0
-     *   trans-wrapped-desKey=value1
-     *
-     *   output:
-     *   status=value0
-     *   publicKey=value1
-     *   desKey-wrapped-userPrivateKey=value2
-     *   proofOfArchival=value3
-     */
-
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "submit");
-        } catch (Exception e) {
-        }
-
-        if (authzToken == null) {
-
-            try {
-                resp.setContentType("text/html");
-                String value = "unauthorized=";
-                CMS.debug("TokenKeyRecoveryServlet: Unauthorized");
-
-                resp.setContentLength(value.length());
-                OutputStream ooss = resp.getOutputStream();
-                ooss.write(value.getBytes());
-                ooss.flush();
-                mRenderResult = false;
-            } catch (Exception e) {
-                CMS.debug("TokenKeyRecoveryServlet: " + e.toString());
-            }
-
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        // begin Netkey serverSideKeyGen and archival
-        CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called");
-        processTokenKeyRecovery(req, resp);
-        return;
-        // end Netkey functions
-
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
deleted file mode 100644
index 579c54df0..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
+++ /dev/null
@@ -1,332 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.context.Context;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.certsrv.util.HttpInput;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-
-public class AdminPanel extends WizardPanelBase {
-
-    private static final String ADMIN_UID = "admin";
-
-    public AdminPanel() {
-    }
-
-    /**
-     * Initializes this panel.
-     */
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Administrator");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) {
-        setPanelNo(panelno);
-        setName("Administrator");
-        setId(id);
-    }
-
-    public void cleanUp() throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        cs.putString("preop.admin.email", "");
-    }
-
-    public boolean isPanelDone() {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            String s = cs.getString("preop.admin.email", "");
-            if (s == null || s.equals("")) {
-                return false;
-            } else {
-                return true;
-            }
-        } catch (Exception e) {
-        }
-
-        return false;
-    }
-
-    public PropertySet getUsage() {
-        PropertySet set = new PropertySet();
-
-        Descriptor emailDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
-                null, /* no default parameter */
-                "Email address for an administrator");
-
-        set.add("admin_email", emailDesc);
-
-        Descriptor pwdDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
-                null, /* no default parameter */
-                "Administrator's password");
-
-        set.add("pwd", pwdDesc);
-
-        Descriptor pwdAgainDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
-                null, /* no default parameter */
-                "Administrator's password again");
-
-        set.add("admin_password_again", pwdAgainDesc);
-        return set;
-    }
-
-    /**
-     * Display the panel.
-     */
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        CMS.debug("AdminPanel: display");
-
-        IConfigStore cs = CMS.getConfigStore();
-        String session_id = request.getParameter("session_id");
-        if (session_id != null) {
-            CMS.debug("NamePanel setting session id.");
-            CMS.setConfigSDSessionId(session_id);
-        }
-
-        String type = "";
-        String info = "";
-        context.put("import", "true");
-
-        try {
-            type = cs.getString("preop.ca.type", "");
-        } catch (Exception e) {
-        }
-
-        if (isPanelDone()) {
-            try {
-                context.put("admin_email", cs.getString("preop.admin.email"));
-                context.put("admin_name", cs.getString("preop.admin.name"));
-                context.put("admin_pwd", "");
-                context.put("admin_pwd_again", "");
-                context.put("admin_uid", cs.getString("preop.admin.uid"));
-            } catch (Exception e) {
-            }
-        } else {
-            String def_admin_name = "";
-            try {
-                def_admin_name = cs.getString("cs.type") + " Administrator of Instance " + cs.getString("instanceId");
-            } catch (EBaseException e) {
-            }
-            context.put("admin_name", def_admin_name);
-            context.put("admin_email", "");
-            context.put("admin_pwd", "");
-            context.put("admin_pwd_again", "");
-            context.put("admin_uid", ADMIN_UID);
-        }
-        ISubsystem ca = CMS.getSubsystem("ca");
-
-        if (ca == null) {
-            context.put("ca", "false");
-        } else {
-            context.put("ca", "true");
-        }
-        context.put("caType", type);
-
-        String domainname = "";
-        try {
-            domainname = cs.getString("securitydomain.name", "");
-        } catch (EBaseException e1) {
-        }
-        context.put("securityDomain", domainname);
-        context.put("title", "Administrator");
-        context.put("panel", "admin/console/config/adminpanel.vm");
-        context.put("errorString", "");
-        context.put("info", info);
-
-    }
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-        String pwd = HttpInput.getPassword(request, "__pwd");
-        String pwd_again = HttpInput.getPassword(request, "__admin_password_again");
-        String email = HttpInput.getEmail(request, "email");
-        String name = HttpInput.getName(request, "name");
-        String uid = HttpInput.getUID(request, "uid");
-        context.put("admin_email", email);
-        context.put("admin_name", name);
-        context.put("admin_pwd", pwd);
-        context.put("admin_pwd_again", pwd_again);
-        context.put("import", "true");
-
-        if (name == null || name.equals("")) {
-            context.put("updateStatus", "validate-failure");
-            throw new IOException("Name is empty");
-        }
-
-        if (email == null || email.equals("")) {
-            context.put("updateStatus", "validate-failure");
-            throw new IOException("Email is empty");
-        }
-
-        if (uid == null || uid.equals("")) {
-            context.put("updateStatus", "validate-failure");
-            throw new IOException("Uid is empty");
-        }
-
-        if (!pwd.equals(pwd_again)) {
-            context.put("updateStatus", "validate-failure");
-            throw new IOException("Password and password again are not the same.");
-        }
-
-        if (email == null || email.length() == 0) {
-            context.put("updateStatus", "validate-failure");
-            throw new IOException("Email address is empty string.");
-        }
-    }
-
-    /**
-     * Commit parameter changes
-     */
-    public void update(HttpServletRequest request, HttpServletResponse response, Context context) throws IOException {
-        IConfigStore config = CMS.getConfigStore();
-        context.put("info", "");
-        context.put("import", "true");
-
-        String uid = HttpInput.getUID(request, "uid");
-        String email = HttpInput.getEmail(request, "email");
-        String name = HttpInput.getName(request, "name");
-        String pwd = HttpInput.getPassword(request, "__pwd");
-        String cert_request_type = HttpInput.getID(request, "cert_request_type");
-        String subject = request.getParameter("subject");
-        String cert_request = HttpInput.getCertRequest(request, "cert_request");
-        String profileId = HttpInput.getID(request, "profileId");
-
-        try {
-            String type = config.getString(PRE_CA_TYPE, "");
-            String subsystemtype = config.getString("cs.type", "");
-            String selected_hierarchy = config.getString("preop.hierarchy.select", "");
-
-            ISubsystem ca = CMS.getSubsystem("ca");
-
-            if (ca == null) {
-                context.put("ca", "false");
-            } else {
-                context.put("ca", "true");
-            }
-            context.put("caType", type);
-
-            config.putString("preop.admin.uid", uid);
-            config.putString("preop.admin.email", email);
-            config.putString("preop.admin.name", name);
-            ConfigurationUtils.createAdmin(uid, email, name, pwd);
-
-            if (ca != null) {
-                if (selected_hierarchy.equals("root")) {
-                    CMS.debug("AdminPanel update:  " + "Root CA subsystem");
-                } else {
-                    CMS.debug("AdminPanel update:  " + "Subordinate CA subsystem");
-                }
-
-                ConfigurationUtils.createAdminCertificate(cert_request,
-                        cert_request_type, subject);
-            } else {
-                String ca_hostname = null;
-                int ca_port = -1;
-
-                CMS.debug("AdminPanel update:  " + subsystemtype + " subsystem");
-
-                if (type.equals("sdca")) {
-                    ca_hostname = config.getString("preop.ca.hostname");
-                    ca_port = config.getInteger("preop.ca.httpsport");
-                } else {
-                    ca_hostname = config.getString("securitydomain.host", "");
-                    ca_port = config.getInteger("securitydomain.httpseeport");
-                }
-
-                ConfigurationUtils.submitAdminCertRequest(ca_hostname, ca_port,
-                        profileId, cert_request_type, cert_request, subject);
-            }
-
-            CMS.reinit(IUGSubsystem.ID);
-            config.commit(false);
-        } catch (Exception e) {
-            CMS.debug("AdminPanel update(): Exception thrown " + e);
-            e.printStackTrace();
-            context.put("updateStatus", "failure");
-            throw new IOException("Error when adding admin user" + e);
-        }
-
-        context.put("updateStatus", "success");
-    }
-
-    /**
-     * If validate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-
-        context.put("title", "Administrator");
-        context.put("panel", "admin/console/config/adminpanel.vm");
-        ISubsystem ca = CMS.getSubsystem("ca");
-        IConfigStore cs = CMS.getConfigStore();
-        String type = "";
-        String info = "";
-
-        try {
-            type = cs.getString("preop.ca.type", "");
-        } catch (Exception e) {
-        }
-        if (ca == null && type.equals("otherca")) {
-            info =
-                    "Since you do not join the Redhat CA network, the administrator's certificate will not be generated automatically.";
-        }
-        context.put("info", info);
-        context.put("admin_email", request.getParameter("email"));
-        context.put("admin_name", request.getParameter("name"));
-        context.put("admin_pwd", "");
-        context.put("admin_pwd_again", "");
-        context.put("admin_uid", request.getParameter("uid"));
-    }
-
-    public boolean shouldSkip() {
-        try {
-            IConfigStore c = CMS.getConfigStore();
-            String s = c.getString("preop.subsystem.select", null);
-            if (s != null && s.equals("clone")) {
-                return true;
-            }
-        } catch (EBaseException e) {
-        }
-
-        return false;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/AuthDBPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/AuthDBPanel.java
deleted file mode 100644
index f7ee25dfe..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/AuthDBPanel.java
+++ /dev/null
@@ -1,125 +0,0 @@
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.context.Context;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.util.HttpInput;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-
-public class AuthDBPanel extends WizardPanelBase {
-
-    public AuthDBPanel() {
-    }
-
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Authentication Directory");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Authentication Directory");
-        setId(id);
-    }
-
-    public boolean shouldSkip() {
-        return false;
-    }
-
-    public void cleanUp() throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        cs.putString("preop.authdb.select", "");
-    }
-
-    public boolean isPanelDone() {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            String s = cs.getString("preop.authdb.select", "");
-            if (s != null && !s.isEmpty()) {
-                return true;
-            }
-        } catch (EBaseException e) {
-        }
-        return false;
-    }
-
-    public PropertySet getUsage() {
-        PropertySet set = new PropertySet();
-        return set;
-    }
-
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        context.put("title", "Authentication Directory");
-        context.put("panel", "admin/console/config/authdbpanel.vm");
-        IConfigStore config = CMS.getConfigStore();
-
-        String basedn="";
-        String host="";
-        String port="";
-        String secureConn="";
-        try {
-            String machineName = config.getString("service.machineName");
-            basedn = config.getString("auths.instance.ldap1.ldap.basedn");
-
-            if (basedn.contains("[")) {
-                // basedn not yet set
-                basedn = machineName.replaceAll("\\.", ",dc=");
-                basedn = "dc=" + basedn;
-            }
-
-            host = config.getString("auths.instance.ldap1.ldap.ldapconn.host", "localhost");
-            port = config.getString("auths.instance.ldap1.ldap.ldapconn.port","389");
-            secureConn = config.getString("auths.instance.ldap1.ldap.ldapconn.secureConn", "false");
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            CMS.debug("Unable to get host, port, secureConn:" + e);
-        }
-
-        context.put("hostname", host);
-        context.put("portStr", port);
-        context.put("basedn", basedn);
-        context.put("secureconn", secureConn);
-        context.put("errorString", "");
-    }
-
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-    }
-
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-
-        String host = HttpInput.getHostname(request, "host");
-        String port = HttpInput.getPortNumber(request, "port");
-        String basedn = HttpInput.getString(request,"basedn");
-        String secureConn = HttpInput.getString(request, "secureConn");
-
-        if (secureConn == null || (!secureConn.equalsIgnoreCase("true"))) {
-            secureConn = "false";
-        }
-        ConfigurationUtils.updateAuthdbInfo(basedn, host, port, secureConn);
-        context.put("updateStatus", "success");
-    }
-
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java
deleted file mode 100644
index 6700b9312..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java
+++ /dev/null
@@ -1,192 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.context.Context;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.util.HttpInput;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-
-public class AuthenticatePanel extends WizardPanelBase {
-
-    public AuthenticatePanel() {
-    }
-
-    /**
-     * Initializes this panel.
-     */
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Authentication");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Authentication");
-        setId(id);
-    }
-
-    public void cleanUp() throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        cs.putString("preop.ca.agent.uid", "");
-    }
-
-    public boolean isPanelDone() {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            String s = cs.getString("preop.ca.agent.uid", "");
-            if (s == null || s.equals("")) {
-                return false;
-            } else {
-                return true;
-            }
-        } catch (EBaseException e) {
-        }
-        return false;
-    }
-
-    public PropertySet getUsage() {
-        PropertySet set = new PropertySet();
-
-        /* XXX */
-
-        return set;
-    }
-
-    /**
-     * Display the panel.
-     */
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        context.put("title", "Authentication");
-        IConfigStore config = CMS.getConfigStore();
-
-        if (isPanelDone()) {
-
-            try {
-                String s = config.getString("preop.ca.agent.uid", "");
-                String type = config.getString("preop.hierarchy.select", "");
-                if (type.equals("root"))
-                    context.put("uid", "");
-                else
-                    context.put("uid", s);
-            } catch (Exception e) {
-                CMS.debug(e.toString());
-            }
-        } else {
-            context.put("uid", "");
-        }
-
-        context.put("password", "");
-        context.put("panel", "admin/console/config/authenticatepanel.vm");
-        context.put("errorString", "");
-    }
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-    }
-
-    /**
-     * Commit parameter changes
-     */
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-        IConfigStore config = CMS.getConfigStore();
-        String type = "";
-        String catype = "";
-        try {
-            type = config.getString("preop.hierarchy.select", "");
-            catype = config.getString("preop.ca.type", "");
-        } catch (Exception e) {
-        }
-
-        if (type.equals("root")) {
-            CMS.debug("AuthenticatePanel: This is root, no need for authentication");
-        } else if (catype.equals("sdca")) {
-            CMS.debug("AuthenticatePanel: This is not external CA");
-            String uid = HttpInput.getUID(request, "uid");
-            if (uid == null) {
-                context.put("errorString", "Uid is empty");
-                throw new IOException("Uid is empty");
-            }
-            context.put("uid", uid);
-            String pwd = HttpInput.getPassword(request, "__password");
-            config.putString("preop.ca.agent.uid", uid);
-            config.putString("preop.ca.agent.pwd", pwd);
-            String host = "";
-            int httpsport = -1;
-            try {
-                host = config.getString("preop.ca.hostname");
-            } catch (Exception e) {
-                CMS.debug("AuthenticatePanel update: " + e.toString());
-                context.put("errorString", "Missing hostname");
-                throw new IOException("Missing hostname");
-            }
-
-            try {
-                httpsport = config.getInteger("preop.ca.httpsport");
-            } catch (Exception e) {
-                CMS.debug("AuthenticatePanel update: " + e.toString());
-                context.put("errorString", "Missing port");
-                throw new IOException("Missing port");
-            }
-
-            boolean authenticated = authenticate(host, httpsport, true,
-                    "/ca/ee/ca/configSubsystem", "uid=" + uid + "&pwd=" + pwd);
-
-            if (!authenticated) {
-                context.put("errorString", "Wrong user id or password");
-                throw new IOException("Wrong user id or password");
-            }
-
-            try {
-                config.commit(false);
-            } catch (EBaseException e) {
-            }
-        }
-    }
-
-    /**
-     * If validiate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        context.put("password", "");
-        context.put("panel", "admin/console/config/authenticatepanel.vm");
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
deleted file mode 100644
index f29b22ae7..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
+++ /dev/null
@@ -1,215 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.context.Context;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.util.HttpInput;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-
-public class BackupKeyCertPanel extends WizardPanelBase {
-
-    public BackupKeyCertPanel() {
-    }
-
-    /**
-     * Initializes this panel.
-     */
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Export Keys and Certificates");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Export Keys and Certificates");
-        setId(id);
-    }
-
-    public void cleanUp() throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        /* clean up if necessary */
-        try {
-            @SuppressWarnings("unused")
-            boolean done = cs.getBoolean("preop.backupkeycert.done"); // check for errors
-            cs.putBoolean("preop.backupkeycert.done", false);
-            cs.commit(false);
-        } catch (Exception e) {
-        }
-    }
-
-    public boolean shouldSkip() {
-        IConfigStore cs = CMS.getConfigStore();
-
-        try {
-            String s = cs.getString("preop.module.token", "");
-            if (s.equals("Internal Key Storage Token"))
-                return false;
-        } catch (Exception e) {
-        }
-
-        return true;
-    }
-
-    public boolean isPanelDone() {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            String s = cs.getString("preop.backupkeycert.done", "");
-            if (s == null || s.equals("")) {
-                return false;
-            } else {
-                return true;
-            }
-        } catch (EBaseException e) {
-        }
-        return false;
-    }
-
-    public PropertySet getUsage() {
-        PropertySet set = new PropertySet();
-
-        /* XXX */
-
-        return set;
-    }
-
-    /**
-     * Display the panel.
-     */
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        context.put("title", "Export Keys and Certificates");
-        IConfigStore config = CMS.getConfigStore();
-
-        if (isPanelDone()) {
-            try {
-                boolean enable = config.getBoolean("preop.backupkeys.enable");
-                if (enable) {
-                    context.put("dobackup", "checked");
-                    context.put("nobackup", "");
-                } else {
-                    context.put("dobackup", "");
-                    context.put("nobackup", "checked");
-                }
-            } catch (Exception e) {
-            }
-        } else {
-            context.put("dobackup", "");
-            context.put("nobackup", "checked");
-        }
-
-        context.put("panel", "admin/console/config/backupkeycertpanel.vm");
-        context.put("pwd", "");
-        context.put("pwdagain", "");
-        context.put("errorString", "");
-    }
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response, Context context) throws IOException {
-        String select = HttpInput.getID(request, "choice");
-        if (select.equals("backupkey")) {
-            String pwd = request.getParameter("__pwd");
-            String pwdAgain = request.getParameter("__pwdagain");
-            if (pwd == null || pwdAgain == null || pwd.equals("") || pwdAgain.equals("")) {
-                CMS.debug("BackupKeyCertPanel validate: Password is null");
-                context.put("updateStatus", "validate-failure");
-                throw new IOException("PK12 password is empty.");
-            }
-
-            if (!pwd.equals(pwdAgain)) {
-                CMS.debug("BackupKeyCertPanel validate: Password and password again are not the same.");
-                context.put("updateStatus", "validate-failure");
-                throw new IOException("PK12 password is different from the PK12 password again.");
-            }
-        }
-    }
-
-    /**
-     * Commit parameter changes
-     */
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-        IConfigStore config = CMS.getConfigStore();
-
-        try {
-            String select = HttpInput.getID(request, "choice");
-            String pwd = request.getParameter("__pwd");
-            if (select.equals("backupkey")) {
-                CMS.debug("BackupKeyCertPanel update: backup");
-                config.putBoolean("preop.backupkeys.enable", true);
-                ConfigurationUtils.backupKeys(pwd, null);
-            } else {
-                CMS.debug("BackupKeyCertPanel update: no backup");
-                config.putBoolean("preop.backupkeys.enable", false);
-            }
-
-            config.putBoolean("preop.backupkeycert.done", true);
-                config.commit(false);
-        } catch (Exception e) {
-            CMS.debug("BackupKeyertPanel: update(): Exception thrown " + e);
-            e.printStackTrace();
-            context.put("updateStatus", "failure");
-            throw new IOException(e);
-        }
-        context.put("updateStatus", "success");
-    }
-
-    /**
-     * If validiate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        String select = "";
-        try {
-            select = HttpInput.getID(request, "choice");
-        } catch (Exception e) {
-        }
-
-        if (select.equals("backupkey")) {
-            context.put("dobackup", "checked");
-            context.put("nobackup", "");
-        } else {
-            context.put("dobackup", "");
-            context.put("nobackup", "checked");
-        }
-
-        context.put("pwd", "");
-        context.put("pwdagain", "");
-        context.put("title", "Export Keys and Certificates");
-        context.put("panel", "admin/console/config/backupkeycertpanel.vm");
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java b/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
deleted file mode 100644
index 3b3ae4033..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
+++ /dev/null
@@ -1,121 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.util.Enumeration;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.Template;
-import org.apache.velocity.context.Context;
-import org.apache.velocity.servlet.VelocityServlet;
-
-import com.netscape.certsrv.apps.CMS;
-
-@SuppressWarnings("deprecation")
-public class BaseServlet extends VelocityServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 3169697149104780149L;
-
-    /**
-     * Returns usage of this servlet.
-     */
-    public String getUsage() {
-        return null;
-    }
-
-    public boolean authenticate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        String pin = (String) request.getSession().getAttribute("pin");
-
-        if (pin == null) {
-            try {
-                response.sendRedirect("login");
-            } catch (IOException e) {
-            }
-            return false;
-        }
-        return true;
-    }
-
-    public void outputHttpParameters(HttpServletRequest httpReq) {
-        CMS.debug("BaseServlet:service() uri = " + httpReq.getRequestURI());
-        Enumeration<String> paramNames = httpReq.getParameterNames();
-
-        while (paramNames.hasMoreElements()) {
-            String pn = paramNames.nextElement();
-            // added this facility so that password can be hidden,
-            // all sensitive parameters should be prefixed with
-            // __ (double underscores); however, in the event that
-            // a security parameter slips through, we perform multiple
-            // additional checks to insure that it is NOT displayed
-            if (pn.startsWith("__") ||
-                    pn.endsWith("password") ||
-                    pn.endsWith("passwd") ||
-                    pn.endsWith("pwd") ||
-                    pn.equalsIgnoreCase("admin_password_again") ||
-                    pn.equalsIgnoreCase("directoryManagerPwd") ||
-                    pn.equalsIgnoreCase("bindpassword") ||
-                    pn.equalsIgnoreCase("bindpwd") ||
-                    pn.equalsIgnoreCase("passwd") ||
-                    pn.equalsIgnoreCase("password") ||
-                    pn.equalsIgnoreCase("pin") ||
-                    pn.equalsIgnoreCase("pwd") ||
-                    pn.equalsIgnoreCase("pwdagain") ||
-                    pn.equalsIgnoreCase("uPasswd")) {
-                CMS.debug("BaseServlet::service() param name='" + pn +
-                         "' value='(sensitive)'");
-            } else {
-                CMS.debug("BaseServlet::service() param name='" + pn +
-                         "' value='" + httpReq.getParameter(pn) + "'");
-            }
-        }
-    }
-
-    /**
-     * Processes request.
-     */
-    public Template process(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        return null;
-    }
-
-    public Template handleRequest(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        if (CMS.debugOn()) {
-            outputHttpParameters(request);
-        }
-
-        /* XXX - authentication */
-        if (!authenticate(request, response, context)) {
-            return null;
-        }
-
-        /* XXX - authorization */
-
-        return process(request, response, context);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
deleted file mode 100644
index 72bffc767..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
+++ /dev/null
@@ -1,166 +0,0 @@
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.security.cert.CertificateException;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.velocity.context.Context;
-import org.mozilla.jss.CryptoManager.NotInitializedException;
-import org.mozilla.jss.crypto.TokenException;
-import org.xml.sax.SAXException;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.util.HttpInput;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-
-public class CAInfoPanel extends WizardPanelBase {
-
-    public CAInfoPanel() {
-    }
-
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("CA Information");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("CA Information");
-        setId(id);
-    }
-
-    public boolean shouldSkip() {
-        return false;
-    }
-
-    public void cleanUp() throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        cs.putString("preop.cainfo.select", "");
-    }
-
-    public boolean isPanelDone() {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            String s = cs.getString("preop.cainfo.select", "");
-            if (s != null && !s.isEmpty()) {
-                return true;
-            }
-        } catch (EBaseException e) {
-        }
-        return false;
-    }
-
-    public PropertySet getUsage() {
-        return new PropertySet();
-    }
-
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        String errorString = "";
-        context.put("title", "CA Information");
-        context.put("panel", "admin/console/config/cainfopanel.vm");
-        IConfigStore config = CMS.getConfigStore();
-
-        if (isPanelDone()) {
-            // TODO - put the selected URL in selection box.
-            // String s = config.getString("preop.cainfo.select");
-        }
-
-        // get CA URLs
-        Vector<String> v;
-        try {
-            v = null;
-            v = ConfigurationUtils.getUrlListFromSecurityDomain(config, "CA", "SecurePort");
-            if (v == null) {
-                errorString = "No CA found.  CA, TKS and optionally DRM " +
-                              " must be installed prior to TPS installation";
-                context.put("errorString", errorString);
-                context.put("preop.cainfo.errorString", errorString);
-                return;
-            }
-
-            config.putString("preop.ca.list", StringUtils.join(v,","));
-            config.commit(false);
-        } catch (EBaseException | IOException | SAXException | ParserConfigurationException e) {
-            e.printStackTrace();
-            errorString = "Failed to get CA information from security domain. " + e;
-            context.put("errorString", errorString);
-            context.put("preop.cainfo.errorString", errorString);
-            return;
-        }
-
-        context.put("urls", v);
-        context.put("urls_size", v.size());
-        context.put("errorString", "");
-        context.put("preop.cainfo.errorString", "");
-    }
-
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-    }
-
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-        IConfigStore config = CMS.getConfigStore();
-        String subsystemNick;
-        try {
-            subsystemNick = config.getString("preop.cert.subsystem.nickname");
-        } catch (EBaseException e1) {
-            e1.printStackTrace();
-            throw new IOException("Failed to get subsystem certificate nickname");
-        }
-
-        String url = HttpInput.getString(request, "urls");
-        URI caUri = null;
-        String parsedURI = url.substring(url.lastIndexOf("http"));
-        try {
-            caUri = new URI(parsedURI);
-        } catch (URISyntaxException e) {
-            throw new IOException("Invalid URI " + parsedURI);
-        }
-        ConfigurationUtils.updateCAConnInfo(caUri, subsystemNick);
-
-        String host = caUri.getHost();
-        int port = caUri.getPort();
-
-        // Note -
-        // list contains EE port. If admin port is different, it needs to
-        // be obtained from security domain and used to get the cert chain
-
-        /* int admin_port = ConfigurationUtils.getPortFromSecurityDomain(domainXML,
-                host, port, "CA", "SecurePort", "SecureAdminPort");
-        */
-
-        try {
-            ConfigurationUtils.importCertChain(host, port, "/ca/admin/ca/getCertChain", "ca");
-        } catch (CertificateException | SAXException | ParserConfigurationException
-                | NotInitializedException | TokenException | EBaseException e) {
-            e.printStackTrace();
-            throw new IOException("Failed to import certificate chain from CA");
-        }
-
-        context.put("updateStatus", "success");
-    }
-
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java b/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java
deleted file mode 100644
index 066f9dea1..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java
+++ /dev/null
@@ -1,188 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-public class Cert {
-    private String mNickname = "";
-    private String mTokenname = "";
-    private String mRequest = "";
-    private String mCert = "";
-    private String mType = ""; // "selfsign," "local," or "remote"
-    private String mDN = "";
-    private String mCertTag = "";
-    private String mCertpp = "";
-    private String mUserFriendlyName = "";
-    private String mKeyOption = "";
-    private String mCustomKeysize = "";
-    private String mCustomCurvename = "";
-    private boolean mEnable = true;
-    private boolean mSigningRequired = false;
-    private String mSubsystem = "";
-    private String certChain = "";
-
-    public Cert(String tokenName, String nickName, String certTag) {
-        mTokenname = tokenName;
-        mNickname = nickName;
-        mCertTag = certTag;
-    }
-
-    public void setEnable(boolean enable) {
-        mEnable = enable;
-    }
-
-    public boolean isEnable() {
-        return mEnable;
-    }
-
-    public void setSigningRequired(boolean required) {
-        mSigningRequired = required;
-    }
-
-    public boolean isSigningRequired() {
-        return mSigningRequired;
-    }
-
-    public void setNickname(String s) {
-        mNickname = s;
-    }
-
-    public String getNickname() {
-        return mNickname;
-    }
-
-    public void setSubsystem(String s) {
-        mSubsystem = s;
-    }
-
-    public String getSubsystem() {
-        return mSubsystem;
-    }
-
-    public String getUserFriendlyName() {
-        return mUserFriendlyName;
-    }
-
-    public void setUserFriendlyName(String name) {
-        mUserFriendlyName = name;
-    }
-
-    public String getTokenname() {
-        return mTokenname;
-    }
-
-    public String getRequest() {
-        return mRequest;
-    }
-
-    public void setRequest(String req) {
-        mRequest = req;
-    }
-
-    public String getEscapedCert() {
-        return escapeForHTML(mCert);
-    }
-
-    public String getCert() {
-        return mCert;
-    }
-
-    public void setCert(String cert) {
-        mCert = cert;
-    }
-
-    public String getType() {
-        return mType;
-    }
-
-    public void setType(String type) {
-        mType = type;
-    }
-
-    public String escapeForHTML(String s) {
-        s = s.replaceAll("\"", "&quot;");
-        return s;
-    }
-
-    public String getEscapedDN() {
-        // Need to escape "
-        return escapeForHTML(mDN);
-    }
-
-    public String getDN() {
-        return mDN;
-    }
-
-    public void setDN(String dn) {
-        mDN = dn;
-    }
-
-    public String getCertTag() {
-        return mCertTag;
-    }
-
-    public String getEscapedCertpp() {
-        return escapeForHTML(mCertpp);
-    }
-
-    public String getCertpp() {
-        return mCertpp;
-    }
-
-    public void setCertpp(String pp) {
-        mCertpp = pp;
-    }
-
-    public String getKeyOption() {
-        return mKeyOption;
-    }
-
-    /*
-     * "default" or "custom"
-     */
-    public void setKeyOption(String option) {
-        mKeyOption = option;
-    }
-
-    public boolean useDefaultKey() {
-        return (mKeyOption.equals("default"));
-    }
-
-    public String getCustomKeysize() {
-        return mCustomKeysize;
-    }
-
-    public void setCustomKeysize(String size) {
-        mCustomKeysize = size;
-    }
-
-    public String getCustomCurvename() {
-        return mCustomCurvename;
-    }
-
-    public void setCustomCurvename(String curve) {
-        mCustomCurvename = curve;
-    }
-
-    public String getCertChain() {
-        return certChain;
-    }
-
-    public void setCertChain(String certChain) {
-        this.certChain = certChain;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
deleted file mode 100644
index 81c6e5ca3..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
+++ /dev/null
@@ -1,375 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.util.CertPrettyPrint;
-
-import org.apache.velocity.context.Context;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.util.HttpInput;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-import com.netscape.cmsutil.crypto.CryptoUtil;
-
-public class CertRequestPanel extends WizardPanelBase {
-    private Vector<Cert> mCerts = null;
-
-    @SuppressWarnings("unused")
-    private WizardServlet mServlet;
-
-    public CertRequestPanel() {
-    }
-
-    /**
-     * Initializes this panel.
-     */
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Requests & Certificates");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Requests and Certificates");
-        mServlet = servlet;
-        setId(id);
-    }
-
-    // XXX how do you do this?  There could be multiple certs.
-    public PropertySet getUsage() {
-        PropertySet set = new PropertySet();
-
-        Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
-                null, /* no default parameters */
-                null);
-
-        set.add("cert", certDesc);
-
-        return set;
-    }
-
-    /**
-     * Show "Apply" button on frame?
-     */
-    public boolean showApplyButton() {
-        if (isPanelDone())
-            return false;
-        else
-            return true;
-    }
-
-    public void cleanUp() throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        String list = "";
-        String tokenname = "";
-        try {
-            list = cs.getString("preop.cert.list", "");
-            tokenname = cs.getString("preop.module.token", "");
-        } catch (Exception e) {
-        }
-
-        ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(
-                ICertificateAuthority.ID);
-
-        if (ca != null) {
-            CMS.debug("CertRequestPanel cleanup: get certificate repository");
-            BigInteger beginS = null;
-            BigInteger endS = null;
-            String beginNum = "";
-            String endNum = "";
-            try {
-                beginNum = cs.getString("dbs.beginSerialNumber", "");
-                endNum = cs.getString("dbs.endSerialNumber", "");
-                if (!beginNum.equals(""))
-                    beginS = new BigInteger(beginNum, 16);
-                if (!endNum.equals(""))
-                    endS = new BigInteger(endNum, 16);
-            } catch (Exception e) {
-            }
-
-            ICertificateRepository cr = ca.getCertificateRepository();
-            if (cr != null) {
-                try {
-                    cr.removeCertRecords(beginS, endS);
-                } catch (Exception e) {
-                    CMS.debug("CertRequestPanel cleanUp exception in removing all objects: " + e.toString());
-                }
-
-                try {
-                    cr.resetSerialNumber(new BigInteger(beginNum, 16));
-                } catch (Exception e) {
-                    CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: " + e.toString());
-                }
-            }
-        }
-
-        StringTokenizer st = new StringTokenizer(list, ",");
-        String nickname = "";
-        boolean enable = false;
-        while (st.hasMoreTokens()) {
-            String t = st.nextToken();
-
-            try {
-                enable = cs.getBoolean(PCERT_PREFIX + t + ".enable", true);
-                nickname = cs.getString(PCERT_PREFIX + t + ".nickname", "");
-            } catch (Exception e) {
-            }
-
-            if (!enable)
-                continue;
-
-            if (t.equals("sslserver"))
-                continue;
-
-            try {
-                if (ConfigurationUtils.findCertificate(tokenname, nickname)) {
-                    CMS.debug("CertRequestPanel cleanup: deleting certificate (" + nickname + ").");
-                    ConfigurationUtils.deleteCert(tokenname, nickname);
-                }
-            } catch (Exception e) {
-                CMS.debug("CertRequestPanel cleanup: failed to delete certificate ("
-                        + nickname + "). Exception: " + e.toString());
-            }
-        }
-
-        try {
-            @SuppressWarnings("unused")
-            boolean done = cs.getBoolean("preop.CertRequestPanel.done"); // check for errors
-            cs.putBoolean("preop.CertRequestPanel.done", false);
-            cs.commit(false);
-        } catch (Exception e) {
-        }
-    }
-
-    public boolean isPanelDone() {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            boolean s = cs.getBoolean("preop.CertRequestPanel.done",
-                    false);
-
-            if (s != true) {
-                return false;
-            } else {
-                return true;
-            }
-        } catch (EBaseException e) {
-        }
-
-        return false;
-    }
-
-    public void getCert(IConfigStore config,
-            Context context, String certTag, Cert cert) {
-        try {
-
-            String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem");
-            String certs = config.getString(subsystem + "." + certTag + ".cert", "");
-
-            if (cert != null) {
-                String certf = certs;
-
-                CMS.debug("CertRequestPanel getCert: certTag=" + certTag + " cert=" + certs);
-
-                //get and set formated cert
-                if (!certs.startsWith("...")) {
-                    certf = CryptoUtil.certFormat(certs);
-                }
-                cert.setCert(certf);
-
-                //get and set cert pretty print
-                byte[] certb = CryptoUtil.base64Decode(certs);
-                CertPrettyPrint pp = new CertPrettyPrint(certb);
-                cert.setCertpp(pp.toString(Locale.getDefault()));
-            } else {
-                CMS.debug("CertRequestPanel::getCert() - cert is null!");
-                return;
-            }
-            String userfriendlyname = config.getString(
-                    PCERT_PREFIX + certTag + ".userfriendlyname");
-
-            cert.setUserFriendlyName(userfriendlyname);
-            String type = config.getString(PCERT_PREFIX + certTag + ".type");
-
-            cert.setType(type);
-            String dn = config.getString(PCERT_PREFIX + certTag + ".dn");
-
-            cert.setDN(dn);
-        } catch (Exception e) {
-            CMS.debug("CertRequestPanel:getCert" + e.toString());
-        } // try
-    }
-
-    /**
-     * Display the panel.
-     */
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-
-        CMS.debug("CertRequestPanel: display()");
-        context.put("title", "Requests and Certificates");
-
-        try {
-            mCerts = new Vector<Cert>();
-
-            IConfigStore config = CMS.getConfigStore();
-
-            String certTags = config.getString("preop.cert.list");
-            String csType = config.getString("cs.type");
-            StringTokenizer st = new StringTokenizer(certTags, ",");
-
-            while (st.hasMoreTokens()) {
-                String certTag = st.nextToken();
-
-                try {
-                    String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem");
-                    String nickname = config.getString(subsystem + "." + certTag + ".nickname");
-                    String tokenname = config.getString(subsystem + "." + certTag + ".tokenname");
-
-                    Cert c = new Cert(tokenname, nickname, certTag);
-                    ConfigurationUtils.handleCertRequest(config, certTag, c);
-
-                    String type = config.getString(PCERT_PREFIX + certTag + ".type");
-                    c.setType(type);
-
-                    boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true);
-                    c.setEnable(enable);
-                    getCert(config, context, certTag, c);
-
-                    c.setSubsystem(subsystem);
-                    mCerts.addElement(c);
-
-                    if (csType.equals("TPS") && certTag.equals("subsystem")) {
-                        // update nicknames in case they have changed
-                        if (!tokenname.isEmpty() && !tokenname.equals("internal")
-                                && !tokenname.equals("Internal Key Storage Token"))
-                            nickname = tokenname + ":" + nickname;
-
-                        config.putString("conn.ca1.clientNickname", nickname);
-                        config.putString("conn.drm1.clientNickname", nickname);
-                        config.putString("conn.tks1.clientNickname", nickname);
-                    }
-                } catch (Exception e) {
-                    CMS.debug("CertRequestPanel:display() Exception caught: " + e.toString() +
-                            " for certTag " + certTag);
-                }
-            }
-        } catch (Exception e) {
-            CMS.debug("CertRequestPanel:display() Exception caught: " + e.toString());
-            System.err.println("Exception caught: " + e.toString());
-
-        } // try
-
-        context.put("reqscerts", mCerts);
-        context.put("status", "display");
-        // context.put("status_token", "None");
-        context.put("panel", "admin/console/config/certrequestpanel.vm");
-
-    }
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-    }
-
-    /**
-     * Commit parameter changes
-     */
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-        CMS.debug("CertRequestPanel: in update()");
-        boolean hasErr = false;
-        IConfigStore config = CMS.getConfigStore();
-
-        if (isPanelDone()) {
-            context.put("updateStatus", "success");
-            return;
-        }
-
-        Enumeration<Cert> c = mCerts.elements();
-        while (c.hasMoreElements()) {
-            Cert cert = c.nextElement();
-            if (hasErr) continue;
-
-            int ret=0;
-            try {
-                cert.setCert(HttpInput.getCert(request, cert.getCertTag()));
-                cert.setCertChain(HttpInput.getCertChain(request, cert.getCertTag() + "_cc"));
-
-                ret = ConfigurationUtils.handleCerts(cert);
-                ConfigurationUtils.setCertPermissions(cert.getCertTag());
-            } catch (Exception e) {
-                CMS.debug("Exception in configuring system certificate " + cert.getCertTag() + ": " + e);
-                e.printStackTrace();
-                hasErr = true;
-            }
-            if (ret != 0) {
-                CMS.debug("System certificates not configured " +  cert.getCertTag());
-            }
-        }
-        // end new
-
-        if (!hasErr) {
-            try {
-                config.putBoolean("preop.CertRequestPanel.done", true);
-                config.commit(false);
-            } catch (EBaseException e) {
-                e.printStackTrace();
-                CMS.debug("Unable to commit changes to CS,cfg: " +e);
-            }
-            context.put("updateStatus", "success");
-        } else {
-            context.put("updateStatus", "failure");
-        }
-    }
-
-    /**
-     * If validate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        context.put("title", "Certificate Request");
-        context.put("panel", "admin/console/config/certrequestpanel.vm");
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
deleted file mode 100644
index 789c0aab5..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
+++ /dev/null
@@ -1,670 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.BufferedReader;
-import java.io.ByteArrayInputStream;
-import java.io.DataInputStream;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.math.BigInteger;
-import java.util.Date;
-
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.ldap.LDAPException;
-import netscape.security.pkcs.PKCS10;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-
-import org.apache.velocity.context.Context;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.PrivateKey;
-import org.mozilla.jss.crypto.X509Certificate;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.MetaInfo;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.profile.CertInfoProfile;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.certsrv.usrgrp.IGroup;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cmsutil.crypto.CryptoUtil;
-import com.netscape.cmsutil.http.HttpClient;
-import com.netscape.cmsutil.http.HttpRequest;
-import com.netscape.cmsutil.http.HttpResponse;
-import com.netscape.cmsutil.http.JssSSLSocketFactory;
-import com.netscape.cmsutil.xml.XMLObject;
-
-public class CertUtil {
-    static final int LINE_COUNT = 76;
-
-    public static X509CertImpl createRemoteCert(String hostname,
-            int port, String content, HttpServletResponse response, WizardPanelBase panel)
-            throws IOException {
-        HttpClient httpclient = new HttpClient();
-        String c = null;
-        CMS.debug("CertUtil createRemoteCert: content " + content);
-        try {
-            JssSSLSocketFactory factory = new JssSSLSocketFactory();
-
-            httpclient = new HttpClient(factory);
-            httpclient.connect(hostname, port);
-            HttpRequest httprequest = new HttpRequest();
-
-            httprequest.setMethod(HttpRequest.POST);
-            httprequest.setURI("/ca/ee/ca/profileSubmit");
-            httprequest.setHeader("user-agent", "HTTPTool/1.0");
-            httprequest.setHeader("content-length", "" + content.length());
-            httprequest.setHeader("content-type",
-                    "application/x-www-form-urlencoded");
-            httprequest.setContent(content);
-            HttpResponse httpresponse = httpclient.send(httprequest);
-
-            c = httpresponse.getContent();
-        } catch (Exception e) {
-            CMS.debug("CertUtil createRemoteCert: " + e.toString());
-            throw new IOException(e.toString());
-        }
-
-        if (c != null) {
-            try {
-                ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
-                XMLObject parser = null;
-
-                try {
-                    parser = new XMLObject(bis);
-                } catch (Exception e) {
-                    CMS.debug("CertUtil::createRemoteCert() - "
-                             + "Exception=" + e.toString());
-                    throw new IOException(e.toString());
-                }
-                String status = parser.getValue("Status");
-
-                CMS.debug("CertUtil createRemoteCert: status=" + status);
-                if (status.equals("2")) {
-                    //relogin to the security domain
-                    panel.reloginSecurityDomain(response);
-                    return null;
-                } else if (!status.equals("0")) {
-                    String error = parser.getValue("Error");
-                    throw new IOException(error);
-                }
-
-                String b64 = parser.getValue("b64");
-
-                CMS.debug("CertUtil createRemoteCert: " + b64);
-                b64 = CryptoUtil.normalizeCertAndReq(b64);
-                byte[] b = CryptoUtil.base64Decode(b64);
-
-                return new X509CertImpl(b);
-            } catch (Exception e) {
-                CMS.debug("CertUtil createRemoteCert: " + e.toString());
-                throw new IOException(e.toString());
-            }
-        }
-
-        return null;
-    }
-
-    public static String getPKCS10(IConfigStore config, String prefix,
-            Cert certObj, Context context) throws IOException {
-        String certTag = certObj.getCertTag();
-
-        X509Key pubk = null;
-        try {
-            String pubKeyType = config.getString(
-                        prefix + certTag + ".keytype");
-            String algorithm = config.getString(
-                        prefix + certTag + ".keyalgorithm");
-            if (pubKeyType.equals("rsa")) {
-                String pubKeyModulus = config.getString(
-                        prefix + certTag + ".pubkey.modulus");
-                String pubKeyPublicExponent = config.getString(
-                        prefix + certTag + ".pubkey.exponent");
-                pubk = CryptoUtil.getPublicX509Key(
-                        CryptoUtil.string2byte(pubKeyModulus),
-                        CryptoUtil.string2byte(pubKeyPublicExponent));
-            } else if (pubKeyType.equals("ecc")) {
-                String pubKeyEncoded = config.getString(
-                        prefix + certTag + ".pubkey.encoded");
-                pubk = CryptoUtil.getPublicX509ECCKey(
-                        CryptoUtil.string2byte(pubKeyEncoded));
-            } else {
-                CMS.debug("CertRequestPanel::getPKCS10() - "
-                        + "public key type is unsupported!");
-                throw new IOException("public key type is unsupported");
-            }
-
-            if (pubk != null) {
-                CMS.debug("CertRequestPanel: got public key");
-            } else {
-                CMS.debug("CertRequestPanel: error getting public key null");
-                throw new IOException("public key is null");
-            }
-            // get private key
-            String privKeyID = config.getString(prefix + certTag + ".privkey.id");
-            byte[] keyIDb = CryptoUtil.string2byte(privKeyID);
-
-            PrivateKey privk = CryptoUtil.findPrivateKeyFromID(keyIDb);
-
-            if (privk != null) {
-                CMS.debug("CertRequestPanel: got private key");
-            } else {
-                CMS.debug("CertRequestPanel: error getting private key null");
-            }
-
-            // construct cert request
-            String dn = config.getString(prefix + certTag + ".dn");
-
-            PKCS10 certReq = null;
-            certReq = CryptoUtil.createCertificationRequest(dn, pubk,
-                    privk, algorithm);
-            byte[] certReqb = certReq.toByteArray();
-            String certReqs = CryptoUtil.base64Encode(certReqb);
-
-            return certReqs;
-        } catch (Throwable e) {
-            CMS.debug(e);
-            if (context != null) {
-                context.put("errorString", e.toString());
-            }
-            CMS.debug("CertUtil getPKCS10: " + e.toString());
-            throw new IOException(e.toString());
-        }
-    }
-
-    /*
-     * create requests so renewal can work on these initial certs
-     */
-    public static IRequest createLocalRequest(IRequestQueue queue, String serialNum, X509CertInfo info)
-            throws EBaseException {
-        //        RequestId rid = new RequestId(serialNum);
-        // just need a request, no need to get into a queue
-        //        IRequest r = new EnrollmentRequest(rid);
-        CMS.debug("CertUtil: createLocalRequest for serial: " + serialNum);
-        IRequest req = queue.newRequest("enrollment");
-        CMS.debug("certUtil: newRequest called");
-        req.setExtData("profile", "true");
-        req.setExtData("requestversion", "1.0.0");
-        req.setExtData("req_seq_num", "0");
-        req.setExtData(IEnrollProfile.REQUEST_CERTINFO, info);
-        req.setExtData(IEnrollProfile.REQUEST_EXTENSIONS,
-                    new CertificateExtensions());
-        req.setExtData("requesttype", "enrollment");
-        req.setExtData("requestor_name", "");
-        req.setExtData("requestor_email", "");
-        req.setExtData("requestor_phone", "");
-        req.setExtData("profileRemoteHost", "");
-        req.setExtData("profileRemoteAddr", "");
-        req.setExtData("requestnotes", "");
-        req.setExtData("isencryptioncert", "false");
-        req.setExtData("profileapprovedby", "system");
-
-        // mark request as complete
-        CMS.debug("certUtil: calling setRequestStatus");
-        req.setRequestStatus(RequestStatus.COMPLETE);
-
-        return req;
-    }
-
-    /**
-     * update local cert request with the actual request
-     * called from CertRequestPanel.java
-     */
-    public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType,
-            String subjectName) {
-        try {
-            CMS.debug("Updating local request... certTag=" + certTag);
-            RequestId rid = new RequestId(config.getString("preop.cert." + certTag + ".reqId"));
-
-            ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(
-                    ICertificateAuthority.ID);
-
-            IRequestQueue queue = ca.getRequestQueue();
-            if (queue != null) {
-                IRequest req = queue.findRequest(rid);
-                if (req != null) {
-                    if (!certReq.equals(""))
-                        req.setExtData("cert_request", certReq);
-                    req.setExtData("cert_request_type", reqType);
-                    if (subjectName != null) {
-                        req.setExtData("subject", subjectName);
-                        new X500Name(subjectName); // check for errors
-                    }
-                }
-                queue.updateRequest(req);
-            } else {
-                CMS.debug("CertUtil:updateLocalRequest - request queue = null");
-            }
-        } catch (Exception e) {
-            CMS.debug("CertUtil:updateLocalRequest - Exception:" + e.toString());
-        }
-    }
-
-    /**
-     * reads from the admin cert profile caAdminCert.profile and takes the first
-     * entry in the list of allowed algorithms. Users that wish a different algorithm
-     * can specify it in the profile using default.params.signingAlg
-     */
-
-    public static String getAdminProfileAlgorithm(IConfigStore config) {
-        String algorithm = "SHA256withRSA";
-        try {
-            String caSigningKeyType = config.getString("preop.cert.signing.keytype", "rsa");
-            String pfile = config.getString("profile.caAdminCert.config");
-            FileInputStream fis = new FileInputStream(pfile);
-            DataInputStream in = new DataInputStream(fis);
-            BufferedReader br = new BufferedReader(new InputStreamReader(in));
-
-            String strLine;
-            while ((strLine = br.readLine()) != null) {
-                String marker2 = "default.params.signingAlg=";
-                int indx = strLine.indexOf(marker2);
-                if (indx != -1) {
-                    String alg = strLine.substring(indx + marker2.length());
-                    if ((alg.length() > 0) && (!alg.equals("-"))) {
-                        algorithm = alg;
-                        break;
-                    }
-                    ;
-                }
-                ;
-
-                String marker = "signingAlgsAllowed=";
-                indx = strLine.indexOf(marker);
-                if (indx != -1) {
-                    String[] algs = strLine.substring(indx + marker.length()).split(",");
-                    for (int i = 0; i < algs.length; i++) {
-                        if ((caSigningKeyType.equals("rsa") && (algs[i].indexOf("RSA") != -1)) ||
-                                (caSigningKeyType.equals("ecc") && (algs[i].indexOf("EC") != -1))) {
-                            algorithm = algs[i];
-                            break;
-                        }
-                    }
-                }
-            }
-            in.close();
-        } catch (Exception e) {
-            CMS.debug("getAdminProfleAlgorithm: exception: " + e);
-        }
-        return algorithm;
-    }
-
-    public static X509CertImpl createLocalCert(IConfigStore config, X509Key x509key,
-            String prefix, String certTag, String type, Context context) throws IOException {
-
-        CMS.debug("Creating local certificate... certTag=" + certTag);
-        String profile = null;
-
-        try {
-            profile = config.getString(prefix + certTag + ".profile");
-        } catch (Exception e) {
-        }
-
-        X509CertImpl cert = null;
-        ICertificateAuthority ca = null;
-        ICertificateRepository cr = null;
-        RequestId reqId = null;
-        String profileId = null;
-        IRequestQueue queue = null;
-        IRequest req = null;
-
-        try {
-            String dn = config.getString(prefix + certTag + ".dn");
-            String keyAlgorithm = null;
-            Date date = new Date();
-
-            X509CertInfo info = null;
-
-            if (certTag.equals("admin")) {
-                keyAlgorithm = getAdminProfileAlgorithm(config);
-            } else {
-                keyAlgorithm = config.getString(prefix + certTag + ".keyalgorithm");
-            }
-            ca = (ICertificateAuthority) CMS.getSubsystem(
-                    ICertificateAuthority.ID);
-            cr = ca.getCertificateRepository();
-            BigInteger serialNo = cr.getNextSerialNumber();
-            if (type.equals("selfsign")) {
-                CMS.debug("Creating local certificate... issuerdn=" + dn);
-                CMS.debug("Creating local certificate... dn=" + dn);
-                info = CryptoUtil.createX509CertInfo(x509key, serialNo, dn, dn, date, date, keyAlgorithm);
-            } else {
-                String issuerdn = config.getString("preop.cert.signing.dn", "");
-                CMS.debug("Creating local certificate... issuerdn=" + issuerdn);
-                CMS.debug("Creating local certificate... dn=" + dn);
-
-                info = CryptoUtil.createX509CertInfo(x509key, serialNo, issuerdn, dn, date, date, keyAlgorithm);
-            }
-            CMS.debug("Cert Template: " + info.toString());
-
-            String instanceRoot = config.getString("instanceRoot");
-
-            String configurationRoot = config.getString("configurationRoot");
-
-            CertInfoProfile processor = new CertInfoProfile(
-                    instanceRoot + configurationRoot + profile);
-
-            // cfu - create request to enable renewal
-            try {
-                queue = ca.getRequestQueue();
-                if (queue != null) {
-                    req = createLocalRequest(queue, serialNo.toString(), info);
-                    CMS.debug("CertUtil profile name= " + profile);
-                    req.setExtData("req_key", x509key.toString());
-
-                    // store original profile id in cert request
-                    int idx = profile.lastIndexOf('.');
-                    if (idx == -1) {
-                        CMS.debug("CertUtil profileName contains no .");
-                        req.setExtData("origprofileid", profile);
-                    } else {
-                        String name = profile.substring(0, idx);
-                        req.setExtData("origprofileid", name);
-                    }
-
-                    // store mapped profile ID for use in renewal
-                    profileId = processor.getProfileIDMapping();
-                    req.setExtData("profileid", profileId);
-                    req.setExtData("profilesetid", processor.getProfileSetIDMapping());
-
-                    reqId = req.getRequestId();
-                    config.putString("preop.cert." + certTag + ".reqId", reqId.toString());
-                } else {
-                    CMS.debug("certUtil: requestQueue null");
-                }
-            } catch (Exception e) {
-                CMS.debug("Creating local request exception:" + e.toString());
-            }
-
-            processor.populate(req, info);
-
-            String caPriKeyID = config.getString(
-                    prefix + "signing" + ".privkey.id");
-            byte[] keyIDb = CryptoUtil.string2byte(caPriKeyID);
-            PrivateKey caPrik = CryptoUtil.findPrivateKeyFromID(
-                    keyIDb);
-
-            if (caPrik == null) {
-                CMS.debug("CertUtil::createSelfSignedCert() - "
-                         + "CA private key is null!");
-                throw new IOException("CA private key is null");
-            } else {
-                CMS.debug("CertUtil createSelfSignedCert: got CA private key");
-            }
-
-            String keyAlgo = x509key.getAlgorithm();
-            CMS.debug("key algorithm is " + keyAlgo);
-            String caSigningKeyType =
-                    config.getString("preop.cert.signing.keytype", "rsa");
-            String caSigningKeyAlgo = "";
-            if (type.equals("selfsign")) {
-                caSigningKeyAlgo = config.getString("preop.cert.signing.keyalgorithm", "SHA256withRSA");
-            } else {
-                caSigningKeyAlgo = config.getString("preop.cert.signing.signingalgorithm", "SHA256withRSA");
-            }
-
-            CMS.debug("CA Signing Key type " + caSigningKeyType);
-            CMS.debug("CA Signing Key algorithm " + caSigningKeyAlgo);
-
-            if (caSigningKeyType.equals("ecc")) {
-                CMS.debug("CA signing cert is ECC");
-                cert = CryptoUtil.signECCCert(caPrik, info,
-                        caSigningKeyAlgo);
-            } else {
-                CMS.debug("CA signing cert is not ecc");
-                cert = CryptoUtil.signCert(caPrik, info,
-                        caSigningKeyAlgo);
-            }
-
-            if (cert != null) {
-                CMS.debug("CertUtil createSelfSignedCert: got cert signed");
-            }
-        } catch (Exception e) {
-            CMS.debug(e);
-            CMS.debug("NamePanel configCert() exception caught:" + e.toString());
-        }
-
-        if (cr == null) {
-            if (context != null) {
-                context.put("errorString", "Ceritifcate Authority is not ready to serve.");
-            }
-            throw new IOException("Ceritifcate Authority is not ready to serve.");
-        }
-
-        ICertRecord record = null;
-        try {
-            MetaInfo meta = new MetaInfo();
-            if (reqId != null) {
-                meta.set(ICertRecord.META_REQUEST_ID, reqId.toString());
-            }
-
-            meta.set(ICertRecord.META_PROFILE_ID, profileId);
-            record = cr.createCertRecord(
-                    cert.getSerialNumber(), cert, meta);
-        } catch (Exception e) {
-            CMS.debug(
-                    "NamePanel configCert: failed to add metainfo. Exception: " + e.toString());
-        }
-
-        try {
-            cr.addCertificateRecord(record);
-            CMS.debug(
-                    "NamePanel configCert: finished adding certificate record.");
-        } catch (Exception e) {
-            CMS.debug(
-                    "NamePanel configCert: failed to add certificate record. Exception: "
-                            + e.toString());
-            try {
-                cr.deleteCertificateRecord(record.getSerialNumber());
-                cr.addCertificateRecord(record);
-            } catch (Exception ee) {
-                CMS.debug("NamePanel update: Exception: " + ee.toString());
-            }
-        }
-
-        if (req != null) {
-            // update request with cert
-            req.setExtData(IEnrollProfile.REQUEST_ISSUED_CERT, cert);
-
-            // store request in db
-            try {
-                CMS.debug("certUtil: before updateRequest");
-                if (queue != null) {
-                    queue.updateRequest(req);
-                }
-            } catch (Exception e) {
-                CMS.debug("Exception in updateRequest" + e);
-            }
-        }
-
-        return cert;
-    }
-
-    public static void addUserCertificate(X509CertImpl cert) {
-        IConfigStore cs = CMS.getConfigStore();
-        int num = 0;
-        try {
-            num = cs.getInteger("preop.subsystem.count", 0);
-        } catch (Exception e) {
-        }
-        IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
-        String id = "user" + num;
-
-        try {
-            String sysType = cs.getString("cs.type", "");
-            String machineName = cs.getString("machineName", "");
-            String securePort = cs.getString("service.securePort", "");
-            id = sysType + "-" + machineName + "-" + securePort;
-        } catch (Exception e1) {
-            // ignore
-        }
-
-        num++;
-        cs.putInteger("preop.subsystem.count", num);
-        cs.putInteger("subsystem.count", num);
-
-        try {
-            cs.commit(false);
-        } catch (Exception e) {
-        }
-
-        IUser user = null;
-        X509CertImpl[] certs = new X509CertImpl[1];
-        CMS.debug("CertUtil addUserCertificate starts");
-        try {
-            user = system.createUser(id);
-            user.setFullName(id);
-            user.setEmail("");
-            user.setPassword("");
-            user.setUserType("agentType");
-            user.setState("1");
-            user.setPhone("");
-            certs[0] = cert;
-            user.setX509Certificates(certs);
-            system.addUser(user);
-            CMS.debug("CertUtil addUserCertificate: successfully add the user");
-        } catch (LDAPException e) {
-            CMS.debug("CertUtil addUserCertificate" + e.toString());
-            if (e.getLDAPResultCode() != LDAPException.ENTRY_ALREADY_EXISTS) {
-                try {
-                    user = system.getUser(id);
-                    user.setX509Certificates(certs);
-                } catch (Exception ee) {
-                    CMS.debug("CertUtil addUserCertificate: successfully find the user");
-                }
-            }
-        } catch (Exception e) {
-            CMS.debug("CertUtil addUserCertificate addUser " + e.toString());
-        }
-
-        try {
-            system.addUserCert(user);
-            CMS.debug("CertUtil addUserCertificate: successfully add the user certificate");
-        } catch (Exception e) {
-            CMS.debug("CertUtil addUserCertificate exception=" + e.toString());
-        }
-
-        IGroup group = null;
-        String groupName = "Subsystem Group";
-
-        try {
-            group = system.getGroupFromName(groupName);
-            if (!group.isMember(id)) {
-                group.addMemberName(id);
-                system.modifyGroup(group);
-                CMS.debug("CertUtil addUserCertificate: update: successfully added the user to the group.");
-            }
-        } catch (Exception e) {
-            CMS.debug("CertUtil addUserCertificate update: modifyGroup " + e.toString());
-        }
-    }
-
-    /*
-     * formats a cert fingerprints
-     */
-    public static String fingerPrintFormat(String content) {
-        if (content == null || content.length() == 0) {
-            return "";
-        }
-
-        StringBuffer result = new StringBuffer();
-        result.append("Fingerprints:\n");
-
-        while (content.length() >= LINE_COUNT) {
-            result.append(content.substring(0, LINE_COUNT));
-            result.append("\n");
-            content = content.substring(LINE_COUNT);
-        }
-        if (content.length() > 0)
-            result.append(content);
-        result.append("\n");
-
-        return result.toString();
-    }
-
-    public static boolean privateKeyExistsOnToken(String certTag,
-            String tokenname, String nickname) {
-        IConfigStore cs = CMS.getConfigStore();
-        String givenid = "";
-        try {
-            givenid = cs.getString("preop.cert." + certTag + ".privkey.id");
-        } catch (Exception e) {
-            CMS.debug("CertUtil privateKeyExistsOnToken: we did not generate private key yet.");
-            return false;
-        }
-
-        String fullnickname = nickname;
-
-        if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) {
-            fullnickname = tokenname + ":" + nickname;
-        }
-
-        X509Certificate cert = null;
-        CryptoManager cm = null;
-        try {
-            cm = CryptoManager.getInstance();
-            cert = cm.findCertByNickname(fullnickname);
-        } catch (Exception e) {
-            CMS.debug("CertUtil privateKeyExistsOnToken: nickname=" + fullnickname + " Exception:" + e.toString());
-            return false;
-        }
-
-        PrivateKey privKey = null;
-        try {
-            privKey = cm.findPrivKeyByCert(cert);
-        } catch (Exception e) {
-            CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("
-                    + fullnickname + ") exception: " + e.toString());
-            return false;
-        }
-
-        if (privKey == null) {
-            CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + fullnickname + ")");
-            return false;
-        } else {
-            String str = "";
-            try {
-                str = CryptoUtil.byte2string(privKey.getUniqueID());
-            } catch (Exception e) {
-                CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: " + e.toString());
-            }
-
-            if (str.equals(givenid)) {
-                CMS.debug("CertUtil privateKeyExistsOnToken: find the private key on the token.");
-                return true;
-            }
-        }
-
-        return false;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java b/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java
deleted file mode 100644
index 046fb111d..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java
+++ /dev/null
@@ -1,116 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.w3c.dom.Node;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cmsutil.xml.XMLObject;
-
-public class CheckIdentity extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 1647682040815275807L;
-    private final static String SUCCESS = "0";
-
-    public CheckIdentity() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-
-        CMS.debug("CheckIdentity init");
-    }
-
-    /**
-     * Process the HTTP request.
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        try {
-            authenticate(cmsReq);
-        } catch (Exception e) {
-            CMS.debug("CheckIdentity authentication failed");
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                            e.toString()));
-            outputError(httpResp, "Error: Not authenticated");
-            return;
-        }
-
-        try {
-            XMLObject xmlObj = null;
-
-            xmlObj = new XMLObject();
-
-            Node root = xmlObj.createRoot("XMLResponse");
-
-            xmlObj.addItemToContainer(root, "Status", SUCCESS);
-            byte[] cb = xmlObj.toByteArray();
-
-            outputResult(httpResp, "application/xml", cb);
-        } catch (Exception e) {
-            CMS.debug("Failed to send the XML output");
-        }
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader("accept-language");
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                    UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-
-    protected void renderResult(CMSRequest cmsReq) throws IOException {
-        // do nothing, ie, it will not return the default javascript.
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java
deleted file mode 100644
index 956c285b5..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java
+++ /dev/null
@@ -1,33 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import org.mozilla.jss.crypto.X509Certificate;
-import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
-
-public class ConfigCertApprovalCallback
-        implements SSLCertificateApprovalCallback {
-
-    public ConfigCertApprovalCallback() {
-    }
-
-    public boolean approve(X509Certificate cert,
-            SSLCertificateApprovalCallback.ValidityStatus status) {
-        return true;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java
deleted file mode 100644
index 03233042c..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java
+++ /dev/null
@@ -1,296 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.FileNotFoundException;
-import java.io.IOException;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.context.Context;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.util.IncorrectPasswordException;
-import org.mozilla.jss.util.Password;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.util.HttpInput;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-import com.netscape.cmsutil.password.PlainPasswordReader;
-import com.netscape.cmsutil.password.PlainPasswordWriter;
-
-public class ConfigHSMLoginPanel extends WizardPanelBase {
-    private CryptoManager mCryptoManager = null;
-    private String mPwdFilePath = "";
-
-    public ConfigHSMLoginPanel() {
-    }
-
-    public void init(ServletConfig config, int panelno) throws ServletException {
-        try {
-            mCryptoManager = CryptoManager.getInstance();
-            mPwdFilePath = CMS.getConfigStore().getString(
-                    "passwordFile");
-        } catch (Exception e) {
-            CMS.debug("ConfigHSMLoginPanel: " + e.toString());
-        }
-        setPanelNo(panelno);
-        setName("ConfigHSMLogin");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) throws ServletException {
-        try {
-            mCryptoManager = CryptoManager.getInstance();
-            mPwdFilePath = CMS.getConfigStore().getString(
-                    "passwordFile");
-        } catch (Exception e) {
-            CMS.debug("ConfigHSMLoginPanel: " + e.toString());
-        }
-        setPanelNo(panelno);
-        setName("ConfigHSMLogin");
-        setId(id);
-    }
-
-    public void cleanUp() throws IOException {
-    }
-
-    public boolean isPanelDone() {
-        return true;
-    }
-
-    public boolean isSubPanel() {
-        return true;
-    }
-
-    public boolean isLoopbackPanel() {
-        return true;
-    }
-
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-
-        CMS.debug("ConfigHSMLoginPanel: in display()");
-        context.put("title", "Security Module Login");
-
-        // get token selected to be logged in
-        String tokName = null;
-        tokName = HttpInput.getTokenName(request, "SecToken");
-
-        if (tokName != null) {
-            CMS.debug("ConfigHSMLoginPanel: selected token name= " + tokName);
-        } else {
-            CMS.debug("ConfigHSMLoginPanel: missing SecToken name");
-            context.put("error", "noTokenName");
-            context.put("panel", "admin/console/config/config_hsmloginpanel.vm");
-            return;
-        }
-        CryptoToken token = null;
-
-        try {
-            token = mCryptoManager.getTokenByName(tokName);
-        } catch (Exception e) {
-            CMS.debug(
-                    "ConfigHSMLoginPanel: getTokenByName() failed: "
-                            + e.toString());
-            context.put("error", "tokenNotFound:" + tokName);
-            context.put("panel", "admin/console/config/config_hsmloginpanel.vm");
-            return;
-        }
-        // first see if password in password file, try to login
-        PlainPasswordReader pr = new PlainPasswordReader();
-
-        try {
-            pr.init(mPwdFilePath);
-        } catch (Exception e) {
-            // is ok to not have it
-            CMS.debug("ConfigHSMLoginPanel: passwrd file path: " + e.toString());
-        }
-        CMS.debug("ConfigHSMLoginPanel: checking if passwd in cache");
-        String tokPwd = pr.getPassword("hardware-" + tokName);
-
-        boolean loggedIn = false;
-
-        if (tokPwd == null) {
-            CMS.debug("ConfigHSMLoginPanel: passwd not in cache");
-        } else {
-            loggedIn = loginToken(token, tokPwd, context);
-        }
-
-        if (!loggedIn) {
-            context.put("status", "display");
-        }
-        context.put("panel", "admin/console/config/config_hsmloginpanel.vm");
-        context.put("SecToken", tokName);
-    }
-
-    // if logged in successfully, returns true
-    private boolean loginToken(CryptoToken token, String tokPwd, Context context) {
-        boolean rv = true;
-        Password password = null;
-
-        password = new Password(tokPwd.toCharArray());
-
-        try {
-            if (token.passwordIsInitialized()) {
-                CMS.debug(
-                        "ConfigHSMLoginPanel: loginToken():token password is initialized");
-                if (!token.isLoggedIn()) {
-                    CMS.debug(
-                            "ConfigHSMLoginPanel: loginToken():Token is not logged in, try it");
-                    token.login(password);
-                    context.put("status", "justLoggedIn");
-                } else {
-                    CMS.debug(
-                            "ConfigHSMLoginPanel:Token has already logged on");
-                    context.put("status", "alreadyLoggedIn");
-                }
-            } else {
-                CMS.debug(
-                        "ConfigHSMLoginPanel: loginToken():Token password not initialized");
-                context.put("status", "tokenPasswordNotInitialized");
-                rv = false;
-            }
-
-        } catch (IncorrectPasswordException e) {
-            context.put("status", "incorrectPassword");
-            context.put("errorString", e.toString());
-            CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString());
-            rv = false;
-        } catch (Exception e) {
-            CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString());
-            context.put("errorString", e.toString());
-            rv = false;
-        }
-        return rv;
-    }
-
-    // XXX how do you do this?
-    public PropertySet getUsage() {
-        PropertySet set = new PropertySet();
-
-        Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /* no default parameters */
-
-        set.add(
-                "choice", choiceDesc);
-
-        return set;
-    }
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-    }
-
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-
-        CMS.debug("ConfigHSMLoginPanel: in update()");
-
-        String uTokName = null;
-        String uPasswd = null;
-        try {
-            uTokName = HttpInput.getTokenName(request, "uTokName");
-            uPasswd = HttpInput.getPassword(request, "__uPasswd");
-        } catch (Exception e) {
-        }
-
-        if (uPasswd == null) {
-            CMS.debug("ConfigHSMLoginPanel: password not found");
-            context.put("error", "no password");
-            context.put("panel", "admin/console/config/config_hsmloginpanel.vm");
-            context.put("updateStatus", "no password");
-            return;
-        } else {
-            CMS.debug("ConfigHSMLoginPanel: got password");
-
-            CryptoToken token = null;
-
-            try {
-                token = mCryptoManager.getTokenByName(uTokName);
-            } catch (Exception e) {
-                CMS.debug(
-                        "ConfigHSMLoginPanel: getTokenByName() failed: "
-                                + e.toString());
-                context.put("error", "tokenNotFound:" + uTokName);
-            }
-
-            try {
-                if (loginToken(token, uPasswd, context) == false) {
-                    CMS.debug(
-                            "ConfigHSMLoginPanel:loginToken failed for "
-                                    + uTokName);
-                    context.put("error", "tokenLoginFailed");
-                    context.put("updateStatus", "login failed");
-                    context.put("panel",
-                            "admin/console/config/config_hsmloginpanel.vm");
-                    return;
-                }
-                CMS.debug(
-                        "ConfigHSMLoginPanel: update(): just logged in successfully");
-                PlainPasswordWriter pw = new PlainPasswordWriter();
-
-                pw.init(mPwdFilePath);
-                pw.putPassword("hardware-" + uTokName, uPasswd);
-                pw.commit();
-
-            } catch (FileNotFoundException e) {
-                CMS.debug(
-                        "ConfigHSMLoginPanel: update(): Exception caught: "
-                                + e.toString() + " writing to " + mPwdFilePath);
-                CMS.debug(
-                        "ConfigHSMLoginPanel: update(): password not written to cache");
-                System.err.println("Exception caught: " + e.toString());
-                context.put("error", "Exception:" + e.toString());
-            } catch (Exception e) {
-                CMS.debug(
-                        "ConfigHSMLoginPanel: update(): Exception caught: "
-                                + e.toString());
-                System.err.println("Exception caught: " + e.toString());
-                context.put("error", "Exception:" + e.toString());
-            }
-
-        } // found password
-
-        context.put("panel", "admin/console/config/config_hsmloginpanel.vm");
-        context.put("status", "update");
-        context.put("error", "");
-        context.put("updateStatus", "success");
-
-    }
-
-    /**
-     * If validiate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        context.put("title", "Security Module Login");
-        context.put("panel", "admin/console/config/config_hsmloginpanel.vm");
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
deleted file mode 100644
index bbfb17374..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ /dev/null
@@ -1,4085 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
- package com.netscape.cms.servlet.csadmin;
-
-import java.io.BufferedReader;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.CharConversionException;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.FileReader;
-import java.io.IOException;
-import java.io.PrintStream;
-import java.math.BigInteger;
-import java.net.ConnectException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.net.URLEncoder;
-import java.security.DigestException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.KeyPair;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Principal;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.SignatureException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.interfaces.RSAPublicKey;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.List;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.ws.rs.core.Response;
-import javax.xml.parsers.ParserConfigurationException;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPAttributeSet;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPDN;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPModification;
-import netscape.ldap.LDAPSearchConstraints;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv3;
-import netscape.security.pkcs.ContentInfo;
-import netscape.security.pkcs.PKCS10;
-import netscape.security.pkcs.PKCS7;
-import netscape.security.pkcs.SignerInfo;
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.CertificateChain;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509Key;
-
-import org.apache.velocity.context.Context;
-import org.jboss.resteasy.client.ClientResponse;
-import org.jboss.resteasy.client.ClientResponseFailure;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.CryptoManager.NicknameConflictException;
-import org.mozilla.jss.CryptoManager.NotInitializedException;
-import org.mozilla.jss.CryptoManager.UserCertConflictException;
-import org.mozilla.jss.NoSuchTokenException;
-import org.mozilla.jss.asn1.ANY;
-import org.mozilla.jss.asn1.ASN1Util;
-import org.mozilla.jss.asn1.ASN1Value;
-import org.mozilla.jss.asn1.BMPString;
-import org.mozilla.jss.asn1.InvalidBERException;
-import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
-import org.mozilla.jss.asn1.OCTET_STRING;
-import org.mozilla.jss.asn1.SEQUENCE;
-import org.mozilla.jss.asn1.SET;
-import org.mozilla.jss.crypto.BadPaddingException;
-import org.mozilla.jss.crypto.Cipher;
-import org.mozilla.jss.crypto.CryptoStore;
-import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.crypto.EncryptionAlgorithm;
-import org.mozilla.jss.crypto.IVParameterSpec;
-import org.mozilla.jss.crypto.IllegalBlockSizeException;
-import org.mozilla.jss.crypto.InternalCertificate;
-import org.mozilla.jss.crypto.InvalidKeyFormatException;
-import org.mozilla.jss.crypto.KeyGenAlgorithm;
-import org.mozilla.jss.crypto.KeyGenerator;
-import org.mozilla.jss.crypto.KeyWrapAlgorithm;
-import org.mozilla.jss.crypto.KeyWrapper;
-import org.mozilla.jss.crypto.NoSuchItemOnTokenException;
-import org.mozilla.jss.crypto.ObjectNotFoundException;
-import org.mozilla.jss.crypto.PBEAlgorithm;
-import org.mozilla.jss.crypto.PrivateKey;
-import org.mozilla.jss.crypto.SymmetricKey;
-import org.mozilla.jss.crypto.TokenException;
-import org.mozilla.jss.crypto.X509Certificate;
-import org.mozilla.jss.pkcs11.PK11Store;
-import org.mozilla.jss.pkcs12.AuthenticatedSafes;
-import org.mozilla.jss.pkcs12.CertBag;
-import org.mozilla.jss.pkcs12.PFX;
-import org.mozilla.jss.pkcs12.PasswordConverter;
-import org.mozilla.jss.pkcs12.SafeBag;
-import org.mozilla.jss.pkix.primitive.Attribute;
-import org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo;
-import org.mozilla.jss.pkix.primitive.PrivateKeyInfo;
-import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
-import org.mozilla.jss.util.IncorrectPasswordException;
-import org.mozilla.jss.util.Password;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.xml.sax.SAXException;
-
-import com.netscape.certsrv.account.AccountClient;
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.EAuthException;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authorization.IAuthzSubsystem;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.base.ResourceNotFoundException;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.client.ClientConfig;
-import com.netscape.certsrv.client.PKIClient;
-import com.netscape.certsrv.client.PKIConnection;
-import com.netscape.certsrv.dbs.IDBSubsystem;
-import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
-import com.netscape.certsrv.key.KeyData;
-import com.netscape.certsrv.ldap.ILdapConnFactory;
-import com.netscape.certsrv.ocsp.IDefStore;
-import com.netscape.certsrv.ocsp.IOCSPAuthority;
-import com.netscape.certsrv.system.InstallToken;
-import com.netscape.certsrv.system.SecurityDomainClient;
-import com.netscape.certsrv.system.TPSConnectorClient;
-import com.netscape.certsrv.system.TPSConnectorData;
-import com.netscape.certsrv.usrgrp.EUsrGrpException;
-import com.netscape.certsrv.usrgrp.IGroup;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cms.servlet.admin.UserService;
-import com.netscape.cmsutil.crypto.CryptoUtil;
-import com.netscape.cmsutil.http.HttpClient;
-import com.netscape.cmsutil.http.HttpRequest;
-import com.netscape.cmsutil.http.HttpResponse;
-import com.netscape.cmsutil.http.JssSSLSocketFactory;
-import com.netscape.cmsutil.ldap.LDAPUtil;
-import com.netscape.cmsutil.xml.XMLObject;
-
-/**
- * Utility class for functions to be used both by the RESTful installer
- * and the UI Panels.
- *
- * @author alee
- *
- */
-public class ConfigurationUtils {
-
-    private static final String PCERT_PREFIX = "preop.cert.";
-    public static String SUCCESS = "0";
-    public static String FAILURE = "1";
-    public static String AUTH_FAILURE = "2";
-    public static final BigInteger BIG_ZERO = new BigInteger("0");
-    public static final Long MINUS_ONE = Long.valueOf(-1);
-    public static final String DBUSER = "pkidbuser";
-
-    public static boolean loginToken(CryptoToken token, String tokPwd) throws TokenException,
-            IncorrectPasswordException {
-        boolean rv = true;
-        Password password = null;
-        password = new Password(tokPwd.toCharArray());
-
-        if (token.passwordIsInitialized()) {
-            CMS.debug("loginToken():token password is initialized");
-            if (!token.isLoggedIn()) {
-                CMS.debug("loginToken():Token is not logged in, try it");
-                token.login(password);
-            } else {
-                CMS.debug("loginToken():Token has already logged on");
-            }
-        } else {
-            CMS.debug("loginToken():Token password not initialized");
-            rv = false;
-        }
-        return rv;
-    }
-
-    public static String getHttpResponse(String hostname, int port, boolean secure,
-            String uri, String content, String clientnickname) throws IOException {
-        return getHttpResponse(hostname, port, secure, uri, content, clientnickname, null);
-    }
-
-    public static ClientResponse<String> getClientResponse(String hostname, int port, boolean secure,
-            String path, String content, String clientnickname,
-            SSLCertificateApprovalCallback certApprovalCallback)
-            throws Exception {
-
-        String protocol = secure ? "https" : "http";
-        ClientConfig config = new ClientConfig();
-        config.setServerURI(protocol + "://" + hostname + ":" + port + path);
-        config.setCertNickname(clientnickname);
-
-        PKIClient client = new PKIClient(config);
-        PKIConnection connection = client.getConnection();
-        ClientResponse<String> response = connection.post(content);
-
-        return response;
-    }
-
-    //TODO - replace with Jack's connector code
-    // or as we replace calls with restful calls,  remove altogether
-    public static String getHttpResponse(String hostname, int port, boolean secure,
-            String uri, String content, String clientnickname,
-            SSLCertificateApprovalCallback certApprovalCallback)
-            throws IOException {
-        HttpClient httpclient = null;
-        String c = null;
-
-        try {
-            if (secure) {
-                JssSSLSocketFactory factory = null;
-                if (clientnickname != null && clientnickname.length() > 0)
-                    factory = new JssSSLSocketFactory(clientnickname);
-                else
-                    factory = new JssSSLSocketFactory();
-
-                httpclient = new HttpClient(factory, certApprovalCallback);
-            } else {
-                httpclient = new HttpClient();
-            }
-            httpclient.connect(hostname, port);
-            HttpRequest httprequest = new HttpRequest();
-
-            httprequest.setMethod(HttpRequest.POST);
-            httprequest.setURI(uri);
-            httprequest.setHeader("user-agent", "HTTPTool/1.0");
-            httprequest.setHeader("content-type",
-                    "application/x-www-form-urlencoded");
-            if (content != null && content.length() > 0) {
-                String content_c = content;
-                httprequest.setHeader("content-length", "" + content_c.length());
-                httprequest.setContent(content_c);
-            }
-            HttpResponse httpresponse = httpclient.send(httprequest);
-
-            c = httpresponse.getContent();
-        } catch (ConnectException e) {
-            CMS.debug("getHttpResponse: " + e.toString());
-            throw new IOException("The server you tried to contact is not running.");
-        } catch (Exception e) {
-            CMS.debug("getHttpResponse: " + e.toString());
-            throw new IOException(e.toString());
-        } finally {
-            if (httpclient.connected()) {
-                httpclient.disconnect();
-            }
-        }
-
-        return c;
-    }
-
-    public static void importCertChain(String host, int port, String serverPath, String tag)
-            throws IOException, SAXException, ParserConfigurationException, CertificateEncodingException,
-            CertificateException, NotInitializedException, TokenException, EBaseException {
-        IConfigStore cs = CMS.getConfigStore();
-        ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
-        XMLObject parser = null;
-        String c = ConfigurationUtils.getHttpResponse(host, port, true, serverPath, null, null,
-                certApprovalCallback);
-        if (c != null) {
-            ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
-            parser = new XMLObject(bis);
-            String certchain = parser.getValue("ChainBase64");
-            if ((certchain != null) && (certchain.length() > 0)) {
-                certchain = CryptoUtil.normalizeCertStr(certchain);
-                cs.putString("preop." + tag + ".pkcs7", certchain);
-
-                // separate individual certs in chain for display
-                byte[] decoded = CryptoUtil.base64Decode(certchain);
-                java.security.cert.X509Certificate[] b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded);
-                int size = 0;
-
-                if (b_certchain != null) {
-                    size = b_certchain.length;
-                }
-                cs.putInteger("preop." + tag + ".certchain.size", size);
-                for (int i = 0; i < size; i++) {
-                    byte[] bb = b_certchain[i].getEncoded();
-                    cs.putString("preop." + tag + ".certchain." + i,
-                            CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
-                }
-
-                cs.commit(false);
-                CryptoUtil.importCertificateChain(certchain);
-            } else {
-                throw new IOException("importCertChain: Security Domain response does not contain certificate chain");
-            }
-        } else {
-            throw new IOException("importCertChain: Failed to get response from security domain");
-        }
-    }
-
-    public static String getInstallToken(String sdhost, int sdport, String user, String passwd) throws Exception {
-        IConfigStore cs = CMS.getConfigStore();
-        boolean oldtoken = cs.getBoolean("cs.useOldTokenInterface", false);
-
-        if (oldtoken) {
-            return ConfigurationUtils.getOldToken(sdhost, sdport, user, passwd);
-        }
-
-        String csType = cs.getString("cs.type");
-
-        ClientConfig config = new ClientConfig();
-        config.setServerURI("https://" + sdhost + ":" + sdport);
-        config.setUsername(user);
-        config.setPassword(passwd);
-
-        PKIClient client = new PKIClient(config);
-        PKIConnection connection = client.getConnection();
-
-        // Ignore the "UNTRUSTED_ISSUER" validity status
-        // during PKI instance creation since we are
-        // utilizing an untrusted temporary CA cert.
-        connection.addIgnoredCertStatus(SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER);
-
-        // Ignore the "CA_CERT_INVALID" validity status
-        // during PKI instance creation since we are
-        // utilizing an untrusted temporary CA cert.
-        connection.addIgnoredCertStatus(SSLCertificateApprovalCallback.ValidityStatus.CA_CERT_INVALID);
-
-        AccountClient accountClient = new AccountClient(client, "ca");
-        SecurityDomainClient sdClient = new SecurityDomainClient(client, "ca");
-
-        try {
-            accountClient.login();
-            InstallToken token = sdClient.getInstallToken(sdhost, csType);
-            accountClient.logout();
-            return token.getToken();
-
-        } catch (ClientResponseFailure e) {
-            if (e.getResponse().getResponseStatus() == Response.Status.NOT_FOUND) {
-                // try the old servlet
-                String tokenString = getOldCookie(sdhost, sdport, user, passwd);
-                return tokenString;
-            }
-
-            throw e;
-        }
-    }
-
-    public static String getOldCookie(String sdhost, int sdport, String user, String passwd) throws Exception {
-        IConfigStore cs = CMS.getConfigStore();
-
-        String subca_url = "https://" + CMS.getEEHost() + ":"
-                + CMS.getAdminPort() + "/ca/admin/console/config/wizard" +
-                "?p=5&subsystem=" + cs.getString("cs.type");
-
-        String content = "uid=" + URLEncoder.encode(user, "UTF-8") + "&pwd=" + URLEncoder.encode(passwd, "UTF-8") +
-                "&url=" + URLEncoder.encode(subca_url, "UTF-8");
-
-        ClientResponse<String> response = getClientResponse(sdhost, sdport, true, "/ca/admin/ca/getCookie",
-                content, null, null);
-        String body = response.getEntity();
-        return getContentValue(body, "header.session_id");
-    }
-
-    public static String getOldToken(String sdhost, int sdport, String user, String passwd) throws IOException,
-            EPropertyNotFound, EBaseException, URISyntaxException {
-        IConfigStore cs = CMS.getConfigStore();
-
-        String subca_url = "https://" + CMS.getEEHost() + ":"
-                + CMS.getAdminPort() + "/ca/admin/console/config/wizard" +
-                "?p=5&subsystem=" + cs.getString("cs.type");
-
-        String content = "uid=" + URLEncoder.encode(user, "UTF-8") + "&pwd=" + URLEncoder.encode(passwd, "UTF-8") +
-                "&url=" + URLEncoder.encode(subca_url, "UTF-8");
-
-        String response = ConfigurationUtils.getHttpResponse(sdhost, sdport, true,
-                "/ca/admin/ca/getCookie", content, null);
-
-        return getContentValue(response, "header.session_id");
-    }
-
-    public static String getContentValue(String body, String header) {
-        StringTokenizer st = new StringTokenizer(body, "\n");
-
-        while (st.hasMoreTokens()) {
-            String line = st.nextToken();
-            // format for line assumed to be name="value";
-
-            int eqPos = line.indexOf('=');
-            if (eqPos != -1) {
-                String name = line.substring(0, eqPos).trim();
-                String tempval = line.substring(eqPos + 1).trim();
-                String value = tempval.replaceAll("(^\")|(\";$)","");
-
-                if (name.equals(header)) {
-                    return value;
-                }
-            }
-        }
-        return null;
-    }
-
-    public static String getGroupName(String uid, String subsystemname) {
-        IUGSubsystem subsystem = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
-        if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") && subsystemname.equals("CA")) {
-            return "Enterprise CA Administrators";
-        } else if (subsystem.isMemberOf(uid, "Enterprise KRA Administrators") && subsystemname.equals("KRA")) {
-            return "Enterprise KRA Administrators";
-        } else if (subsystem.isMemberOf(uid, "Enterprise OCSP Administrators") && subsystemname.equals("OCSP")) {
-            return "Enterprise OCSP Administrators";
-        } else if (subsystem.isMemberOf(uid, "Enterprise TKS Administrators") && subsystemname.equals("TKS")) {
-            return "Enterprise TKS Administrators";
-        } else if (subsystem.isMemberOf(uid, "Enterprise RA Administrators") && subsystemname.equals("RA")) {
-            return "Enterprise RA Administrators";
-        } else if (subsystem.isMemberOf(uid, "Enterprise TPS Administrators") && subsystemname.equals("TPS")) {
-            return "Enterprise TPS Administrators";
-        }
-        return null;
-    }
-
-    public static String getDomainXML(String hostname, int https_admin_port, boolean https)
-            throws IOException, SAXException, ParserConfigurationException {
-        CMS.debug("getDomainXML start");
-        String c = getHttpResponse(hostname, https_admin_port, https, "/ca/admin/ca/getDomainXML", null, null, null);
-        if (c != null) {
-            ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
-            XMLObject parser = null;
-
-            parser = new XMLObject(bis);
-            String status = parser.getValue("Status");
-            CMS.debug("getDomainXML: status=" + status);
-
-            if (status.equals(SUCCESS)) {
-                String domainInfo = parser.getValue("DomainInfo");
-                CMS.debug("getDomainXML: domainInfo=" + domainInfo);
-                return domainInfo;
-            } else {
-                String error = parser.getValue("Error");
-                throw new IOException(error);
-            }
-
-        }
-        return null;
-    }
-
-    public static void getSecurityDomainPorts(String domainXML, String host, int port) throws SAXException,
-            IOException, ParserConfigurationException {
-        ByteArrayInputStream bis = new ByteArrayInputStream(domainXML.getBytes());
-        IConfigStore cs = CMS.getConfigStore();
-
-        XMLObject parser = new XMLObject(bis);
-        Document doc = parser.getDocument();
-        NodeList nodeList = doc.getElementsByTagName("CA");
-
-        int len = nodeList.getLength();
-        CMS.debug("len is " + len);
-        for (int i = 0; i < len; i++) {
-            String hostname = parser.getValuesFromContainer(nodeList.item(i), "Host").elementAt(0);
-            String admin_port = parser.getValuesFromContainer(nodeList.item(i), "SecureAdminPort").elementAt(0);
-            CMS.debug("hostname: <" + hostname + ">");
-            CMS.debug("admin_port: <" + admin_port + ">");
-
-            if (hostname.equals(host) && admin_port.equals(port + "")) {
-                cs.putString("securitydomain.httpport",
-                        parser.getValuesFromContainer(nodeList.item(i), "UnSecurePort").elementAt(0));
-                cs.putString("securitydomain.httpsagentport",
-                        parser.getValuesFromContainer(nodeList.item(i), "SecureAgentPort").elementAt(0));
-                cs.putString("securitydomain.httpseeport",
-                        parser.getValuesFromContainer(nodeList.item(i), "SecurePort").elementAt(0));
-
-                break;
-            }
-        }
-    }
-
-    public static Vector<String> getUrlListFromSecurityDomain(IConfigStore config,
-            String type, String portType)
-            throws EPropertyNotFound, EBaseException, IOException, SAXException, ParserConfigurationException {
-        Vector<String> v = new Vector<String>();
-
-        String hostname = config.getString("securitydomain.host");
-        int httpsadminport = config.getInteger("securitydomain.httpsadminport");
-
-        CMS.debug("getUrlListFromSecurityDomain(): Getting domain.xml from CA...");
-        String c = getDomainXML(hostname, httpsadminport, true);
-
-        CMS.debug("getUrlListFromSecurityDomain: Getting " + portType + " from Security Domain ...");
-        if (!portType.equals("UnSecurePort") &&
-                !portType.equals("SecureAgentPort") &&
-                !portType.equals("SecurePort") &&
-                !portType.equals("SecureAdminPort")) {
-            CMS.debug("getUrlListFromSecurityDomain:  " +
-                    "unknown port type " + portType);
-            return v;
-        }
-
-        ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
-        XMLObject parser = new XMLObject(bis);
-        Document doc = parser.getDocument();
-        NodeList nodeList = doc.getElementsByTagName(type);
-
-        // save domain name in cfg
-        config.putString("securitydomain.name", parser.getValue("Name"));
-
-        int len = nodeList.getLength();
-
-        CMS.debug("Len " + len);
-        for (int i = 0; i < len; i++) {
-            Vector<String> v_name = parser.getValuesFromContainer(nodeList.item(i), "SubsystemName");
-            Vector<String> v_host = parser.getValuesFromContainer(nodeList.item(i), "Host");
-            Vector<String> v_port = parser.getValuesFromContainer(nodeList.item(i), portType);
-            Vector<String> v_admin_port = parser.getValuesFromContainer(nodeList.item(i), "SecureAdminPort");
-
-            if (v_host.elementAt(0).equals(hostname)
-                    && v_admin_port.elementAt(0).equals(new Integer(httpsadminport).toString())) {
-                // add security domain CA to the beginning of list
-                v.add(0, v_name.elementAt(0) + " - https://" + v_host.elementAt(0) + ":" + v_port.elementAt(0));
-            } else {
-                v.addElement(v_name.elementAt(0) + " - https://" + v_host.elementAt(0) + ":" + v_port.elementAt(0));
-            }
-        }
-
-        return v;
-    }
-
-    public static boolean isValidCloneURI(String domainXML, String cloneHost, int clonePort) throws EPropertyNotFound,
-            EBaseException, SAXException, IOException, ParserConfigurationException {
-        IConfigStore cs = CMS.getConfigStore();
-        String csType = cs.getString("cs.type");
-        ByteArrayInputStream bis = new ByteArrayInputStream(domainXML.getBytes());
-
-        XMLObject parser = new XMLObject(bis);
-        Document doc = parser.getDocument();
-        NodeList nodeList = doc.getElementsByTagName(csType.toUpperCase());
-
-        int len = nodeList.getLength();
-        for (int i = 0; i < len; i++) {
-            String hostname = parser.getValuesFromContainer(nodeList.item(i), "Host").elementAt(0);
-            String secure_port = parser.getValuesFromContainer(nodeList.item(i), "SecurePort").elementAt(0);
-
-            if (hostname.equals(cloneHost) && secure_port.equals(clonePort + "")) {
-                cs.putString("preop.master.hostname", cloneHost);
-                cs.putInteger("preop.master.httpsport", clonePort);
-                cs.putString("preop.master.httpsadminport",
-                        parser.getValuesFromContainer(nodeList.item(i), "SecureAdminPort").elementAt(0));
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    public static void getConfigEntriesFromMaster()
-            throws IOException, EBaseException, SAXException, ParserConfigurationException {
-
-        IConfigStore config = CMS.getConfigStore();
-        String cstype = "";
-
-        cstype = config.getString("cs.type", "");
-
-        cstype = cstype.toLowerCase();
-
-        String session_id = CMS.getConfigSDSessionId();
-        String master_hostname = config.getString("preop.master.hostname", "");
-        int master_port = config.getInteger("preop.master.httpsadminport", -1);
-        int master_ee_port = config.getInteger("preop.master.httpsport", -1);
-
-        String content = "";
-        if (cstype.equals("ca") || cstype.equals("kra")) {
-            content = "type=request&xmlOutput=true&sessionID=" + session_id;
-            CMS.debug("http content=" + content);
-            updateNumberRange(master_hostname, master_ee_port, master_port, true, content, "request");
-
-            content = "type=serialNo&xmlOutput=true&sessionID=" + session_id;
-            updateNumberRange(master_hostname, master_ee_port, master_port, true, content, "serialNo");
-
-            content = "type=replicaId&xmlOutput=true&sessionID=" + session_id;
-            updateNumberRange(master_hostname, master_ee_port, master_port, true, content, "replicaId");
-        }
-
-        String list = "";
-
-        list = config.getString("preop.cert.list", "");
-
-        StringBuffer c1 = new StringBuffer();
-        StringBuffer s1 = new StringBuffer();
-        StringTokenizer tok = new StringTokenizer(list, ",");
-        while (tok.hasMoreTokens()) {
-            String t1 = tok.nextToken();
-            if (t1.equals("sslserver"))
-                continue;
-            c1.append(",cloning." + t1 + ".nickname");
-            c1.append(",cloning." + t1 + ".dn");
-            c1.append(",cloning." + t1 + ".keytype");
-            c1.append(",cloning." + t1 + ".keyalgorithm");
-            c1.append(",cloning." + t1 + ".privkey.id");
-            c1.append(",cloning." + t1 + ".pubkey.exponent");
-            c1.append(",cloning." + t1 + ".pubkey.modulus");
-            c1.append(",cloning." + t1 + ".pubkey.encoded");
-
-            if (s1.length() != 0)
-                s1.append(",");
-            s1.append(cstype + "." + t1);
-        }
-
-        if (!cstype.equals("ca")) {
-            c1.append(",cloning.ca.hostname,cloning.ca.httpport,cloning.ca.httpsport,cloning.ca.list,cloning.ca.pkcs7,cloning.ca.type");
-        }
-
-        if (cstype.equals("ca")) {
-            /* get ca connector details */
-            if (s1.length() != 0)
-                s1.append(",");
-            s1.append("ca.connector.KRA");
-        }
-
-        s1.append(",internaldb,internaldb.ldapauth,internaldb.ldapconn");
-
-        content =
-                "op=get&names=cloning.module.token,cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,"
-                        + "internaldb.replication.password" + c1.toString()
-                        + "&substores=" + s1.toString()
-                        + "&xmlOutput=true&sessionID="
-                        + session_id;
-        boolean success = updateConfigEntries(master_hostname, master_port, true,
-                "/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config);
-        if (!success) {
-            throw new IOException("Failed to get configuration entries from the master");
-        }
-        config.putString("preop.clone.configuration", "true");
-
-        config.commit(false);
-
-    }
-
-    public static void updateNumberRange(String hostname, int eePort, int adminPort, boolean https, String content,
-            String type) throws IOException, EBaseException, SAXException, ParserConfigurationException {
-        CMS.debug("updateNumberRange start host=" + hostname + " adminPort=" + adminPort + " eePort=" + eePort);
-        IConfigStore cs = CMS.getConfigStore();
-
-        String cstype = cs.getString("cs.type", "");
-        cstype = cstype.toLowerCase();
-
-        String serverPath = "/" + cstype + "/admin/" + cstype + "/updateNumberRange";
-        String c = null;
-        XMLObject parser = null;
-        try {
-            c = getHttpResponse(hostname, adminPort, https, serverPath, content, null, null);
-            if (c == null || c.equals("")) {
-                CMS.debug("updateNumberRange: content is null.");
-                throw new IOException("The server you want to contact is not available");
-            }
-
-            CMS.debug("content from admin interface ="+ c);
-            // when the admin servlet is unavailable, we return a badly formatted error page
-            // in that case, this will throw an exception and be passed into the catch block.
-            parser = new XMLObject(new ByteArrayInputStream(c.getBytes()));
-        } catch (Exception e) {
-            // for backward compatibility, try the old ee interface too
-            CMS.debug("updateNumberRange: Failed to contact master using admin port" + e);
-            CMS.debug("updateNumberRange: Attempting to contact master using EE port");
-            serverPath = "/" + cstype + "/ee/" + cstype + "/updateNumberRange";
-            c = getHttpResponse(hostname, eePort, https, serverPath, content, null, null);
-            if (c == null || c.equals("")) {
-                CMS.debug("updateNumberRange: content is null.");
-                throw new IOException("The server you want to contact is not available");
-            }
-            CMS.debug("content from ee interface =" + c);
-            parser = new XMLObject(new ByteArrayInputStream(c.getBytes()));
-        }
-
-        String status = parser.getValue("Status");
-
-        CMS.debug("updateNumberRange(): status=" + status);
-        if (status.equals(SUCCESS)) {
-            String beginNum = parser.getValue("beginNumber");
-            String endNum = parser.getValue("endNumber");
-            if (type.equals("request")) {
-                cs.putString("dbs.beginRequestNumber", beginNum);
-                cs.putString("dbs.endRequestNumber", endNum);
-            } else if (type.equals("serialNo")) {
-                cs.putString("dbs.beginSerialNumber", beginNum);
-                cs.putString("dbs.endSerialNumber", endNum);
-            } else if (type.equals("replicaId")) {
-                cs.putString("dbs.beginReplicaNumber", beginNum);
-                cs.putString("dbs.endReplicaNumber", endNum);
-            }
-            // enable serial number management in clone
-            cs.putString("dbs.enableSerialManagement", "true");
-            cs.commit(false);
-            return;
-        } else if (status.equals(AUTH_FAILURE)) {
-            throw new EAuthException(AUTH_FAILURE);
-        } else {
-            String error = parser.getValue("Error");
-            throw new IOException(error);
-        }
-    }
-
-    public static boolean updateConfigEntries(String hostname, int port, boolean https,
-            String servlet, String uri, IConfigStore config)
-                    throws IOException, EBaseException, SAXException, ParserConfigurationException {
-        CMS.debug("updateConfigEntries start");
-        String c = getHttpResponse(hostname, port, https, servlet, uri, null, null);
-
-        if (c != null) {
-
-            ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
-            XMLObject parser = null;
-
-            parser = new XMLObject(bis);
-
-            String status = parser.getValue("Status");
-            CMS.debug("updateConfigEntries: status=" + status);
-
-            if (status.equals(SUCCESS)) {
-                String cstype = "";
-
-                cstype = config.getString("cs.type", "");
-
-                Document doc = parser.getDocument();
-                NodeList list = doc.getElementsByTagName("name");
-                int len = list.getLength();
-                for (int i = 0; i < len; i++) {
-                    Node n = list.item(i);
-                    NodeList nn = n.getChildNodes();
-                    String name = nn.item(0).getNodeValue();
-                    Node parent = n.getParentNode();
-                    nn = parent.getChildNodes();
-                    int len1 = nn.getLength();
-                    String v = "";
-                    for (int j = 0; j < len1; j++) {
-                        Node nv = nn.item(j);
-                        String val = nv.getNodeName();
-                        if (val.equals("value")) {
-                            NodeList n2 = nv.getChildNodes();
-                            if (n2.getLength() > 0)
-                                v = n2.item(0).getNodeValue();
-                            break;
-                        }
-                    }
-
-                    if (name.equals("internaldb.basedn")) {
-                        config.putString(name, v);
-                        config.putString("preop.internaldb.master.basedn", v);
-                    } else if (name.startsWith("internaldb")) {
-                        config.putString(name.replaceFirst("internaldb", "preop.internaldb.master"), v);
-                    } else if (name.equals("instanceId")) {
-                        config.putString("preop.master.instanceId", v);
-                    } else if (name.equals("cloning.signing.nickname")) {
-                        config.putString("preop.master.signing.nickname", v);
-                        config.putString("preop.cert.signing.nickname", v);
-                    } else if (name.equals("cloning.ocsp_signing.nickname")) {
-                        config.putString("preop.master.ocsp_signing.nickname", v);
-                        config.putString("preop.cert.ocsp_signing.nickname", v);
-                    } else if (name.equals("cloning.subsystem.nickname")) {
-                        config.putString("preop.master.subsystem.nickname", v);
-                        config.putString("preop.cert.subsystem.nickname", v);
-                    } else if (name.equals("cloning.transport.nickname")) {
-                        config.putString("preop.master.transport.nickname", v);
-                        config.putString("kra.transportUnit.nickName", v);
-                        config.putString("preop.cert.transport.nickname", v);
-                    } else if (name.equals("cloning.storage.nickname")) {
-                        config.putString("preop.master.storage.nickname", v);
-                        config.putString("kra.storageUnit.nickName", v);
-                        config.putString("preop.cert.storage.nickname", v);
-                    } else if (name.equals("cloning.audit_signing.nickname")) {
-                        config.putString("preop.master.audit_signing.nickname", v);
-                        config.putString("preop.cert.audit_signing.nickname", v);
-                        config.putString(name, v);
-                    } else if (name.startsWith("cloning.ca")) {
-                        config.putString(name.replaceFirst("cloning", "preop"), v);
-                    } else if (name.equals("cloning.signing.keyalgorithm")) {
-                        config.putString(name.replaceFirst("cloning", "preop.cert"), v);
-                        if (cstype.equals("CA")) {
-                            config.putString("ca.crl.MasterCRL.signingAlgorithm", v);
-                            config.putString("ca.signing.defaultSigningAlgorithm", v);
-                        } else if (cstype.equals("OCSP")) {
-                            config.putString("ocsp.signing.defaultSigningAlgorithm", v);
-                        }
-                    } else if (name.equals("cloning.transport.keyalgorithm")) {
-                        config.putString(name.replaceFirst("cloning", "preop.cert"), v);
-                        config.putString("kra.transportUnit.signingAlgorithm", v);
-                    } else if (name.equals("cloning.ocsp_signing.keyalgorithm")) {
-                        config.putString(name.replaceFirst("cloning", "preop.cert"), v);
-                        if (cstype.equals("CA")) {
-                            config.putString("ca.ocsp_signing.defaultSigningAlgorithm", v);
-                        }
-                    } else if (name.startsWith("cloning")) {
-                        config.putString(name.replaceFirst("cloning", "preop.cert"), v);
-                    } else {
-                        config.putString(name, v);
-                    }
-                }
-
-                // set master ldap password (if it exists) temporarily in password store
-                // in case it is needed for replication.  Not stored in password.conf.
-
-                String master_pwd = config.getString("preop.internaldb.master.ldapauth.password", "");
-                if (!master_pwd.equals("")) {
-                    config.putString("preop.internaldb.master.ldapauth.bindPWPrompt", "master_internaldb");
-                    String passwordFile = config.getString("passwordFile");
-                    IConfigStore psStore = CMS.createFileConfigStore(passwordFile);
-                    psStore.putString("master_internaldb", master_pwd);
-                    psStore.commit(false);
-                }
-
-                return true;
-            } else if (status.equals(AUTH_FAILURE)) {
-                throw new EAuthException(AUTH_FAILURE);
-            } else {
-                String error = parser.getValue("Error");
-                throw new IOException(error);
-            }
-        }
-
-        return false;
-    }
-
-    public static void restoreCertsFromP12(String p12File, String p12Pass) throws EPropertyNotFound, EBaseException,
-            InvalidKeyException, CertificateException, NoSuchAlgorithmException,
-            InvalidAlgorithmParameterException, IllegalStateException, TokenException, IllegalBlockSizeException,
-            BadPaddingException, NotInitializedException, NicknameConflictException, UserCertConflictException,
-            NoSuchItemOnTokenException, InvalidBERException, IOException {
-        byte b[] = new byte[1000000];
-
-        FileInputStream fis = new FileInputStream(p12File);
-        while (fis.available() > 0)
-            fis.read(b);
-        fis.close();
-
-        ByteArrayInputStream bis = new ByteArrayInputStream(b);
-        StringBuffer reason = new StringBuffer();
-        Password password = new Password(p12Pass.toCharArray());
-        PFX pfx = null;
-        boolean verifypfx = false;
-
-        pfx = (PFX) (new PFX.Template()).decode(bis);
-        verifypfx = pfx.verifyAuthSafes(password, reason);
-
-        if (verifypfx) {
-            AuthenticatedSafes safes = pfx.getAuthSafes();
-            Vector<Vector<Object>> pkeyinfo_collection = new Vector<Vector<Object>>();
-            Vector<Vector<Object>> cert_collection = new Vector<Vector<Object>>();
-            for (int i = 0; i < safes.getSize(); i++) {
-                SEQUENCE scontent = safes.getSafeContentsAt(null, i);
-                for (int j = 0; j < scontent.size(); j++) {
-                    SafeBag bag = (SafeBag) scontent.elementAt(j);
-                    OBJECT_IDENTIFIER oid = bag.getBagType();
-                    if (oid.equals(SafeBag.PKCS8_SHROUDED_KEY_BAG)) {
-                        EncryptedPrivateKeyInfo privkeyinfo =
-                                (EncryptedPrivateKeyInfo) bag.getInterpretedBagContent();
-                        PrivateKeyInfo pkeyinfo = privkeyinfo.decrypt(password, new PasswordConverter());
-                        Vector<Object> pkeyinfo_v = new Vector<Object>();
-                        pkeyinfo_v.addElement(pkeyinfo);
-                        SET bagAttrs = bag.getBagAttributes();
-                        for (int k = 0; k < bagAttrs.size(); k++) {
-                            Attribute attrs = (Attribute) bagAttrs.elementAt(k);
-                            OBJECT_IDENTIFIER aoid = attrs.getType();
-                            if (aoid.equals(SafeBag.FRIENDLY_NAME)) {
-                                SET val = attrs.getValues();
-                                ANY ss = (ANY) val.elementAt(0);
-                                ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded());
-                                BMPString sss = (BMPString) new BMPString.Template().decode(bbis);
-                                String s = sss.toString();
-                                pkeyinfo_v.addElement(s);
-                            }
-                        }
-                        pkeyinfo_collection.addElement(pkeyinfo_v);
-                    } else if (oid.equals(SafeBag.CERT_BAG)) {
-                        CertBag cbag = (CertBag) bag.getInterpretedBagContent();
-                        OCTET_STRING str = (OCTET_STRING) cbag.getInterpretedCert();
-                        byte[] x509cert = str.toByteArray();
-                        Vector<Object> cert_v = new Vector<Object>();
-                        cert_v.addElement(x509cert);
-                        SET bagAttrs = bag.getBagAttributes();
-
-                        if (bagAttrs != null) {
-                            for (int k = 0; k < bagAttrs.size(); k++) {
-                                Attribute attrs = (Attribute) bagAttrs.elementAt(k);
-                                OBJECT_IDENTIFIER aoid = attrs.getType();
-                                if (aoid.equals(SafeBag.FRIENDLY_NAME)) {
-                                    SET val = attrs.getValues();
-                                    ANY ss = (ANY) val.elementAt(0);
-                                    ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded());
-                                    BMPString sss = (BMPString) (new BMPString.Template()).decode(bbis);
-                                    String s = sss.toString();
-                                    cert_v.addElement(s);
-                                }
-                            }
-                        }
-
-                        cert_collection.addElement(cert_v);
-                    }
-                }
-            }
-
-            importkeycert(pkeyinfo_collection, cert_collection);
-        } else {
-            throw new IOException("P12 File is incorrect");
-        }
-
-    }
-
-    public static boolean isCertdbCloned() {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            CryptoManager cm = CryptoManager.getInstance();
-            String certList = cs.getString("preop.cert.list");
-            String cstype = cs.getString("cs.type").toLowerCase();
-            StringTokenizer st = new StringTokenizer(certList, ",");
-            while (st.hasMoreTokens()) {
-                String tag = st.nextToken();
-                if (tag.equals("sslserver"))
-                    continue;
-                String tokenname = cs.getString("preop.module.token", "");
-                cm.getTokenByName(tokenname); // throw exception if token doesn't exist
-                String name1 = "preop.master." + tag + ".nickname";
-                String nickname = cs.getString(name1, "");
-                if (!tokenname.equals("Internal Key Storage Token") &&
-                        !tokenname.equals("internal"))
-                    nickname = tokenname + ":" + nickname;
-
-                CMS.debug("isCertdbCloned: " + nickname);
-
-                // TODO : remove this when we eliminate the extraneous nicknames
-                // needed for self tests
-                cs.putString(cstype + ".cert." + tag + ".nickname", nickname);
-
-                X509Certificate cert = cm.findCertByNickname(nickname);
-                if (cert == null)
-                    return false;
-            }
-        } catch (Exception e) {
-            return false;
-        }
-
-        return true;
-    }
-
-    public static void importkeycert(Vector<Vector<Object>> pkeyinfo_collection,
-            Vector<Vector<Object>> cert_collection) throws IOException, CertificateException, TokenException,
-            NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalStateException,
-            IllegalBlockSizeException, BadPaddingException, NotInitializedException, NicknameConflictException,
-            UserCertConflictException, NoSuchItemOnTokenException, EPropertyNotFound, EBaseException {
-        CryptoManager cm = CryptoManager.getInstance();
-
-        // delete all existing certificates first
-        deleteExistingCerts();
-
-        ArrayList<String> masterList = getMasterCertKeyList();
-
-        for (int i = 0; i < pkeyinfo_collection.size(); i++) {
-            Vector<Object> pkeyinfo_v = pkeyinfo_collection.elementAt(i);
-            PrivateKeyInfo pkeyinfo = (PrivateKeyInfo) pkeyinfo_v.elementAt(0);
-            String nickname = (String) pkeyinfo_v.elementAt(1);
-
-            if (! importRequired(masterList,nickname)) {
-                CMS.debug("Ignoring key " + nickname);
-                continue;
-            }
-
-            byte[] x509cert = getX509Cert(nickname, cert_collection);
-            X509Certificate cert = cm.importCACertPackage(x509cert);
-            ByteArrayOutputStream bos = new ByteArrayOutputStream();
-            pkeyinfo.encode(bos);
-            byte[] pkey = bos.toByteArray();
-
-            PublicKey publickey = cert.getPublicKey();
-            CryptoToken token = cm.getInternalKeyStorageToken();
-            CryptoStore store = token.getCryptoStore();
-
-            try {
-                store.deleteCert(cert);
-            } catch (NoSuchItemOnTokenException e) {
-                // this is OK
-            }
-
-            KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3);
-            SymmetricKey sk = kg.generate();
-            byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
-            IVParameterSpec param = new IVParameterSpec(iv);
-            Cipher c = token.getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD);
-            c.initEncrypt(sk, param);
-            byte[] encpkey = c.doFinal(pkey);
-
-            KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
-            wrapper.initUnwrap(sk, param);
-            wrapper.unwrapPrivate(encpkey, getPrivateKeyType(publickey), publickey);
-
-        }
-
-        for (int i = 0; i < cert_collection.size(); i++) {
-
-            Vector<Object> cert_v = cert_collection.elementAt(i);
-            byte[] cert = (byte[]) cert_v.elementAt(0);
-            if (cert_v.size() > 1) {
-                String name = (String) cert_v.elementAt(1);
-                if (! masterList.contains(name)) {
-                    CMS.debug("Not importing " + name);
-                    // only import the master's system certs
-                    continue;
-                }
-                // we need to delete the trusted CA certificate if it is
-                // the same as the ca signing certificate
-                if (isCASigningCert(name)) {
-                    X509Certificate certchain = getX509CertFromToken(cert);
-                    if (certchain != null) {
-                        CryptoToken token = cm.getInternalKeyStorageToken();
-                        CryptoStore store = token.getCryptoStore();
-                        if (store instanceof PK11Store) {
-                            try {
-                                PK11Store pk11store = (PK11Store) store;
-                                pk11store.deleteCertOnly(certchain);
-                            } catch (Exception ee) {
-                                CMS.debug("importKeyCert: Exception=" + ee.toString());
-                            }
-                        }
-                    }
-                }
-
-                X509Certificate xcert = cm.importUserCACertPackage(cert, name);
-                if (isCASigningCert(name)) {
-                    // we need to change the trust attribute to CT
-                    InternalCertificate icert = (InternalCertificate) xcert;
-                    icert.setSSLTrust(InternalCertificate.TRUSTED_CA
-                            | InternalCertificate.TRUSTED_CLIENT_CA
-                            | InternalCertificate.VALID_CA);
-                } else if (isAuditSigningCert(name)) {
-                    InternalCertificate icert = (InternalCertificate) xcert;
-                    icert.setObjectSigningTrust(InternalCertificate.USER
-                            | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER);
-                }
-            } else {
-                cm.importCACertPackage(cert);
-            }
-        }
-    }
-
-    private static boolean importRequired(ArrayList<String> masterList, String nickname) {
-        if (masterList.contains(nickname))
-            return true;
-        try {
-            X500Name xname = new X500Name(nickname);
-            for (String key: masterList) {
-                try {
-                    X500Name xkey = new X500Name(key);
-                    if (xkey.equals(xname)) return true;
-                } catch (IOException e) {
-                    // xkey not an X500Name
-                }
-            }
-
-        } catch (IOException e) {
-            // nickname is not a x500Name
-            return false;
-        }
-        return false;
-    }
-
-    public static X509Certificate getX509CertFromToken(byte[] cert)
-            throws IOException, CertificateException, NotInitializedException {
-
-        X509CertImpl impl = new X509CertImpl(cert);
-        String issuer_impl = impl.getIssuerDN().toString();
-        BigInteger serial_impl = impl.getSerialNumber();
-        CryptoManager cm = CryptoManager.getInstance();
-        X509Certificate[] permcerts = cm.getPermCerts();
-        for (int i = 0; i < permcerts.length; i++) {
-            String issuer_p = permcerts[i].getSubjectDN().toString();
-            BigInteger serial_p = permcerts[i].getSerialNumber();
-            if (issuer_p.equals(issuer_impl) && serial_p.compareTo(serial_impl) == 0) {
-                return permcerts[i];
-            }
-        }
-        return null;
-    }
-
-    public static org.mozilla.jss.crypto.PrivateKey.Type getPrivateKeyType(PublicKey pubkey) {
-        CMS.debug("Key Algorithm '" + pubkey.getAlgorithm() + "'");
-        if (pubkey.getAlgorithm().equals("EC")) {
-            return org.mozilla.jss.crypto.PrivateKey.Type.EC;
-        }
-        return org.mozilla.jss.crypto.PrivateKey.Type.RSA;
-    }
-
-    public static boolean isCASigningCert(String name) {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            String nickname = cs.getString("preop.master.signing.nickname");
-            if (nickname.equals(name)) return true;
-        } catch(Exception e) {
-            // nickname may not exist if this is not cloning a CA
-        };
-
-        return false;
-    }
-
-    public static boolean isAuditSigningCert(String name) throws EPropertyNotFound, EBaseException {
-        IConfigStore cs = CMS.getConfigStore();
-        String nickname = cs.getString("preop.master.audit_signing.nickname");
-        if (nickname.equals(name)) return true;
-        return false;
-    }
-
-    public static void deleteExistingCerts() {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            String list = cs.getString("preop.cert.list", "");
-            StringTokenizer st = new StringTokenizer(list, ",");
-            while (st.hasMoreTokens()) {
-                String s = st.nextToken();
-                if (s.equals("sslserver"))
-                    continue;
-                String name = "preop.master." + s + ".nickname";
-                String nickname = cs.getString(name, "");
-                CryptoManager cm = CryptoManager.getInstance();
-                X509Certificate xcert = null;
-                try {
-                    xcert = cm.findCertByNickname(nickname);
-                } catch (Exception ee) {
-                    CMS.debug("deleteExistingCerts: Exception=" + ee.toString());
-                }
-                CryptoToken ct = cm.getInternalKeyStorageToken();
-                CryptoStore store = ct.getCryptoStore();
-                try {
-                    store.deleteCert(xcert);
-                } catch (Exception ee) {
-                    CMS.debug("deleteExistingCerts: Exception=" + ee.toString());
-                }
-            }
-        } catch (Exception e) {
-            CMS.debug("deleteExistingCerts: Exception=" + e.toString());
-        }
-    }
-
-    public static ArrayList<String> getMasterCertKeyList() throws EBaseException {
-        ArrayList<String> list = new ArrayList<String>();
-        IConfigStore cs = CMS.getConfigStore();
-        String certList = cs.getString("preop.cert.list", "");
-        StringTokenizer st = new StringTokenizer(certList, ",");
-        while (st.hasMoreTokens()) {
-            String s = st.nextToken();
-            if (s.equals("sslserver"))
-                    continue;
-            String name = "preop.master." + s + ".nickname";
-            String nickname = cs.getString(name);
-            list.add(nickname);
-
-            name = "preop.cert." + s + ".dn";
-            String dn = cs.getString(name);
-            list.add(dn);
-        }
-        return list;
-    }
-
-    public static byte[] getX509Cert(String nickname, Vector<Vector<Object>> cert_collection)
-            throws CertificateException {
-        for (int i = 0; i < cert_collection.size(); i++) {
-            Vector<Object> v = cert_collection.elementAt(i);
-            byte[] b = (byte[]) v.elementAt(0);
-            X509CertImpl impl = null;
-            impl = new X509CertImpl(b);
-            Principal subjectdn = impl.getSubjectDN();
-            if (LDAPDN.equals(subjectdn.toString(), nickname)) return b;
-        }
-        return null;
-    }
-
-    public static void releaseConnection(LDAPConnection conn) {
-        try {
-            if (conn != null) conn.disconnect();
-        } catch (LDAPException e) {
-            e.printStackTrace();
-            CMS.debug("releaseConnection: " + e);
-        }
-    }
-
-    public static void populateDB() throws IOException, EBaseException {
-        IConfigStore cs = CMS.getConfigStore();
-
-        String baseDN = cs.getString("internaldb.basedn");
-        String database = cs.getString("internaldb.database", "");
-        String remove = cs.getString("preop.database.removeData", "false");
-
-        IConfigStore dbCfg = cs.getSubStore("internaldb");
-        ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory();
-        dbFactory.init(dbCfg);
-        LDAPConnection conn = dbFactory.getConn();
-
-        // check that the database and baseDN do not exist
-        boolean foundBaseDN = false;
-        try {
-            LDAPEntry entry = conn.read(baseDN);
-            if (entry != null) foundBaseDN = true;
-        } catch (LDAPException e) {
-            switch (e.getLDAPResultCode()) {
-            case LDAPException.NO_SUCH_OBJECT:
-                break;
-            default:
-                e.printStackTrace();
-                CMS.debug("populateDB: LDAPException " + e.toString());
-                releaseConnection(conn);
-                throw new IOException("Failed to determine if basedDN exists.");
-            }
-        }
-
-        boolean foundDatabase = false;
-        try {
-            String dn = "cn=" + LDAPUtil.escapeRDNValue(database) + ",cn=ldbm database, cn=plugins, cn=config";
-            LDAPEntry entry = conn.read(dn);
-            if (entry != null) foundDatabase = true;
-        } catch (LDAPException e) {
-            switch (e.getLDAPResultCode()) {
-            case LDAPException.NO_SUCH_OBJECT:
-                break;
-            default:
-                e.printStackTrace();
-                CMS.debug("populatedb: LDAPException " + e.toString());
-                releaseConnection(conn);
-                throw new IOException("Failed to determine if database exists.");
-            }
-        }
-        try {
-            String dn = "cn=\"" + baseDN + "\",cn=mapping tree, cn=config";
-            LDAPEntry entry = conn.read(dn);
-            if (entry != null) foundDatabase = true;
-        } catch (LDAPException e) {
-            switch (e.getLDAPResultCode()) {
-            case LDAPException.NO_SUCH_OBJECT:
-                break;
-            default:
-                e.printStackTrace();
-                CMS.debug("populateDB: LDAPException " + e.toString());
-                releaseConnection(conn);
-                throw new IOException("Failed to determine if mapping tree exists.");
-            }
-        }
-
-        if (foundDatabase) {
-            CMS.debug("populatedb: This database has already been used.");
-            if (remove.equals("false")) {
-                releaseConnection(conn);
-                throw new IOException("This database has already been used. " +
-                		"Select the checkbox below to remove all data and reuse this database");
-            } else {
-                CMS.debug("populateDB: Deleting existing DB and reusing base DN");
-                cleanupDB(conn, baseDN, database);
-                foundBaseDN = false;
-                foundDatabase = false;
-            }
-        }
-
-        if (foundBaseDN) {
-            CMS.debug("DatabasePanel update: This base DN has already been used.");
-            if (remove.equals("false")) {
-                releaseConnection(conn);
-                throw new IOException( "This base DN (" + baseDN
-                        + ") has already been used. Select the checkbox below to remove all data and reuse this base DN");
-            } else {
-                CMS.debug("populateDB: Deleting existing DB and reusing base DN");
-                cleanupDB(conn, baseDN, database);
-                foundBaseDN = false;
-                foundDatabase = false;
-            }
-        }
-
-        // create database
-        try {
-            LDAPAttributeSet attrs = new LDAPAttributeSet();
-            String oc[] = { "top", "extensibleObject", "nsBackendInstance" };
-            attrs.add(new LDAPAttribute("objectClass", oc));
-            attrs.add(new LDAPAttribute("cn", database));
-            attrs.add(new LDAPAttribute("nsslapd-suffix", baseDN));
-            String dn = "cn=" + LDAPUtil.escapeRDNValue(database) + ",cn=ldbm database, cn=plugins, cn=config";
-            LDAPEntry entry = new LDAPEntry(dn, attrs);
-            conn.add(entry);
-        } catch (Exception e) {
-            CMS.debug("populateDB: Warning: database creation error - " + e.toString());
-            releaseConnection(conn);
-            throw new IOException("Failed to create the database.");
-        }
-
-        try {
-            LDAPAttributeSet attrs = new LDAPAttributeSet();
-            String oc2[] = { "top", "extensibleObject", "nsMappingTree" };
-            attrs.add(new LDAPAttribute("objectClass", oc2));
-            attrs.add(new LDAPAttribute("cn", baseDN));
-            attrs.add(new LDAPAttribute("nsslapd-backend", database));
-            attrs.add(new LDAPAttribute("nsslapd-state", "Backend"));
-            String dn = "cn=\"" + baseDN + "\",cn=mapping tree, cn=config";
-            LDAPEntry entry = new LDAPEntry(dn, attrs);
-            conn.add(entry);
-        } catch (Exception e) {
-            CMS.debug("populateDB: Warning: database mapping tree creation error - " + e.toString());
-            releaseConnection(conn);
-            throw new IOException("Failed to create the database.");
-        }
-
-        try {
-            // create base dn
-            CMS.debug("Creating base DN: " + baseDN);
-            String dns3[] = LDAPDN.explodeDN(baseDN, false);
-            StringTokenizer st = new StringTokenizer(dns3[0], "=");
-            String n = st.nextToken();
-            String v = st.nextToken();
-            LDAPAttributeSet attrs = new LDAPAttributeSet();
-            String oc3[] = { "top", "domain" };
-            if (n.equals("o")) {
-                oc3[1] = "organization";
-            } else if (n.equals("ou")) {
-                oc3[1] = "organizationalUnit";
-            }
-            attrs.add(new LDAPAttribute("objectClass", oc3));
-            attrs.add(new LDAPAttribute(n, v));
-
-            LDAPEntry entry = new LDAPEntry(baseDN, attrs);
-            conn.add(entry);
-        } catch (Exception e) {
-            CMS.debug("populateDB: Warning: suffix creation error - " + e.toString());
-            releaseConnection(conn);
-            throw new IOException("Failed to create the base DN: " + baseDN);
-        }
-
-        try {
-            String select = cs.getString("preop.subsystem.select", "");
-            if (select.equals("clone")) {
-                // in most cases, we want to replicate the schema and therefore
-                // NOT add it here.  We provide this option though in case the
-                // clone already has schema and we want to replicate back to the
-                // master.
-                boolean replicateSchema = cs.getBoolean("preop.internaldb.replicateSchema", true);
-                if (! replicateSchema) {
-                    importLDIFS("preop.internaldb.schema.ldif", conn);
-                }
-                importLDIFS("preop.internaldb.ldif", conn);
-
-                // add the index before replication, add VLV indexes afterwards
-                importLDIFS("preop.internaldb.index_ldif", conn);
-            } else {
-                // data will be replicated from the master to the clone
-                // so clone does not need the data
-                importLDIFS("preop.internaldb.schema.ldif", conn);
-                importLDIFS("preop.internaldb.ldif", conn);
-                importLDIFS("preop.internaldb.data_ldif", conn);
-                importLDIFS("preop.internaldb.index_ldif", conn);
-            }
-        } catch (Exception e) {
-            e.printStackTrace();
-            CMS.debug("Failed to import ldif files: " + e);
-            releaseConnection(conn);
-            throw new IOException("Failed to import ldif files");
-        }
-
-        releaseConnection(conn);
-    }
-
-    public static void importLDIFS(String param, LDAPConnection conn) throws IOException, EPropertyNotFound,
-            EBaseException {
-        IConfigStore cs = CMS.getConfigStore();
-
-        CMS.debug("importLDIFS: param=" + param);
-        String v = cs.getString(param);
-
-        String baseDN = cs.getString("internaldb.basedn");
-        String database = cs.getString("internaldb.database");
-        String instancePath = cs.getString("instanceRoot");
-        String instanceId = cs.getString("instanceId");
-        String cstype = cs.getString("cs.type");
-
-        String dbuser = "uid=" + DBUSER + ",ou= people," + baseDN;
-
-        String configDir = instancePath + File.separator + cstype.toLowerCase() + File.separator + "conf";
-
-        StringTokenizer tokenizer = new StringTokenizer(v, ",");
-        while (tokenizer.hasMoreTokens()) {
-            String token = tokenizer.nextToken().trim();
-            int index = token.lastIndexOf("/");
-            String name = token;
-
-            if (index != -1) {
-                name = token.substring(index + 1);
-            }
-
-            CMS.debug("importLDIFS(): ldif file = " + token);
-            String filename = configDir + File.separator + name;
-
-            CMS.debug("importLDIFS(): ldif file copy to " + filename);
-            PrintStream ps = null;
-            BufferedReader in = null;
-
-            in = new BufferedReader(new FileReader(token));
-            ps = new PrintStream(new FileOutputStream(filename, false));
-            while (in.ready()) {
-                String s = in.readLine();
-                int n = s.indexOf("{");
-
-                if (n == -1) {
-                    ps.println(s);
-                } else {
-                    boolean endOfline = false;
-
-                    while (n != -1) {
-                        ps.print(s.substring(0, n));
-                        int n1 = s.indexOf("}");
-                        String tok = s.substring(n + 1, n1);
-
-                        if (tok.equals("instanceId")) {
-                            ps.print(instanceId);
-                        } else if (tok.equals("rootSuffix")) {
-                            ps.print(baseDN);
-                        } else if (tok.equals("database")) {
-                            ps.print(database);
-                        } else if (tok.equals("dbuser")) {
-                            ps.print(dbuser);
-                        }
-                        if ((s.length() + 1) == n1) {
-                            endOfline = true;
-                            break;
-                        }
-                        s = s.substring(n1 + 1);
-                        n = s.indexOf("{");
-                    }
-
-                    if (!endOfline) {
-                        ps.println(s);
-                    }
-                }
-            }
-            in.close();
-            ps.close();
-
-            ArrayList<String> errors = new ArrayList<String>();
-            LDAPUtil.importLDIF(conn, filename, errors);
-            if (!errors.isEmpty()) {
-                CMS.debug("importLDIFS(): LDAP Errors in importing " + filename);
-                for (String error : errors) {
-                    CMS.debug(error);
-                }
-            }
-        }
-    }
-
-    public static void cleanupDB(LDAPConnection conn, String baseDN, String database) {
-        String[] entries = {};
-        String filter = "objectclass=*";
-        LDAPSearchConstraints cons = null;
-        String[] attrs = null;
-        String dn = "";
-        try {
-            CMS.debug("cleanupDB: Deleting baseDN: " + baseDN);
-            LDAPSearchResults res = conn.search(baseDN, LDAPConnection.SCOPE_BASE, filter,
-                    attrs, true, cons);
-            if (res != null)
-                deleteEntries(res, conn, baseDN, entries);
-        } catch (LDAPException e) {
-            CMS.debug("cleanupDB: ldapexception thrown" + e);
-        }
-
-        try {
-            dn = "cn=mapping tree, cn=config";
-            filter = "nsslapd-backend=" + LDAPUtil.escapeFilter(database);
-            LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
-                    attrs, true, cons);
-            if (res != null) {
-                while (res.hasMoreElements()) {
-                    dn = res.next().getDN();
-                    filter = "objectclass=*";
-                    LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
-                            attrs, true, cons);
-                    if (res2 != null)
-                        deleteEntries(res2, conn, dn, entries);
-                }
-            }
-        } catch (LDAPException e) {
-            CMS.debug("cleanupDB: ldapexception thrown" + e);
-        }
-
-        try {
-            dn = "cn=" + LDAPUtil.escapeRDNValue(database) + ",cn=ldbm database, cn=plugins, cn=config";
-            LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
-                    attrs, true, cons);
-            if (res != null) {
-                deleteEntries(res, conn, dn, entries);
-                String dbdir = getInstanceDir(conn) + "/db/" + database;
-                if (dbdir != null) {
-                    CMS.debug("cleanupDB: Deleting dbdir " + dbdir);
-                    boolean success = deleteDir(new File(dbdir));
-                    if (!success) {
-                        CMS.debug("cleanupDB: Unable to delete database directory " + dbdir);
-                    }
-                }
-            }
-        } catch (LDAPException e) {
-            CMS.debug("cleanupDB: ldapexception thrown" + e);
-        }
-    }
-
-    public static void deleteEntries(LDAPSearchResults res, LDAPConnection conn,
-            String dn, String[] entries) {
-        String[] attrs = null;
-        LDAPSearchConstraints cons = null;
-        String filter = "objectclass=*";
-
-        try {
-            if (res.getCount() == 0)
-                return;
-            else {
-                while (res.hasMoreElements()) {
-                    LDAPEntry entry = res.next();
-                    String dn1 = entry.getDN();
-                    LDAPSearchResults res1 = conn.search(dn1, 1, filter, attrs, true, cons);
-                    deleteEntries(res1, conn, dn1, entries);
-                    deleteEntry(conn, dn1, entries);
-                }
-            }
-        } catch (Exception ee) {
-            CMS.debug("deleteEntries: Exception=" + ee.toString());
-        }
-    }
-
-    public static void deleteEntry(LDAPConnection conn, String dn, String[] entries) {
-        try {
-            for (int i = 0; i < entries.length; i++) {
-                if (LDAPDN.equals(dn, entries[i])) {
-                    CMS.debug("deleteEntry: entry with this dn " + dn + " is not deleted.");
-                    return;
-                }
-            }
-
-            CMS.debug("deleteEntry: deleting dn=" + dn);
-            conn.delete(dn);
-        } catch (Exception e) {
-            CMS.debug("deleteEntry: Exception=" + e.toString());
-        }
-    }
-
-    public static String getInstanceDir(LDAPConnection conn) throws LDAPException {
-        String instancedir = "";
-
-        String filter = "(objectclass=*)";
-        String[] attrs = { "nsslapd-directory" };
-        LDAPSearchResults results = conn.search("cn=config,cn=ldbm database,cn=plugins,cn=config",
-                LDAPv3.SCOPE_SUB, filter, attrs, false);
-
-        while (results.hasMoreElements()) {
-            LDAPEntry entry = results.next();
-            String dn = entry.getDN();
-            CMS.debug("getInstanceDir: DN for storing nsslapd-directory: " + dn);
-            LDAPAttributeSet entryAttrs = entry.getAttributeSet();
-
-            @SuppressWarnings("unchecked")
-            Enumeration<LDAPAttribute> attrsInSet = entryAttrs.getAttributes();
-            while (attrsInSet.hasMoreElements()) {
-                LDAPAttribute nextAttr = attrsInSet.nextElement();
-                String attrName = nextAttr.getName();
-                CMS.debug("getInstanceDir: attribute name: " + attrName);
-                @SuppressWarnings("unchecked")
-                Enumeration<String> valsInAttr = nextAttr.getStringValues();
-                while (valsInAttr.hasMoreElements()) {
-                    String nextValue = valsInAttr.nextElement();
-                    if (attrName.equalsIgnoreCase("nsslapd-directory")) {
-                        CMS.debug("getInstanceDir: instanceDir=" + nextValue);
-                        return nextValue.substring(0, nextValue.lastIndexOf("/db"));
-                    }
-                }
-            }
-        }
-
-        return instancedir;
-    }
-
-    public static boolean deleteDir(File dir) {
-        if (dir.isDirectory()) {
-            String[] children = dir.list();
-            for (int i = 0; i < children.length; i++) {
-                boolean success = deleteDir(new File(dir, children[i]));
-                if (!success) {
-                    return false;
-                }
-            }
-        }
-        return dir.delete();
-    }
-
-    public static void populateDBManager() throws Exception {
-        CMS.debug("populateDBManager(): start");
-        IConfigStore cs = CMS.getConfigStore();
-
-        IConfigStore dbCfg = cs.getSubStore("internaldb");
-        ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory();
-        dbFactory.init(dbCfg);
-        LDAPConnection conn = dbFactory.getConn();
-
-        try {
-            importLDIFS("preop.internaldb.manager_ldif", conn);
-        } catch (Exception e) {
-            CMS.debug("populateDBManager(): Exception thrown: " + e);
-            throw e;
-        } finally {
-            releaseConnection(conn);
-        }
-    }
-
-    public static void populateVLVIndexes() throws Exception {
-        CMS.debug("populateVLVIndexes(): start");
-        IConfigStore cs = CMS.getConfigStore();
-
-        IConfigStore dbCfg = cs.getSubStore("internaldb");
-        ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory();
-        dbFactory.init(dbCfg);
-        LDAPConnection conn = dbFactory.getConn();
-
-        try {
-            importLDIFS("preop.internaldb.post_ldif", conn);
-
-            /* For vlvtask, we need to check if the task has
-               been completed or not.  Presence of nsTaskExitCode means task is complete
-             */
-            String wait_dn = cs.getString("preop.internaldb.wait_dn", "");
-            if (!wait_dn.equals("")) {
-                LDAPEntry task = null;
-                boolean taskComplete = false;
-                CMS.debug("Checking wait_dn " + wait_dn);
-                do {
-                    try {
-                        Thread.sleep(1000);
-                    } catch (InterruptedException e) {
-                        // restore the interrupted status
-                        Thread.currentThread().interrupt();
-                    }
-
-                    try {
-                        task = conn.read(wait_dn, (String[]) null);
-                        if (task != null) {
-                            LDAPAttribute attr = task.getAttribute("nsTaskExitCode");
-                            if (attr != null) {
-                                taskComplete = true;
-                                String val = (String) attr.getStringValues().nextElement();
-                                if (val.compareTo("0") != 0) {
-                                    CMS.debug("Error in populating local VLV indexes: nsTaskExitCode=" + val);
-                                }
-                            }
-                        }
-                    } catch (Exception le) {
-                        CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + le.toString() + ")");
-                    }
-                } while (!taskComplete);
-            }
-        } catch (Exception e) {
-            CMS.debug("populateVLVIndexes(): Exception thrown: " + e);
-            throw e;
-        } finally {
-            releaseConnection(conn);
-        }
-    }
-
-    public static void setupReplication() throws EBaseException, IOException {
-        IConfigStore cs = CMS.getConfigStore();
-
-        String machinename = cs.getString("machineName", "");
-        String instanceId = cs.getString("instanceId", "");
-        String secure = cs.getString("internaldb.ldapconn.secureConn");
-        String replicationSecurity = cs.getString("internaldb.ldapconn.replicationSecurity");
-        int masterReplicationPort = cs.getInteger("internaldb.ldapconn.masterReplicationPort");
-        int cloneReplicationPort = cs.getInteger("internaldb.ldapconn.cloneReplicationPort");
-
-        //setup replication agreement
-        String masterAgreementName = "masterAgreement1-" + machinename + "-" + instanceId;
-        cs.putString("internaldb.replication.master", masterAgreementName);
-        String cloneAgreementName = "cloneAgreement1-" + machinename + "-" + instanceId;
-        cs.putString("internaldb.replication.consumer", cloneAgreementName);
-
-        cs.commit(false);
-
-        // get connection to master
-        LDAPConnection masterConn = null;
-        ILdapConnFactory masterFactory = null;
-        try {
-            IConfigStore masterCfg = cs.getSubStore("preop.internaldb.master");
-            masterFactory = CMS.getLdapBoundConnFactory();
-            masterFactory.init(masterCfg);
-            masterConn = masterFactory.getConn();
-        } catch (Exception e) {
-            CMS.debug("setupEeplication: Failed to set up connection to master:" + e.toString());
-            e.printStackTrace();
-            releaseConnection(masterConn);
-            throw new IOException("Failed to set up replication: No connection to master");
-        }
-
-        // get connection to replica
-        LDAPConnection replicaConn = null;
-        ILdapConnFactory replicaFactory = null;
-        try {
-            IConfigStore replicaCfg = cs.getSubStore("internaldb");
-            replicaFactory = CMS.getLdapBoundConnFactory();
-            replicaFactory.init(replicaCfg);
-            replicaConn = replicaFactory.getConn();
-        } catch (Exception e) {
-            CMS.debug("SetupReplication: Failed to set up connection to replica:" + e.toString());
-            e.printStackTrace();
-            releaseConnection(masterConn);
-            releaseConnection(replicaConn);
-            throw new IOException("Failed to set up replication: No connection to replica");
-        }
-
-        try {
-            String master_hostname = cs.getString("preop.internaldb.master.ldapconn.host", "");
-            String master_replicationpwd = cs.getString("preop.internaldb.master.replication.password", "");
-            String replica_hostname = cs.getString("internaldb.ldapconn.host", "");
-            String replica_replicationpwd = cs.getString("preop.internaldb.replicationpwd", "");
-            String basedn = cs.getString("internaldb.basedn");
-            String suffix = cs.getString("internaldb.basedn", "");
-
-            String replicadn = "cn=replica,cn=\"" + suffix + "\",cn=mapping tree,cn=config";
-            CMS.debug("DatabasePanel setupReplication: replicadn=" + replicadn);
-
-            String masterBindUser = "Replication Manager " + masterAgreementName;
-            String cloneBindUser = "Replication Manager " + cloneAgreementName;
-
-            createReplicationManager(masterConn, masterBindUser, master_replicationpwd);
-            createReplicationManager(replicaConn, cloneBindUser, replica_replicationpwd);
-
-            String dir1 = getInstanceDir(masterConn);
-            createChangeLog(masterConn, dir1 + "/changelogs");
-
-            String dir2 = getInstanceDir(replicaConn);
-            createChangeLog(replicaConn, dir2 + "/changelogs");
-
-            int replicaId = cs.getInteger("dbs.beginReplicaNumber", 1);
-
-            replicaId = enableReplication(replicadn, masterConn, masterBindUser, basedn, replicaId);
-            replicaId = enableReplication(replicadn, replicaConn, cloneBindUser, basedn, replicaId);
-            cs.putString("dbs.beginReplicaNumber", Integer.toString(replicaId));
-
-            CMS.debug("setupReplication: Finished enabling replication");
-
-            createReplicationAgreement(replicadn, masterConn, masterAgreementName,
-                    replica_hostname, cloneReplicationPort, replica_replicationpwd, basedn,
-                    cloneBindUser, secure, replicationSecurity);
-
-            createReplicationAgreement(replicadn, replicaConn, cloneAgreementName,
-                    master_hostname, masterReplicationPort, master_replicationpwd, basedn,
-                    masterBindUser, secure, replicationSecurity);
-
-            // initialize consumer
-            initializeConsumer(replicadn, masterConn, masterAgreementName);
-
-            while (!replicationDone(replicadn, masterConn, masterAgreementName)) {
-                CMS.debug("setupReplication: Waiting for replication to complete");
-                try {
-                    Thread.sleep(1000);
-                } catch (InterruptedException e) {
-                    Thread.currentThread().interrupt();
-                }
-            }
-
-            String status = replicationStatus(replicadn, masterConn, masterAgreementName);
-            if (!status.startsWith("0 ")) {
-                CMS.debug("setupReplication: consumer initialization failed. " +status);
-                throw new IOException("consumer initialization failed. " + status);
-            }
-
-            // remove master ldap password from password.conf (if present)
-            String passwordFile = cs.getString("passwordFile");
-            IConfigStore psStore = CMS.createFileConfigStore(passwordFile);
-            psStore.remove("master_internaldb");
-            psStore.commit(false);
-
-        } catch (Exception e) {
-            e.printStackTrace();
-            CMS.debug("setupReplication: " + e.toString());
-            throw new IOException("Failed to setup the replication for cloning.");
-        } finally {
-            releaseConnection(masterConn);
-            releaseConnection(replicaConn);
-        }
-}
-
-    public static void createReplicationManager(LDAPConnection conn, String bindUser, String pwd)
-            throws LDAPException {
-        LDAPAttributeSet attrs = null;
-        LDAPEntry entry = null;
-
-        // for older subsystems, the container ou=csusers, cn=config may not yet exist
-        String dn = "ou=csusers, cn=config";
-        try {
-            attrs = new LDAPAttributeSet();
-            attrs.add(new LDAPAttribute("objectclass", "top"));
-            attrs.add(new LDAPAttribute("objectclass", "organizationalUnit"));
-            attrs.add(new LDAPAttribute("ou", "csusers"));
-            entry = new LDAPEntry(dn, attrs);
-            conn.add(entry);
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
-                CMS.debug("createReplicationManager: containing ou already exists");
-            } else {
-                CMS.debug("createReplicationManager: Failed to create containing ou. Exception: "
-                        + e.toString());
-                throw e;
-            }
-        }
-
-        dn = "cn=" + LDAPUtil.escapeRDNValue(bindUser) + ",ou=csusers,cn=config";
-        try {
-            attrs = new LDAPAttributeSet();
-            attrs.add(new LDAPAttribute("objectclass", "top"));
-            attrs.add(new LDAPAttribute("objectclass", "person"));
-            attrs.add(new LDAPAttribute("userpassword", pwd));
-            attrs.add(new LDAPAttribute("cn", bindUser));
-            attrs.add(new LDAPAttribute("sn", "manager"));
-            entry = new LDAPEntry(dn, attrs);
-            conn.add(entry);
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
-                CMS.debug("createReplicationManager: Replication Manager has already used");
-                try {
-                    conn.delete(dn);
-                    conn.add(entry);
-                } catch (LDAPException ee) {
-                    CMS.debug("createReplicationManager: " + ee.toString());
-                }
-                return;
-            } else {
-                CMS.debug("createReplicationManager: Failed to create replication manager. Exception: "
-                        + e.toString());
-                throw e;
-            }
-        }
-
-        CMS.debug("createReplicationManager: Successfully created Replication Manager");
-    }
-
-    public static void createChangeLog(LDAPConnection conn, String dir)
-            throws LDAPException {
-        LDAPAttributeSet attrs = null;
-        LDAPEntry entry = null;
-        String dn = "cn=changelog5,cn=config";
-        try {
-            attrs = new LDAPAttributeSet();
-            attrs.add(new LDAPAttribute("objectclass", "top"));
-            attrs.add(new LDAPAttribute("objectclass", "extensibleObject"));
-            attrs.add(new LDAPAttribute("cn", "changelog5"));
-            attrs.add(new LDAPAttribute("nsslapd-changelogdir", dir));
-            entry = new LDAPEntry(dn, attrs);
-            conn.add(entry);
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
-                CMS.debug("createChangeLog: Changelog entry has already used");
-                /* leave it, dont delete it because it will have operation error */
-                return;
-            } else {
-                CMS.debug("createChangeLog: Failed to create changelog entry. Exception: " + e.toString());
-                throw e;
-            }
-        }
-
-        CMS.debug("createChangeLog: Successfully create change log entry");
-    }
-
-    public static int enableReplication(String replicadn, LDAPConnection conn, String bindUser, String basedn, int id)
-            throws LDAPException {
-        CMS.debug("enableReplication: replicadn: " + replicadn);
-        LDAPAttributeSet attrs = null;
-        LDAPEntry entry = null;
-        try {
-            attrs = new LDAPAttributeSet();
-            attrs.add(new LDAPAttribute("objectclass", "top"));
-            attrs.add(new LDAPAttribute("objectclass", "nsDS5Replica"));
-            attrs.add(new LDAPAttribute("objectclass", "extensibleobject"));
-            attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn));
-            attrs.add(new LDAPAttribute("nsDS5ReplicaType", "3"));
-            attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN",
-                    "cn=" + LDAPUtil.escapeRDNValue(bindUser) + ",ou=csusers,cn=config"));
-            attrs.add(new LDAPAttribute("cn", "replica"));
-            attrs.add(new LDAPAttribute("nsDS5ReplicaId", Integer.toString(id)));
-            attrs.add(new LDAPAttribute("nsds5flags", "1"));
-            entry = new LDAPEntry(replicadn, attrs);
-            conn.add(entry);
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
-                /* BZ 470918 -we cant just add the new dn.  We need to do a replace instead
-                 * until the DS code is fixed */
-                CMS.debug("enableReplication: " + replicadn + " has already been used");
-
-                try {
-                    entry = conn.read(replicadn);
-                    LDAPAttribute attr = entry.getAttribute("nsDS5ReplicaBindDN");
-                    attr.addValue("cn=" + LDAPUtil.escapeRDNValue(bindUser) + ",ou=csusers,cn=config");
-                    LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr);
-                    conn.modify(replicadn, mod);
-                } catch (LDAPException ee) {
-                    CMS.debug("enableReplication: Failed to modify "
-                            + replicadn + " entry. Exception: " + e.toString());
-                }
-                return id;
-            } else {
-                CMS.debug("enableReplication: Failed to create "
-                        + replicadn + " entry. Exception: " + e.toString());
-                return id;
-            }
-        }
-
-        CMS.debug("enableReplication: Successfully create " + replicadn + " entry.");
-        return id + 1;
-    }
-
-    public static void createReplicationAgreement(String replicadn, LDAPConnection conn, String name,
-            String replicahost, int replicaport, String replicapwd, String basedn, String bindUser,
-            String secure, String replicationSecurity) throws LDAPException {
-        String dn = "cn=" + LDAPUtil.escapeRDNValue(name) + "," + replicadn;
-        CMS.debug("createReplicationAgreement: dn: " + dn);
-        LDAPEntry entry = null;
-        LDAPAttributeSet attrs = null;
-        try {
-            attrs = new LDAPAttributeSet();
-            attrs.add(new LDAPAttribute("objectclass", "top"));
-            attrs.add(new LDAPAttribute("objectclass",
-                    "nsds5replicationagreement"));
-            attrs.add(new LDAPAttribute("cn", name));
-            attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn));
-            attrs.add(new LDAPAttribute("nsDS5ReplicaHost", replicahost));
-
-            attrs.add(new LDAPAttribute("nsDS5ReplicaPort", "" + replicaport));
-            attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN",
-                    "cn=" + LDAPUtil.escapeRDNValue(bindUser) + ",ou=csusers,cn=config"));
-            attrs.add(new LDAPAttribute("nsDS5ReplicaBindMethod", "Simple"));
-            attrs.add(new LDAPAttribute("nsds5replicacredentials", replicapwd));
-
-            if (replicationSecurity.equals("SSL")) {
-                attrs.add(new LDAPAttribute("nsDS5ReplicaTransportInfo", "SSL"));
-            } else if (replicationSecurity.equals("TLS")) {
-                attrs.add(new LDAPAttribute("nsDS5ReplicaTransportInfo", "TLS"));
-            }
-
-            CMS.debug("About to set description attr to " + name);
-            attrs.add(new LDAPAttribute("description", name));
-
-            entry = new LDAPEntry(dn, attrs);
-            conn.add(entry);
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
-                CMS.debug("createReplicationAgreement: " + dn + " has already used");
-                try {
-                    conn.delete(dn);
-                } catch (LDAPException ee) {
-                    CMS.debug("createReplicationAgreement: " + ee.toString());
-                    throw ee;
-                }
-
-                try {
-                    conn.add(entry);
-                } catch (LDAPException ee) {
-                    CMS.debug("createReplicationAgreement: " + ee.toString());
-                    throw ee;
-                }
-            } else {
-                CMS.debug("createReplicationAgreement: Failed to create "
-                        + dn + " entry. Exception: " + e.toString());
-                throw e;
-            }
-        }
-
-        CMS.debug("createReplicationAgreement: Successfully create replication agreement " + name);
-    }
-
-    public static void initializeConsumer(String replicadn, LDAPConnection conn, String name) throws LDAPException {
-        String dn = "cn=" + LDAPUtil.escapeRDNValue(name) + "," + replicadn;
-        CMS.debug("initializeConsumer: initializeConsumer dn: " + dn);
-        CMS.debug("initializeConsumer: initializeConsumer host: " + conn.getHost() + " port: " + conn.getPort());
-
-        LDAPAttribute attr = new LDAPAttribute("nsds5beginreplicarefresh", "start");
-        LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr);
-        conn.modify(dn, mod);
-
-        CMS.debug("initializeConsumer: Successfully initialized consumer");
-    }
-
-    public static boolean replicationDone(String replicadn, LDAPConnection conn, String name)
-            throws LDAPException, IOException {
-        String dn = "cn=" + LDAPUtil.escapeRDNValue(name) + "," + replicadn;
-        String filter = "(objectclass=*)";
-        String[] attrs = { "nsds5beginreplicarefresh" };
-
-        CMS.debug("replicationDone: dn: " + dn);
-
-        LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, attrs, true);
-        int count = results.getCount();
-        if (count < 1) {
-            throw new IOException("Replication entry not found");
-        }
-
-        LDAPEntry entry = results.next();
-        LDAPAttribute refresh = entry.getAttribute("nsds5beginreplicarefresh");
-        if (refresh == null) {
-            return true;
-        }
-        return false;
-    }
-
-    public static String replicationStatus(String replicadn, LDAPConnection conn, String name)
-            throws IOException, LDAPException {
-        String dn = "cn=" + LDAPUtil.escapeRDNValue(name) + "," + replicadn;
-        String filter = "(objectclass=*)";
-        String[] attrs = { "nsds5replicalastinitstatus" };
-
-        CMS.debug("replicationStatus: dn: " + dn);
-
-        LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, attrs, false);
-
-        int count = results.getCount();
-        if (count < 1) {
-            throw new IOException("Replication entry not found");
-        }
-
-        LDAPEntry entry = results.next();
-        LDAPAttribute attr = entry.getAttribute("nsds5replicalastinitstatus");
-        if (attr != null) {
-            @SuppressWarnings("unchecked")
-            Enumeration<String> valsInAttr = attr.getStringValues();
-            if (valsInAttr.hasMoreElements()) {
-                return valsInAttr.nextElement();
-            } else {
-                throw new IOException("No value returned for nsds5replicalastinitstatus");
-            }
-        } else {
-            throw new IOException("nsDS5ReplicaLastInitStatus is null.");
-        }
-    }
-
-    public static void reInitSubsystem(String csType) throws EBaseException {
-        CMS.reinit(IDBSubsystem.SUB_ID);
-        if (csType.equals("CA"))
-            CMS.reinit(ICertificateAuthority.ID);
-        CMS.reinit(IAuthSubsystem.ID);
-        CMS.reinit(IAuthzSubsystem.ID);
-        CMS.reinit(IUGSubsystem.ID);
-    }
-
-    public static void setExternalCACert(String certStr, String subsystem, IConfigStore config, Cert certObj) throws Exception {
-        certStr = CryptoUtil.stripCertBrackets(certStr.trim());
-        certStr = CryptoUtil.normalizeCertStr(certStr);
-        config.putString(subsystem + ".external_ca.cert", certStr);
-        certObj.setSubsystem(subsystem);
-        certObj.setType(config.getString("preop.ca.type", "otherca"));
-        certObj.setCert(certStr);
-    }
-
-    public static void setExternalCACertChain(String certChainStr, String subsystem, IConfigStore config, Cert certObj) {
-        certChainStr = CryptoUtil.normalizeCertAndReq(certChainStr);
-        config.putString(subsystem + ".external_ca_chain.cert", certChainStr);
-        certObj.setCertChain(certChainStr);
-    }
-
-    public static void createECCKeyPair(String token, String curveName, IConfigStore config, String ct)
-            throws NoSuchAlgorithmException, NoSuchTokenException, TokenException,
-            CryptoManager.NotInitializedException, EPropertyNotFound, EBaseException {
-        CMS.debug("createECCKeyPair: Generating ECC key pair with curvename=" + curveName + ", token=" + token);
-        KeyPair pair = null;
-        /*
-         * default ssl server cert to ECDHE unless stated otherwise
-         * note: IE only supports "ECDHE", but "ECDH" is more efficient
-         *
-         * for "ECDHE", server.xml should have the following for ciphers:
-         * +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-         * -TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
-         *
-         * for "ECDH", server.xml should have the following for ciphers:
-         * -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-         * +TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
-         */
-        String sslType = "ECDHE";
-        try {
-            sslType = config.getString(PCERT_PREFIX + ct + "ec.type", "ECDHE");
-        } catch (Exception e) {}
-
-        // ECDHE needs "SIGN" but no "DERIVE"
-        org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = {
-                org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE
-        };
-
-        // ECDH needs "DERIVE" but no any kind of "SIGN"
-        org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = {
-                org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
-                org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER,
-        };
-
-        do {
-            if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) {
-                CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set " +
-                          "properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
-                pair = CryptoUtil.generateECCKeyPair(token, curveName, null, ECDH_usages_mask);
-            } else {
-                if (ct.equals("sslserver")) {
-                    CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set " +
-                              "properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
-                }
-                pair = CryptoUtil.generateECCKeyPair(token, curveName, null, usages_mask);
-            }
-
-            // XXX - store curve , w
-            byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
-            String kid = CryptoUtil.byte2string(id);
-            config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
-
-            // try to locate the private key
-            org.mozilla.jss.crypto.PrivateKey privk = CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid));
-            if (privk == null) {
-                CMS.debug("Found bad ECC key id " + kid);
-                pair = null;
-            }
-        } while (pair == null);
-
-        CMS.debug("Public key class " + pair.getPublic().getClass().getName());
-        byte encoded[] = pair.getPublic().getEncoded();
-        config.putString(PCERT_PREFIX + ct + ".pubkey.encoded", CryptoUtil.byte2string(encoded));
-
-        String keyAlgo = config.getString(PCERT_PREFIX + ct + ".signingalgorithm");
-        setSigningAlgorithm(ct, keyAlgo, config);
-    }
-
-    public static void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct)
-            throws NoSuchAlgorithmException, NoSuchTokenException, TokenException,
-            CryptoManager.NotInitializedException, EPropertyNotFound, EBaseException {
-        /* generate key pair */
-        KeyPair pair = null;
-        do {
-            pair = CryptoUtil.generateRSAKeyPair(token, keysize);
-            byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
-            String kid = CryptoUtil.byte2string(id);
-            config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
-            // try to locate the private key
-            org.mozilla.jss.crypto.PrivateKey privk =
-                    CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid));
-            if (privk == null) {
-                CMS.debug("Found bad RSA key id " + kid);
-                pair = null;
-            }
-        } while (pair == null);
-
-        byte modulus[] = ((RSAPublicKey) pair.getPublic()).getModulus().toByteArray();
-        byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent().toByteArray();
-
-        config.putString(PCERT_PREFIX + ct + ".pubkey.modulus",
-                CryptoUtil.byte2string(modulus));
-        config.putString(PCERT_PREFIX + ct + ".pubkey.exponent",
-                CryptoUtil.byte2string(exponent));
-
-        String keyAlgo = config.getString(PCERT_PREFIX + ct + ".signingalgorithm");
-        setSigningAlgorithm(ct, keyAlgo, config);
-    }
-
-    public static void setSigningAlgorithm(String ct, String keyAlgo, IConfigStore config) throws EPropertyNotFound, EBaseException {
-        String systemType = config.getString("cs.type");
-        if (systemType.equalsIgnoreCase("CA")) {
-            if (ct.equals("signing")) {
-                config.putString("ca.signing.defaultSigningAlgorithm", keyAlgo);
-                config.putString("ca.crl.MasterCRL.signingAlgorithm", keyAlgo);
-            } else if (ct.equals("ocsp_signing")) {
-                config.putString("ca.ocsp_signing.defaultSigningAlgorithm", keyAlgo);
-            }
-        } else if (systemType.equalsIgnoreCase("OCSP")) {
-            if (ct.equals("signing")) {
-                config.putString("ocsp.signing.defaultSigningAlgorithm", keyAlgo);
-            }
-        } else if (systemType.equalsIgnoreCase("KRA") || systemType.equalsIgnoreCase("DRM")) {
-            if (ct.equals("transport")) {
-                config.putString("kra.transportUnit.signingAlgorithm", keyAlgo);
-            }
-        }
-    }
-
-    public static int getSubsystemCount(String hostname, int https_admin_port,
-            boolean https, String type) throws IOException, SAXException, ParserConfigurationException {
-        CMS.debug("getSubsystemCount start");
-        String c = getDomainXML(hostname, https_admin_port, true);
-        if (c != null) {
-            ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
-            XMLObject obj = new XMLObject(bis);
-            String containerName = type + "List";
-            Node n = obj.getContainer(containerName);
-            NodeList nlist = n.getChildNodes();
-            String countS = "";
-            for (int i = 0; i < nlist.getLength(); i++) {
-                Element nn = (Element) nlist.item(i);
-                String tagname = nn.getTagName();
-                if (tagname.equals("SubsystemCount")) {
-                    NodeList nlist1 = nn.getChildNodes();
-                    Node nn1 = nlist1.item(0);
-                    countS = nn1.getNodeValue();
-                    break;
-                }
-            }
-            CMS.debug("getSubsystemCount: SubsystemCount=" + countS);
-            int num = 0;
-
-            if (countS != null && !countS.equals("")) {
-                try {
-                    num = Integer.parseInt(countS);
-                } catch (Exception ee) {
-                }
-            }
-
-            return num;
-        }
-        return -1;
-    }
-
-    public static void configCert(HttpServletRequest request, HttpServletResponse response,
-            Context context, Cert certObj, WizardPanelBase panel) throws IOException {
-
-        IConfigStore config = CMS.getConfigStore();
-        String caType = certObj.getType();
-        CMS.debug("configCert: caType is " + caType);
-        X509CertImpl cert = null;
-        String certTag = certObj.getCertTag();
-
-        try {
-            updateConfig(config, certTag);
-            if (caType.equals("remote")) {
-                String v = config.getString("preop.ca.type", "");
-
-                CMS.debug("configCert: remote CA");
-                String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX, certObj, context);
-                certObj.setRequest(pkcs10);
-                String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem");
-                config.putString(subsystem + "." + certTag + ".certreq", pkcs10);
-                String profileId = config.getString(PCERT_PREFIX + certTag + ".profile");
-                String session_id = CMS.getConfigSDSessionId();
-                String sd_hostname = "";
-                int sd_ee_port = -1;
-                try {
-                    sd_hostname = config.getString("securitydomain.host", "");
-                    sd_ee_port = config.getInteger("securitydomain.httpseeport", -1);
-                } catch (Exception ee) {
-                    CMS.debug("configCert(): exception caught:" + ee.toString());
-                }
-                String sysType = config.getString("cs.type", "");
-                String machineName = config.getString("machineName", "");
-                String securePort = config.getString("service.securePort", "");
-                if (certTag.equals("subsystem")) {
-                    boolean standalone = config.getBoolean(sysType.toLowerCase() + ".standalone", false);
-                    if (standalone) {
-                        // Treat standalone subsystem the same as "otherca"
-                        config.putString(subsystem + "." + certTag + ".cert",
-                                         "...paste certificate here...");
-                    } else {
-                        String content =
-                                "requestor_name="
-                                        + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId
-                                        + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8")
-                                        + "&xmlOutput=true&sessionID=" + session_id;
-                        cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port,
-                                content, response, panel);
-                        if (cert == null) {
-                            throw new IOException("Error: remote certificate is null");
-                        }
-                    }
-                } else if (v.equals("sdca")) {
-                    String ca_hostname = "";
-                    int ca_port = -1;
-                    try {
-                        ca_hostname = config.getString("preop.ca.hostname", "");
-                        ca_port = config.getInteger("preop.ca.httpsport", -1);
-                    } catch (Exception ee) {
-                    }
-
-                    String content =
-                            "requestor_name="
-                                    + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId
-                                    + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8")
-                                    + "&xmlOutput=true&sessionID=" + session_id;
-                    cert = CertUtil.createRemoteCert(ca_hostname, ca_port,
-                            content, response, panel);
-                    if (cert == null) {
-                        throw new IOException("Error: remote certificate is null");
-                    }
-                } else if (v.equals("otherca")) {
-                    config.putString(subsystem + "." + certTag + ".cert",
-                            "...paste certificate here...");
-                } else {
-                    CMS.debug("NamePanel: no preop.ca.type is provided");
-                }
-            } else { // not remote CA, ie, self-signed or local
-                ISubsystem ca = CMS.getSubsystem(ICertificateAuthority.ID);
-
-                if (ca == null) {
-                    String s = PCERT_PREFIX + certTag + ".type";
-
-                    CMS.debug(
-                            "The value for " + s
-                                    + " should be remote, nothing else.");
-                    throw new IOException(
-                            "The value for " + s + " should be remote");
-                }
-
-                String pubKeyType = config.getString(
-                        PCERT_PREFIX + certTag + ".keytype");
-                if (pubKeyType.equals("rsa")) {
-
-                    String pubKeyModulus = config.getString(
-                            PCERT_PREFIX + certTag + ".pubkey.modulus");
-                    String pubKeyPublicExponent = config.getString(
-                            PCERT_PREFIX + certTag + ".pubkey.exponent");
-                    String subsystem = config.getString(
-                            PCERT_PREFIX + certTag + ".subsystem");
-
-                    if (certTag.equals("signing")) {
-                        X509Key x509key = CryptoUtil.getPublicX509Key(
-                                CryptoUtil.string2byte(pubKeyModulus),
-                                CryptoUtil.string2byte(pubKeyPublicExponent));
-
-                        cert = CertUtil.createLocalCert(config, x509key,
-                                PCERT_PREFIX, certTag, caType, context);
-                    } else {
-                        String cacert = config.getString("ca.signing.cert", "");
-
-                        if (cacert.equals("") || cacert.startsWith("...")) {
-                            certObj.setCert(
-                                    "...certificate be generated internally...");
-                            config.putString(subsystem + "." + certTag + ".cert",
-                                    "...certificate be generated internally...");
-                        } else {
-                            X509Key x509key = CryptoUtil.getPublicX509Key(
-                                    CryptoUtil.string2byte(pubKeyModulus),
-                                    CryptoUtil.string2byte(pubKeyPublicExponent));
-
-                            cert = CertUtil.createLocalCert(config, x509key,
-                                    PCERT_PREFIX, certTag, caType, context);
-                        }
-                    }
-                } else if (pubKeyType.equals("ecc")) {
-                    String pubKeyEncoded = config.getString(
-                            PCERT_PREFIX + certTag + ".pubkey.encoded");
-                    String subsystem = config.getString(
-                            PCERT_PREFIX + certTag + ".subsystem");
-
-                    if (certTag.equals("signing")) {
-
-                        X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded));
-                        cert = CertUtil.createLocalCert(config, x509key,
-                                PCERT_PREFIX, certTag, caType, context);
-                    } else {
-                        String cacert = config.getString("ca.signing.cert", "");
-
-                        if (cacert.equals("") || cacert.startsWith("...")) {
-                            certObj.setCert(
-                                    "...certificate be generated internally...");
-                            config.putString(subsystem + "." + certTag + ".cert",
-                                    "...certificate be generated internally...");
-                        } else {
-                            X509Key x509key = CryptoUtil.getPublicX509ECCKey(
-                                    CryptoUtil.string2byte(pubKeyEncoded));
-
-                            cert = CertUtil.createLocalCert(config, x509key,
-                                    PCERT_PREFIX, certTag, caType, context);
-                        }
-                    }
-                } else {
-                    // invalid key type
-                    CMS.debug("Invalid key type " + pubKeyType);
-                }
-                if (cert != null) {
-                    if (certTag.equals("subsystem"))
-                        CertUtil.addUserCertificate(cert);
-                }
-            } // done self-signed or local
-
-            if (cert != null) {
-                byte[] certb = cert.getEncoded();
-                String certs = CryptoUtil.base64Encode(certb);
-
-                certObj.setCert(certs);
-                String subsystem = config.getString(
-                        PCERT_PREFIX + certTag + ".subsystem");
-                config.putString(subsystem + "." + certTag + ".cert", certs);
-            }
-            config.commit(false);
-        } catch (IOException e) {
-            throw e;
-        } catch (Exception e) {
-            CMS.debug("configCert() exception caught:" + e.toString());
-        }
-    }
-
-    public static void updateConfig(IConfigStore config, String certTag)
-            throws EBaseException, IOException {
-        String token = config.getString("preop.module.token");
-        String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem");
-        String nickname = getNickname(config, certTag);
-
-        CMS.debug("NamePanel: updateConfig() for certTag " + certTag);
-        if (certTag.equals("signing") || certTag.equals("ocsp_signing")) {
-            CMS.debug("NamePanel: setting signing nickname=" + nickname);
-            config.putString(subsystem + "." + certTag + ".cacertnickname", nickname);
-            config.putString(subsystem + "." + certTag + ".certnickname", nickname);
-        }
-
-        // if KRA, hardware token needs param "kra.storageUnit.hardware" in CS.cfg
-        String cstype = config.getString("cs.type", null);
-        cstype = cstype.toLowerCase();
-        if (cstype.equals("kra")) {
-            if (!token.equals("Internal Key Storage Token")) {
-                if (certTag.equals("storage")) {
-                    config.putString(subsystem + ".storageUnit.hardware", token);
-                    config.putString(subsystem + ".storageUnit.nickName", token + ":" + nickname);
-                } else if (certTag.equals("transport")) {
-                    config.putString(subsystem + ".transportUnit.nickName", token + ":" + nickname);
-                }
-            } else { // software token
-                if (certTag.equals("storage")) {
-                    config.putString(subsystem + ".storageUnit.nickName", nickname);
-                } else if (certTag.equals("transport")) {
-                    config.putString(subsystem + ".transportUnit.nickName", nickname);
-                }
-            }
-        }
-
-        String serverCertNickname = nickname;
-        String path = CMS.getConfigStore().getString("instanceRoot", "");
-        if (certTag.equals("sslserver")) {
-            if (!token.equals("Internal Key Storage Token")) {
-                serverCertNickname = token + ":" + nickname;
-            }
-            PrintStream ps = new PrintStream(new FileOutputStream(path + "/conf/serverCertNick.conf"));
-            ps.println(serverCertNickname);
-            ps.close();
-        }
-
-        config.putString(subsystem + "." + certTag + ".nickname", nickname);
-        config.putString(subsystem + "." + certTag + ".tokenname", token);
-        if (certTag.equals("audit_signing")) {
-            if (!token.equals("Internal Key Storage Token") && !token.equals("")) {
-                config.putString("log.instance.SignedAudit.signedAuditCertNickname",
-                        token + ":" + nickname);
-            } else {
-                config.putString("log.instance.SignedAudit.signedAuditCertNickname",
-                        nickname);
-            }
-        }
-
-        // for system certs verification
-        if (!token.equals("Internal Key Storage Token") && !token.equals("")) {
-            config.putString(subsystem + ".cert." + certTag + ".nickname",
-                    token + ":" + nickname);
-        } else {
-            config.putString(subsystem + ".cert." + certTag + ".nickname", nickname);
-        }
-
-        config.commit(false);
-        CMS.debug("updateConfig() done");
-    }
-
-    public static String getNickname(IConfigStore config, String certTag) throws EBaseException {
-        String instanceID = config.getString("instanceId", "");
-
-        String nickname = certTag + "Cert cert-" + instanceID;
-        String preferredNickname = null;
-        try {
-            preferredNickname = config.getString(PCERT_PREFIX + certTag + ".nickname", null);
-        } catch (EBaseException e) {
-        }
-
-        if (preferredNickname != null) {
-            return preferredNickname;
-        }
-        return nickname;
-    }
-
-    public static int getPortFromSecurityDomain(String domainXML, String host, int port, String csType,
-            String givenTag, String wantedTag) throws SAXException, IOException, ParserConfigurationException {
-        IConfigStore cs = CMS.getConfigStore();
-        ByteArrayInputStream bis = new ByteArrayInputStream(domainXML.getBytes());
-        XMLObject parser = new XMLObject(bis);
-        Document doc = parser.getDocument();
-        NodeList nodeList = doc.getElementsByTagName(csType);
-
-        // save domain name in cfg
-        cs.putString("securitydomain.name", parser.getValue("Name"));
-
-        int len = nodeList.getLength();
-        CMS.debug("len: "+ len);
-        for (int i = 0; i < len; i++) {
-            Node node = nodeList.item(i);
-            String v_host = parser.getValuesFromContainer(node, "Host").elementAt(0);
-            CMS.debug("v_host " + v_host);
-            String v_given_port = parser.getValuesFromContainer(node, givenTag).elementAt(0);
-            CMS.debug("v_port " + v_given_port);
-            if (!(v_host.equals(host) && v_given_port.equals(port + "")))
-                continue;
-            String wanted_port = parser.getValuesFromContainer(node, wantedTag).elementAt(0);
-            return Integer.parseInt(wanted_port);
-        }
-
-        return 0;
-    }
-
-    public static void updateCloneConfig()
-            throws EBaseException, IOException {
-        IConfigStore config = CMS.getConfigStore();
-        String cstype = config.getString("cs.type", null);
-        cstype = cstype.toLowerCase();
-        if (cstype.equals("kra")) {
-            String token = config.getString("preop.module.token");
-            if (!token.equals("Internal Key Storage Token")) {
-                CMS.debug("NamePanel: updating configuration for KRA clone with hardware token");
-                String subsystem = config.getString(PCERT_PREFIX + "storage.subsystem");
-                String storageNickname = getNickname(config, "storage");
-                String transportNickname = getNickname(config, "transport");
-
-                config.putString(subsystem + ".storageUnit.hardware", token);
-                config.putString(subsystem + ".storageUnit.nickName", token + ":" + storageNickname);
-                config.putString(subsystem + ".transportUnit.nickName", token + ":" + transportNickname);
-                config.commit(false);
-            } else { // software token
-                // parameters already set
-            }
-        }
-
-        // audit signing cert
-        String audit_nn = config.getString(cstype + ".audit_signing" + ".nickname", "");
-        String audit_tk = config.getString(cstype + ".audit_signing" + ".tokenname", "");
-        if (!audit_tk.equals("Internal Key Storage Token") && !audit_tk.equals("")) {
-            config.putString("log.instance.SignedAudit.signedAuditCertNickname",
-                    audit_tk + ":" + audit_nn);
-        } else {
-            config.putString("log.instance.SignedAudit.signedAuditCertNickname",
-                    audit_nn);
-        }
-    }
-
-    public static void handleCertRequest(IConfigStore config, String certTag, Cert cert) throws EPropertyNotFound,
-            EBaseException, InvalidKeyException, NotInitializedException, TokenException, NoSuchAlgorithmException,
-            NoSuchProviderException, CertificateException, SignatureException, IOException {
-
-        // get public key
-        String pubKeyType = config.getString(PCERT_PREFIX + certTag + ".keytype");
-        String algorithm = config.getString(PCERT_PREFIX + certTag + ".keyalgorithm");
-        X509Key pubk = null;
-        if (pubKeyType.equals("rsa")) {
-            pubk = getRSAX509Key(config, certTag);
-        } else if (pubKeyType.equals("ecc")) {
-            pubk = getECCX509Key(config, certTag);
-        } else {
-            CMS.debug("handleCertRequest() - " + "pubKeyType " + pubKeyType + " is unsupported!");
-            return;
-        }
-
-        CMS.debug("handleCertRequest: tag=" + certTag);
-        if (pubk == null) {
-            CMS.debug("handleCertRequest: error getting public key null");
-            return;
-        }
-
-        // get private key
-        String privKeyID = config.getString(PCERT_PREFIX + certTag + ".privkey.id");
-        CMS.debug("privKeyID=" + privKeyID);
-        byte[] keyIDb = CryptoUtil.string2byte(privKeyID);
-
-        PrivateKey privk = CryptoUtil.findPrivateKeyFromID(keyIDb);
-        if (privk == null) {
-            CMS.debug("handleCertRequest: error getting private key");
-        }
-
-        // construct cert request
-        String caDN = config.getString(PCERT_PREFIX + certTag + ".dn");
-
-        cert.setDN(caDN);
-        PKCS10 certReq = CryptoUtil.createCertificationRequest(caDN, pubk, privk, algorithm);
-
-        CMS.debug("handleCertRequest: created cert request");
-        byte[] certReqb = certReq.toByteArray();
-        String certReqs = CryptoUtil.base64Encode(certReqb);
-        String certReqf = CryptoUtil.reqFormat(certReqs);
-
-        String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem");
-        config.putString(subsystem + "." + certTag + ".certreq", certReqs);
-        config.commit(false);
-        cert.setRequest(certReqf);
-
-    }
-
-    public static X509Key getECCX509Key(IConfigStore config, String certTag) throws EPropertyNotFound, EBaseException,
-            InvalidKeyException {
-        X509Key pubk = null;
-        String pubKeyEncoded = config.getString(PCERT_PREFIX + certTag + ".pubkey.encoded");
-        pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded));
-        return pubk;
-    }
-
-    public static X509Key getRSAX509Key(IConfigStore config, String certTag) throws EPropertyNotFound, EBaseException,
-            InvalidKeyException {
-        X509Key pubk = null;
-
-        String pubKeyModulus = config.getString(PCERT_PREFIX + certTag + ".pubkey.modulus");
-        String pubKeyPublicExponent = config.getString(PCERT_PREFIX + certTag + ".pubkey.exponent");
-        pubk = CryptoUtil.getPublicX509Key(
-                CryptoUtil.string2byte(pubKeyModulus),
-                CryptoUtil.string2byte(pubKeyPublicExponent));
-        return pubk;
-    }
-
-    public static int handleCerts(Cert cert) throws IOException, EBaseException, CertificateException,
-            NotInitializedException, TokenException, InvalidKeyException {
-        String certTag = cert.getCertTag();
-        String subsystem = cert.getSubsystem();
-        String nickname = cert.getNickname();
-        IConfigStore config = CMS.getConfigStore();
-
-        boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true);
-        if (!enable) return 0;
-
-        CMS.debug("handleCerts(): for cert tag '" + cert.getCertTag() + "' using cert type '" + cert.getType() + "'");
-        String b64 = cert.getCert();
-        String tokenname = config.getString("preop.module.token", "");
-
-        if (cert.getType().equals("local") && b64.equals("...certificate be generated internally...")) {
-            String pubKeyType = config.getString(PCERT_PREFIX + certTag + ".keytype");
-            X509Key x509key = null;
-            if (pubKeyType.equals("rsa")) {
-                x509key = getRSAX509Key(config, certTag);
-            } else if (pubKeyType.equals("ecc")) {
-                x509key = getECCX509Key(config, certTag);
-            }
-
-            if (findCertificate(tokenname, nickname)) {
-                if (!certTag.equals("sslserver")) return 0;
-            }
-            X509CertImpl impl = CertUtil.createLocalCert(config, x509key,
-                    PCERT_PREFIX, certTag, cert.getType(), null);
-
-            if (impl != null) {
-                byte[] certb = impl.getEncoded();
-                String certs = CryptoUtil.base64Encode(certb);
-
-                cert.setCert(certs);
-                config.putString(subsystem + "." + certTag + ".cert", certs);
-                CMS.debug("handleCerts(): nickname=" + nickname);
-
-                try {
-                    if (certTag.equals("sslserver") && findBootstrapServerCert())
-                        deleteBootstrapServerCert();
-                    if (findCertificate(tokenname, nickname))
-                        deleteCert(tokenname, nickname);
-                    if (certTag.equals("signing") && subsystem.equals("ca"))
-                        CryptoUtil.importUserCertificate(impl, nickname);
-                    else
-                        CryptoUtil.importUserCertificate(impl, nickname, false);
-                    CMS.debug("handleCerts(): cert imported for certTag '" + certTag + "'");
-                } catch (Exception ee) {
-                    ee.printStackTrace();
-                    CMS.debug("handleCerts(): import certificate for certTag=" + certTag + " Exception: " + ee.toString());
-                }
-            }
-        } else if (cert.getType().equals("remote")) {
-            if (b64 != null && b64.length() > 0 && !b64.startsWith("...")) {
-                CMS.debug("handleCerts(): process remote...import cert");
-                String b64chain = cert.getCertChain();
-
-                try {
-                    if (certTag.equals("sslserver") && findBootstrapServerCert())
-                        deleteBootstrapServerCert();
-                    if (findCertificate(tokenname, nickname)) {
-                        deleteCert(tokenname, nickname);
-                    }
-                } catch (Exception e) {
-                    CMS.debug("CertRequestPanel update (remote): deleteCert Exception=" + e.toString());
-                }
-
-                b64 = CryptoUtil.stripCertBrackets(b64.trim());
-                String certs = CryptoUtil.normalizeCertStr(b64);
-                byte[] certb = CryptoUtil.base64Decode(certs);
-
-                config.putString(subsystem + "." + certTag + ".cert", certs);
-                try {
-                    CryptoManager cm = CryptoManager.getInstance();
-                    X509Certificate x509cert = cm.importCertPackage(certb, nickname);
-                    CryptoUtil.trustCertByNickname(nickname);
-
-                    X509Certificate[] certchains = cm.buildCertificateChain(x509cert);
-                    X509Certificate leaf = null;
-
-                    if (certchains != null) {
-                        CMS.debug("handleCerts(): certchains length=" + certchains.length);
-                        leaf = certchains[certchains.length - 1];
-                    }
-
-                    if (leaf == null) {
-                        CMS.debug("handleCerts(): leaf is null!");
-                        throw new IOException("leaf is null");
-                    }
-
-                    if (b64chain != null && b64chain.length() != 0) {
-                        CMS.debug("handlecerts: cert might not have contained chain...calling importCertificateChain: "
-                                + b64chain);
-                        try {
-                            CryptoUtil.importCertificateChain(CryptoUtil.normalizeCertAndReq(b64chain));
-                        } catch (Exception e) {
-                            CMS.debug("handleCerts(): importCertChain: Exception: " + e.toString());
-                        }
-                    }
-
-                    InternalCertificate icert = (InternalCertificate) leaf;
-
-                    icert.setSSLTrust(
-                            InternalCertificate.TRUSTED_CA
-                                    | InternalCertificate.TRUSTED_CLIENT_CA
-                                    | InternalCertificate.VALID_CA);
-                    CMS.debug("handleCerts(): import certificate successfully, certTag=" + certTag);
-                } catch (Exception ee) {
-                    ee.printStackTrace();
-                    CMS.debug("handleCerts: import certificate for certTag=" + certTag + " Exception: "+ ee.toString());
-                }
-
-            } else {
-                CMS.debug("handleCerts(): b64 not set");
-                return 1;
-            }
-        } else {
-            b64 = CryptoUtil.stripCertBrackets(b64.trim());
-            String certs = CryptoUtil.normalizeCertStr(b64);
-            byte[] certb = CryptoUtil.base64Decode(certs);
-            X509CertImpl impl = new X509CertImpl(certb);
-            try {
-                if (certTag.equals("sslserver") && findBootstrapServerCert())
-                    deleteBootstrapServerCert();
-                if (findCertificate(tokenname, nickname)) {
-                    deleteCert(tokenname, nickname);
-                }
-            } catch (Exception ee) {
-                CMS.debug("handleCerts(): deleteCert Exception=" + ee.toString());
-            }
-
-            try {
-                if (certTag.equals("signing") && subsystem.equals("ca"))
-                    CryptoUtil.importUserCertificate(impl, nickname);
-                else
-                    CryptoUtil.importUserCertificate(impl, nickname, false);
-            } catch (Exception ee) {
-                CMS.debug("handleCerts(): Failed to import user certificate." + ee.toString());
-                return 1;
-            }
-        }
-
-        //update requests in request queue for local certs to allow renewal
-        if ((cert.getType().equals("local")) || (cert.getType().equals("selfsign"))) {
-            CertUtil.updateLocalRequest(config, certTag, cert.getRequest(), "pkcs10", null);
-        }
-
-        if (certTag.equals("signing") && subsystem.equals("ca")) {
-            String NickName = nickname;
-            if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token"))
-                NickName = tokenname + ":" + nickname;
-
-            CMS.debug("handleCerts(): set trust on CA signing cert " + NickName);
-            CryptoUtil.trustCertByNickname(NickName);
-            CMS.reinit(ICertificateAuthority.ID);
-        }
-        return 0;
-    }
-
-    public static void setCertPermissions(String tag) throws EBaseException, NotInitializedException,
-            ObjectNotFoundException, TokenException {
-        if (tag.equals("signing") || tag.equals("external_signing")) return;
-
-        IConfigStore cs = CMS.getConfigStore();
-        String nickname = cs.getString("preop.cert." + tag + ".nickname", "");
-        String tokenname = cs.getString("preop.module.token", "");
-        if (!tokenname.equals("Internal Key Storage Token"))
-            nickname = tokenname + ":" + nickname;
-
-        CryptoManager cm = CryptoManager.getInstance();
-        X509Certificate c = cm.findCertByNickname(nickname);
-
-        if (c instanceof InternalCertificate) {
-            InternalCertificate ic = (InternalCertificate) c;
-            ic.setSSLTrust(InternalCertificate.USER);
-            ic.setEmailTrust(InternalCertificate.USER);
-            if (tag.equals("audit_signing")) {
-                ic.setObjectSigningTrust(InternalCertificate.USER
-                        | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER);
-            } else {
-                ic.setObjectSigningTrust(InternalCertificate.USER);
-            }
-        }
-    }
-
-    public static boolean findCertificate(String tokenname, String nickname) throws NotInitializedException,
-            TokenException, IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        CryptoManager cm = CryptoManager.getInstance();
-
-        String fullnickname = nickname;
-        boolean hardware = false;
-        if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) {
-            hardware = true;
-            fullnickname = tokenname + ":" + nickname;
-        }
-
-        X509Certificate cert = null;
-        try {
-            cert = cm.findCertByNickname(fullnickname);
-        } catch (ObjectNotFoundException e) {
-            return false;
-        }
-
-        if (cert == null)
-            return false;
-        try {
-            @SuppressWarnings("unused")
-            boolean done = cs.getBoolean("preop.CertRequestPanel.done"); // check for errors
-        } catch (Exception ee) {
-            if (hardware) {
-                CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: "
-                        + fullnickname + " has been found on HSM. Please remove it before proceeding.");
-                throw new IOException("The certificate with the same nickname: "
-                        + fullnickname + " has been found on HSM. Please remove it before proceeding.");
-            }
-        }
-        return true;
-    }
-
-
-    public static boolean findBootstrapServerCert() throws EBaseException, NotInitializedException, TokenException {
-        IConfigStore cs = CMS.getConfigStore();
-
-        String nickname = cs.getString("preop.cert.sslserver.nickname");
-
-        CryptoManager cm = CryptoManager.getInstance();
-        X509Certificate cert;
-        try {
-            cert = cm.findCertByNickname(nickname);
-        } catch (ObjectNotFoundException e) {
-            return false;
-        }
-        Principal issuerDN = cert.getIssuerDN();
-        Principal subjectDN = cert.getSubjectDN();
-        if (issuerDN.equals(subjectDN)) return true;
-
-        return false;
-    }
-
-    public static void deleteBootstrapServerCert() throws EBaseException, NotInitializedException,
-            NoSuchTokenException, TokenException {
-        IConfigStore cs = CMS.getConfigStore();
-        String nickname = cs.getString("preop.cert.sslserver.nickname");
-        deleteCert("Internal Key Storage Token", nickname);
-    }
-
-    public static void deleteCert(String tokenname, String nickname) throws NotInitializedException,
-            NoSuchTokenException, TokenException {
-
-        CryptoManager cm = CryptoManager.getInstance();
-        CryptoToken tok = cm.getTokenByName(tokenname);
-        CryptoStore store = tok.getCryptoStore();
-        String fullnickname = nickname;
-        if (!tokenname.equals("") &&
-                !tokenname.equals("Internal Key Storage Token") &&
-                !tokenname.equals("internal"))
-            fullnickname = tokenname + ":" + nickname;
-
-        CMS.debug("deleteCert: nickname=" + fullnickname);
-        X509Certificate cert;
-        try {
-            cert = cm.findCertByNickname(fullnickname);
-        } catch (ObjectNotFoundException e) {
-            CMS.debug("deleteCert: cert not found");
-            return;
-        }
-
-        if (store instanceof PK11Store) {
-            PK11Store pk11store = (PK11Store) store;
-            try {
-                pk11store.deleteCertOnly(cert);
-            } catch (NoSuchItemOnTokenException e) {
-            }
-            CMS.debug("deleteCert: cert deleted successfully");
-        }
-    }
-
-    public static void backupKeys(String pwd, String fname) throws EPropertyNotFound, EBaseException,
-            NotInitializedException, ObjectNotFoundException, TokenException, DigestException,
-            InvalidKeyException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidBERException,
-            CertificateEncodingException, IllegalStateException, IllegalBlockSizeException, BadPaddingException,
-            IOException {
-        CMS.debug("backupKeys(): start");
-        IConfigStore cs = CMS.getConfigStore();
-        String certlist = cs.getString("preop.cert.list");
-
-        StringTokenizer st = new StringTokenizer(certlist, ",");
-        CryptoManager cm = CryptoManager.getInstance();
-
-        Password pass = new org.mozilla.jss.util.Password(pwd.toCharArray());
-        SEQUENCE encSafeContents = new SEQUENCE();
-        SEQUENCE safeContents = new SEQUENCE();
-        while (st.hasMoreTokens()) {
-            String t = st.nextToken();
-            if (t.equals("sslserver"))
-                continue;
-            String nickname = cs.getString("preop.cert." + t + ".nickname");
-            String modname = cs.getString("preop.module.token");
-
-            if (!modname.equals("Internal Key Storage Token"))
-                nickname = modname + ":" + nickname;
-
-            X509Certificate x509cert = cm.findCertByNickname(nickname);
-            byte localKeyId[] = addCertBag(x509cert, nickname, safeContents);
-            PrivateKey pkey = cm.findPrivKeyByCert(x509cert);
-            addKeyBag(pkey, x509cert, pass, localKeyId, encSafeContents);
-        }
-
-        X509Certificate[] cacerts = cm.getCACerts();
-
-        for (int i = 0; i < cacerts.length; i++) {
-            String nickname = null;
-            addCertBag(cacerts[i], nickname, safeContents);
-        }
-
-        AuthenticatedSafes authSafes = new AuthenticatedSafes();
-        authSafes.addSafeContents(safeContents);
-        authSafes.addSafeContents(encSafeContents);
-        PFX pfx = new PFX(authSafes);
-        pfx.computeMacData(pass, null, 5);
-        ByteArrayOutputStream bos = new ByteArrayOutputStream();
-        pfx.encode(bos);
-        byte[] output = bos.toByteArray();
-        cs.putString("preop.pkcs12", CryptoUtil.byte2string(output));
-        pass.clear();
-        cs.commit(false);
-
-        if (fname != null) {
-            FileOutputStream fout = null;
-            try {
-                fout = new FileOutputStream(fname);
-                fout.write(output);
-            } catch (Exception e) {
-                throw new IOException("Failed to store keys in backup file" + e);
-            } finally {
-                if (fout != null) {
-                    fout.close();
-                }
-            }
-        }
-    }
-
-    public static void addKeyBag(PrivateKey pkey, X509Certificate x509cert,
-            Password pass, byte[] localKeyId, SEQUENCE safeContents)
-            throws NoSuchAlgorithmException, InvalidBERException, InvalidKeyException,
-            InvalidAlgorithmParameterException, NotInitializedException, TokenException, IllegalStateException,
-            IllegalBlockSizeException, BadPaddingException, CharConversionException {
-
-        PasswordConverter passConverter = new PasswordConverter();
-
-        SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
-        byte salt[] = random.generateSeed(4); // 4 bytes salt
-        byte[] priData = getEncodedKey(pkey);
-
-        PrivateKeyInfo pki = (PrivateKeyInfo)
-                ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData);
-        ASN1Value key = EncryptedPrivateKeyInfo.createPBE(
-                PBEAlgorithm.PBE_SHA1_DES3_CBC,
-                pass, salt, 1, passConverter, pki);
-        SET keyAttrs = createBagAttrs(
-                x509cert.getSubjectDN().toString(), localKeyId);
-        SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG,
-                key, keyAttrs);
-        safeContents.addElement(keyBag);
-
-    }
-
-    public static byte[] addCertBag(X509Certificate x509cert, String nickname,
-            SEQUENCE safeContents) throws CertificateEncodingException, NoSuchAlgorithmException, CharConversionException {
-        byte[] localKeyId = null;
-
-        ASN1Value cert = new OCTET_STRING(x509cert.getEncoded());
-        localKeyId = createLocalKeyId(x509cert);
-        SET certAttrs = null;
-        if (nickname != null)
-            certAttrs = createBagAttrs(nickname, localKeyId);
-        SafeBag certBag = new SafeBag(SafeBag.CERT_BAG,
-                new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs);
-        safeContents.addElement(certBag);
-
-        return localKeyId;
-    }
-
-    public static byte[] getEncodedKey(PrivateKey pkey) throws NotInitializedException, NoSuchAlgorithmException,
-            TokenException, IllegalStateException, CharConversionException, InvalidKeyException,
-            InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
-        CryptoManager cm = CryptoManager.getInstance();
-        CryptoToken token = cm.getInternalKeyStorageToken();
-        KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3);
-        SymmetricKey sk = kg.generate();
-        KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
-        byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
-        IVParameterSpec param = new IVParameterSpec(iv);
-        wrapper.initWrap(sk, param);
-        byte[] enckey = wrapper.wrap(pkey);
-        Cipher c = token.getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD);
-        c.initDecrypt(sk, param);
-        byte[] recovered = c.doFinal(enckey);
-        return recovered;
-    }
-
-    public static byte[] createLocalKeyId(X509Certificate cert)
-            throws NoSuchAlgorithmException, CertificateEncodingException {
-
-        // SHA1 hash of the X509Cert der encoding
-        byte certDer[] = cert.getEncoded();
-
-        MessageDigest md = MessageDigest.getInstance("SHA");
-
-        md.update(certDer);
-        return md.digest();
-
-    }
-
-    public static SET createBagAttrs(String nickName, byte localKeyId[]) throws CharConversionException {
-
-        SET attrs = new SET();
-        SEQUENCE nickNameAttr = new SEQUENCE();
-
-        nickNameAttr.addElement(SafeBag.FRIENDLY_NAME);
-        SET nickNameSet = new SET();
-
-        nickNameSet.addElement(new BMPString(nickName));
-        nickNameAttr.addElement(nickNameSet);
-        attrs.addElement(nickNameAttr);
-        SEQUENCE localKeyAttr = new SEQUENCE();
-
-        localKeyAttr.addElement(SafeBag.LOCAL_KEY_ID);
-        SET localKeySet = new SET();
-
-        localKeySet.addElement(new OCTET_STRING(localKeyId));
-        localKeyAttr.addElement(localKeySet);
-        attrs.addElement(localKeyAttr);
-        return attrs;
-
-    }
-
-    public static void createAdminCertificate(String certRequest, String certRequestType, String subject)
-            throws InvalidBERException, IOException, InvalidKeyException, InvalidKeyFormatException,
-            NoSuchAlgorithmException, SignatureException, NoSuchProviderException, EBaseException {
-        IConfigStore cs = CMS.getConfigStore();
-        X509Key x509key = null;
-        if (certRequestType.equals("crmf")) {
-            byte[] b = CMS.AtoB(certRequest);
-            SEQUENCE crmfMsgs = CryptoUtil.parseCRMFMsgs(b);
-            subject = CryptoUtil.getSubjectName(crmfMsgs);
-            x509key = CryptoUtil.getX509KeyFromCRMFMsgs(crmfMsgs);
-        } else if (certRequestType.equals("pkcs10")) {
-            byte[] b = CMS.AtoB(certRequest);
-            PKCS10 pkcs10 = new PKCS10(b);
-            x509key = pkcs10.getSubjectPublicKeyInfo();
-        }
-
-        if (x509key == null) {
-            CMS.debug("createAdminCertificate() - x509key is null!");
-            throw new IOException("x509key is null");
-        }
-
-        cs.putString(PCERT_PREFIX + "admin.dn", subject);
-        String caType = cs.getString(PCERT_PREFIX + "admin.type", "local");
-        X509CertImpl impl = CertUtil.createLocalCert(cs, x509key, PCERT_PREFIX, "admin", caType, null);
-
-        // update the locally created request for renewal
-        CertUtil.updateLocalRequest(cs, "admin", certRequest, certRequestType, subject);
-
-        ISubsystem ca = CMS.getSubsystem("ca");
-        if (ca != null) {
-            createPKCS7(impl);
-        }
-        cs.putString("preop.admincert.serialno.0", impl.getSerialNumber().toString(16));
-    }
-
-    public static void createPKCS7(X509CertImpl cert) throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
-        CertificateChain cachain = ca.getCACertChain();
-        java.security.cert.X509Certificate[] cacerts = cachain.getChain();
-        X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
-        int m = 1, n = 0;
-
-        for (; n < cacerts.length; m++, n++) {
-            userChain[m] = (X509CertImpl) cacerts[n];
-        }
-
-        userChain[0] = cert;
-        PKCS7 p7 = new PKCS7(new AlgorithmId[0],
-                new ContentInfo(new byte[0]), userChain, new SignerInfo[0]);
-        ByteArrayOutputStream bos = new ByteArrayOutputStream();
-
-        p7.encodeSignedData(bos);
-        byte[] p7Bytes = bos.toByteArray();
-        String p7Str = CMS.BtoA(p7Bytes);
-        cs.putString("preop.admincert.pkcs7", CryptoUtil.normalizeCertStr(p7Str));
-    }
-
-    public static void createAdmin(String uid, String email, String name, String pwd) throws IOException,
-            EBaseException {
-        IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
-        IConfigStore config = CMS.getConfigStore();
-        String groupNames = config.getString("preop.admin.group", "Certificate Manager Agents,Administrators");
-
-        IUser user = null;
-
-        try {
-            user = system.createUser(uid);
-            user.setEmail(email);
-            user.setPassword(pwd);
-            user.setFullName(name);
-            user.setUserType("adminType");
-            user.setState("1");
-            user.setPhone("");
-            system.addUser(user);
-        } catch (LDAPException e) {
-            CMS.debug("AdminPanel createAdmin: addUser " + e.toString());
-            if (e.getLDAPResultCode() != LDAPException.ENTRY_ALREADY_EXISTS) {
-                throw new IOException(e.toString());
-            }
-        } catch (Exception e) {
-            CMS.debug("AdminPanel createAdmin: addUser " + e.toString());
-            throw new IOException(e.toString());
-        }
-
-        IGroup group = null;
-        for (String groupName : groupNames.split(",")) {
-            groupName = groupName.trim();
-            group = system.getGroupFromName(groupName);
-            if (!group.isMember(uid)) {
-                group.addMemberName(uid);
-                system.modifyGroup(group);
-            }
-        }
-
-        String select = config.getString("securitydomain.select", "");
-        if (select.equals("new")) {
-            group = system.getGroupFromName("Security Domain Administrators");
-            if (group != null && !group.isMember(uid)) {
-                CMS.debug("AdminPanel createAdmin:  add user '" + uid + "' to group 'Security Domain Administrators'");
-                group.addMemberName(uid);
-                system.modifyGroup(group);
-            }
-
-            group = system.getGroupFromName("Enterprise CA Administrators");
-            if (group != null && !group.isMember(uid)) {
-                CMS.debug("AdminPanel createAdmin:  add user '" + uid + "' to group 'Enterprise CA Administrators'");
-                group.addMemberName(uid);
-                system.modifyGroup(group);
-            }
-
-            group = system.getGroupFromName("Enterprise KRA Administrators");
-            if (group != null && !group.isMember(uid)) {
-                CMS.debug("AdminPanel createAdmin:  add user '" + uid + "' to group 'Enterprise KRA Administrators'");
-                group.addMemberName(uid);
-                system.modifyGroup(group);
-            }
-
-            group = system.getGroupFromName("Enterprise RA Administrators");
-            if (group != null && !group.isMember(uid)) {
-                CMS.debug("AdminPanel createAdmin:  add user '" + uid + "' to group 'Enterprise RA Administrators'");
-                group.addMemberName(uid);
-                system.modifyGroup(group);
-            }
-
-            group = system.getGroupFromName("Enterprise TKS Administrators");
-            if (group != null && !group.isMember(uid)) {
-                CMS.debug("AdminPanel createAdmin:  add user '" + uid + "' to group 'Enterprise TKS Administrators'");
-                group.addMemberName(uid);
-                system.modifyGroup(group);
-            }
-
-            group = system.getGroupFromName("Enterprise OCSP Administrators");
-            if (group != null && !group.isMember(uid)) {
-                CMS.debug("AdminPanel createAdmin:  add user '" + uid + "' to group 'Enterprise OCSP Administrators'");
-                group.addMemberName(uid);
-                system.modifyGroup(group);
-            }
-
-            group = system.getGroupFromName("Enterprise TPS Administrators");
-            if (group != null && !group.isMember(uid)) {
-                CMS.debug("AdminPanel createAdmin:  add user '" + uid + "' to group 'Enterprise TPS Administrators'");
-                group.addMemberName(uid);
-                system.modifyGroup(group);
-            }
-        }
-    }
-
-    public static String submitAdminCertRequest(String ca_hostname, int ca_port, String profileId,
-            String certRequestType, String certRequest, String subjectDN) throws IOException, EBaseException,
-            SAXException, ParserConfigurationException {
-        IConfigStore config = CMS.getConfigStore();
-
-        if (profileId == null) {
-            profileId = config.getString("preop.admincert.profile", "caAdminCert");
-        }
-        certRequest = URLEncoder.encode(certRequest, "UTF-8");
-        String session_id = CMS.getConfigSDSessionId();
-        String content = "profileId=" + profileId + "&cert_request_type=" + certRequestType +
-                "&cert_request=" + certRequest + "&xmlOutput=true&sessionID=" + session_id + "&subject=" + subjectDN;
-
-        String c = getHttpResponse(ca_hostname, ca_port, true, "/ca/ee/ca/profileSubmit", content, null, null);
-
-        // retrieve the request Id and admin certificate
-        if (c != null) {
-            ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
-            XMLObject parser = new XMLObject(bis);
-
-            String status = parser.getValue("Status");
-            CMS.debug("submitAdminXertRequest: status=" + status);
-            if (status.equals(AUTH_FAILURE)) {
-                throw new EAuthException(AUTH_FAILURE);
-            } else if (!status.equals(SUCCESS)) {
-                String error = parser.getValue("Error");
-                throw new IOException(error);
-            }
-
-            IConfigStore cs = CMS.getConfigStore();
-            String id = parser.getValue("Id");
-
-            cs.putString("preop.admincert.requestId.0", id);
-            String serial = parser.getValue("serialno");
-
-            cs.putString("preop.admincert.serialno.0", serial);
-            String b64 = parser.getValue("b64");
-
-            // save in a file for access by ImportAdminCertPanel
-            String instanceRoot = cs.getString("instanceRoot", "");
-            String dir = instanceRoot + File.separator + "conf" + File.separator + "admin.b64";
-            cs.putString("preop.admincert.b64", dir);
-
-            PrintStream ps = new PrintStream(new FileOutputStream(dir));
-            ps.println(b64);
-            ps.flush();
-            ps.close();
-
-            return b64;
-        } else {
-            throw new IOException("submitAdminCertRequest: Failed to get response from ca");
-        }
-    }
-
-    public static void createSecurityDomain() throws EBaseException, LDAPException, NumberFormatException, IOException,
-            SAXException, ParserConfigurationException {
-        IConfigStore cs = CMS.getConfigStore();
-        IConfigStore dbCfg = cs.getSubStore("internaldb");
-        ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory();
-        dbFactory.init(dbCfg);
-        LDAPConnection conn = dbFactory.getConn();
-        LDAPEntry entry = null;
-        LDAPAttributeSet attrs = null;
-
-        // Create security domain ldap entry
-        String basedn = cs.getString("internaldb.basedn");
-        String secdomain = cs.getString("securitydomain.name");
-
-        String dn = "ou=Security Domain," + basedn;
-        attrs = new LDAPAttributeSet();
-        attrs.add(new LDAPAttribute("objectclass", "top"));
-        attrs.add(new LDAPAttribute("objectclass", "pkiSecurityDomain"));
-        attrs.add(new LDAPAttribute("name", secdomain));
-        attrs.add(new LDAPAttribute("ou", "Security Domain"));
-        entry = new LDAPEntry(dn, attrs);
-        conn.add(entry);
-
-        // create list containers
-        String clist[] = { "CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList" };
-        for (int i = 0; i < clist.length; i++) {
-            dn = "cn=" + LDAPUtil.escapeRDNValue(clist[i]) + ",ou=Security Domain," + basedn;
-            attrs = new LDAPAttributeSet();
-            attrs.add(new LDAPAttribute("objectclass", "top"));
-            attrs.add(new LDAPAttribute("objectclass", "pkiSecurityGroup"));
-            attrs.add(new LDAPAttribute("cn", clist[i]));
-            entry = new LDAPEntry(dn, attrs);
-            conn.add(entry);
-        }
-
-        // Add this host
-        String cn = CMS.getEESSLHost() + ":" + CMS.getAdminPort();
-        dn = "cn=" + LDAPUtil.escapeRDNValue(cn) + ",cn=CAList,ou=Security Domain," + basedn;
-        String subsystemName = cs.getString("preop.subsystem.name");
-        attrs = new LDAPAttributeSet();
-        attrs.add(new LDAPAttribute("objectclass", "top"));
-        attrs.add(new LDAPAttribute("objectclass", "pkiSubsystem"));
-        attrs.add(new LDAPAttribute("Host", CMS.getEESSLHost()));
-        attrs.add(new LDAPAttribute("SecurePort", CMS.getEESSLPort()));
-        attrs.add(new LDAPAttribute("SecureAgentPort", CMS.getAgentPort()));
-        attrs.add(new LDAPAttribute("SecureAdminPort", CMS.getAdminPort()));
-        if (CMS.getEEClientAuthSSLPort() != null) {
-            attrs.add(new LDAPAttribute("SecureEEClientAuthPort", CMS.getEEClientAuthSSLPort()));
-        }
-        attrs.add(new LDAPAttribute("UnSecurePort", CMS.getEENonSSLPort()));
-        attrs.add(new LDAPAttribute("Clone", "FALSE"));
-        attrs.add(new LDAPAttribute("SubsystemName", subsystemName));
-        attrs.add(new LDAPAttribute("cn", cn));
-        attrs.add(new LDAPAttribute("DomainManager", "TRUE"));
-        entry = new LDAPEntry(dn, attrs);
-        conn.add(entry);
-
-        CMS.debug("createSecurityDomain(): finish updating domain info");
-        conn.disconnect();
-
-        // Fetch the "new" security domain and display it
-        // CMS.debug("createSecurityDomain(): Dump contents of new Security Domain . . .");
-        // @SuppressWarnings("unused")
-        // String c = getDomainXML(CMS.getEESSLHost(), Integer.parseInt(CMS.getAdminPort()), true);
-    }
-
-    public static void updateSecurityDomain() throws IOException, SAXException, ParserConfigurationException,
-            EPropertyNotFound, EBaseException {
-        IConfigStore cs = CMS.getConfigStore();
-
-        int sd_agent_port = cs.getInteger("securitydomain.httpsagentport");
-        int sd_admin_port = cs.getInteger("securitydomain.httpsadminport");
-        String select = cs.getString("preop.subsystem.select");
-        String type = cs.getString("cs.type");
-        String sd_host = cs.getString("securitydomain.host");
-        String subsystemName = cs.getString("preop.subsystem.name");
-
-        boolean cloneMaster = false;
-
-        if (select.equals("clone") && type.equalsIgnoreCase("CA") && isSDHostDomainMaster(cs)) {
-            cloneMaster = true;
-            CMS.debug("Cloning a domain master");
-        }
-
-        String cloneStr = select.equals("clone") ? "&clone=true" : "&clone=false";
-        String domainMasterStr = cloneMaster ? "&dm=true" : "&dm=false";
-        String eecaStr = (CMS.getEEClientAuthSSLPort() != null) ? "&eeclientauthsport=" + CMS.getEEClientAuthSSLPort()
-                : "";
-
-        String url =  "/ca/admin/ca/updateDomainXML";
-        String content = "list=" + type + "List"
-                + "&type=" + type
-                + "&host=" + CMS.getEESSLHost()
-                + "&name=" + subsystemName
-                + "&sport=" + CMS.getEESSLPort()
-                + domainMasterStr
-                + cloneStr
-                + "&agentsport=" + CMS.getAgentPort()
-                + "&adminsport=" + CMS.getAdminPort()
-                + eecaStr
-                + "&httpport=" + CMS.getEENonSSLPort();
-
-        try {
-            String session_id = CMS.getConfigSDSessionId();
-            content += "&sessionID="+ session_id;
-            updateDomainXML(sd_host, sd_admin_port, true, url, content, false);
-        } catch (Exception e) {
-            CMS.debug("updateSecurityDomain: failed to update security domain using admin port "
-                      + sd_admin_port + ": " + e);
-            CMS.debug("updateSecurityDomain: now trying agent port with client auth");
-            url =  "/ca/agent/ca/updateDomainXML";
-            updateDomainXML(sd_host, sd_agent_port, true, url, content, true);
-        }
-
-        // Fetch the "updated" security domain and display it
-        CMS.debug("updateSecurityDomain(): Dump contents of updated Security Domain . . .");
-        @SuppressWarnings("unused")
-        String c = getDomainXML(sd_host, sd_admin_port, true);
-    }
-
-    public static boolean isSDHostDomainMaster(IConfigStore config) throws EPropertyNotFound, EBaseException,
-            IOException, SAXException, ParserConfigurationException {
-        String dm = "false";
-
-        String hostname = config.getString("securitydomain.host");
-        int httpsadminport = config.getInteger("securitydomain.httpsadminport");
-
-        CMS.debug("isSDHostDomainMaster(): Getting domain.xml from CA...");
-        String c = getDomainXML(hostname, httpsadminport, true);
-
-        ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
-        XMLObject parser = new XMLObject(bis);
-        Document doc = parser.getDocument();
-        NodeList nodeList = doc.getElementsByTagName("CA");
-
-        int len = nodeList.getLength();
-        for (int i = 0; i < len; i++) {
-            Vector<String> v_hostname = parser.getValuesFromContainer(nodeList.item(i), "Host");
-            Vector<String> v_https_admin_port = parser.getValuesFromContainer(nodeList.item(i), "SecureAdminPort");
-            Vector<String> v_domain_mgr = parser.getValuesFromContainer(nodeList.item(i), "DomainManager");
-
-            if (v_hostname.elementAt(0).equals(hostname) &&
-                    v_https_admin_port.elementAt(0).equals(Integer.toString(httpsadminport))) {
-                dm = v_domain_mgr.elementAt(0).toString();
-                break;
-            }
-        }
-        return dm.equalsIgnoreCase("true");
-    }
-
-    public static void updateDomainXML(String hostname, int port, boolean https,
-            String servlet, String uri, boolean useClientAuth) throws IOException, EBaseException, SAXException,
-            ParserConfigurationException {
-        CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname + " port=" + port);
-        String c = null;
-        if (useClientAuth) {
-            IConfigStore cs = CMS.getConfigStore();
-            String nickname = cs.getString("preop.cert.subsystem.nickname", "");
-            String tokenname = cs.getString("preop.module.token", "");
-
-            if (!tokenname.equals("") &&
-                    !tokenname.equals("Internal Key Storage Token") &&
-                    !tokenname.equals("internal")) {
-                nickname = tokenname + ":" + nickname;
-            }
-            CMS.debug("updateDomainXML() nickname=" + nickname);
-
-            c = getHttpResponse(hostname, port, https, servlet, uri, nickname, null);
-        } else {
-            c = getHttpResponse(hostname, port, https, servlet, uri, null, null);
-        }
-        if (c != null && !c.equals("")) {
-            ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
-            XMLObject obj = new XMLObject(bis);
-            String status = obj.getValue("Status");
-            CMS.debug("WizardPanelBase updateDomainXML: status=" + status);
-
-            if (status.equals(SUCCESS)) {
-                return;
-            } else {
-                String error = obj.getValue("Error");
-                throw new IOException(error);
-            }
-        } else {
-            throw new IOException("Failed to get response when updating security domain");
-        }
-    }
-
-    public static void updateConnectorInfo(String ownagenthost, String ownagentsport)
-            throws IOException, EBaseException, SAXException, ParserConfigurationException {
-        IConfigStore cs = CMS.getConfigStore();
-        int port = -1;
-        String url = "";
-        String host = null;
-        String transportCert = "";
-
-        url = cs.getString("preop.ca.url", "");
-        if (!url.equals("")) {
-            host = cs.getString("preop.ca.hostname", "");
-            port = cs.getInteger("preop.ca.httpsadminport", -1);
-            transportCert = cs.getString("kra.transport.cert", "");
-        }
-
-        if (host == null) {
-            CMS.debug("updateConnectorInfo(): preop.ca.url is not defined. External CA selected. No transport certificate setup is required");
-        } else {
-            CMS.debug("updateConnectorInfo(): Transport certificate is being setup in " + url);
-            String session_id = CMS.getConfigSDSessionId();
-            String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30"
-                    + "&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host=" + ownagenthost
-                    + "&ca.connector.KRA.port=" + ownagentsport
-                    + "&ca.connector.KRA.transportCert=" + URLEncoder.encode(transportCert, "UTF-8")
-                    + "&sessionID=" + session_id;
-
-            updateConnectorInfo(host, port, true, content);
-        }
-    }
-
-    public static void updateConnectorInfo(String host, int port, boolean https,
-            String content) throws IOException, SAXException, ParserConfigurationException {
-        CMS.debug("updateConnectorInfo start");
-        String c = getHttpResponse(host, port, https, "/ca/admin/ca/updateConnector", content, null, null);
-        if (c != null) {
-            ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
-            XMLObject parser = null;
-            parser = new XMLObject(bis);
-            String status = parser.getValue("Status");
-            CMS.debug("updateConnectorInfo: status=" + status);
-            if (!status.equals(SUCCESS)) {
-                String error = parser.getValue("Error");
-                throw new IOException(error);
-            }
-        }
-    }
-
-    public static void setupClientAuthUser() throws EBaseException, CertificateException, IOException, SAXException,
-            ParserConfigurationException, LDAPException {
-        IConfigStore cs = CMS.getConfigStore();
-        String host = cs.getString("preop.ca.hostname", "");
-        int port = cs.getInteger("preop.ca.httpsadminport", -1);
-
-        // retrieve CA subsystem certificate from the CA
-        IUGSubsystem system =
-                (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
-        String id = "";
-
-        String b64 = getSubsystemCert(host, port, true);
-        if (b64 != null) {
-            int num = cs.getInteger("preop.subsystem.count", 0);
-            id = "CA-" + host + "-" + port;
-            num++;
-            cs.putInteger("preop.subsystem.count", num);
-            cs.putInteger("subsystem.count", num);
-            IUser user = system.createUser(id);
-            user.setFullName(id);
-            user.setEmail("");
-            user.setPassword("");
-            user.setUserType("agentType");
-            user.setState("1");
-            user.setPhone("");
-            X509CertImpl[] certs = new X509CertImpl[1];
-            certs[0] = new X509CertImpl(CMS.AtoB(b64));
-            user.setX509Certificates(certs);
-            try {
-                system.addUser(user);
-            } catch (LDAPException e) {
-                if (e.getLDAPResultCode() != LDAPException.ENTRY_ALREADY_EXISTS) {
-                    throw e;
-                }
-            }
-            CMS.debug("DonePanel display: successfully add the user");
-            system.addUserCert(user);
-            CMS.debug("DonePanel display: successfully add the user certificate");
-            cs.commit(false);
-        }
-
-        String groupName = "Trusted Managers";
-        IGroup group = system.getGroupFromName(groupName);
-        if (!group.isMember(id)) {
-            group.addMemberName(id);
-            system.modifyGroup(group);
-            CMS.debug("DonePanel display: successfully added the user to the group.");
-        }
-
-    }
-
-    public static String getSubsystemCert(String host, int port, boolean https)
-            throws IOException, SAXException, ParserConfigurationException {
-        CMS.debug("getSubsystemCert() start");
-        String c = getHttpResponse(host, port, https, "/ca/admin/ca/getSubsystemCert", null, null, null);
-        if (c != null) {
-            ByteArrayInputStream bis =
-                    new ByteArrayInputStream(c.getBytes());
-            XMLObject parser = new XMLObject(bis);
-            String status = parser.getValue("Status");
-            if (status.equals(SUCCESS)) {
-                String s = parser.getValue("Cert");
-                return s;
-            } else {
-                return null;
-            }
-        }
-        return null;
-    }
-
-    public static String getTransportCert(URI secdomainURI, URI kraUri)
-            throws IOException, SAXException, ParserConfigurationException {
-        CMS.debug("getTransportCert() start");
-        String sessionId = CMS.getConfigSDSessionId();
-
-        String content = "&xmlOutput=true" +
-                "&sessionID=" + sessionId +
-                "&auth_hostname=" + secdomainURI.getHost() +
-                "&auth_port=" + secdomainURI.getPort();
-
-        String c = getHttpResponse(
-                kraUri.getHost(),
-                kraUri.getPort(),
-                true,
-                "/kra/admin/kra/getTransportCert",
-                content, null, null);
-
-        if (c != null) {
-            ByteArrayInputStream bis =
-                    new ByteArrayInputStream(c.getBytes());
-            XMLObject parser = new XMLObject(bis);
-            String status = parser.getValue("Status");
-            if (status.equals(SUCCESS)) {
-                String s = parser.getValue("TransportCert");
-                return s;
-            } else {
-                return null;
-            }
-        }
-        return null;
-    }
-
-    public static void getSharedSecret(String tksHost, int tksPort, boolean importKey) throws EPropertyNotFound,
-            EBaseException, URISyntaxException {
-        IConfigStore cs = CMS.getConfigStore();
-        String host = cs.getString("service.machineName");
-        String port = cs.getString("service.securePort");
-        String dbDir = cs.getString("instanceRoot") + "/alias";
-        String dbNick = cs.getString("tps.cert.subsystem.nickname");
-
-        String passwordFile = cs.getString("passwordFile");
-        IConfigStore psStore = CMS.createFileConfigStore(passwordFile);
-        String dbPass = psStore.getString("internal");
-
-        ClientConfig config = new ClientConfig();
-        config.setServerURI("https://" + tksHost + ":" + tksPort);
-        config.setCertDatabase(dbDir);
-        config.setCertNickname(dbNick);
-        config.setCertPassword(dbPass);
-
-        PKIClient client = new PKIClient(config);
-        PKIConnection connection = client.getConnection();
-
-        // Ignore the "UNTRUSTED_ISSUER" and "CA_CERT_INVALID" validity status
-        // during PKI instance creation since we are using an untrusted temporary CA cert.
-        connection.addIgnoredCertStatus(SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER);
-        connection.addIgnoredCertStatus(SSLCertificateApprovalCallback.ValidityStatus.CA_CERT_INVALID);
-
-        AccountClient accountClient = new AccountClient(client, "tks");
-        TPSConnectorClient tpsConnectorClient = new TPSConnectorClient(client, "tks");
-
-        accountClient.login();
-        TPSConnectorData data = null;
-        try {
-            data = tpsConnectorClient.getConnector(host, port);
-        } catch (ResourceNotFoundException e) {
-            // no connector exists
-            data = null;
-        }
-        KeyData keyData = null;
-        if (data == null) {
-            data = tpsConnectorClient.createConnector(host, port);
-            keyData = tpsConnectorClient.createSharedSecret(data.getID());
-        } else {
-            String connId = data.getID();
-            keyData = tpsConnectorClient.getSharedSecret(connId);
-            if (keyData != null) {
-                keyData = tpsConnectorClient.replaceSharedSecret(connId);
-            } else {
-                keyData = tpsConnectorClient.createSharedSecret(connId);
-            }
-        }
-        accountClient.logout();
-
-        if (importKey) {
-            // TODO - we need code here to import the key into the tps certdb
-            // this is not needed if we are using a shared database with
-            // the tks.
-        }
-
-        // store the new nick in CS.cfg
-        String nick = "TPS-" + host + "-" + port + " sharedSecret";
-        cs.putString("conn.tks1.tksSharedSymKeyName", nick);
-        cs.commit(false);
-    }
-
-    public static void importCACertToOCSP() throws IOException, EBaseException, CertificateEncodingException {
-        IConfigStore config = CMS.getConfigStore();
-
-        // get certificate chain from CA
-        String b64 = config.getString("preop.ca.pkcs7", "");
-        if (b64.equals("")) {
-            throw new IOException("Failed to get certificate chain.");
-        }
-
-        // this could be a chain
-        java.security.cert.X509Certificate[] certs = com.netscape.cmsutil.util.Cert.mapCertFromPKCS7(b64);
-        java.security.cert.X509Certificate leafCert = null;
-        if (certs != null && certs.length > 0) {
-            if (certs[0].getSubjectDN().getName().equals(certs[0].getIssuerDN().getName())) {
-                leafCert = certs[certs.length - 1];
-            } else {
-                leafCert = certs[0];
-            }
-
-            IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(IOCSPAuthority.ID);
-            IDefStore defStore = ocsp.getDefaultStore();
-
-            // (1) need to normalize (sort) the chain
-            // (2) store certificate (and certificate chain) into
-            // database
-            ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord(
-                    leafCert.getSubjectDN().getName(),
-                    BIG_ZERO,
-                    MINUS_ONE, null, null);
-
-            rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded());
-            defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec);
-
-            CMS.debug("importCACertToOCSP(): Added CA certificate.");
-        }
-    }
-
-    public static void updateOCSPConfig()
-            throws IOException, EBaseException, SAXException, ParserConfigurationException {
-        IConfigStore config = CMS.getConfigStore();
-        String cahost = config.getString("preop.ca.hostname", "");
-        int caport = config.getInteger("preop.ca.httpsport", -1);
-        String ocsphost = CMS.getAgentHost();
-        int ocspport = Integer.parseInt(CMS.getAgentPort());
-        String session_id = CMS.getConfigSDSessionId();
-        String content = "xmlOutput=true&sessionID=" + session_id + "&ocsp_host=" + ocsphost + "&ocsp_port=" + ocspport;
-
-        String c = getHttpResponse(cahost, caport, true, "/ca/ee/ca/updateOCSPConfig", content, null, null);
-        if (c == null || c.equals("")) {
-            CMS.debug("WizardPanelBase updateOCSPConfig: content is null.");
-            throw new IOException("The server you want to contact is not available");
-        } else {
-            ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
-            XMLObject parser = new XMLObject(bis);
-
-            String status = parser.getValue("Status");
-            CMS.debug("WizardPanelBase updateOCSPConfig: status=" + status);
-
-            if (status.equals(SUCCESS)) {
-                CMS.debug("WizardPanelBase updateOCSPConfig: Successfully update the OCSP configuration in the CA.");
-            } else if (status.equals(AUTH_FAILURE)) {
-                throw new EAuthException(AUTH_FAILURE);
-            } else {
-                String error = parser.getValue("Error");
-                throw new IOException(error);
-            }
-        }
-    }
-
-    public static void setupDBUser() throws CertificateException, LDAPException, EBaseException,
-            NotInitializedException, ObjectNotFoundException, TokenException, IOException {
-        IUGSubsystem system =
-                (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
-
-        try {
-            @SuppressWarnings("unused")
-            Enumeration<IUser> dbusers = system.findUsers(DBUSER);
-            CMS.debug("DB User already exists: " + DBUSER);
-            return;
-        } catch (EUsrGrpException e) {
-            CMS.debug("Creating DB User: " + DBUSER);
-        }
-
-        String b64 = getSubsystemCert();
-        if (b64 == null) {
-            CMS.debug("setupDBUser(): failed to fetch subsystem cert");
-            throw new EBaseException("setupDBUser(): failed to fetch subsystem cert");
-        }
-
-        IUser user = system.createUser(DBUSER);
-        user.setFullName(DBUSER);
-        user.setEmail("");
-        user.setPassword("");
-        user.setUserType("agentType");
-        user.setState("1");
-        user.setPhone("");
-        X509CertImpl[] certs = new X509CertImpl[1];
-        certs[0] = new X509CertImpl(CMS.AtoB(b64));
-        user.setX509Certificates(certs);
-        system.addUser(user);
-        CMS.debug("setupDBUser(): successfully added the user");
-        system.addUserCert(user);
-        CMS.debug("setupDBUser(): successfully add the user certificate");
-
-        // set subject dn
-        system.addCertSubjectDN(user);
-
-        // remove old db users
-        CMS.debug("Removing seeAlso from old dbusers");
-        removeOldDBUsers(certs[0].getSubjectDN().toString());
-    }
-
-    public static void addProfilesToTPSUser(String adminID) throws EUsrGrpException {
-        CMS.debug("Adding all profiles to TPS admin user");
-        IUGSubsystem system = (IUGSubsystem) CMS.getSubsystem(IUGSubsystem.ID);
-        IUser user = system.getUser(adminID);
-
-        List<String> profiles = new ArrayList<String>();
-        profiles.add(UserService.ALL_PROFILES);
-
-        user.setTpsProfiles(profiles);
-        system.modifyUser(user);
-    }
-
-    public static void registerUser(URI secdomainURI, URI targetURI, String targetType) throws Exception {
-        IConfigStore cs = CMS.getConfigStore();
-        String csType = cs.getString("cs.type");
-        String uid = csType.toUpperCase() + "-" + cs.getString("machineName", "")
-                + "-" + cs.getString("service.securePort", "");
-        String sessionId = CMS.getConfigSDSessionId();
-        String subsystemName = cs.getString("preop.subsystem.name");
-
-        String content = "uid=" + uid +
-                "&xmlOutput=true" +
-                "&sessionID=" + sessionId +
-                "&auth_hostname=" + secdomainURI.getHost() +
-                "&auth_port=" + secdomainURI.getPort() +
-                "&certificate=" + URLEncoder.encode(getSubsystemCert(), "UTF-8") +
-                "&name=" + subsystemName;
-
-        String targetURL = "/" + targetType + "/admin/" + targetType + "/registerUser";
-
-        String response = getHttpResponse(
-                targetURI.getHost(),
-                targetURI.getPort(),
-                true,
-                targetURL,
-                content, null, null);
-
-        if (response == null || response.equals("")) {
-            CMS.debug("registerUser: response is empty or null.");
-            throw new IOException("The server " + targetURI + "is not available");
-        } else {
-            ByteArrayInputStream bis = new ByteArrayInputStream(response.getBytes());
-            XMLObject parser = new XMLObject(bis);
-
-            String status = parser.getValue("Status");
-            CMS.debug("registerUser: status=" + status);
-
-            if (status.equals(SUCCESS)) {
-                CMS.debug("registerUser: Successfully added user " + uid + " to " + targetURI +
-                          " using " + targetURL);
-            } else if (status.equals(AUTH_FAILURE)) {
-                throw new EAuthException(AUTH_FAILURE);
-            } else {
-                String error = parser.getValue("Error");
-                throw new IOException(error);
-            }
-        }
-    }
-
-    public static void exportTransportCert(URI secdomainURI, URI targetURI, String transportCert) throws Exception {
-        IConfigStore cs = CMS.getConfigStore();
-        String name = "transportCert-" + cs.getString("machineName", "")
-                + "-" + cs.getString("service.securePort", "");
-        String sessionId = CMS.getConfigSDSessionId();
-
-        String content = "name=" + name +
-                "&xmlOutput=true" +
-                "&sessionID=" + sessionId +
-                "&auth_hostname=" + secdomainURI.getHost() +
-                "&auth_port=" + secdomainURI.getPort() +
-                "&certificate=" + URLEncoder.encode(transportCert, "UTF-8");
-
-        String targetURL = "/tks/admin/tks/importTransportCert";
-
-        String response = getHttpResponse(
-                targetURI.getHost(),
-                targetURI.getPort(),
-                true,
-                targetURL,
-                content, null, null);
-
-        if (response == null || response.equals("")) {
-            CMS.debug("exportTransportCert: response is empty or null.");
-            throw new IOException("The server " + targetURI + "is not available");
-        } else {
-            ByteArrayInputStream bis = new ByteArrayInputStream(response.getBytes());
-            XMLObject parser = new XMLObject(bis);
-
-            String status = parser.getValue("Status");
-            CMS.debug("exportTransportCert: status=" + status);
-
-            if (status.equals(SUCCESS)) {
-                CMS.debug("exportTransportCert: Successfully added transport cert to " + targetURI);
-            } else if (status.equals(AUTH_FAILURE)) {
-                throw new EAuthException(AUTH_FAILURE);
-            } else {
-                String error = parser.getValue("Error");
-                throw new IOException(error);
-            }
-        }
-    }
-
-    public static void removeOldDBUsers(String subjectDN) throws EBaseException, LDAPException {
-        IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
-        IConfigStore cs = CMS.getConfigStore();
-        String userbasedn = "ou=people, " + cs.getString("internaldb.basedn");
-        IConfigStore dbCfg = cs.getSubStore("internaldb");
-        ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory();
-        dbFactory.init(dbCfg);
-        LDAPConnection conn = dbFactory.getConn();
-
-        String filter = "(&(seeAlso=" + LDAPUtil.escapeFilter(subjectDN) + ")(!(uid=" + DBUSER + ")))";
-        String[] attrs = null;
-        LDAPSearchResults res = conn.search(userbasedn, LDAPConnection.SCOPE_SUB, filter,
-                attrs, false);
-        if (res != null) {
-            while (res.hasMoreElements()) {
-                String uid = (String) res.next().getAttribute("uid").getStringValues().nextElement();
-                IUser user = system.getUser(uid);
-                CMS.debug("removeOldDUsers: Removing seeAlso from " + uid);
-                system.removeCertSubjectDN(user);
-            }
-        }
-    }
-
-    public static String getSubsystemCert() throws EBaseException, NotInitializedException, ObjectNotFoundException,
-            TokenException, CertificateEncodingException, IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        String nickname = cs.getString("preop.cert.subsystem.nickname", "");
-        String tokenname = cs.getString("preop.module.token", "");
-
-        if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")
-                && !tokenname.equals("")) {
-            nickname = tokenname + ":" + nickname;
-        }
-
-        CMS.debug("DonePanel getSubsystemCert: nickname=" + nickname);
-
-        CryptoManager cm = CryptoManager.getInstance();
-        org.mozilla.jss.crypto.X509Certificate cert = cm.findCertByNickname(nickname);
-        if (cert == null) {
-            CMS.debug("DonePanel getSubsystemCert: subsystem cert is null");
-            return null;
-        }
-        byte[] bytes = cert.getEncoded();
-        String s = CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bytes));
-        return s;
-    }
-
-    public static void updateCAConnInfo(URI caUri, String subsystemNick) {
-        IConfigStore cs = CMS.getConfigStore();
-
-        cs.putString("preop.cainfo.select", caUri.toString());
-        cs.putString("conn.ca1.clientNickname", subsystemNick);
-        cs.putString("conn.ca1.hostport", caUri.getHost() + ":" + caUri.getPort());
-        cs.putString("conn.ca1.hostagentport", caUri.getHost() + ":" + caUri.getPort());
-        cs.putString("conn.ca1.hostadminport", caUri.getHost() + ":" + caUri.getPort());
-    }
-
-    public static void updateKRAConnInfo(boolean enableServerSideKeyGen, URI kraUri, String subsystemNick) {
-        IConfigStore cs = CMS.getConfigStore();
-        if (enableServerSideKeyGen) {
-            cs.putString("preop.krainfo.select", kraUri.toString());
-            cs.putString("conn.drm1.clientNickname", subsystemNick);
-            cs.putString("conn.drm1.hostport", kraUri.getHost() + ":" + kraUri.getPort());
-            cs.putString("conn.tks1.serverKeygen", "true");
-            cs.putString("op.enroll.userKey.keyGen.encryption.serverKeygen.enable", "true");
-            cs.putString("op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable", "true");
-            cs.putString("op.enroll.soKey.keyGen.encryption.serverKeygen.enable", "true");
-            cs.putString("op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.enable", "true");
-        } else {
-            // no keygen
-            cs.putString("conn.tks1.serverKeygen", "false");
-            cs.putString("op.enroll.userKey.keyGen.encryption.serverKeygen.enable", "false");
-            cs.putString("op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable", "false");
-            cs.putString("op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme", "GenerateNewKey");
-            cs.putString("op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.scheme", "GenerateNewKey");
-            cs.putString("conn.drm1.clientNickname", "");
-            cs.putString("conn.drm1.hostport", "");
-            cs.putString("op.enroll.soKey.keyGen.encryption.serverKeygen.enable", "false");
-            cs.putString("op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.enable", "false");
-            cs.putString("op.enroll.soKey.keyGen.encryption.recovery.destroyed.scheme", "GenerateNewKey");
-            cs.putString("op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.scheme", "GenerateNewKey");
-        }
-    }
-
-    public static void updateTKSConnInfo(URI tksUri, String subsystemNick) {
-        IConfigStore cs = CMS.getConfigStore();
-
-        cs.putString("preop.tksinfo.select", tksUri.toString());
-        cs.putString("conn.tks1.clientNickname", subsystemNick);
-        cs.putString("conn.tks1.hostport", tksUri.getHost() + ":" + tksUri.getPort());
-    }
-
-    public static void updateAuthdbInfo(String basedn, String host, String port, String secureConn) {
-        IConfigStore cs = CMS.getConfigStore();
-
-        cs.putString("auths.instance.ldap1.ldap.basedn", basedn);
-        cs.putString("auths.instance.ldap1.ldap.ldapconn.host", host);
-        cs.putString("auths.instance.ldap1.ldap.ldapconn.port", port);
-        cs.putString("auths.instance.ldap1.ldap.ldapconn.secureConn", secureConn);
-    }
-
-
-    public static void updateNextRanges() throws EBaseException, LDAPException {
-        IConfigStore cs = CMS.getConfigStore();
-
-        String endRequestNumStr = cs.getString("dbs.endRequestNumber", "");
-        String endSerialNumStr = cs.getString("dbs.endSerialNumber", "");
-        String type = cs.getString("cs.type");
-        String basedn = cs.getString("internaldb.basedn");
-
-        BigInteger endRequestNum = new BigInteger(endRequestNumStr);
-        BigInteger endSerialNum = new BigInteger(endSerialNumStr);
-        BigInteger oneNum = new BigInteger("1");
-
-        // update global next range entries
-        IConfigStore dbCfg = cs.getSubStore("internaldb");
-        ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory();
-        dbFactory.init(dbCfg);
-        LDAPConnection conn = dbFactory.getConn();
-
-        String serialdn = "";
-        if (type.equals("CA")) {
-            serialdn = "ou=certificateRepository,ou=" + LDAPUtil.escapeRDNValue(type.toLowerCase()) + "," + basedn;
-        } else {
-            serialdn = "ou=keyRepository,ou=" + LDAPUtil.escapeRDNValue(type.toLowerCase()) + "," + basedn;
-        }
-        LDAPAttribute attrSerialNextRange =
-                new LDAPAttribute("nextRange", endSerialNum.add(oneNum).toString());
-        LDAPModification serialmod = new LDAPModification(LDAPModification.REPLACE, attrSerialNextRange);
-        conn.modify(serialdn, serialmod);
-
-        String requestdn = "ou=" + LDAPUtil.escapeRDNValue(type.toLowerCase()) + ",ou=requests," + basedn;
-        LDAPAttribute attrRequestNextRange =
-                new LDAPAttribute("nextRange", endRequestNum.add(oneNum).toString());
-        LDAPModification requestmod = new LDAPModification(LDAPModification.REPLACE, attrRequestNextRange);
-        conn.modify(requestdn, requestmod);
-
-        conn.disconnect();
-    }
-
-    /**
-     * save variables needed for cloning and remove preops
-     * @throws EBaseException
-     */
-    public static void removePreopConfigEntries() throws EBaseException {
-        IConfigStore cs = CMS.getConfigStore();
-        String type = cs.getString("cs.type");
-        String list = cs.getString("preop.cert.list", "");
-        StringTokenizer st = new StringTokenizer(list, ",");
-
-        while (st.hasMoreTokens()) {
-            String ss = st.nextToken();
-            if (ss.equals("sslserver"))
-                continue;
-            cs.putString("cloning." + ss + ".nickname", cs.getString("preop.cert." + ss + ".nickname", ""));
-            cs.putString("cloning." + ss + ".dn", cs.getString("preop.cert." + ss + ".dn", ""));
-            cs.putString("cloning." + ss + ".keytype", cs.getString("preop.cert." + ss + ".keytype", ""));
-            cs.putString("cloning." + ss + ".keyalgorithm", cs.getString("preop.cert." + ss + ".keyalgorithm", ""));
-            cs.putString("cloning." + ss + ".privkey.id", cs.getString("preop.cert." + ss + ".privkey.id", ""));
-            cs.putString("cloning." + ss + ".pubkey.exponent",
-                    cs.getString("preop.cert." + ss + ".pubkey.exponent", ""));
-            cs.putString("cloning." + ss + ".pubkey.modulus",
-                    cs.getString("preop.cert." + ss + ".pubkey.modulus", ""));
-            cs.putString("cloning." + ss + ".pubkey.encoded",
-                    cs.getString("preop.cert." + ss + ".pubkey.encoded", ""));
-        }
-        cs.putString("cloning.module.token", cs.getString("preop.module.token", ""));
-        cs.putString("cloning.list", list);
-
-        // more cloning variables needed for non-ca clones
-
-        if (!type.equals("CA")) {
-            String val = cs.getString("preop.ca.hostname", "");
-            if (val.length() > 0)
-                cs.putString("cloning.ca.hostname", val);
-
-            val = cs.getString("preop.ca.httpport", "");
-            if (val.length() != 0)
-                cs.putString("cloning.ca.httpport", val);
-
-            val = cs.getString("preop.ca.httpsport", "");
-            if (val.length() != 0)
-                cs.putString("cloning.ca.httpsport", val);
-
-            val = cs.getString("preop.ca.list", "");
-            if (val.length() != 0)
-                cs.putString("cloning.ca.list", val);
-
-            val = cs.getString("preop.ca.pkcs7", "");
-            if (val.length() != 0)
-                cs.putString("cloning.ca.pkcs7", val);
-
-            val = cs.getString("preop.ca.type", "");
-            if (val.length() != 0)
-                cs.putString("cloning.ca.type", val);
-        }
-
-        // save EC type for sslserver cert (if present)
-        cs.putString("jss.ssl.sslserver.ectype", cs.getString("preop.cert.sslserver.ec.type", "ECDHE"));
-
-        cs.removeSubStore("preop");
-        cs.commit(false);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
deleted file mode 100644
index 462e05455..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
+++ /dev/null
@@ -1,279 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.net.URL;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.context.Context;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.util.HttpInput;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-
-public class CreateSubsystemPanel extends WizardPanelBase {
-
-    public CreateSubsystemPanel() {
-    }
-
-    /**
-     * Initializes this panel.
-     */
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Subsystem Selection");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Subsystem Type");
-        setId(id);
-    }
-
-    public void cleanUp() throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        cs.putString("preop.subsystem.select", "");
-        cs.putString("subsystem.select", "");
-    }
-
-    public boolean isPanelDone() {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            String s = cs.getString("preop.subsystem.select", "");
-            if (s == null || s.equals("")) {
-                return false;
-            } else {
-                return true;
-            }
-        } catch (EBaseException e) {
-        }
-        return false;
-    }
-
-    public PropertySet getUsage() {
-        PropertySet set = new PropertySet();
-
-        /* XXX */
-
-        return set;
-    }
-
-    /**
-     * Display the panel.
-     */
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        context.put("title", "Subsystem Type");
-        IConfigStore config = CMS.getConfigStore();
-
-        try {
-            String session_id = request.getParameter("session_id");
-            if (session_id != null) {
-                CMS.debug("CreateSubsystemPanel setting session id.");
-                CMS.setConfigSDSessionId(session_id);
-            }
-
-            if (isPanelDone()) {
-                String s = config.getString("preop.subsystem.select");
-                if (s.equals("new")) {
-                    context.put("check_newsubsystem", "checked");
-                    context.put("check_clonesubsystem", "");
-                } else if (s.equals("clone")) {
-                    context.put("check_newsubsystem", "");
-                    context.put("check_clonesubsystem", "checked");
-                }
-                context.put("subsystemName", config.getString("preop.subsystem.name"));
-            } else {
-                context.put("check_newsubsystem", "checked");
-                context.put("check_clonesubsystem", "");
-                context.put("subsystemName", config.getString("preop.system.fullname"));
-            }
-
-            String cstype = config.getString("cs.type", "");
-            context.put("cstype", cstype);
-            context.put("wizardname", config.getString("preop.wizard.name"));
-            context.put("systemname", config.getString("preop.system.name"));
-            context.put("fullsystemname", config.getString("preop.system.fullname"));
-            context.put("machineName", config.getString("machineName"));
-            context.put("http_port", CMS.getEENonSSLPort());
-            context.put("https_agent_port", CMS.getAgentPort());
-            context.put("https_ee_port", CMS.getEESSLPort());
-            context.put("https_admin_port", CMS.getAdminPort());
-
-            String domainType = config.getString("preop.securitydomain.select");
-            Vector<String> v = null;
-            if (!domainType.equals("new")) {
-                try {
-                    v = ConfigurationUtils.getUrlListFromSecurityDomain(config, cstype, "SecurePort");
-                } catch (Exception e) {
-                    // note: this is OK for a new master ca in a new domain
-                    CMS.debug("Exception thrown when obtaining URL List from security domain:" + e);
-                    e.printStackTrace();
-                }
-            }
-
-            if (v == null) {
-                v = new Vector<String>();
-            }
-
-            StringBuffer list = new StringBuffer();
-            int size = v.size();
-            for (int i = 0; i < size; i++) {
-                if (i == size - 1) {
-                    list.append(v.elementAt(i));
-                } else {
-                    list.append(v.elementAt(i));
-                    list.append(",");
-                }
-            }
-
-            config.putString("preop.master.list", list.toString());
-            config.commit(false);
-
-            if (list.length() == 0)
-                context.put("disableClone", "true");
-
-            context.put("panel", "admin/console/config/createsubsystempanel.vm");
-            context.put("urls", v);
-            context.put("errorString", "");
-        } catch (Exception e) {
-            e.printStackTrace();
-            context.put("errorString", e.toString());
-            CMS.debug("CreateSubsystemPanel: Exception thrown: " + e);
-        }
-    }
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-    }
-
-    /**
-     * Commit parameter changes
-     */
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-        IConfigStore config = CMS.getConfigStore();
-        String select = HttpInput.getID(request, "choice");
-
-        if (select == null) {
-            CMS.debug("CreateSubsystemPanel: choice not found");
-            context.put("updateStatus", "failure");
-            throw new IOException("choice not found");
-        }
-
-        try {
-            String cstype = config.getString("cs.type", "");
-            config.putString("preop.subsystem.name", HttpInput.getName(request, "subsystemName"));
-
-            if (select.equals("newsubsystem")) {
-                config.putString("preop.subsystem.select", "new");
-                config.putString("subsystem.select", "New");
-            } else if (select.equals("clonesubsystem")) {
-                config.putString("preop.subsystem.select", "clone");
-                config.putString("subsystem.select", "Clone");
-
-                String lists = config.getString("preop.cert.list", "");
-                StringTokenizer t = new StringTokenizer(lists, ",");
-                while (t.hasMoreTokens()) {
-                    String tag = t.nextToken();
-                    if (tag.equals("sslserver"))
-                        config.putBoolean(PCERT_PREFIX + tag + ".enable", true);
-                    else
-                        config.putBoolean(PCERT_PREFIX + tag + ".enable", false);
-                }
-
-                // get the masterURL
-                String index = request.getParameter("urls");
-                String url = "";
-
-                int x = Integer.parseInt(index);
-                String list = config.getString("preop.master.list", "");
-                StringTokenizer tokenizer = new StringTokenizer(list, ",");
-                int counter = 0;
-
-                while (tokenizer.hasMoreTokens()) {
-                    url = tokenizer.nextToken();
-                    if (counter == x) break;
-                    counter++;
-                }
-
-                url = url.substring(url.indexOf("http"));
-
-                URL u = new URL(url);
-                String host = u.getHost();
-                int https_ee_port = u.getPort();
-
-                String domainXML = config.getString("preop.domainXML");
-
-                // check URI and update preop.master port entries
-                boolean validUri = ConfigurationUtils.isValidCloneURI(domainXML, host, https_ee_port);
-                if (!validUri) {
-                    throw new IOException("Invalid clone URI provided.  Does not match the available subsystems in " +
-                            "the security domain");
-                }
-                if (cstype.equals("CA")) {
-                    int https_admin_port = ConfigurationUtils.getPortFromSecurityDomain(domainXML,
-                                               host, https_ee_port, "CA", "SecurePort", "SecureAdminPort");
-
-                    ConfigurationUtils.importCertChain(host, https_admin_port, "/ca/admin/ca/getCertChain", "clone");
-                }
-            } else {
-                CMS.debug("CreateSubsystemPanel: invalid choice " + select);
-                context.put("updateStatus", "failure");
-                throw new IOException("invalid choice " + select);
-            }
-
-            config.commit(false);
-        } catch (Exception e) {
-            CMS.debug("CreateSubsystemPanel: Exception thrown : " + e);
-            context.put("errorString", e.toString());
-            context.put("updateStatus", "failure");
-            throw new IOException(e);
-        }
-
-        context.put("updateStatus", "success");
-    }
-
-    /**
-     * If validate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        context.put("title", "Subsystem Type");
-        context.put("panel", "admin/console/config/createsubsystempanel.vm");
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/DRMInfoPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/DRMInfoPanel.java
deleted file mode 100644
index 1344104f1..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/DRMInfoPanel.java
+++ /dev/null
@@ -1,150 +0,0 @@
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.velocity.context.Context;
-import org.xml.sax.SAXException;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.util.HttpInput;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-
-public class DRMInfoPanel extends WizardPanelBase {
-
-    public DRMInfoPanel() {
-    }
-
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("DRM Information");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("DRM Information");
-        setId(id);
-    }
-
-    public boolean shouldSkip() {
-        return false;
-    }
-
-    public void cleanUp() throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        cs.putString("preop.krainfo.select", "");
-    }
-
-    public boolean isPanelDone() {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            String s = cs.getString("preop.krainfo.select", "");
-            if (s != null && ! s.isEmpty()) {
-                return true;
-            }
-        } catch (EBaseException e) {
-        }
-        return false;
-    }
-
-    public PropertySet getUsage() {
-        return new PropertySet();
-    }
-
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        String errorString = "";
-        context.put("title", "DRM Information");
-        context.put("panel", "admin/console/config/drminfopanel.vm");
-        IConfigStore config = CMS.getConfigStore();
-
-        if (isPanelDone()) {
-            //TODO - put selected entry in selection box.
-            //String s = config.getString("preop.krainfo.select");
-        }
-
-        // get KRA URLs
-        Vector<String> v = null;
-        try {
-            v = ConfigurationUtils.getUrlListFromSecurityDomain(config, "KRA", "SecurePort");
-            if (v == null) {
-                errorString = "No DRM found.  CA, TKS and optionally DRM " +
-                              " must be installed prior to TPS installation";
-                context.put("errorString", errorString);
-                context.put("preop.krainfo.errorString", errorString);
-                return;
-            }
-
-            config.putString("preop.kra.list", StringUtils.join(v,","));
-            config.commit(false);
-        } catch (EBaseException | IOException | SAXException | ParserConfigurationException e1) {
-            e1.printStackTrace();
-            errorString = "Failed to get DRM information from security domain. " + e1;
-            context.put("errorString", errorString);
-            context.put("preop.krainfo.errorString", errorString);
-            return;
-        }
-
-        context.put("urls", v);
-        context.put("urls_size", v.size());
-        context.put("errorString", "");
-        context.put("preop.krainfo.errorString", "");
-    }
-
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-    }
-
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-        IConfigStore config = CMS.getConfigStore();
-        String subsystemNick;
-        try {
-            subsystemNick = config.getString("preop.cert.subsystem.nickname");
-        } catch (EBaseException e1) {
-            e1.printStackTrace();
-            throw new IOException("Failed to get subsystem certificate nickname");
-        }
-
-        String url = HttpInput.getString(request, "urls");
-        String parsedURI = url.substring(url.lastIndexOf("http"));
-        URI kraUri = null;
-        try {
-            kraUri = new URI(parsedURI);
-        } catch (URISyntaxException e) {
-            throw new IOException("Invalid URI " + parsedURI);
-        }
-
-        String choice = HttpInput.getString(request, "choice");
-        boolean keyGen = choice.equalsIgnoreCase("keygen");
-
-        ConfigurationUtils.updateKRAConnInfo(keyGen, kraUri, subsystemNick);
-
-        context.put("updateStatus", "success");
-    }
-
-    /**
-     * If validate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
deleted file mode 100644
index 56234f7cd..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
+++ /dev/null
@@ -1,532 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.util.Random;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.context.Context;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.util.HttpInput;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-
-public class DatabasePanel extends WizardPanelBase {
-
-    private static final String HOST = "localhost";
-    private static final String CLONE_HOST = "Enter FQDN here";
-    private static final String PORT = "389";
-    private static final String BINDDN = "cn=Directory Manager";
-
-    private WizardServlet mServlet = null;
-
-    public DatabasePanel() {
-    }
-
-    /**
-     * Initializes this panel.
-     */
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Internal Database");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Internal Database");
-        setId(id);
-        mServlet = servlet;
-    }
-
-    public void cleanUp() throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        cs.putBoolean("preop.Database.done", false);
-    }
-
-    public boolean isPanelDone() {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            boolean s = cs.getBoolean("preop.Database.done",
-                    false);
-
-            if (s != true) {
-                return false;
-            } else {
-                return true;
-            }
-        } catch (EBaseException e) {
-        }
-
-        return false;
-    }
-
-    public PropertySet getUsage() {
-        PropertySet set = new PropertySet();
-        Descriptor hostDesc = new Descriptor(IDescriptor.STRING, null, null, "Host name");
-        set.add("hostname", hostDesc);
-
-        Descriptor portDesc = new Descriptor(IDescriptor.INTEGER, null, null, "Port");
-        set.add("portStr", portDesc);
-
-        Descriptor basednDesc = new Descriptor(IDescriptor.STRING, null, null, "Base DN");
-        set.add("basedn", basednDesc);
-
-        Descriptor binddnDesc = new Descriptor(IDescriptor.STRING, null, null, "Bind DN");
-        set.add("binddn", binddnDesc);
-
-        Descriptor bindpwdDesc = new Descriptor(IDescriptor.PASSWORD, null, null, "Bind Password");
-        set.add("bindpwd", bindpwdDesc);
-
-        Descriptor databaseDesc = new Descriptor(IDescriptor.STRING, null, null, "Database");
-        set.add("database", databaseDesc);
-
-        return set;
-    }
-
-    /**
-     * Display the panel.
-     */
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        CMS.debug("DatabasePanel: display()");
-        context.put("title", "Internal Database");
-        context.put("firsttime", "false");
-        IConfigStore cs = CMS.getConfigStore();
-        String hostname = null;
-        String portStr = null;
-        String basedn = null;
-        String binddn = null;
-        String bindpwd = "";
-        String database = null;
-        String errorString = "";
-        String secure = "false";
-        String masterReplicationPort = "";
-        String cloneReplicationPort = "";
-        String replicationSecurity = "";
-
-        try {
-            @SuppressWarnings("unused")
-            String s = cs.getString("preop.database.removeData"); // check whether it's first time
-        } catch (Exception e) {
-            context.put("firsttime", "true");
-        }
-
-        String select = "";
-        try {
-            select = cs.getString("preop.subsystem.select", "");
-        } catch (Exception e) {
-        }
-
-        if (isPanelDone()) {
-            try {
-                hostname = cs.getString("internaldb.ldapconn.host", "");
-                portStr = cs.getString("internaldb.ldapconn.port", "");
-                basedn = cs.getString("internaldb.basedn", "");
-                binddn = cs.getString("internaldb.ldapauth.bindDN", "");
-                database = cs.getString("internaldb.database", "");
-                secure = cs.getString("internaldb.ldapconn.secureConn", "");
-                replicationSecurity = cs.getString("internaldb.ldapconn.replicationSecurity", "None");
-                masterReplicationPort = cs.getString("internaldb.ldapconn.masterReplicationPort", "");
-                cloneReplicationPort = cs.getString("internaldb.ldapconn.cloneReplicationPort", "");
-                errorString = cs.getString("preop.database.errorString", "");
-            } catch (Exception e) {
-                CMS.debug("DatabasePanel display: " + e.toString());
-            }
-        } else if (select.equals("clone")) {
-            hostname = CLONE_HOST;
-            portStr = PORT;
-            try {
-                basedn = cs.getString("internaldb.basedn", "");
-            } catch (Exception e) {
-                CMS.debug("DatabasePanel::display() - "
-                         + "Exception=" + e.toString());
-                return;
-            }
-            binddn = BINDDN;
-            database = basedn.substring(basedn.lastIndexOf('=') + 1);
-            CMS.debug("Clone: database=" + database);
-        } else {
-            hostname = HOST;
-            portStr = PORT;
-            String instanceId = "";
-            String machineName = "";
-
-            try {
-                instanceId = cs.getString("instanceId", "");
-                machineName = cs.getString("machineName", "");
-            } catch (Exception e) {
-                CMS.debug("DatabasePanel display: " + e.toString());
-            }
-            String suffix = "dc=" + machineName + "-" + instanceId;
-
-            boolean multipleEnable = false;
-            try {
-                multipleEnable = cs.getBoolean(
-                        "internaldb.multipleSuffix.enable", false);
-            } catch (Exception e) {
-            }
-
-            if (multipleEnable)
-                basedn = "ou=" + instanceId + "," + suffix;
-            else
-                basedn = suffix;
-            binddn = BINDDN;
-            database = machineName + "-" + instanceId;
-        }
-
-        context.put("clone", select);
-        context.put("hostname", hostname);
-        context.put("portStr", portStr);
-        context.put("basedn", basedn);
-        context.put("binddn", binddn);
-        context.put("bindpwd", bindpwd);
-        context.put("database", database);
-        context.put("secureConn", (secure.equals("true") ? "on" : "off"));
-        context.put("masterReplicationPort", masterReplicationPort);
-        context.put("cloneReplicationPort", cloneReplicationPort);
-        context.put("replicationSecurity", replicationSecurity);
-        context.put("panel", "admin/console/config/databasepanel.vm");
-        context.put("errorString", errorString);
-    }
-
-    public void initParams(HttpServletRequest request, Context context)
-                   throws IOException {
-        IConfigStore config = CMS.getConfigStore();
-        String select = "";
-        try {
-            select = config.getString("preop.subsystem.select", "");
-        } catch (Exception e) {
-        }
-        context.put("clone", select);
-        context.put("hostname", (request.getParameter("host") != null) ? request.getParameter("host") : "");
-        context.put("portStr", (request.getParameter("port") != null) ? request.getParameter("port") : "");
-        context.put("basedn", (request.getParameter("basedn") != null) ? request.getParameter("basedn") : "");
-        context.put("binddn", (request.getParameter("binddn") != null) ? request.getParameter("binddn") : "");
-        context.put("bindpwd", (request.getParameter("__bindpwd") != null) ?
-                request.getParameter("__bindpwd"): "");
-        context.put("database", (request.getParameter("database") != null) ?
-                request.getParameter("database") : "");
-        context.put("masterReplicationPort", (request.getParameter("masterReplicationPort") != null) ?
-                request.getParameter("masterReplicationPort"): "");
-        context.put("cloneReplicationPort", (request.getParameter("cloneReplicationPort") != null) ?
-                request.getParameter("cloneReplicationPort"): "");
-        context.put("replicationSecurity", (request.getParameter("replicationSecurity") != null) ?
-                request.getParameter("replicationSecurity"): "None");
-    }
-
-    /**
-     * Parses and validates the parameters in the request.
-     */
-    public void parseParameters(HttpServletRequest request,
-            HttpServletResponse response, Context context) throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-
-        String select = "";
-        try {
-            select = cs.getString("preop.subsystem.select", "");
-        } catch (Exception e) {
-        }
-
-        String hostname = HttpInput.getHostname(request, "host");
-        if (hostname == null || hostname.length() == 0) {
-            throw new IOException("hostname is empty string");
-        }
-        context.put("hostname", hostname);
-
-        // this validates that port is an integer
-        String portStr = HttpInput.getPortNumber(request, "port");
-        context.put("portStr", portStr);
-
-        String basedn = HttpInput.getDN(request, "basedn");
-        if (basedn == null || basedn.length() == 0) {
-            throw new IOException("basedn is empty string");
-        }
-        context.put("basedn", basedn);
-
-        String binddn = HttpInput.getDN(request, "binddn");
-        if (binddn == null || binddn.length() == 0) {
-            throw new IOException("binddn is empty string");
-        }
-        context.put("binddn", binddn);
-
-        String database = HttpInput.getLdapDatabase(request, "database");
-        if (database == null || database.length() == 0) {
-            throw new IOException("Database is empty string");
-        }
-        context.put("database", database);
-
-        String bindpwd = HttpInput.getPassword(request, "__bindpwd");
-        if (bindpwd == null || bindpwd.length() == 0) {
-            throw new IOException("Bind password is empty string");
-        }
-        context.put("bindpwd", bindpwd);
-
-        String secure = HttpInput.getCheckbox(request, "secureConn");
-        context.put("secureConn", secure);
-
-        String masterReplicationPort = HttpInput.getString(request, "masterReplicationPort");
-        if (masterReplicationPort != null && masterReplicationPort.length() > 0) {
-            try {
-                Integer.parseInt(masterReplicationPort); // check for errors
-            } catch (NumberFormatException e) {
-                throw new IOException("Master replication port is invalid");
-            }
-        }
-        context.put("masterReplicationPort", masterReplicationPort);
-
-        String cloneReplicationPort = HttpInput.getString(request, "cloneReplicationPort");
-        if (cloneReplicationPort != null && cloneReplicationPort.length() > 0) {
-            try {
-                Integer.parseInt(cloneReplicationPort); // check for errors
-            } catch (Exception e) {
-                throw new IOException("Clone replication port is invalid");
-            }
-        }
-        context.put("cloneReplicationPort", cloneReplicationPort);
-
-        String replicationSecurity = HttpInput.getString(request, "replicationSecurity");
-        context.put("replicationSecurity", replicationSecurity);
-
-        if (select.equals("clone")) {
-            String masterhost = "";
-            String masterport = "";
-            String masterbasedn = "";
-            String realhostname = "";
-            try {
-                masterhost = cs.getString("preop.internaldb.master.ldapconn.host", "");
-                masterport = cs.getString("preop.internaldb.master.ldapconn.port", "");
-                masterbasedn = cs.getString("preop.internaldb.master.basedn", "");
-                realhostname = cs.getString("machineName", "");
-            } catch (Exception e) {
-            }
-
-            if (masterhost.equals(realhostname) && masterport.equals(portStr)) {
-                throw new IOException("Master and clone must not share the same internal database");
-            }
-
-            if (!masterbasedn.equals(basedn)) {
-                throw new IOException("Master and clone should have the same base DN");
-            }
-        }
-
-        context.put("errorString", "");
-        cs.putString("preop.database.errorString", "");
-    }
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-
-        IConfigStore cs = CMS.getConfigStore();
-        context.put("firsttime", "false");
-        try {
-            @SuppressWarnings("unused")
-            String s = cs.getString("preop.database.removeData"); // check whether it's first time
-        } catch (Exception e) {
-            context.put("firsttime", "true");
-        }
-
-        try {
-            parseParameters(request, response, context);
-        } catch (IOException e) {
-            context.put("errorString", e.getMessage());
-            cs.putString("preop.database.errorString", e.getMessage());
-            context.put("updateStatus", "validate-failure");
-            throw e;
-        }
-
-        context.put("errorString", "");
-        cs.putString("preop.database.errorString", "");
-    }
-
-    /**
-     * Commit parameter changes
-     */
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-
-        context.put("firsttime", "false");
-        try {
-            @SuppressWarnings("unused")
-            String s = cs.getString("preop.database.removeData"); // check whether it's first time
-        } catch (Exception e) {
-            context.put("firsttime", "true");
-        }
-
-        String hostname1 = "";
-        String portStr1 = "";
-        String database1 = "";
-        String masterPortStr = "";
-        String csType = "";
-        String select = "";
-
-        try {
-            hostname1 = cs.getString("internaldb.ldapconn.host", "");
-            portStr1 = cs.getString("internaldb.ldapconn.port", "");
-            database1 = cs.getString("internaldb.database", "");
-            masterPortStr = cs.getString("preop.internaldb.master.ldapconn.port", "0");
-            csType = cs.getString("cs.type");
-            select = cs.getString("preop.subsystem.select", "");
-        } catch (Exception e) {
-        }
-
-        try {
-            parseParameters(request, response, context);
-        } catch (IOException e) {
-            context.put("errorString", e.getMessage());
-            cs.putString("preop.database.errorString", e.getMessage());
-            context.put("updateStatus", "validate-failure");
-            throw e;
-        }
-
-        String hostname2 = (String) context.get("hostname");
-        String portStr2 = (String) context.get("portStr");
-        String database2 = (String) context.get("database");
-        String basedn2 = (String) context.get("basedn");
-        String binddn = (String) context.get("binddn");
-        String secure = (String) context.get("secureConn");
-        String masterReplicationPortStr = (String) context.get("masterReplicationPort");
-        String cloneReplicationPortStr = (String) context.get("cloneReplicationPort");
-
-        cs.putString("internaldb.ldapconn.host", hostname2);
-        cs.putString("internaldb.ldapconn.port", portStr2);
-        cs.putString("internaldb.database", database2);
-        cs.putString("internaldb.basedn", basedn2);
-        cs.putString("internaldb.ldapauth.bindDN", binddn);
-        cs.putString("internaldb.ldapconn.secureConn", (secure.equals("on") ? "true" : "false"));
-
-        if (csType.equals("TPS")) {
-            cs.putString("tokendb.activityBaseDN", "ou=Activities," + basedn2);
-            cs.putString("tokendb.baseDN", "ou=Tokens," + basedn2);
-            cs.putString("tokendb.certBaseDN", "ou=Certificates," + basedn2);
-            cs.putString("tokendb.userBaseDN", basedn2);
-            cs.putString("tokendb.hostport", hostname2 + ":" + portStr2);
-        }
-
-        if ((masterReplicationPortStr == null) || (masterReplicationPortStr.length() == 0)) {
-            masterReplicationPortStr = masterPortStr;
-        }
-        cs.putString("internaldb.ldapconn.masterReplicationPort", masterReplicationPortStr);
-
-        int cloneReplicationPort = 0;
-        int port = Integer.parseInt(portStr2);
-        if ((cloneReplicationPortStr == null) || (cloneReplicationPortStr.length() == 0)) {
-            cloneReplicationPortStr = portStr2;
-        }
-        cloneReplicationPort = Integer.parseInt(cloneReplicationPortStr);
-        cs.putString("internaldb.ldapconn.cloneReplicationPort", cloneReplicationPortStr);
-
-        String replicationSecurity = HttpInput.getString(request, "replicationSecurity");
-        if ((cloneReplicationPort == port) && (secure.equals("true"))) {
-            replicationSecurity = "SSL";
-        } else if (replicationSecurity == null) {
-            replicationSecurity = "None";
-        }
-        cs.putString("internaldb.ldapconn.replicationSecurity", replicationSecurity);
-
-        String remove = HttpInput.getID(request, "removeData");
-        cs.putString("preop.database.removeData", ((remove != null) && (!remove.equals(""))) ?
-                "true" : "false");
-
-        if (isPanelDone() && (remove == null || remove.equals(""))) {
-            /* if user submits the same data, they just want to skip
-               to the next panel, no database population is required. */
-            if (hostname1.equals(hostname2) &&
-                    portStr1.equals(portStr2) &&
-                    database1.equals(database2)) {
-                context.put("updateStatus", "success");
-                return;
-            }
-        }
-
-        mServlet.cleanUpFromPanel(mServlet.getPanelNo(request));
-
-        try {
-            /* BZ 430745 create password for replication manager */
-            String replicationpwd = Integer.toString(new Random().nextInt());
-
-            IConfigStore psStore = null;
-            String passwordFile = null;
-            passwordFile = cs.getString("passwordFile");
-            psStore = CMS.createFileConfigStore(passwordFile);
-            psStore.putString("internaldb", HttpInput.getPassword(request, "__bindpwd"));
-            psStore.putString("replicationdb", replicationpwd);
-            psStore.commit(false);
-
-            ConfigurationUtils.populateDB();
-
-            cs.putString("preop.internaldb.replicationpwd", replicationpwd);
-            cs.putString("preop.database.removeData", "false");
-
-            if (select.equals("clone")) {
-                CMS.debug("Start setting up replication.");
-                ConfigurationUtils.setupReplication();
-            }
-
-            ConfigurationUtils.reInitSubsystem(csType);
-            ConfigurationUtils.populateDBManager();
-            ConfigurationUtils.populateVLVIndexes();
-
-            cs.putBoolean("preop.Database.done", true);
-            cs.commit(false);
-        } catch (Exception e) {
-            e.printStackTrace();
-            CMS.debug("DatabasePanel update: error in populating database " + e.toString());
-            context.put("errorString", e.toString());
-            cs.putString("preop.database.errorString", e.toString());
-            context.put("updateStatus", "failure");
-            throw new IOException(e.toString());
-        }
-
-        context.put("updateStatus", "success");
-    }
-
-    /**
-     * If validate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-
-        try {
-            initParams(request, context);
-        } catch (IOException e) {
-        }
-        context.put("title", "Database");
-        context.put("panel", "admin/console/config/databasepanel.vm");
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
deleted file mode 100644
index 702c5aa92..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
+++ /dev/null
@@ -1,226 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.net.URLEncoder;
-import java.util.Locale;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.util.CertPrettyPrint;
-import netscape.security.x509.X509CertImpl;
-
-import org.apache.velocity.context.Context;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-import com.netscape.cmsutil.crypto.CryptoUtil;
-
-public class DisplayCertChainPanel extends WizardPanelBase {
-
-    public DisplayCertChainPanel() {
-    }
-
-    /**
-     * Initializes this panel.
-     */
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Display Certificate Chain");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Display Certificate Chain");
-        setId(id);
-    }
-
-    public boolean isSubPanel() {
-        return true;
-    }
-
-    public boolean isPanelDone() {
-        return true;
-    }
-
-    public PropertySet getUsage() {
-        PropertySet set = new PropertySet();
-
-        return set;
-    }
-
-    public void cleanUp() throws IOException {
-    }
-
-    /**
-     * Should we skip this panel for the configuration.
-     */
-    public boolean shouldSkip() {
-        CMS.debug("DisplayCertChainPanel: should skip");
-
-        IConfigStore cs = CMS.getConfigStore();
-        // if we are root, no need to get the certificate chain.
-
-        try {
-            String select = cs.getString("securitydomain.select", "");
-            String type = cs.getString("preop.subsystem.select", "");
-            String hierarchy = cs.getString("preop.hierarchy.select", "");
-
-            if (getId().equals("hierarchy") && hierarchy.equals("root"))
-                return true;
-
-            if (select.equals("new")) {
-                return true;
-            }
-
-            if (type.equals("new") && getId().equals("clone"))
-                return true;
-
-            if (type.equals("clone") && getId().equals("ca"))
-                return true;
-        } catch (EBaseException e) {
-        }
-
-        return false;
-    }
-
-    /**
-     * Display the panel.
-     */
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        try {
-            CMS.debug("DisplayCertChainPanel: display");
-
-            // update session id
-            String session_id = request.getParameter("session_id");
-            if (session_id != null) {
-                CMS.debug("DisplayCertChainPanel setting session id.");
-                CMS.setConfigSDSessionId(session_id);
-            }
-
-            String type = getId();
-            IConfigStore cs = CMS.getConfigStore();
-            String certChainConfigName = "preop." + type + ".certchain.size";
-            String certchain_size = cs.getString(certChainConfigName, "");
-            int size = 0;
-            Vector<String> v = new Vector<String>();
-
-            if (!certchain_size.equals("")) {
-                size = Integer.parseInt(certchain_size);
-                for (int i = 0; i < size; i++) {
-                    certChainConfigName = "preop." + type + ".certchain." + i;
-                    String c = cs.getString(certChainConfigName, "");
-                    byte[] b_c = CryptoUtil.base64Decode(c);
-                    CertPrettyPrint pp = new CertPrettyPrint(new X509CertImpl(b_c));
-
-                    v.addElement(pp.toString(Locale.getDefault()));
-                }
-            }
-
-            if (getId().equals("securitydomain")) {
-                context.put("panelid", "securitydomain");
-                context.put("panelname", "Security Domain Trust Verification");
-            } else {
-                context.put("panelid", "other");
-                context.put("panelname", "Subsystem Trust Verification");
-            }
-            context.put("title", "Display Certificate Chain");
-            context.put("panel", "admin/console/config/displaycertchainpanel.vm");
-            context.put("errorString", "");
-            context.put("certchain", v);
-        } catch (Exception e) {
-            CMS.debug("DisplayCertPanel: Exception thrown: " + e.toString());
-            e.printStackTrace();
-            context.put("errorString", e.toString());
-        }
-    }
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-    }
-
-    /**
-     * Commit parameter changes
-     */
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-
-        if (getId().equals("securitydomain")) {
-            int panel = getPanelNo() + 1;
-            IConfigStore cs = CMS.getConfigStore();
-            try {
-                String sd_hostname = cs.getString("securitydomain.host", "");
-                int sd_port = cs.getInteger("securitydomain.httpsadminport", -1);
-                String cs_hostname = cs.getString("machineName", "");
-                int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1);
-                String subsystem = cs.getString("cs.type", "");
-                String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + subsystem.toLowerCase()
-                        + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem;
-                String encodedValue = URLEncoder.encode(urlVal, "UTF-8");
-                String sdurl = "https://" + sd_hostname + ":" + sd_port + "/ca/admin/ca/securityDomainLogin?url="
-                        + encodedValue;
-                response.sendRedirect(sdurl);
-
-                // The user previously specified the CA Security Domain's
-                // SSL Admin port in the "Security Domain Panel";
-                // now retrieve this specified CA Security Domain's
-                // non-SSL EE, SSL Agent, and SSL EE ports:
-                String domainXML = ConfigurationUtils.getDomainXML(sd_hostname, sd_port, true);
-                ConfigurationUtils.getSecurityDomainPorts(domainXML, sd_hostname, sd_port);
-                cs.putString("preop.domainXML", domainXML);
-                cs.commit(false);
-            } catch (Exception e) {
-                CMS.debug("DisplayCertChainPanel Exception=" + e.toString());
-                e.printStackTrace();
-                context.put("errorString", e.toString());
-                context.put("updateStatus", "failure");
-                throw new IOException(e);
-            }
-        }
-        context.put("updateStatus", "success");
-    }
-
-    /**
-     * If validate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-
-        /* This should never be called */
-        context.put("title", "Display Certificate Chain");
-        context.put("panel", "admin/console/config/displaycertchainpanel.vm");
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
deleted file mode 100644
index 57583fdcf..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
+++ /dev/null
@@ -1,311 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.net.URI;
-import java.net.URISyntaxException;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.context.Context;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.ocsp.IOCSPAuthority;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-import com.netscape.cmsutil.util.Utils;
-
-public class DonePanel extends WizardPanelBase {
-
-    public static final BigInteger BIG_ZERO = new BigInteger("0");
-    public static final Long MINUS_ONE = Long.valueOf(-1);
-    public static final String RESTART_SERVER_AFTER_CONFIGURATION =
-            "restart_server_after_configuration";
-    public static final String PKI_SECURITY_DOMAIN = "pki_security_domain";
-
-    public DonePanel() {
-    }
-
-    /**
-     * Initializes this panel.
-     */
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Done");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Done");
-        setId(id);
-    }
-
-    public boolean hasSubPanel() {
-        return false;
-    }
-
-    public void cleanUp() throws IOException {
-    }
-
-    public PropertySet getUsage() {
-        PropertySet set = new PropertySet();
-
-        /* XXX */
-
-        return set;
-    }
-
-    /**
-     * Display the panel.
-     */
-    public void display(HttpServletRequest request, HttpServletResponse response, Context context) {
-        CMS.debug("DonePanel: display()");
-
-        // update session id
-        String session_id = request.getParameter("session_id");
-        if (session_id != null) {
-            CMS.debug("NamePanel setting session id.");
-            CMS.setConfigSDSessionId(session_id);
-        }
-
-        IConfigStore cs = CMS.getConfigStore();
-
-        String select = "";
-        String type = "";
-        String instanceId = "";
-        String instanceRoot = "";
-        String systemdService = "";
-        String ca_host = "";
-        String sdtype = "";
-        int state = 0;
-        try {
-            type = cs.getString("cs.type", "");
-            instanceId = cs.getString("instanceId");
-            instanceRoot = cs.getString("instanceRoot");
-            select = cs.getString("preop.subsystem.select", "");
-            systemdService = cs.getString("pkicreate.systemd.servicename", "");
-            ca_host = cs.getString("preop.ca.hostname", "");
-            sdtype = cs.getString("securitydomain.select", "");
-            state = cs.getInteger("cs.state");
-        } catch (Exception e) {
-        }
-
-        String initDaemon = "";
-        if (type.equals("CA")) {
-            initDaemon = "pki-cad";
-        } else if (type.equals("KRA")) {
-            initDaemon = "pki-krad";
-        } else if (type.equals("OCSP")) {
-            initDaemon = "pki-ocspd";
-        } else if (type.equals("TKS")) {
-            initDaemon = "pki-tksd";
-        }
-        String os = System.getProperty("os.name");
-        if (os.equalsIgnoreCase("Linux")) {
-            if (!systemdService.equals("")) {
-                context.put("initCommand", "/bin/systemctl");
-                context.put("instanceId", systemdService);
-            } else {
-                context.put("initCommand", "/sbin/service " + initDaemon);
-                context.put("instanceId", instanceId);
-            }
-        } else {
-            /* default case:  e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
-            context.put("initCommand", "/etc/init.d/" + initDaemon);
-            context.put("instanceId", instanceId);
-        }
-        context.put("title", "Done");
-        context.put("panel", "admin/console/config/donepanel.vm");
-        context.put("host", CMS.getAdminHost());
-        context.put("port", CMS.getAdminPort());
-        context.put("systemType", type.toLowerCase());
-
-        if (state == 1) {
-            context.put("csstate", "1");
-            return;
-        } else
-            context.put("csstate", "0");
-
-        if (ca_host.equals(""))
-            context.put("externalCA", "true");
-        else
-            context.put("externalCA", "false");
-
-        // Create or update security domain
-
-        try {
-            if (sdtype.equals("new")) {
-                ConfigurationUtils.createSecurityDomain();
-            } else { //existing domain
-                ConfigurationUtils.updateSecurityDomain();
-            }
-
-            cs.putString("service.securityDomainPort", CMS.getAgentPort());
-            cs.putString("securitydomain.store", "ldap");
-            cs.commit(false);
-        } catch (Exception e) {
-            CMS.debug("DonePanel - update(): Error while updating security domain: " + e);
-            e.printStackTrace();
-        }
-
-        // push connector information to the CA
-        try {
-            if (type.equals("KRA") && !ca_host.equals("")) {
-                ConfigurationUtils.updateConnectorInfo(CMS.getAgentHost(), CMS.getAgentPort());
-                ConfigurationUtils.setupClientAuthUser();
-            }
-        } catch (Exception e) {
-            context.put("info", "Failed to update connector information. "+e.getMessage());
-            CMS.debug("DonePanel - update(): Error while pushing KRA connectot information to the CA: " + e);
-            e.printStackTrace();
-        }
-
-        // import the CA certificate into the OCSP
-        // configure the CRL Publishing to OCSP in CA
-        try {
-            if (type.equals("OCSP") && !ca_host.equals("")) {
-                CMS.reinit(IOCSPAuthority.ID);
-                ConfigurationUtils.importCACertToOCSP();
-                ConfigurationUtils.updateOCSPConfig();
-                ConfigurationUtils.setupClientAuthUser();
-            }
-        } catch (Exception e) {
-            CMS.debug("DonePanel - update(): Error while configuring OCSP publishing on the CA: " + e);
-            e.printStackTrace();
-        }
-
-        try {
-            if (!select.equals("clone")) {
-                if (type.equals("CA") || type.equals("KRA")) {
-                    ConfigurationUtils.updateNextRanges();
-
-                }
-            }
-        } catch (Exception e) {
-            CMS.debug("DonePanel - update(): Error while updating serial number next ranges: " + e);
-            e.printStackTrace();
-        }
-
-        try {
-            if (select.equals("clone") && type.equalsIgnoreCase("CA") && ConfigurationUtils.isSDHostDomainMaster(cs)) {
-                // cloning a domain master CA, the clone is also master of its domain
-                CMS.debug("Cloning a domain master");
-                cs.putString("securitydomain.host", CMS.getEESSLHost());
-                cs.putString("securitydomain.httpport", CMS.getEENonSSLPort());
-                cs.putString("securitydomain.httpsadminport", CMS.getAdminPort());
-                cs.putString("securitydomain.httpsagentport", CMS.getAgentPort());
-                cs.putString("securitydomain.httpseeport", CMS.getEESSLPort());
-                cs.putString("securitydomain.select", "new");
-            }
-        } catch (Exception e) {
-            CMS.debug("DonePanel - update(): Error in determining if security domain host is a master CA: " + e);
-            e.printStackTrace();
-        }
-
-        try {
-            ConfigurationUtils.setupDBUser();
-        } catch (Exception e) {
-            e.printStackTrace();
-            CMS.debug("DonePanel - update(): Unable to create or update dbuser" + e);
-        }
-
-        if (type.equals("TPS")) {
-            try {
-                String adminUID = cs.getString("preop.admin.uid", "tpsadmin");
-                ConfigurationUtils.addProfilesToTPSUser(adminUID);
-
-                String sd_admin_port = cs.getString("securitydomain.httpsadminport");
-                String sd_host = cs.getString("securitydomain.host");
-                URI secdomainURI = new URI("https://" + sd_host + ":" + sd_admin_port);
-
-                // register TPS with CA
-                URI caURI = new URI(cs.getString("preop.cainfo.select"));
-                ConfigurationUtils.registerUser(secdomainURI, caURI, "ca");
-
-                // register TPS with TKS
-                URI tksURI = new URI(cs.getString("preop.tksinfo.select"));
-                ConfigurationUtils.registerUser(secdomainURI, tksURI, "tks");
-
-                String keyGen = cs.getString("conn.tks1.serverKeygen", "false");
-                if (keyGen.equalsIgnoreCase("true")) {
-                    URI kraURI = new URI(cs.getString("preop.krainfo.select"));
-                    ConfigurationUtils.registerUser(secdomainURI, kraURI, "kra");
-                    String transportCert = ConfigurationUtils.getTransportCert(secdomainURI, kraURI);
-                    ConfigurationUtils.exportTransportCert(secdomainURI, tksURI, transportCert);
-                }
-            } catch (URISyntaxException e) {
-                e.printStackTrace();
-                CMS.debug("Invalid URI for CA, TKS or KRA: " + e);
-            } catch (Exception e) {
-                e.printStackTrace();
-                CMS.debug("Errors in registering TPS to CA, TKS or KRA: " + e);
-            }
-        }
-
-        cs.putInteger("cs.state", 1);
-        try {
-            ConfigurationUtils.removePreopConfigEntries();
-        } catch (Exception e) {
-            CMS.debug("DonePanel - update(): Caught exception saving preop variables: " + e);
-        }
-
-        // Create an empty file that designates the fact that although
-        // this server instance has been configured, it has NOT yet
-        // been restarted!
-        String restart_server = instanceRoot + "/conf/"
-                + RESTART_SERVER_AFTER_CONFIGURATION;
-        if (!Utils.isNT()) {
-            Utils.exec("touch " + restart_server);
-            Utils.exec("chmod 00660 " + restart_server);
-        }
-
-        context.put("csstate", "1");
-    }
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-    }
-
-    /**
-     * Commit parameter changes
-     */
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-    }
-
-    /**
-     * If validiate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {/* This should never be called */
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java b/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java
deleted file mode 100644
index 7f7929930..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java
+++ /dev/null
@@ -1,136 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-import com.netscape.cmsutil.crypto.CryptoUtil;
-
-public class DownloadPKCS12 extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -7770226137155537526L;
-    private final static String AUTH_FAILURE = "2";
-
-    public DownloadPKCS12() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        CMS.debug("DownloadPKCS12: initializing...");
-        super.init(sc);
-        CMS.debug("DownloadPKCS12: done initializing...");
-    }
-
-    /**
-     * Process the HTTP request.
-     */
-    protected void process(CMSRequest cmsReq) throws EBaseException {
-        CMS.debug("DownloadPKCS12: processing...");
-
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-        IConfigStore cs = CMS.getConfigStore();
-        mRenderResult = false;
-
-        // check the pin from the session
-        String pin = (String) httpReq.getSession().getAttribute("pin");
-        if (pin == null) {
-            CMS.debug("DownloadPKCS12 process: Failed to get the pin from the cookie.");
-            outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated",
-                        null);
-            return;
-        }
-
-        String cspin = "";
-        try {
-            cspin = cs.getString("preop.pin");
-        } catch (Exception e) {
-        }
-
-        if (!pin.equals(cspin)) {
-            CMS.debug("DownloadPKCS12 process: Wrong pin");
-            outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated",
-                        null);
-            return;
-        }
-
-        byte[] pkcs12 = null;
-        try {
-            String str = cs.getString("preop.pkcs12");
-            pkcs12 = CryptoUtil.string2byte(str);
-        } catch (Exception e) {
-        }
-
-        try {
-            httpResp.setContentType("application/x-pkcs12");
-            httpResp.getOutputStream().write(pkcs12);
-            return;
-        } catch (Exception e) {
-            CMS.debug("DownloadPKCS12 process: Exception=" + e.toString());
-        }
-    }
-
-    protected void setDefaultTemplates(ServletConfig sc) {
-    }
-
-    protected void renderTemplate(
-            CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-            throws IOException {// do nothing
-    }
-
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader("accept-language");
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                    UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java b/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
deleted file mode 100644
index 8cc0f85d6..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
+++ /dev/null
@@ -1,157 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.CertificateChain;
-
-import org.w3c.dom.Node;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cmsutil.xml.XMLObject;
-
-public class GetCertChain extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -356806997334418285L;
-    private final static String SUCCESS = "0";
-
-    public GetCertChain() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param op 'downloadBIN' - return the binary certificate chain
-     * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        CertificateChain certChain = ((ICertAuthority) mAuthority).getCACertChain();
-
-        if (certChain == null) {
-            CMS.debug(
-                    "GetCertChain displayChain: cannot get the certificate chain.");
-            outputError(httpResp, "Error: Failed to get certificate chain.");
-            return;
-        }
-
-        byte[] bytes = null;
-
-        try {
-            ByteArrayOutputStream encoded = new ByteArrayOutputStream();
-
-            certChain.encode(encoded);
-            bytes = encoded.toByteArray();
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1",
-                            e.toString()));
-            outputError(httpResp,
-                    "Error: Failed to encode the certificate chain");
-        }
-
-        String chainBase64 = CMS.BtoA(bytes);
-
-        chainBase64 = normalizeCertStr(chainBase64);
-
-        try {
-            XMLObject xmlObj = null;
-
-            xmlObj = new XMLObject();
-
-            Node root = xmlObj.createRoot("XMLResponse");
-
-            xmlObj.addItemToContainer(root, "Status", SUCCESS);
-            xmlObj.addItemToContainer(root, "ChainBase64", chainBase64);
-            byte[] cb = xmlObj.toByteArray();
-
-            outputResult(httpResp, "application/xml", cb);
-        } catch (Exception e) {
-            CMS.debug("Failed to send the XML output");
-        }
-    }
-
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader("accept-language");
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                    UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-
-    private String normalizeCertStr(String s) {
-        StringBuffer val = new StringBuffer();
-
-        for (int i = 0; i < s.length(); i++) {
-            if (s.charAt(i) == '\n') {
-                continue;
-            } else if (s.charAt(i) == '\r') {
-                continue;
-            } else if (s.charAt(i) == '"') {
-                continue;
-            } else if (s.charAt(i) == ' ') {
-                continue;
-            }
-            val.append(s.charAt(i));
-        }
-        return val.toString();
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java b/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java
deleted file mode 100644
index ee013ef48..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java
+++ /dev/null
@@ -1,229 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.net.InetAddress;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.StringTokenizer;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.w3c.dom.Node;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cmsutil.password.IPasswordStore;
-import com.netscape.cmsutil.xml.XMLObject;
-
-public class GetConfigEntries extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -7418561215631752315L;
-    private final static String SUCCESS = "0";
-    private final static String AUTH_FAILURE = "2";
-
-    public GetConfigEntries() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        CMS.debug("GetConfigEntries init");
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param op 'downloadBIN' - return the binary certificate chain
-     * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = null;
-
-        try {
-            authToken = authenticate(cmsReq);
-        } catch (Exception e) {
-            CMS.debug("GetConfigEntries authentication failed");
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                            e.toString()));
-            outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated",
-                        null);
-            return;
-        }
-
-        // Construct an ArgBlock
-        IArgBlock args = cmsReq.getHttpParams();
-
-        // Get the operation code
-        String op = null;
-
-        op = args.getValueAsString("op", null);
-        CMS.debug("GetConfigEntries process: op=" + op);
-
-        XMLObject xmlObj = null;
-        try {
-            xmlObj = new XMLObject();
-        } catch (Exception e) {
-            CMS.debug("GetConfigEntries process: Exception: " + e.toString());
-            throw new EBaseException(e.toString());
-        }
-
-        Node root = xmlObj.createRoot("XMLResponse");
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
-                    "read");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            outputError(httpResp, "Error: Not authorized");
-            return;
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            outputError(httpResp,
-                    "Error: Encountered problem during authorization.");
-            return;
-        }
-
-        if (authzToken == null) {
-            outputError(httpResp, "Error: Not authorized");
-            return;
-        }
-
-        if (op != null) {
-            IConfigStore config = CMS.getConfigStore();
-            String substores = args.getValueAsString("substores", "");
-            StringTokenizer t = new StringTokenizer(substores, ",");
-            while (t.hasMoreTokens()) {
-                String name1 = t.nextToken();
-                IConfigStore cs = config.getSubStore(name1);
-                Enumeration<String> enum1 = cs.getPropertyNames();
-
-                while (enum1.hasMoreElements()) {
-                    String name = name1 + "." + enum1.nextElement();
-                    try {
-                        String value = config.getString(name);
-                        if (value.equals("localhost")) {
-                            value = config.getString("machineName", InetAddress.getLocalHost().getHostName());
-                        }
-                        Node container = xmlObj.createContainer(root, "Config");
-                        xmlObj.addItemToContainer(container, "name", name);
-                        xmlObj.addItemToContainer(container, "value", value);
-                    } catch (Exception ee) {
-                        continue;
-                    }
-                }
-            }
-
-            String names = args.getValueAsString("names", "");
-            StringTokenizer t1 = new StringTokenizer(names, ",");
-            while (t1.hasMoreTokens()) {
-                String name = t1.nextToken();
-                String value = "";
-
-                try {
-                    CMS.debug("Retrieving config name=" + name);
-                    value = config.getString(name);
-                    CMS.debug("Retrieving config value=" + value);
-                    if (value.equals("localhost"))
-                        value = config.getString("machineName", InetAddress.getLocalHost().getHostName());
-                } catch (Exception ee) {
-                    if (name.equals("internaldb.ldapauth.password")) {
-                        value = getLDAPPassword();
-                    } else if (name.equals("internaldb.replication.password")) {
-                        value = getReplicationPassword();
-                    } else
-                        continue;
-                }
-
-                Node container = xmlObj.createContainer(root, "Config");
-                xmlObj.addItemToContainer(container, "name", name);
-                xmlObj.addItemToContainer(container, "value", value);
-            }
-        }
-
-        try {
-            xmlObj.addItemToContainer(root, "Status", SUCCESS);
-            byte[] cb = xmlObj.toByteArray();
-
-            outputResult(httpResp, "application/xml", cb);
-        } catch (Exception e) {
-            CMS.debug("Failed to send the XML output");
-        }
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader("accept-language");
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                    UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
-    }
-
-    private String getLDAPPassword() {
-        IPasswordStore pwdStore = CMS.getPasswordStore();
-        return pwdStore.getPassword("internaldb");
-    }
-
-    private String getReplicationPassword() {
-        IPasswordStore pwdStore = CMS.getPasswordStore();
-        return pwdStore.getPassword("replicationdb");
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java b/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
deleted file mode 100644
index 1e8c65182..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
+++ /dev/null
@@ -1,239 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.net.URL;
-import java.net.URLDecoder;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.system.InstallToken;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-public class GetCookie extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 2466968231929541707L;
-    private String mErrorFormPath = null;
-    private String mFormPath = null;
-
-    private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
-            "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
-    private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME =
-            "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
-
-    public GetCookie() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-
-        CMS.debug("GetCookie init");
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        mErrorFormPath = sc.getInitParameter("errorTemplatePath");
-        if (mOutputTemplatePath != null) {
-            mFormPath = mOutputTemplatePath;
-        }
-    }
-
-    /**
-     * Process the HTTP request.
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        CMS.debug("GetCookie start");
-        IAuthToken authToken = null;
-        IConfigStore cs = CMS.getConfigStore();
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock ctx = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        String url = httpReq.getParameter("url");
-        CMS.debug("GetCookie before auth, url =" + url);
-        String url_e = "";
-        URL u = null;
-        try {
-            url_e = URLDecoder.decode(url, "UTF-8");
-            u = new URL(url_e);
-        } catch (Exception eee) {
-            throw new ECMSGWException(
-                    "GetCookie missing parameter: url");
-        }
-
-        int index2 = url_e.indexOf("subsystem=");
-        String subsystem = "";
-        if (index2 > 0) {
-            subsystem = url.substring(index2 + 10);
-            int index1 = subsystem.indexOf("&");
-            if (index1 > 0)
-                subsystem = subsystem.substring(0, index1);
-        }
-
-        try {
-            authToken = authenticate(cmsReq);
-        } catch (Exception e) {
-            CMS.debug("GetCookie authentication failed");
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                            e.toString()));
-            header.addStringValue("sd_uid", "");
-            header.addStringValue("sd_pwd", "");
-            header.addStringValue("host", u.getHost());
-            header.addStringValue("sdhost", CMS.getEESSLHost());
-            header.addStringValue("subsystem", subsystem);
-            header.addStringValue("url", url_e);
-            header.addStringValue("errorString", "Failed Authentication");
-            String sdname = cs.getString("securitydomain.name", "");
-            header.addStringValue("sdname", sdname);
-
-            CMS.debug("mErrorFormPath=" + mErrorFormPath);
-            try {
-                form = getTemplate(mErrorFormPath, httpReq, locale);
-            } catch (IOException eee) {
-                CMS.debug("GetCookie process: cant locate the form");
-                /*
-                                log(ILogger.LL_FAILURE,
-                                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
-                                throw new ECMSGWException(
-                                  CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-                */
-            }
-
-            if (form == null) {
-                CMS.debug("GetCookie::process() - form is null!");
-                throw new EBaseException("form is null");
-            }
-
-            try {
-                ServletOutputStream out = httpResp.getOutputStream();
-
-                cmsReq.setStatus(ICMSRequest.SUCCESS);
-                httpResp.setContentType("text/html");
-                form.renderOutput(out, argSet);
-            } catch (IOException ee) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", ee.toString()));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-            }
-            return;
-        }
-
-        if (authToken != null) {
-            String uid = authToken.getInString("uid");
-
-            String addr = "";
-            try {
-                addr = u.getHost();
-            } catch (Exception e) {
-            }
-
-            try {
-                SecurityDomainProcessor processor = new SecurityDomainProcessor(getLocale(httpReq));
-
-                InstallToken installToken = processor.getInstallToken(uid, addr, subsystem);
-                String cookie = installToken.getToken();
-
-                if (!url.startsWith("$")) {
-                    try {
-                        form = getTemplate(mFormPath, httpReq, locale);
-                    } catch (IOException e) {
-                        CMS.debug("GetCookie process: cant locate the form");
-                        /*
-                        log(ILogger.LL_FAILURE,
-                          CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
-                        throw new ECMSGWException(
-                          CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-                        */
-                    }
-
-                    header.addStringValue("url", url);
-                    header.addStringValue("session_id", cookie);
-
-                    try {
-                        ServletOutputStream out = httpResp.getOutputStream();
-
-                        cmsReq.setStatus(ICMSRequest.SUCCESS);
-                        httpResp.setContentType("text/html");
-                        form.renderOutput(out, argSet);
-
-                    } catch (IOException e) {
-                        log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
-                        throw new ECMSGWException(
-                                CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-                    }
-                }
-
-            } catch (Exception e) {
-                e.printStackTrace();
-            }
-        }
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader("accept-language");
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                    UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java b/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java
deleted file mode 100644
index 2c7d225fa..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java
+++ /dev/null
@@ -1,130 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.w3c.dom.Node;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-import com.netscape.cmsutil.xml.XMLObject;
-
-public class GetDomainXML extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 3079546345000720649L;
-    private final static String SUCCESS = "0";
-    private final static String FAILED = "1";
-
-    public GetDomainXML() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        CMS.debug("GetDomainXML: initializing...");
-        super.init(sc);
-        CMS.debug("GetDomainXML: done initializing...");
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param op 'downloadBIN' - return the binary certificate chain
-     * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq) throws EBaseException {
-        CMS.debug("GetDomainXML: processing...");
-
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        String status = SUCCESS;
-
-        try {
-            XMLObject response = new XMLObject();
-            Node root = response.createRoot("XMLResponse");
-
-            try {
-                SecurityDomainProcessor processor = new SecurityDomainProcessor(getLocale(cmsReq.getHttpReq()));
-                XMLObject xmlObj = processor.getDomainXML();
-
-                // Add new xml object as string to response.
-                response.addItemToContainer(root, "DomainInfo", xmlObj.toXMLString());
-
-            } catch (Exception e) {
-                CMS.debug("Failed to read domain.xml: " + e.toString());
-                status = FAILED;
-            }
-
-            response.addItemToContainer(root, "Status", status);
-            byte[] cb = response.toByteArray();
-            outputResult(httpResp, "application/xml", cb);
-
-        } catch (Exception e) {
-            CMS.debug("GetDomainXML: Failed to send the XML output" + e.toString());
-        }
-    }
-
-    protected void setDefaultTemplates(ServletConfig sc) {
-    }
-
-    protected void renderTemplate(
-            CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-            throws IOException {// do nothing
-    }
-
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader("accept-language");
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                    UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java b/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java
deleted file mode 100644
index 1d2d0e61f..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java
+++ /dev/null
@@ -1,111 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.w3c.dom.Node;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cmsutil.xml.XMLObject;
-
-public class GetStatus extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -2852842030221659847L;
-
-    public GetStatus() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-    }
-
-    /**
-     * Process the HTTP request.
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-        IConfigStore config = CMS.getConfigStore();
-
-        String state = config.getString("cs.state", "");
-        String type = config.getString("cs.type", "");
-        String status = CMS.getServerStatus();
-        String version = GetStatus.class.getPackage().getImplementationVersion();
-
-        try {
-            XMLObject xmlObj = null;
-
-            xmlObj = new XMLObject();
-
-            Node root = xmlObj.createRoot("XMLResponse");
-
-            xmlObj.addItemToContainer(root, "State", state);
-            xmlObj.addItemToContainer(root, "Type", type);
-            xmlObj.addItemToContainer(root, "Status", status);
-            xmlObj.addItemToContainer(root, "Version", version);
-            byte[] cb = xmlObj.toByteArray();
-
-            outputResult(httpResp, "application/xml", cb);
-        } catch (Exception e) {
-            CMS.debug("Failed to send the XML output");
-        }
-    }
-
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader("accept-language");
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                    UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java b/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java
deleted file mode 100644
index b894971b1..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java
+++ /dev/null
@@ -1,128 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.X509Certificate;
-import org.w3c.dom.Node;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cmsutil.crypto.CryptoUtil;
-import com.netscape.cmsutil.xml.XMLObject;
-
-public class GetSubsystemCert extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -5720342238234153488L;
-    private final static String SUCCESS = "0";
-
-    public GetSubsystemCert() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-    }
-
-    /**
-     * Process the HTTP request.
-     */
-    protected void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        IConfigStore cs = CMS.getConfigStore();
-        String nickname = "";
-        try {
-            nickname = cs.getString("ca.subsystem.nickname", "");
-            String tokenname = cs.getString("ca.subsystem.tokenname", "");
-            if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token"))
-                nickname = tokenname + ":" + nickname;
-        } catch (Exception e) {
-        }
-
-        CMS.debug("GetSubsystemCert process: nickname=" + nickname);
-        String s = "";
-        try {
-            CryptoManager cm = CryptoManager.getInstance();
-            X509Certificate cert = cm.findCertByNickname(nickname);
-
-            if (cert == null) {
-                CMS.debug("GetSubsystemCert process: subsystem cert is null");
-                outputError(httpResp, "Error: Failed to get subsystem certificate.");
-                return;
-            }
-
-            byte[] bytes = cert.getEncoded();
-            s = CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bytes));
-        } catch (Exception e) {
-            CMS.debug("GetSubsystemCert process: exception: " + e.toString());
-        }
-
-        try {
-            XMLObject xmlObj = null;
-            xmlObj = new XMLObject();
-            Node root = xmlObj.createRoot("XMLResponse");
-            xmlObj.addItemToContainer(root, "Status", SUCCESS);
-            xmlObj.addItemToContainer(root, "Cert", s);
-            byte[] cb = xmlObj.toByteArray();
-            outputResult(httpResp, "application/xml", cb);
-        } catch (Exception e) {
-            CMS.debug("Failed to send the XML output");
-        }
-    }
-
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader("accept-language");
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                    UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java b/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java
deleted file mode 100644
index 2f44ca1b0..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java
+++ /dev/null
@@ -1,150 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.util.Locale;
-import java.util.StringTokenizer;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.w3c.dom.Node;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cmsutil.xml.XMLObject;
-
-public class GetTokenInfo extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -8416582986909026263L;
-    private final static String SUCCESS = "0";
-
-    public GetTokenInfo() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        CMS.debug("GetTokenInfo init");
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param op 'downloadBIN' - return the binary certificate chain
-     * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        XMLObject xmlObj = null;
-        try {
-            xmlObj = new XMLObject();
-        } catch (Exception e) {
-            CMS.debug("GetTokenInfo process: Exception: " + e.toString());
-            throw new EBaseException(e.toString());
-        }
-
-        Node root = xmlObj.createRoot("XMLResponse");
-
-        IConfigStore config = CMS.getConfigStore();
-
-        String certlist = "";
-        try {
-            certlist = config.getString("cloning.list");
-        } catch (Exception e) {
-        }
-
-        StringTokenizer t1 = new StringTokenizer(certlist, ",");
-        while (t1.hasMoreTokens()) {
-            String name = t1.nextToken();
-            if (name.equals("sslserver"))
-                continue;
-            name = "cloning." + name + ".nickname";
-            String value = "";
-
-            try {
-                value = config.getString(name);
-            } catch (Exception ee) {
-                continue;
-            }
-
-            Node container = xmlObj.createContainer(root, "Config");
-            xmlObj.addItemToContainer(container, "name", name);
-            xmlObj.addItemToContainer(container, "value", value);
-        }
-
-        String value = "";
-        String name = "cloning.module.token";
-        try {
-            value = config.getString(name);
-        } catch (Exception e) {
-        }
-
-        Node container = xmlObj.createContainer(root, "Config");
-        xmlObj.addItemToContainer(container, "name", name);
-        xmlObj.addItemToContainer(container, "value", value);
-
-        try {
-            xmlObj.addItemToContainer(root, "Status", SUCCESS);
-            byte[] cb = xmlObj.toByteArray();
-
-            outputResult(httpResp, "application/xml", cb);
-        } catch (Exception e) {
-            CMS.debug("Failed to send the XML output");
-        }
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader("accept-language");
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                    UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java b/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java
deleted file mode 100644
index 649b1214a..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java
+++ /dev/null
@@ -1,181 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.security.cert.CertificateEncodingException;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.w3c.dom.Node;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.security.ITransportKeyUnit;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-import com.netscape.cmsutil.xml.XMLObject;
-
-/**
- * This servlet retrieves the transport certificate from DRM.
- */
-public class GetTransportCert extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 2495152202191979339L;
-    private final static String SUCCESS = "0";
-    private final static String AUTH_FAILURE = "2";
-
-    public GetTransportCert() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        CMS.debug("GetTransportCert: initializing...");
-        super.init(sc);
-        CMS.debug("GetTransportCert: done initializing...");
-    }
-
-    /**
-     * Process the HTTP request.
-     */
-    protected void process(CMSRequest cmsReq) throws EBaseException {
-        CMS.debug("UpdateUpdater: processing...");
-
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = null;
-        try {
-            authToken = authenticate(cmsReq);
-            CMS.debug("GetTransportCert authentication successful.");
-        } catch (Exception e) {
-            CMS.debug("GetTransportCert: authentication failed.");
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                            e.toString()));
-            outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated",
-                        null);
-            return;
-        }
-
-        if (authToken == null) {
-            CMS.debug("GetTransportCert: authentication failed.");
-            outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated",
-                        null);
-            return;
-        }
-
-        AuthzToken authzToken = null;
-        try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
-                    "read");
-            CMS.debug("GetTransportCert authorization successful.");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            outputError(httpResp, "Error: Not authorized");
-            return;
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            outputError(httpResp,
-                    "Error: Encountered problem during authorization.");
-            return;
-        }
-
-        if (authzToken == null) {
-            outputError(httpResp, "Error: Not authorized");
-            return;
-        }
-
-        IKeyRecoveryAuthority kra =
-                (IKeyRecoveryAuthority) mAuthority;
-        ITransportKeyUnit tu = kra.getTransportKeyUnit();
-        org.mozilla.jss.crypto.X509Certificate transportCert =
-                tu.getCertificate();
-
-        String mime64 = "";
-        try {
-            mime64 = CMS.BtoA(transportCert.getEncoded());
-            mime64 = com.netscape.cmsutil.util.Cert.normalizeCertStrAndReq(mime64);
-        } catch (CertificateEncodingException eee) {
-            CMS.debug("GetTransportCert: Failed to encode certificate");
-        }
-
-        // send success status back to the requestor
-        try {
-            CMS.debug("GetTransportCert: Sending response " + mime64);
-            XMLObject xmlObj = new XMLObject();
-            Node root = xmlObj.createRoot("XMLResponse");
-
-            xmlObj.addItemToContainer(root, "Status", SUCCESS);
-            xmlObj.addItemToContainer(root, "TransportCert", mime64);
-            byte[] cb = xmlObj.toByteArray();
-
-            outputResult(httpResp, "application/xml", cb);
-        } catch (Exception e) {
-            CMS.debug("GetTransportCert: Failed to send the XML output " + e);
-        }
-    }
-
-    protected void setDefaultTemplates(ServletConfig sc) {
-    }
-
-    protected void renderTemplate(
-            CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-            throws IOException {// do nothing
-    }
-
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader("accept-language");
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                    UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java
deleted file mode 100644
index b42bdb7de..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java
+++ /dev/null
@@ -1,194 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.context.Context;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.util.HttpInput;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-
-public class HierarchyPanel extends WizardPanelBase {
-
-    public HierarchyPanel() {
-    }
-
-    /**
-     * Initializes this panel.
-     */
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("PKI Hierarchy");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("PKI Hierarchy");
-        setId(id);
-    }
-
-    public boolean shouldSkip() {
-
-        // we dont need to ask the hierachy if we are
-        // setting up a clone
-        try {
-            IConfigStore c = CMS.getConfigStore();
-            String s = c.getString("preop.subsystem.select",
-                    null);
-            if (s != null && s.equals("clone")) {
-                // mark this panel as done
-                c.putString("preop.hierarchy.select", "root");
-                c.putString("hierarchy.select", "Clone");
-                return true;
-            }
-        } catch (EBaseException e) {
-        }
-
-        return false;
-    }
-
-    public void cleanUp() throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        cs.putString("preop.hierarchy.select", "");
-        cs.putString("hierarchy.select", "");
-    }
-
-    public boolean isPanelDone() {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            String s = cs.getString("preop.hierarchy.select", "");
-            if (s == null || s.equals("")) {
-                return false;
-            } else {
-                return true;
-            }
-        } catch (EBaseException e) {
-        }
-        return false;
-    }
-
-    public PropertySet getUsage() {
-        PropertySet set = new PropertySet();
-
-        /* XXX */
-
-        return set;
-    }
-
-    /**
-     * Display the panel.
-     */
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        context.put("title", "PKI Hierarchy");
-        IConfigStore config = CMS.getConfigStore();
-
-        if (isPanelDone()) {
-            try {
-                String s = config.getString("preop.hierarchy.select");
-
-                if (s.equals("root")) {
-                    context.put("check_root", "checked");
-                } else if (s.equals("join")) {
-                    context.put("check_join", "checked");
-                }
-            } catch (Exception e) {
-                CMS.debug(e.toString());
-            }
-        } else {
-            context.put("check_root", "checked");
-            context.put("check_join", "");
-        }
-
-        context.put("panel", "admin/console/config/hierarchypanel.vm");
-    }
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-    }
-
-    /**
-     * Commit parameter changes
-     */
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-        IConfigStore config = CMS.getConfigStore();
-        try {
-            String cstype = config.getString("preop.subsystem.select", "");
-            if (cstype.equals("clone")) {
-                context.put("updateStatus", "success");
-                return;
-            }
-        } catch (Exception e) {
-        }
-
-        String select = HttpInput.getID(request, "choice");
-
-        if (select == null) {
-            CMS.debug("HierarchyPanel: choice not found");
-            context.put("updateStatus", "failure");
-            throw new IOException("choice not found");
-        }
-
-        if (select.equals("root")) {
-            config.putString("preop.hierarchy.select", "root");
-            config.putString("hierarchy.select", "Root");
-            config.putString("preop.ca.type", "sdca");
-            try {
-                config.commit(false);
-            } catch (EBaseException e) {
-            }
-        } else if (select.equals("join")) {
-            config.putString(PCERT_PREFIX + "signing.type", "remote");
-            config.putString("preop.hierarchy.select", "join");
-            config.putString("hierarchy.select", "Subordinate");
-        } else {
-            config.putString(PCERT_PREFIX + "signing.type", "remote");
-            CMS.debug("HierarchyPanel: invalid choice " + select);
-            context.put("updateStatus", "failure");
-            throw new IOException("invalid choice " + select);
-        }
-        context.put("updateStatus", "success");
-    }
-
-    /**
-     * If validiate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
deleted file mode 100644
index 7019d1492..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
+++ /dev/null
@@ -1,341 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.BufferedReader;
-import java.io.FileReader;
-import java.io.IOException;
-import java.math.BigInteger;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.ldap.LDAPException;
-import netscape.security.x509.X509CertImpl;
-
-import org.apache.velocity.context.Context;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-import com.netscape.cmsutil.crypto.CryptoUtil;
-
-public class ImportAdminCertPanel extends WizardPanelBase {
-
-    public ImportAdminCertPanel() {
-    }
-
-    /**
-     * Initializes this panel.
-     */
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Import Administrator's Certificate");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Import Administrator's Certificate");
-        setId(id);
-    }
-
-    public boolean isSubPanel() {
-        return true;
-    }
-
-    public void cleanUp() throws IOException {
-    }
-
-    public boolean isPanelDone() {
-        return false;
-    }
-
-    public PropertySet getUsage() {
-        PropertySet set = new PropertySet();
-
-        return set;
-    }
-
-    /**
-     * Display the panel.
-     */
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        CMS.debug("ImportAdminCertPanel: display");
-        context.put("errorString", "");
-        context.put("title", "Import Administrator's Certificate");
-        context.put("panel", "admin/console/config/importadmincertpanel.vm");
-        context.put("import", "true");
-
-        IConfigStore cs = CMS.getConfigStore();
-
-        String type = "";
-
-        try {
-            type = cs.getString("preop.ca.type", "");
-        } catch (Exception e) {
-        }
-
-        try {
-            String serialno = cs.getString("preop.admincert.serialno.0");
-
-            context.put("serialNumber", serialno);
-        } catch (Exception e) {
-            context.put("errorString", "Failed to get serial number.");
-        }
-
-        context.put("caType", type);
-
-        ISubsystem ca = CMS.getSubsystem("ca");
-
-        if (ca == null) {
-            context.put("ca", "false");
-        } else {
-            context.put("ca", "true");
-        }
-
-        String caHost = "";
-        String caPort = "";
-        String info = "";
-
-        if (ca == null) {
-            if (type.equals("otherca")) {
-                try {
-                    // this is a non-CA system that has elected to have its certificates
-                    // signed by a CA outside of the security domain.
-                    // in this case, we submitted the cert request for the admin cert to
-                    // to security domain host.
-                    caHost = cs.getString("securitydomain.host", "");
-                    caPort = cs.getString("securitydomain.httpsadminport", "");
-                } catch (Exception e) {
-                }
-            } else if (type.equals("sdca")) {
-                try {
-                    // this is a non-CA system that submitted its certs to a CA
-                    // within the security domain.  In this case, we submitted the cert
-                    // request for the admin cert to this CA
-                    caHost = cs.getString("preop.ca.hostname", "");
-                    caPort = cs.getString("preop.ca.httpsadminport", "");
-                } catch (Exception e) {
-                }
-            }
-        } else {
-            // for CAs, we always generate our own admin certs
-            // send our own connection details
-            try {
-                caHost = cs.getString("service.machineName", "");
-                caPort = cs.getString("pkicreate.admin_secure_port", "");
-            } catch (Exception e) {
-            }
-        }
-
-        String pkcs7 = "";
-        try {
-            pkcs7 = cs.getString("preop.admincert.pkcs7", "");
-        } catch (Exception e) {
-        }
-
-        context.put("pkcs7", pkcs7);
-        context.put("caHost", caHost);
-        context.put("caPort", caPort);
-        context.put("info", info);
-    }
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-    }
-
-    /**
-     * Commit parameter changes
-     */
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-
-        String type = "";
-        String subsystemtype = "";
-        String selected_hierarchy = "";
-
-        try {
-            type = cs.getString("preop.ca.type", "");
-            subsystemtype = cs.getString("cs.type", "");
-            selected_hierarchy = cs.getString("preop.hierarchy.select", "");
-        } catch (Exception e) {
-        }
-
-        ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(
-                ICertificateAuthority.ID);
-
-        if (ca == null) {
-            context.put("ca", "false");
-        } else {
-            context.put("ca", "true");
-        }
-        context.put("caType", type);
-
-        X509CertImpl certs[] = new X509CertImpl[1];
-
-        // REMINDER:  This panel is NOT used by "clones"
-        if (ca != null) {
-            String serialno = null;
-
-            if (selected_hierarchy.equals("root")) {
-                CMS.debug("ImportAdminCertPanel update:  "
-                         + "Root CA subsystem - "
-                         + "(new Security Domain)");
-            } else {
-                CMS.debug("ImportAdminCertPanel update:  "
-                         + "Subordinate CA subsystem - "
-                         + "(new Security Domain)");
-            }
-
-            try {
-                serialno = cs.getString("preop.admincert.serialno.0");
-            } catch (Exception e) {
-                CMS.debug(
-                        "ImportAdminCertPanel update: Failed to get request id.");
-                context.put("updateStatus", "failure");
-                throw new IOException("Failed to get request id.");
-            }
-
-            ICertificateRepository repost = ca.getCertificateRepository();
-
-            try {
-                certs[0] = repost.getX509Certificate(
-                        new BigInteger(serialno, 16));
-            } catch (Exception ee) {
-            }
-        } else {
-            String dir = null;
-
-            // REMINDER:  This panel is NOT used by "clones"
-            if (subsystemtype.equals("CA")) {
-                if (selected_hierarchy.equals("root")) {
-                    CMS.debug("ImportAdminCertPanel update:  "
-                             + "Root CA subsystem - "
-                             + "(existing Security Domain)");
-                } else {
-                    CMS.debug("ImportAdminCertPanel update:  "
-                             + "Subordinate CA subsystem - "
-                             + "(existing Security Domain)");
-                }
-            } else {
-                CMS.debug("ImportAdminCertPanel update:  "
-                         + subsystemtype
-                         + " subsystem");
-            }
-
-            try {
-                dir = cs.getString("preop.admincert.b64", "");
-                CMS.debug("ImportAdminCertPanel update: dir=" + dir);
-            } catch (Exception ee) {
-            }
-
-            try {
-                BufferedReader reader = new BufferedReader(
-                        new FileReader(dir));
-                String b64 = "";
-
-                StringBuffer sb = new StringBuffer();
-                while (reader.ready()) {
-                    sb.append(reader.readLine());
-                }
-                b64 = sb.toString();
-                reader.close();
-
-                b64 = b64.trim();
-                b64 = CryptoUtil.stripCertBrackets(b64);
-                CMS.debug("ImportAdminCertPanel update: b64=" + b64);
-                byte[] b = CryptoUtil.base64Decode(b64);
-                certs[0] = new X509CertImpl(b);
-            } catch (Exception e) {
-                CMS.debug("ImportAdminCertPanel update: " + e.toString());
-            }
-        }
-
-        try {
-            IUGSubsystem ug = (IUGSubsystem) CMS.getSubsystem(IUGSubsystem.ID);
-            String uid = cs.getString("preop.admin.uid");
-            IUser user = ug.getUser(uid);
-            user.setX509Certificates(certs);
-            ug.addUserCert(user);
-        } catch (LDAPException e) {
-            CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: "
-                    + e.toString());
-            if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
-                context.put("updateStatus", "failure");
-                throw new IOException(e.toString());
-            }
-        } catch (Exception e) {
-            CMS.debug(
-                    "ImportAdminCertPanel update: failed to add certificate. Exception: "
-                            + e.toString());
-            context.put("updateStatus", "failure");
-            throw new IOException(e.toString());
-        }
-
-        context.put("errorString", "");
-        context.put("info", "");
-        context.put("title", "Import Administrator Certificate");
-        context.put("panel", "admin/console/config/importadmincertpanel.vm");
-        context.put("updateStatus", "success");
-    }
-
-    public boolean shouldSkip() {
-        try {
-            IConfigStore c = CMS.getConfigStore();
-            String s = c.getString("preop.subsystem.select", null);
-            if (s != null && s.equals("clone")) {
-                return true;
-            }
-        } catch (EBaseException e) {
-        }
-
-        return false;
-    }
-
-    /**
-     * If validiate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-
-        /* This should never be called */
-        context.put("title", "Import Administrator Certificate");
-        context.put("panel", "admin/console/config/importadmincertpanel.vm");
-        context.put("info", "");
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java
deleted file mode 100755
index bc4af9828..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java
+++ /dev/null
@@ -1,145 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.context.Context;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-
-public class ImportCAChainPanel extends WizardPanelBase {
-
-    public ImportCAChainPanel() {
-    }
-
-    /**
-     * Initializes this panel.
-     */
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Import CA's Certificate Chain");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Import CA's Certificate Chain");
-        setId(id);
-    }
-
-    public boolean isSubPanel() {
-        return false;
-    }
-
-    public void cleanUp() throws IOException {
-    }
-
-    public boolean isPanelDone() {
-        return false;
-    }
-
-    public PropertySet getUsage() {
-        PropertySet set = new PropertySet();
-
-        return set;
-    }
-
-    /**
-     * Display the panel.
-     */
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        CMS.debug("ImportCACertChain: display");
-        context.put("errorString", "");
-        context.put("title", "Import CA's Certificate Chain");
-        context.put("panel", "admin/console/config/importcachainpanel.vm");
-        context.put("import", "true");
-
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            context.put("machineName", cs.getString("machineName"));
-            context.put("https_port", cs.getString("pkicreate.ee_secure_port"));
-            context.put("http_port", cs.getString("pkicreate.unsecure_port"));
-        } catch (EBaseException e) {
-            CMS.debug("ImportCACertChain:display: Exception: " + e.toString());
-            context.put("errorString", "Error loading values for Import CA Certificate Panel");
-        }
-
-        ISubsystem ca = CMS.getSubsystem("ca");
-
-        if (ca == null) {
-            context.put("ca", "false");
-        } else {
-            context.put("ca", "true");
-        }
-
-    }
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-    }
-
-    /**
-     * Commit parameter changes
-     */
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-
-        context.put("errorString", "");
-        context.put("title", "Import CA's Certificate Chain");
-        context.put("panel", "admin/console/config/importcachainpanel.vm");
-        context.put("updateStatus", "success");
-    }
-
-    /**
-     * If validiate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-
-        /* This should never be called */
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            context.put("machineName", cs.getString("machineName"));
-            context.put("https_port", cs.getString("pkicreate.ee_secure_port"));
-            context.put("http_port", cs.getString("pkicreate.unsecure_port"));
-            context.put("title", "Import CA's Certificate Chain");
-            context.put("panel", "admin/console/config/importcachainpanel.vm");
-        } catch (EBaseException e) {
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java b/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java
deleted file mode 100644
index b0dc966f3..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java
+++ /dev/null
@@ -1,180 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.mozilla.jss.CryptoManager;
-import org.w3c.dom.Node;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-import com.netscape.cmsutil.xml.XMLObject;
-
-/**
- * This servlet imports DRM's transport certificate into TKS.
- */
-public class ImportTransportCert extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 7490067757951541235L;
-    private final static String SUCCESS = "0";
-    private final static String AUTH_FAILURE = "2";
-
-    public ImportTransportCert() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        CMS.debug("ImportTransportCert: initializing...");
-        super.init(sc);
-        CMS.debug("ImportTransportCert: done initializing...");
-    }
-
-    /**
-     * Process the HTTP request.
-     */
-    protected void process(CMSRequest cmsReq) throws EBaseException {
-        CMS.debug("UpdateUpdater: processing...");
-
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = null;
-        try {
-            authToken = authenticate(cmsReq);
-            CMS.debug("ImportTransportCert authentication successful.");
-        } catch (Exception e) {
-            CMS.debug("ImportTransportCert: authentication failed.");
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                            e.toString()));
-            outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated",
-                        null);
-            return;
-        }
-
-        if (authToken == null) {
-            CMS.debug("ImportTransportCert: authentication failed.");
-            outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated",
-                        null);
-            return;
-        }
-
-        AuthzToken authzToken = null;
-        try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
-                    "modify");
-            CMS.debug("ImportTransportCert authorization successful.");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            outputError(httpResp, "Error: Not authorized");
-            return;
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            outputError(httpResp,
-                    "Error: Encountered problem during authorization.");
-            return;
-        }
-
-        if (authzToken == null) {
-            outputError(httpResp, "Error: Not authorized");
-            return;
-        }
-
-        IConfigStore cs = CMS.getConfigStore();
-
-        String certsString = httpReq.getParameter("certificate");
-
-        try {
-            CryptoManager cm = CryptoManager.getInstance();
-            CMS.debug("ImportTransportCert: Importing certificate");
-            org.mozilla.jss.crypto.X509Certificate cert =
-                    cm.importCACertPackage(CMS.AtoB(certsString));
-            String nickName = cert.getNickname();
-            CMS.debug("ImportTransportCert: nickname " + nickName);
-            cs.putString("tks.drm_transport_cert_nickname", nickName);
-            CMS.debug("ImportTransportCert: Commiting configuration");
-            cs.commit(false);
-
-            // send success status back to the requestor
-            CMS.debug("ImportTransportCert: Sending response");
-            XMLObject xmlObj = new XMLObject();
-            Node root = xmlObj.createRoot("XMLResponse");
-
-            xmlObj.addItemToContainer(root, "Status", SUCCESS);
-            byte[] cb = xmlObj.toByteArray();
-
-            outputResult(httpResp, "application/xml", cb);
-        } catch (Exception e) {
-            CMS.debug("ImportTransportCert: Failed to send the XML output " + e);
-        }
-    }
-
-    protected void setDefaultTemplates(ServletConfig sc) {
-    }
-
-    protected void renderTemplate(
-            CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-            throws IOException {// do nothing
-    }
-
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader("accept-language");
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                    UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java b/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java
deleted file mode 100644
index 713cb170a..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java
+++ /dev/null
@@ -1,72 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.Template;
-import org.apache.velocity.app.Velocity;
-import org.apache.velocity.context.Context;
-
-import com.netscape.certsrv.apps.CMS;
-
-public class LoginServlet extends BaseServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -4766622132710080340L;
-
-    public boolean authenticate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        return true;
-    }
-
-    public Template process(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        Template template = null;
-
-        try {
-            String pin = request.getParameter("pin");
-
-            if (pin == null) {
-                context.put("error", "");
-            } else {
-                String cspin = CMS.getConfigStore().getString("preop.pin");
-
-                if (cspin != null && cspin.equals(pin)) {
-                    // create session
-                    request.getSession(true).setAttribute("pin", cspin);
-                    // pin match, redirect to the welcome page
-                    response.sendRedirect("wizard");
-                    return null;
-                } else {
-                    context.put("error", "Login Failed");
-                }
-            }
-            template = Velocity.getTemplate("admin/console/config/login.vm");
-        } catch (Exception e) {
-            System.err.println("Exception caught: " + e.getMessage());
-        }
-
-        return template;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java b/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java
deleted file mode 100644
index 69b2a9d2a..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java
+++ /dev/null
@@ -1,157 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-public class MainPageServlet extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 2425301522251239666L;
-    private String mFormPath = null;
-
-    public MainPageServlet() {
-    }
-
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        mTemplates.remove(ICMSRequest.ERROR);
-    }
-
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest request = cmsReq.getHttpReq();
-        HttpServletResponse response = cmsReq.getHttpResp();
-
-        CMS.debug("MainPageServlet process");
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock ctx = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-
-        try {
-            form = getTemplate(mFormPath, request, locale);
-        } catch (IOException e) {
-            CMS.debug("MainPageServlet process: cant locate the form");
-            /*
-                        log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
-                        throw new ECMSGWException(
-                          CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-            */
-        }
-
-        process(argSet, header, ctx, request, response);
-
-        try {
-            ServletOutputStream out = response.getOutputStream();
-
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-            response.setContentType("text/html");
-            form.renderOutput(out, argSet);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-    }
-
-    private void process(CMSTemplateParams argSet, IArgBlock header,
-            IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp)
-            throws EBaseException {
-
-        int num = 0;
-        IArgBlock rarg = null;
-        IConfigStore cs = CMS.getConfigStore();
-        int state = 0;
-        String host = "";
-        String adminInterface = "";
-        String eeInterface = "";
-        String agentInterface = "";
-        try {
-            state = cs.getInteger("cs.state", 0);
-            host = cs.getString("machineName", "");
-            adminInterface = cs.getString("admin.interface.uri", "");
-            eeInterface = cs.getString("ee.interface.uri", "");
-            agentInterface = cs.getString("agent.interface.uri", "");
-        } catch (Exception e) {
-        }
-
-        if (state == 0) {
-            rarg = CMS.createArgBlock();
-            rarg.addStringValue("type", "admin");
-            rarg.addStringValue("prefix", "http");
-            rarg.addIntegerValue("port",
-                    Integer.valueOf(CMS.getEENonSSLPort()).intValue());
-            rarg.addStringValue("host", host);
-            rarg.addStringValue("uri", adminInterface);
-            argSet.addRepeatRecord(rarg);
-            num++;
-        } else if (state == 1) {
-            if (!eeInterface.equals("")) {
-                rarg = CMS.createArgBlock();
-                rarg.addStringValue("type", "ee");
-                rarg.addStringValue("prefix", "https");
-                rarg.addIntegerValue("port",
-                        Integer.valueOf(CMS.getEESSLPort()).intValue());
-                rarg.addStringValue("host", host);
-                rarg.addStringValue("uri", eeInterface);
-                argSet.addRepeatRecord(rarg);
-                num++;
-            }
-            if (!agentInterface.equals("")) {
-                rarg = CMS.createArgBlock();
-                rarg.addStringValue("type", "agent");
-                rarg.addStringValue("prefix", "https");
-                rarg.addIntegerValue("port",
-                        Integer.valueOf(CMS.getAgentPort()).intValue());
-                rarg.addStringValue("host", host);
-                rarg.addStringValue("uri", agentInterface);
-                argSet.addRepeatRecord(rarg);
-                num++;
-            }
-        }
-        header.addIntegerValue("totalRecordCount", num);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java
deleted file mode 100644
index 00474615f..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java
+++ /dev/null
@@ -1,338 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.context.Context;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.crypto.TokenException;
-import org.mozilla.jss.pkcs11.PK11Module;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.util.HttpInput;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-import com.netscape.cmsutil.crypto.Module;
-
-public class ModulePanel extends WizardPanelBase {
-    private CryptoManager mCryptoManager = null;
-    private Vector<Module> mSupportedModules = null;
-    private Vector<Module> mOtherModules = null;
-    private Hashtable<String, PK11Module> mCurrModTable = new Hashtable<String, PK11Module>();
-    private WizardServlet mServlet = null;
-
-    public ModulePanel() {
-    }
-
-    /**
-     * Initializes this panel.
-     */
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Key Store");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Key Store");
-        setId(id);
-        mServlet = servlet;
-    }
-
-    public void cleanUp() throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        cs.putBoolean("preop.ModulePanel.done", false);
-    }
-
-    public void loadCurrModTable() {
-        try {
-            // getting existing modules
-            mCryptoManager = CryptoManager.getInstance();
-            @SuppressWarnings("unchecked")
-            Enumeration<PK11Module> modules = mCryptoManager.getModules();
-
-            while (modules.hasMoreElements()) {
-                PK11Module mod = modules.nextElement();
-
-                CMS.debug("ModulePanel: got module " + mod.getName());
-                mCurrModTable.put(mod.getName(), mod);
-            } // while
-        } catch (Exception e) {
-            CMS.debug(
-                    "ModulePanel: Exception caught in loadCurrModTable: "
-                            + e.toString());
-            System.err.println("Exception caught: " + e.toString());
-        }
-    }
-
-    /*
-     * Modules not listed as supported modules
-     */
-    public void loadOtherModules() {
-        Enumeration<PK11Module> m = mCurrModTable.elements();
-
-        mOtherModules = new Vector<Module>();
-        while (m.hasMoreElements()) {
-            PK11Module mod = m.nextElement();
-            Enumeration<Module> s = mSupportedModules.elements();
-            boolean found = false;
-
-            while (s.hasMoreElements()) {
-                Module sm = s.nextElement();
-
-                if (mod.getName().equals(sm.getCommonName())) {
-                    found = true;
-                    break;
-                } else {
-                    found = false;
-                }
-            }// while
-            if (!found) {
-                // unsupported, use common name as user friendly name
-                Module module = new Module(mod.getName(), mod.getName());
-
-                loadModTokens(module, mod);
-                module.setFound(true);
-                mOtherModules.addElement(module);
-                break;
-            }
-        }// while
-    }
-
-    /*
-     * find all tokens belonging to a module and load the Module
-     */
-    public void loadModTokens(Module module, PK11Module mod) {
-        @SuppressWarnings("unchecked")
-        Enumeration<CryptoToken> tokens = mod.getTokens();
-
-        while (tokens.hasMoreElements()) {
-            try {
-                CryptoToken token = tokens.nextElement();
-
-                CMS.debug("ModulePanel: token nick name=" + token.getName());
-                CMS.debug("ModulePanel: token logged in?" + token.isLoggedIn());
-                CMS.debug("ModulePanel: token is present?" + token.isPresent());
-                if (!token.getName().equals("Internal Crypto Services Token") &&
-                        !token.getName().equals("NSS Generic Crypto Services")) {
-                    module.addToken(token);
-                } else {
-                    CMS.debug(
-                            "ModulePanel: token " + token.getName()
-                                    + " not to be added");
-                }
-
-            } catch (TokenException ex) {
-                CMS.debug("ModulePanel:" + ex.toString());
-            }
-        }
-    }
-
-    /*
-     * Modules unsupported by the system will not be included
-     */
-    public void loadSupportedModules() {
-
-        // getting supported security modules
-        // a Vectgor of Modules
-        mSupportedModules = new Vector<Module>();
-        // read from conf store all supported modules
-        try {
-            int count = CMS.getConfigStore().getInteger(
-                    "preop.configModules.count");
-
-            CMS.debug("ModulePanel: supported modules count= " + count);
-            for (int i = 0; i < count; i++) {
-                String cn = CMS.getConfigStore().getString(
-                        "preop.configModules.module" + i + ".commonName");
-                String pn = CMS.getConfigStore().getString(
-                        "preop.configModules.module" + i + ".userFriendlyName");
-                String img = CMS.getConfigStore().getString(
-                        "preop.configModules.module" + i + ".imagePath");
-
-                if ((cn == null) || (cn.equals(""))) {
-                    break;
-                }
-
-                CMS.debug("ModulePanel: got from config module: " + cn);
-                // create a Module object
-                Module module = new Module(cn, pn, img);
-
-                if (mCurrModTable.containsKey(cn)) {
-                    CMS.debug("ModulePanel: module found: " + cn);
-                    module.setFound(true);
-                    // add token info to module vector
-                    PK11Module m = mCurrModTable.get(cn);
-
-                    loadModTokens(module, m);
-                }
-
-                CMS.debug("ModulePanel: adding module " + cn);
-                // add module to set
-                if (!mSupportedModules.contains(module)) {
-                    mSupportedModules.addElement(module);
-                }
-            }// for
-
-        } catch (Exception e) {
-            CMS.debug(
-                    "ModulePanel: Exception caught in loadSupportedModules(): "
-                            + e.toString());
-            System.err.println("Exception caught: " + e.toString());
-        }
-    }
-
-    public PropertySet getUsage() {
-        // it a token choice.  Available tokens are discovered dynamically so
-        // can't be a real CHOICE
-        PropertySet set = new PropertySet();
-
-        Descriptor tokenDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
-                null, /* default parameter */
-                "module token selection");
-
-        set.add("choice", tokenDesc);
-
-        return set;
-    }
-
-    public boolean isPanelDone() {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            boolean s = cs.getBoolean("preop.ModulePanel.done",
-                    false);
-
-            if (s != true) {
-                return false;
-            } else {
-                return true;
-            }
-        } catch (EBaseException e) {
-        }
-
-        return false;
-    }
-
-    public boolean hasSubPanel() {
-        return true;
-    }
-
-    /**
-     * Display the panel.
-     */
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        CMS.debug("ModulePanel: display()");
-        context.put("title", "Key Store");
-
-        loadCurrModTable();
-        loadSupportedModules();
-        loadOtherModules();
-
-        IConfigStore config = CMS.getConfigStore();
-
-        try {
-            String s = config.getString("preop.module.token",
-                    "Internal Key Storage Token");
-
-            context.put("defTok", s);
-        } catch (Exception e) {
-            CMS.debug("ModulePanel:" + e.toString());
-        }
-
-        context.put("status", "display");
-        context.put("oms", mOtherModules);
-        context.put("sms", mSupportedModules);
-        // context.put("status_token", "None");
-        String subpanelno = String.valueOf(getPanelNo() + 1);
-        CMS.debug("ModulePanel subpanelno =" + subpanelno);
-        context.put("subpanelno", subpanelno);
-        context.put("panel", "admin/console/config/modulepanel.vm");
-    }
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-    }
-
-    /**
-     * Commit parameter changes
-     */
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-        boolean hasErr = false;
-
-        try {
-            // get the value of the choice
-            String select = HttpInput.getID(request, "choice");
-
-            if (select == null) {
-                CMS.debug("ModulePanel: no choice selected");
-                hasErr = true;
-                throw new IOException("choice not found");
-            }
-
-            IConfigStore config = CMS.getConfigStore();
-            String oldtokenname = config.getString("preop.module.token", "");
-            if (!oldtokenname.equals(select))
-                mServlet.cleanUpFromPanel(mServlet.getPanelNo(request));
-
-            if (hasErr == false) {
-                config.putString("preop.module.token", select);
-                config.putBoolean("preop.ModulePanel.done", true);
-            }
-            config.commit(false);
-            context.put("updateStatus", "success");
-        } catch (Exception e) {
-            CMS.debug("ModulePanel: Exception caught: " + e.toString());
-            System.err.println("Exception caught: " + e.toString());
-            context.put("updateStatus", "failure");
-        }
-    }
-
-    /**
-     * If validiate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        context.put("title", "Security Module");
-        context.put("panel", "admin/console/config/modulepanel.vm");
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
deleted file mode 100644
index 070e17e7c..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
+++ /dev/null
@@ -1,622 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.net.URL;
-import java.util.Enumeration;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.velocity.context.Context;
-import org.xml.sax.SAXException;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.util.HttpInput;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-
-public class NamePanel extends WizardPanelBase {
-    private Vector<Cert> mCerts = null;
-    private WizardServlet mServlet = null;
-
-    public NamePanel() {
-    }
-
-    /**
-     * Initializes this panel.
-     */
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Subject Names");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Subject Names");
-        setId(id);
-        mServlet = servlet;
-    }
-
-    /**
-     * Returns the usage.XXX usage needs to be made dynamic
-     */
-    public PropertySet getUsage() {
-        PropertySet set = new PropertySet();
-
-        Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */
-                null, /* no default parameter */
-                "CA Signing Certificate's DN");
-
-        set.add("caDN", caDN);
-
-        Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */
-                null, /* no default parameter */
-                "SSL Server Certificate's DN");
-
-        set.add("sslDN", sslDN);
-
-        Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */
-                null, /* no default parameter */
-                "CA Subsystem Certificate's DN");
-
-        set.add("subsystemDN", subsystemDN);
-
-        Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */
-                null, /* no default parameter */
-                "OCSP Signing Certificate's DN");
-
-        set.add("ocspDN", ocspDN);
-
-        return set;
-    }
-
-    public void cleanUp() throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            @SuppressWarnings("unused")
-            boolean done = cs.getBoolean("preop.NamePanel.done"); // check for errors
-            cs.putBoolean("preop.NamePanel.done", false);
-            cs.commit(false);
-        } catch (Exception e) {
-        }
-
-        String list = "";
-        try {
-            list = cs.getString("preop.cert.list", "");
-        } catch (Exception e) {
-        }
-
-        StringTokenizer st = new StringTokenizer(list, ",");
-        while (st.hasMoreTokens()) {
-            String t = st.nextToken();
-            cs.remove("preop.cert." + t + ".done");
-        }
-
-        try {
-            cs.commit(false);
-        } catch (Exception e) {
-        }
-    }
-
-    public boolean isPanelDone() {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            boolean s = cs.getBoolean("preop.NamePanel.done", false);
-            if (s != true) {
-                return false;
-            } else {
-                return true;
-            }
-        } catch (EBaseException e) {
-        }
-
-        return false;
-    }
-
-    /**
-     * Display the panel.
-     */
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        CMS.debug("NamePanel: display()");
-        context.put("title", "Subject Names");
-
-        // update session id
-        String session_id = request.getParameter("session_id");
-        if (session_id != null) {
-            CMS.debug("NamePanel setting session id.");
-            CMS.setConfigSDSessionId(session_id);
-        }
-
-        mCerts = new Vector<Cert>();
-
-        String domainname = "";
-        IConfigStore config = CMS.getConfigStore();
-        String select = "";
-        String hselect = "";
-        String cstype = "";
-        String domainType = "";
-        try {
-            //if CA, at the hierarchy panel, was it root or subord?
-            hselect = config.getString("preop.hierarchy.select", "");
-            select = config.getString("preop.subsystem.select", "");
-            cstype = config.getString("cs.type", "");
-            domainType = config.getString("preop.securitydomain.select", "");
-            context.put("select", select);
-            if (cstype.equals("CA") && hselect.equals("root")) {
-                CMS.debug("NamePanel ca is root");
-                context.put("isRoot", "true");
-            } else {
-                CMS.debug("NamePanel not ca or not root");
-                context.put("isRoot", "false");
-            }
-        } catch (Exception e) {
-        }
-
-        try {
-            domainname = config.getString("securitydomain.name", "");
-
-            String certTags = config.getString("preop.cert.list");
-            // same token for now
-            String token = config.getString(PRE_CONF_CA_TOKEN);
-            StringTokenizer st = new StringTokenizer(certTags, ",");
-            String domaintype = config.getString("securitydomain.select");
-            int count = 0;
-            String host = "";
-            int sd_admin_port = -1;
-            if (domaintype.equals("existing")) {
-                host = config.getString("securitydomain.host", "");
-                sd_admin_port = config.getInteger("securitydomain.httpsadminport", -1);
-                count = ConfigurationUtils.getSubsystemCount(host, sd_admin_port, true, cstype);
-            }
-
-            while (st.hasMoreTokens()) {
-                String certTag = st.nextToken();
-
-                CMS.debug("NamePanel: display() about to process certTag :" + certTag);
-                String nn = config.getString(
-                        PCERT_PREFIX + certTag + ".nickname");
-                Cert c = new Cert(token, nn, certTag);
-                String userfriendlyname = config.getString(
-                        PCERT_PREFIX + certTag + ".userfriendlyname");
-                String subsystem = config.getString(
-                        PCERT_PREFIX + certTag + ".subsystem");
-
-                c.setUserFriendlyName(userfriendlyname);
-
-                String type = config.getString(PCERT_PREFIX + certTag + ".type");
-                c.setType(type);
-                boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true);
-                c.setEnable(enable);
-
-                String cert = config.getString(subsystem + "." + certTag + ".cert", "");
-                String certreq =
-                        config.getString(subsystem + "." + certTag + ".certreq", "");
-
-                String dn = config.getString(PCERT_PREFIX + certTag + ".dn");
-                boolean override = config.getBoolean(PCERT_PREFIX + certTag +
-                        ".cncomponent.override", true);
-                //o_sd is to add o=secritydomainname
-                boolean o_sd = config.getBoolean(PCERT_PREFIX + certTag +
-                         "o_securitydomain", true);
-                domainname = config.getString("securitydomain.name", "");
-                CMS.debug("NamePanel: display() override is " + override);
-                CMS.debug("NamePanel: display() o_securitydomain is " + o_sd);
-                CMS.debug("NamePanel: display() domainname is " + domainname);
-
-                boolean dnUpdated = false;
-                try {
-                    dnUpdated = config.getBoolean(PCERT_PREFIX + certTag + ".updatedDN");
-                } catch (Exception e) {
-                }
-
-                try {
-                    @SuppressWarnings("unused")
-                    boolean done = config.getBoolean("preop.NamePanel.done"); // check for errors
-                    c.setDN(dn);
-                } catch (Exception e) {
-                    String instanceId = config.getString("service.instanceID", "");
-                    if (select.equals("clone") || dnUpdated) {
-                        c.setDN(dn);
-                    } else if (count != 0 && override && (cert.equals("") || certreq.equals(""))) {
-                        CMS.debug("NamePanel subsystemCount = " + count);
-                        c.setDN(dn + " " + count +
-                                ((!instanceId.equals("")) ? (",OU=" + instanceId) : "") +
-                                ((o_sd) ? (",O=" + domainname) : ""));
-                        config.putBoolean(PCERT_PREFIX + certTag + ".updatedDN", true);
-                    } else {
-                        c.setDN(dn +
-                                ((!instanceId.equals("")) ? (",OU=" + instanceId) : "") +
-                                ((o_sd) ? (",O=" + domainname) : ""));
-                        config.putBoolean(PCERT_PREFIX + certTag + ".updatedDN", true);
-                    }
-                }
-
-                mCerts.addElement(c);
-                CMS.debug(
-                        "NamePanel: display() added cert to mCerts: certTag "
-                                + certTag);
-                config.putString(PCERT_PREFIX + c.getCertTag() + ".dn", c.getDN());
-            }// while
-        } catch (EBaseException e) {
-            CMS.debug("NamePanel: display() exception caught:" + e.toString());
-        } catch (Exception e) {
-            CMS.debug("NamePanel: " + e.toString());
-        }
-
-        CMS.debug("NamePanel: Ready to get SSL EE HTTPS urls");
-        Vector<String> v = null;
-        if (!domainType.equals("new")) {
-            try {
-                v = ConfigurationUtils.getUrlListFromSecurityDomain(config, "CA", "SecurePort");
-            } catch (Exception e) {
-                CMS.debug("NamePanel: display(): Exception thrown in getUrlListFromSecurityDomain " + e);
-                e.printStackTrace();
-            }
-        }
-        if (v == null) {
-            v = new Vector<String>();
-        }
-        v.addElement("External CA");
-
-        StringBuffer list = new StringBuffer();
-        int size = v.size();
-
-        for (int i = 0; i < size; i++) {
-            if (i == size - 1) {
-                list.append(v.elementAt(i));
-            } else {
-                list.append(v.elementAt(i));
-                list.append(",");
-            }
-        }
-
-        try {
-            config.putString("preop.ca.list", list.toString());
-            config.commit(false);
-        } catch (Exception e) {
-        }
-
-        context.put("urls", v);
-
-        context.put("certs", mCerts);
-        context.put("panel", "admin/console/config/namepanel.vm");
-        context.put("errorString", "");
-
-    }
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-        Enumeration<Cert> c = mCerts.elements();
-
-        while (c.hasMoreElements()) {
-            Cert cert = c.nextElement();
-            // get the dn's and put in config
-            if (cert.isEnable()) {
-                String dn = HttpInput.getDN(request, cert.getCertTag());
-
-                if (dn == null || dn.length() == 0) {
-                    context.put("updateStatus", "validate-failure");
-                    throw new IOException("Empty DN for " + cert.getUserFriendlyName());
-                }
-            }
-        } // while
-    }
-
-    public void configCertWithTag(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context, String tag) throws IOException {
-        CMS.debug("NamePanel: configCertWithTag start");
-        Enumeration<Cert> c = mCerts.elements();
-        IConfigStore config = CMS.getConfigStore();
-
-        while (c.hasMoreElements()) {
-            Cert cert = c.nextElement();
-            String ct = cert.getCertTag();
-            CMS.debug("NamePanel: configCertWithTag ct=" + ct + " tag=" + tag);
-            if (ct.equals(tag)) {
-                try {
-                    String nickname = HttpInput.getNickname(request, ct + "_nick");
-                    if (nickname != null) {
-                        CMS.debug("configCertWithTag: Setting nickname for " + ct + " to " + nickname);
-                        config.putString(PCERT_PREFIX + ct + ".nickname", nickname);
-                        cert.setNickname(nickname);
-                        config.commit(false);
-                    }
-                    String dn = HttpInput.getDN(request, ct);
-                    if (dn != null) {
-                        config.putString(PCERT_PREFIX + ct + ".dn", dn);
-                        config.commit(false);
-                    }
-                } catch (Exception e) {
-                    CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for "
-                            + ct + ": " + e.toString());
-                }
-
-                ConfigurationUtils.configCert(request, response, context, cert, this);
-                CMS.debug("NamePanel: configCertWithTag done with tag=" + tag);
-                return;
-            }
-        }
-        CMS.debug("NamePanel: configCertWithTag done");
-    }
-
-    private boolean inputChanged(HttpServletRequest request)
-            throws IOException {
-        IConfigStore config = CMS.getConfigStore();
-
-        boolean hasChanged = false;
-        try {
-            Enumeration<Cert> c = mCerts.elements();
-
-            while (c.hasMoreElements()) {
-                Cert cert = c.nextElement();
-                String ct = cert.getCertTag();
-                boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true);
-                if (!enable)
-                    continue;
-
-                String olddn = config.getString(PCERT_PREFIX + cert.getCertTag() + ".dn", "");
-                // get the dn's and put in config
-                String dn = HttpInput.getDN(request, cert.getCertTag());
-
-                if (!olddn.equals(dn))
-                    hasChanged = true;
-
-                String oldnick = config.getString(PCERT_PREFIX + ct + ".nickname");
-                String nick = HttpInput.getNickname(request, ct + "_nick");
-                if (!oldnick.equals(nick))
-                    hasChanged = true;
-
-            }
-        } catch (Exception e) {
-        }
-
-        return hasChanged;
-    }
-
-    public String getURL(HttpServletRequest request, IConfigStore config) {
-        String index = request.getParameter("urls");
-        if (index == null) {
-            return null;
-        }
-        String url = "";
-        if (index.startsWith("http")) {
-            // user may submit url directlry
-            url = index;
-        } else {
-            try {
-                int x = Integer.parseInt(index);
-                String list = config.getString("preop.ca.list", "");
-                StringTokenizer tokenizer = new StringTokenizer(list, ",");
-                int counter = 0;
-
-                while (tokenizer.hasMoreTokens()) {
-                    url = tokenizer.nextToken();
-                    if (counter == x) {
-                        break;
-                    }
-                    counter++;
-                }
-            } catch (Exception e) {
-            }
-        }
-        return url;
-    }
-
-    /**
-     * Commit parameter changes
-     */
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-        CMS.debug("NamePanel: in update()");
-
-        if (inputChanged(request)) {
-            mServlet.cleanUpFromPanel(mServlet.getPanelNo(request));
-        } else if (isPanelDone()) {
-            context.put("updateStatus", "success");
-            return;
-        }
-
-        IConfigStore config = CMS.getConfigStore();
-        ISubsystem subsystem = CMS.getSubsystem(ICertificateAuthority.ID);
-
-        try {
-            //if CA, at the hierarchy panel, was it root or subord?
-            String hselect = config.getString("preop.hierarchy.select", "");
-            String cstype = config.getString("preop.subsystem.select", "");
-            if (cstype.equals("clone")) {
-                CMS.debug("NamePanel: clone configuration detected");
-                // still need to handle SSL certificate
-                configCertWithTag(request, response, context, "sslserver");
-                String url = getURL(request, config);
-                if (url != null && !url.equals("External CA")) {
-                    // preop.ca.url and admin port are required for setting KRA connector
-                    url = url.substring(url.indexOf("https"));
-                    config.putString("preop.ca.url", url);
-
-                    URL urlx = new URL(url);
-                    updateCloneSDCAInfo(request, context, urlx.getHost(), urlx.getPort());
-
-                }
-                ConfigurationUtils.updateCloneConfig();
-                CMS.debug("NamePanel: clone configuration done");
-                context.put("updateStatus", "success");
-                return;
-            }
-
-            //if no hselect, then not CA
-            if (hselect.equals("") || hselect.equals("join")) {
-                String url = getURL(request, config);
-
-                URL urlx = null;
-
-                if (url.equals("External CA")) {
-                    CMS.debug("NamePanel: external CA selected");
-                    config.putString("preop.ca.type", "otherca");
-                    if (subsystem != null) {
-                        config.putString(PCERT_PREFIX + "signing.type", "remote");
-                    }
-
-                    config.putString("preop.ca.pkcs7", "");
-                    config.putInteger("preop.ca.certchain.size", 0);
-                    context.put("check_otherca", "checked");
-                    CMS.debug("NamePanel: update: this is the external CA.");
-                } else {
-                    CMS.debug("NamePanel: local CA selected");
-                    url = url.substring(url.indexOf("https"));
-                    config.putString("preop.ca.url", url);
-
-                    urlx = new URL(url);
-                    String host = urlx.getHost();
-                    int port = urlx.getPort();
-                    String domainXML = config.getString("preop.domainXML");
-                    int admin_port = ConfigurationUtils.getPortFromSecurityDomain(domainXML,
-                            host, port, "CA", "SecurePort", "SecureAdminPort");
-
-                    config.putString("preop.ca.type", "sdca");
-                    config.putString("preop.ca.hostname", host);
-                    config.putInteger("preop.ca.httpsport", port);
-                    config.putInteger("preop.ca.httpsadminport", admin_port);
-
-                    context.put("check_sdca", "checked");
-                    context.put("sdcaHostname", host);
-                    context.put("sdHttpPort", port);
-
-                    ConfigurationUtils.importCertChain(host, admin_port, "/ca/admin/ca/getCertChain", "ca");
-
-                    if (subsystem != null) {
-                        config.putString(PCERT_PREFIX + "signing.type", "remote");
-                        config.putString(PCERT_PREFIX + "signing.profile", "caInstallCACert");
-                    }
-                }
-                config.commit(false);
-
-            }
-
-            Enumeration<Cert> c = mCerts.elements();
-
-            while (c.hasMoreElements()) {
-                Cert cert = c.nextElement();
-                String ct = cert.getCertTag();
-                boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true);
-                if (!enable)
-                    continue;
-
-                boolean certDone = config.getBoolean(PCERT_PREFIX + ct + ".done", false);
-                if (certDone)
-                    continue;
-
-                // get the nicknames and put in config
-                String nickname = HttpInput.getNickname(request, ct + "_nick");
-                if (nickname != null) {
-                    CMS.debug("NamePanel: update: Setting nickname for " + ct + " to " + nickname);
-                    config.putString(PCERT_PREFIX + ct + ".nickname", nickname);
-                    cert.setNickname(nickname);
-                } else {
-                    nickname = cert.getNickname();
-                }
-
-                // get the dn's and put in config
-                String dn = HttpInput.getDN(request, ct);
-
-                config.putString(PCERT_PREFIX + ct + ".dn", dn);
-                // commit here in case it changes
-                config.commit(false);
-
-                ConfigurationUtils.configCert(request, response, context, cert, this);
-                config.putBoolean("preop.cert." + cert.getCertTag() + ".done", true);
-                config.commit(false);
-
-            } // while
-
-            config.putBoolean("preop.NamePanel.done", true);
-            config.commit(false);
-        } catch (Exception e) {
-            CMS.debug("NamPanel - update(): Exception thrown : " + e);
-            e.printStackTrace();
-            context.put("updateStatus", "failure");
-            throw new IOException(e);
-        }
-        context.put("updateStatus", "success");
-
-        CMS.debug("NamePanel: update() done");
-    }
-
-    private void updateCloneSDCAInfo(HttpServletRequest request, Context context, String hostname, int httpsPort)
-            throws IOException, EPropertyNotFound, EBaseException, SAXException, ParserConfigurationException {
-        CMS.debug("NamePanel updateCloneSDCAInfo: selected CA hostname=" + hostname + " port=" + httpsPort);
-        IConfigStore config = CMS.getConfigStore();
-
-        if (hostname == null || hostname.length() == 0) {
-            context.put("errorString", "Hostname is null");
-            throw new IOException("Hostname is null");
-        }
-
-        // Retrieve the associated HTTPS Admin port so that it
-        // may be stored for use with ImportAdminCertPanel
-        String domainXML = config.getString("preop.domainXML");
-        int https_admin_port = ConfigurationUtils.getPortFromSecurityDomain(domainXML,
-                hostname, httpsPort, "CA", "SecurePort", "SecureAdminPort");
-
-        config.putString("preop.ca.hostname", hostname);
-        config.putInteger("preop.ca.httpsport", httpsPort);
-        config.putInteger("preop.ca.httpsadminport", https_admin_port);
-    }
-
-    public void initParams(HttpServletRequest request, Context context)
-                   throws IOException {
-        context.put("certs", mCerts);
-    }
-
-    /**
-     * If validiate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        try {
-            initParams(request, context);
-        } catch (IOException e) {
-        }
-        context.put("title", "Subject Names");
-        context.put("panel", "admin/console/config/namepanel.vm");
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java b/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java
deleted file mode 100644
index 74197a4a8..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java
+++ /dev/null
@@ -1,332 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.security.cert.X509Certificate;
-import java.util.Enumeration;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.X509CertImpl;
-
-import org.w3c.dom.Node;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.usrgrp.ICertUserLocator;
-import com.netscape.certsrv.usrgrp.IGroup;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-import com.netscape.cmsutil.util.Utils;
-import com.netscape.cmsutil.xml.XMLObject;
-
-/**
- * This servlet creates a TPS user in the CA,
- * and it associates TPS's server certificate to
- * the user. Finally, it addes the user to the
- * administrator group. This procedure will
- * allows TPS to connect to the CA for certificate
- * issuance.
- */
-public class RegisterUser extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -699307373400031138L;
-    private final static String SUCCESS = "0";
-    private final static String AUTH_FAILURE = "2";
-    private String mGroupName = null;
-    private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
-            "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
-
-    public RegisterUser() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        CMS.debug("RegisterUser: initializing...");
-        super.init(sc);
-        CMS.debug("RegisterUser: done initializing...");
-        mGroupName = sc.getInitParameter("GroupName");
-        CMS.debug("RegisterUser: group name " + mGroupName);
-    }
-
-    /**
-     * Process the HTTP request.
-     */
-    protected void process(CMSRequest cmsReq) throws EBaseException {
-        CMS.debug("UpdateUpdater: processing...");
-
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = null;
-        try {
-            authToken = authenticate(cmsReq);
-            CMS.debug("RegisterUser authentication successful.");
-        } catch (Exception e) {
-            CMS.debug("RegisterUser: authentication failed.");
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                            e.toString()));
-            outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated",
-                        null);
-            return;
-        }
-
-        if (authToken == null) {
-            CMS.debug("RegisterUser: authentication failed.");
-            outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated",
-                        null);
-            return;
-        }
-
-        AuthzToken authzToken = null;
-        try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
-                    "modify");
-            CMS.debug("RegisterUser authorization successful.");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            outputError(httpResp, "Error: Not authorized");
-            return;
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            outputError(httpResp,
-                    "Error: Encountered problem during authorization.");
-            return;
-        }
-
-        if (authzToken == null) {
-            outputError(httpResp, "Error: Not authorized");
-            return;
-        }
-
-        // create user and add certificate
-        String uid = httpReq.getParameter("uid");
-        String name = httpReq.getParameter("name");
-        String certsString = httpReq.getParameter("certificate");
-        CMS.debug("RegisterUser got uid=" + uid);
-        CMS.debug("RegisterUser got name=" + name);
-        CMS.debug("RegisterUser got certsString=" + certsString);
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" +
-                             "+Resource;;" + uid +
-                             "+fullname;;" + name +
-                             "+state;;1" +
-                             "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>";
-
-        IUGSubsystem ugsys = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
-
-        IUser user = null;
-        boolean foundByCert = false;
-        X509Certificate certs[] = new X509Certificate[1];
-        try {
-
-            byte bCert[] = null;
-            X509CertImpl cert = null;
-            bCert = Utils.base64decode(certsString);
-            cert = new X509CertImpl(bCert);
-            certs[0] = cert;
-
-            // test to see if the cert already belongs to a user
-            ICertUserLocator cul = ugsys.getCertUserLocator();
-            com.netscape.certsrv.usrgrp.Certificates c =
-                    new com.netscape.certsrv.usrgrp.Certificates(certs);
-            user = cul.locateUser(c);
-        } catch (Exception ec) {
-            CMS.debug("RegisterUser: exception thrown: " + ec.toString());
-        }
-        if (user == null) {
-            CMS.debug("RegisterUser NOT found user by cert");
-            try {
-                user = ugsys.getUser(uid);
-                CMS.debug("RegisterUser found user by uid " + uid);
-            } catch (Exception eee) {
-            }
-        } else {
-            foundByCert = true;
-            CMS.debug("RegisterUser found user by cert");
-        }
-
-        try {
-
-            if (user == null) {
-                // create user only if such user does not exist
-                user = ugsys.createUser(uid);
-                user.setFullName(name);
-                user.setState("1");
-                user.setUserType("");
-                user.setEmail("");
-                user.setPhone("");
-                user.setPassword("");
-
-                ugsys.addUser(user);
-                CMS.debug("RegisterUser created user " + uid);
-                auditMessage = CMS.getLogMessage(
-                              LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                              auditSubjectID,
-                              ILogger.SUCCESS,
-                              auditParams);
-                audit(auditMessage);
-            }
-
-            // extract all line separators
-            StringBuffer sb = new StringBuffer();
-            for (int i = 0; i < certsString.length(); i++) {
-                if (!Character.isWhitespace(certsString.charAt(i))) {
-                    sb.append(certsString.charAt(i));
-                }
-            }
-            certsString = sb.toString();
-
-            auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" +
-                        "+Resource;;" + uid +
-                        "+cert;;" + certsString;
-
-            user.setX509Certificates(certs);
-            if (!foundByCert) {
-                ugsys.addUserCert(user);
-                CMS.debug("RegisterUser added user certificate");
-                auditMessage = CMS.getLogMessage(
-                              LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                              auditSubjectID,
-                              ILogger.SUCCESS,
-                              auditParams);
-                audit(auditMessage);
-            } else
-                CMS.debug("RegisterUser no need to add user certificate");
-        } catch (Exception eee) {
-            CMS.debug("RegisterUser error " + eee.toString());
-            auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditParams);
-
-            audit(auditMessage);
-            outputError(httpResp, "Error: Certificate malformed");
-            return;
-        }
-
-        // add user to the group
-        auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" +
-                      "+Resource;;" + mGroupName;
-        try {
-            Enumeration<IGroup> groups = ugsys.findGroups(mGroupName);
-            IGroup group = groups.nextElement();
-
-            auditParams += "+user;;";
-            Enumeration<String> members = group.getMemberNames();
-            while (members.hasMoreElements()) {
-                auditParams += members.nextElement();
-                if (members.hasMoreElements()) {
-                    auditParams += ",";
-                }
-            }
-
-            if (!group.isMember(user.getUserID())) {
-                auditParams += "," + user.getUserID();
-                group.addMemberName(user.getUserID());
-                ugsys.modifyGroup(group);
-                CMS.debug("RegisterUser modified group");
-
-                auditMessage = CMS.getLogMessage(
-                               LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                               auditSubjectID,
-                               ILogger.SUCCESS,
-                               auditParams);
-
-                audit(auditMessage);
-            }
-        } catch (Exception e) {
-            auditMessage = CMS.getLogMessage(
-                               LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                               auditSubjectID,
-                               ILogger.FAILURE,
-                               auditParams);
-
-            audit(auditMessage);
-        }
-
-        // send success status back to the requestor
-        try {
-            CMS.debug("RegisterUser: Sending response");
-            XMLObject xmlObj = new XMLObject();
-            Node root = xmlObj.createRoot("XMLResponse");
-
-            xmlObj.addItemToContainer(root, "Status", SUCCESS);
-            byte[] cb = xmlObj.toByteArray();
-
-            outputResult(httpResp, "application/xml", cb);
-        } catch (Exception e) {
-            CMS.debug("RegisterUser: Failed to send the XML output");
-        }
-    }
-
-    protected void setDefaultTemplates(ServletConfig sc) {
-    }
-
-    protected void renderTemplate(
-            CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-            throws IOException {// do nothing
-    }
-
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader("accept-language");
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                    UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
deleted file mode 100644
index 243e7e839..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
+++ /dev/null
@@ -1,235 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.File;
-import java.io.IOException;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.context.Context;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.util.HttpInput;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-
-public class RestoreKeyCertPanel extends WizardPanelBase {
-
-    public RestoreKeyCertPanel() {
-    }
-
-    /**
-     * Initializes this panel.
-     */
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Import Keys and Certificates");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Import Keys and Certificates");
-        setId(id);
-    }
-
-    /**
-     * Should we skip this panel for the configuration.
-     */
-    public boolean shouldSkip() {
-        CMS.debug("RestoreKeyCertPanel: should skip");
-
-        IConfigStore cs = CMS.getConfigStore();
-        // if we are root, no need to get the certificate chain.
-
-        try {
-            String select = cs.getString("preop.subsystem.select", "");
-            if (select.equals("clone")) {
-                return false;
-            }
-        } catch (EBaseException e) {
-        }
-
-        return true;
-    }
-
-    public boolean isSubPanel() {
-        return true;
-    }
-
-    public void cleanUp() throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        /* clean up if necessary */
-        try {
-            @SuppressWarnings("unused")
-            boolean done = cs.getBoolean("preop.restorekeycert.done"); // check for errors
-            cs.putBoolean("preop.restorekeycert.done", false);
-            cs.commit(false);
-        } catch (Exception e) {
-        }
-    }
-
-    public boolean isPanelDone() {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            String s = cs.getString("preop.restorekeycert.done", "");
-            if (s == null || s.equals("")) {
-                return false;
-            } else {
-                return true;
-            }
-        } catch (EBaseException e) {
-        }
-        return false;
-    }
-
-    public PropertySet getUsage() {
-        PropertySet set = new PropertySet();
-
-        /* XXX */
-
-        return set;
-    }
-
-    /**
-     * Display the panel.
-     */
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        context.put("title", "Import Keys and Certificates");
-        IConfigStore config = CMS.getConfigStore();
-
-        if (isPanelDone()) {
-
-            try {
-                String s = config.getString("preop.pk12.path", "");
-                context.put("path", s);
-            } catch (Exception e) {
-                CMS.debug(e.toString());
-            }
-        } else {
-            context.put("path", "");
-        }
-
-        context.put("password", "");
-        context.put("panel", "admin/console/config/restorekeycertpanel.vm");
-        context.put("errorString", "");
-    }
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-        IConfigStore config = CMS.getConfigStore();
-        String tokenname = "";
-        try {
-            tokenname = config.getString("preop.module.token", "");
-        } catch (Exception e) {
-        }
-
-        if (!tokenname.equals("Internal Key Storage Token"))
-            return;
-
-        // Path can be empty. If this case, we just want to
-        // get to the next panel. Customer has HSM.
-        String s = HttpInput.getString(request, "path");
-
-        if (s != null && !s.equals("")) {
-            s = HttpInput.getPassword(request, "__password");
-            if (s == null || s.equals("")) {
-                CMS.debug("RestoreKeyCertPanel validate: password is empty");
-                context.put("updateStatus", "validate-failure");
-                throw new IOException("Empty password");
-            }
-        }
-    }
-
-    /**
-     * Commit parameter changes
-     */
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-        IConfigStore config = CMS.getConfigStore();
-        try {
-            ConfigurationUtils.getConfigEntriesFromMaster();
-
-            String path = HttpInput.getString(request, "path");
-            if (path == null || path.equals("")) {
-                // skip to next panel
-                config.putBoolean("preop.restorekeycert.done", true);
-                config.commit(false);
-                context.put("updateStatus", "success");
-                return;
-            }
-
-            String pwd = HttpInput.getPassword(request, "__password");
-
-            String tokenn = config.getString("preop.module.token");
-            if (tokenn.equals("Internal Key Storage Token")) {
-                String instanceRoot = config.getString("instanceRoot");
-                String p12File = instanceRoot + File.separator + "alias" +
-                                 File.separator + path;
-                ConfigurationUtils.restoreCertsFromP12(p12File, pwd);
-            }
-
-            String subsystemtype = config.getString("preop.subsystem.select", "");
-            if (subsystemtype.equals("clone")) {
-                CMS.debug("RestoreKeyCertPanel: this is the clone subsystem");
-                boolean cloneReady = ConfigurationUtils.isCertdbCloned();
-                if (!cloneReady) {
-                    CMS.debug("RestoreKeyCertPanel update: clone does not have all the certificates.");
-                    throw new IOException("Clone is not ready");
-                }
-            }
-
-            config.putBoolean("preop.restorekeycert.done", true);
-            config.commit(false);
-        } catch (Exception e) {
-            CMS.debug("RestoreKeyCertPanel update: exception thrown:" + e);
-            e.printStackTrace();
-            context.put("errorString", e.toString());
-            context.put("updateStatus", "failure");
-            throw new IOException(e);
-        }
-
-        context.put("updateStatus", "success");
-    }
-
-    /**
-     * If validate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        context.put("title", "Import Keys and Certificates");
-        context.put("password", "");
-        context.put("path", "");
-        context.put("panel", "admin/console/config/restorekeycertpanel.vm");
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java b/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java
deleted file mode 100644
index cdcefbfe7..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java
+++ /dev/null
@@ -1,144 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.context.Context;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-
-public class SavePKCS12Panel extends WizardPanelBase {
-
-    public SavePKCS12Panel() {
-    }
-
-    /**
-     * Initializes this panel.
-     */
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Save Keys and Certificates");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Save Keys and Certificates");
-        setId(id);
-    }
-
-    public void cleanUp() throws IOException {
-    }
-
-    public boolean shouldSkip() {
-        IConfigStore cs = CMS.getConfigStore();
-
-        try {
-            boolean enable = cs.getBoolean("preop.backupkeys.enable", false);
-            if (!enable)
-                return true;
-        } catch (Exception e) {
-        }
-
-        return false;
-    }
-
-    public boolean isPanelDone() {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            String s = cs.getString("preop.backupkeycert.done", "");
-            if (s == null || s.equals("")) {
-                return false;
-            } else {
-                return true;
-            }
-        } catch (EBaseException e) {
-        }
-        return false;
-    }
-
-    public PropertySet getUsage() {
-        PropertySet set = new PropertySet();
-
-        return set;
-    }
-
-    public boolean isSubPanel() {
-        return true;
-    }
-
-    /**
-     * Display the panel.
-     */
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        context.put("title", "Save Keys and Certificates");
-        IConfigStore config = CMS.getConfigStore();
-        String subsystemtype = "";
-        try {
-            subsystemtype = config.getString("cs.type", "");
-        } catch (Exception e) {
-        }
-
-        subsystemtype = subsystemtype.toLowerCase();
-
-        context.put("panel", "admin/console/config/savepkcs12panel.vm");
-        context.put("subsystemtype", subsystemtype);
-        context.put("errorString", "");
-    }
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response, Context context) throws IOException {
-    }
-
-    /**
-     * Commit parameter changes
-     */
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-        context.put("title", "Save Keys and Certificates");
-        context.put("panel", "admin/console/config/savepkcs12panel.vm");
-        context.put("updateStatus", "success");
-    }
-
-    /**
-     * If validiate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        context.put("title", "Save Keys and Certificates");
-        context.put("panel", "admin/console/config/savepkcs12panel.vm");
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java
deleted file mode 100644
index ed242f691..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java
+++ /dev/null
@@ -1,88 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.net.URL;
-import java.net.URLDecoder;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.Template;
-import org.apache.velocity.app.Velocity;
-import org.apache.velocity.context.Context;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-
-public class SecurityDomainLogin extends BaseServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -1616344299101179396L;
-
-    public boolean authenticate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        return true;
-    }
-
-    public Template process(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        Template template = null;
-
-        try {
-            String url = request.getParameter("url");
-            url = URLDecoder.decode(url, "UTF-8");
-            URL u = null;
-            if (url != null) {
-                u = new URL(url);
-            }
-            int index = url.indexOf("subsystem=");
-            String subsystem = "";
-            if (index > 0) {
-                subsystem = url.substring(index + 10);
-                int index1 = subsystem.indexOf("&");
-                if (index1 > 0)
-                    subsystem = subsystem.substring(0, index1);
-            }
-            context.put("sd_uid", "");
-            context.put("sd_pwd", "");
-            context.put("url", url);
-            context.put("host", u.getHost());
-            context.put("errorString", "");
-            context.put("sdhost", CMS.getEESSLHost());
-            if (subsystem.equals("KRA")) {
-                subsystem = "DRM";
-            }
-            context.put("subsystem", subsystem);
-            // The "securitydomain.name" property ONLY resides in the "CS.cfg"
-            // associated with the CS subsystem hosting the security domain.
-            IConfigStore cs = CMS.getConfigStore();
-            String sdname = cs.getString("securitydomain.name", "");
-            context.put("name", sdname);
-            template = Velocity.getTemplate("admin/console/config/securitydomainloginpanel.vm");
-        } catch (Exception e) {
-            System.err.println("Exception caught: " + e.getMessage());
-        }
-
-        return template;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
deleted file mode 100644
index 1ae4c3397..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
+++ /dev/null
@@ -1,469 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.util.StringTokenizer;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.context.Context;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.util.HttpInput;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-
-public class SecurityDomainPanel extends WizardPanelBase {
-
-    public SecurityDomainPanel() {
-    }
-
-    /**
-     * Initializes this panel.
-     */
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Security Domain");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Security Domain");
-        setId(id);
-    }
-
-    public void cleanUp() throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        cs.putString("preop.securitydomain.select", "");
-        cs.putString("securitydomain.select", "");
-    }
-
-    public boolean isPanelDone() {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            String s = cs.getString("preop.securitydomain.select", "");
-            if (s == null || s.equals("")) {
-                return false;
-            } else {
-                return true;
-            }
-        } catch (EBaseException e) {
-        }
-        return false;
-    }
-
-    public PropertySet getUsage() {
-        PropertySet set = new PropertySet();
-
-        /* XXX */
-
-        return set;
-    }
-
-    /**
-     * Display the panel.
-     */
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        context.put("title", "Security Domain");
-        IConfigStore config = CMS.getConfigStore();
-        String errorString = "";
-        String default_admin_url = "";
-        String name = "";
-        String systemdService = "";
-
-        try {
-            default_admin_url = config.getString("preop.securitydomain.admin_url", "");
-            name = config.getString("preop.securitydomain.name", "");
-            systemdService = config.getString("pkicreate.systemd.servicename", "");
-        } catch (Exception e) {
-            CMS.debug(e.toString());
-        }
-        if (isPanelDone()) {
-            try {
-                String s = config.getString("preop.securitydomain.select");
-
-                if (s.equals("new")) {
-                    context.put("check_newdomain", "checked");
-                    context.put("check_existingdomain", "");
-                } else if (s.equals("existing")) {
-                    context.put("check_newdomain", "");
-                    context.put("check_existingdomain", "checked");
-                }
-            } catch (Exception e) {
-                CMS.debug(e.toString());
-            }
-        } else {
-            context.put("check_newdomain", "checked");
-            context.put("check_existingdomain", "");
-        }
-
-        try {
-            context.put("cstype", config.getString("cs.type"));
-            context.put("wizardname", config.getString("preop.wizard.name"));
-            context.put("panelname", "Security Domain Configuration");
-            context.put("systemname", config.getString("preop.system.name"));
-            context.put("machineName", config.getString("machineName"));
-            context.put("http_ee_port", CMS.getEENonSSLPort());
-            context.put("https_agent_port", CMS.getAgentPort());
-            context.put("https_ee_port", CMS.getEESSLPort());
-            context.put("https_admin_port", CMS.getAdminPort());
-            context.put("sdomainAdminURL", default_admin_url);
-        } catch (EBaseException e) {
-        }
-
-        context.put("panel", "admin/console/config/securitydomainpanel.vm");
-        context.put("errorString", errorString);
-
-        // from default_admin_url, find hostname, if fully qualified, get
-        // network domain name and generate default security domain name
-        if (name.equals("") && (default_admin_url != null)) {
-            try {
-                URL u = new URL(default_admin_url);
-
-                String hostname = u.getHost();
-                StringTokenizer st = new StringTokenizer(hostname, ".");
-                boolean first = true;
-                int numTokens = st.countTokens();
-                int count = 0;
-                String defaultDomain = "";
-                StringBuffer sb = new StringBuffer();
-                while (st.hasMoreTokens()) {
-                    count++;
-                    String n = st.nextToken();
-                    if (first) { //skip the hostname
-                        first = false;
-                        continue;
-                    }
-                    if (count == numTokens) // skip the last element (e.g. com)
-                        continue;
-                    sb.append((defaultDomain.length() == 0) ? "" : " ");
-                    sb.append(capitalize(n));
-                }
-                defaultDomain = sb.toString() + " " + "Domain";
-                name = defaultDomain;
-                CMS.debug("SecurityDomainPanel: defaultDomain generated:" + name);
-            } catch (MalformedURLException e) {
-                errorString = "Malformed URL";
-                // not being able to come up with default domain name is ok
-            }
-        }
-        context.put("sdomainName", name);
-
-        if (default_admin_url != null) {
-            String r = null;
-
-            try {
-                // check to see if "default" security domain exists
-                // on local machine
-                URL u = new URL(default_admin_url);
-
-                String hostname = u.getHost();
-                int port = u.getPort();
-                ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
-                r = pingCS(hostname, port, true, certApprovalCallback);
-            } catch (Exception e) {
-                CMS.debug("SecurityDomainPanel: exception caught: "
-                         + e.toString());
-            }
-
-            if (r != null) {
-                // "default" security domain exists on local machine;
-                // fill "sdomainURL" in with "default" security domain
-                // as an initial "guess"
-                CMS.debug("SecurityDomainPanel: pingCS returns: " + r);
-                context.put("sdomainURL", default_admin_url);
-            } else {
-                // "default" security domain does NOT exist on local machine;
-                // leave "sdomainURL" blank
-                CMS.debug("SecurityDomainPanel: pingCS no successful response");
-                context.put("sdomainURL", "");
-            }
-        }
-
-        // Information for "existing" Security Domain CAs
-        String initDaemon = "pki-cad";
-        String instanceId = "&lt;security_domain_instance_name&gt;";
-        String os = System.getProperty("os.name");
-        if (os.equalsIgnoreCase("Linux")) {
-            if (!systemdService.equals("")) {
-                context.put("initCommand", "/usr/bin/pkicontrol");
-                context.put("instanceId", "ca " + systemdService);
-            } else {
-                context.put("initCommand", "/sbin/service " + initDaemon);
-                context.put("instanceId", instanceId);
-            }
-        } else {
-            /* default case:  e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
-            context.put("initCommand", "/etc/init.d/" + initDaemon);
-            context.put("instanceId", instanceId);
-        }
-    }
-
-    public static String capitalize(String s) {
-        if (s.length() == 0) {
-            return s;
-        } else {
-            return s.substring(0, 1).toUpperCase() + s.substring(1);
-        }
-    }
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-
-        String select = HttpInput.getID(request, "choice");
-        if (select.equals("newdomain")) {
-            String name = HttpInput.getSecurityDomainName(request, "sdomainName");
-            if (name == null || name.equals("")) {
-                initParams(request, context);
-                context.put("updateStatus", "validate-failure");
-                throw new IOException("Missing name value for the security domain");
-            }
-        } else if (select.equals("existingdomain")) {
-            CMS.debug("SecurityDomainPanel: validating "
-                     + "SSL Admin HTTPS . . .");
-            String admin_url = HttpInput.getURL(request, "sdomainURL");
-            if (admin_url == null || admin_url.equals("")) {
-                initParams(request, context);
-                context.put("updateStatus", "validate-failure");
-                throw new IOException("Missing SSL Admin HTTPS url value "
-                                     + "for the security domain");
-            } else {
-                String r = null;
-
-                try {
-                    URL u = new URL(admin_url);
-
-                    String hostname = u.getHost();
-                    int admin_port = u.getPort();
-                    ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
-                    r = pingCS(hostname, admin_port, true,
-                                certApprovalCallback);
-                } catch (Exception e) {
-                    CMS.debug("SecurityDomainPanel: exception caught: "
-                             + e.toString());
-                    context.put("updateStatus", "validate-failure");
-                    throw new IOException("Illegal SSL Admin HTTPS url value "
-                                         + "for the security domain");
-                }
-
-                if (r != null) {
-                    CMS.debug("SecurityDomainPanel: pingAdminCS returns: "
-                             + r);
-                    context.put("sdomainURL", admin_url);
-                } else {
-                    CMS.debug("SecurityDomainPanel: pingAdminCS "
-                             + "no successful response for SSL Admin HTTPS");
-                    context.put("sdomainURL", "");
-                }
-            }
-        }
-    }
-
-    public void initParams(HttpServletRequest request, Context context)
-                   throws IOException {
-        IConfigStore config = CMS.getConfigStore();
-        try {
-            context.put("cstype", config.getString("cs.type"));
-        } catch (Exception e) {
-        }
-
-        String select = request.getParameter("choice");
-        if (select.equals("newdomain")) {
-            context.put("check_newdomain", "checked");
-            context.put("check_existingdomain", "");
-        } else if (select.equals("existingdomain")) {
-            context.put("check_newdomain", "");
-            context.put("check_existingdomain", "checked");
-        }
-
-        String name = request.getParameter("sdomainName");
-        if (name == null)
-            name = "";
-        context.put("sdomainName", name);
-
-        String admin_url = request.getParameter("sdomainURL");
-        if (admin_url == null)
-            admin_url = "";
-        context.put("sdomainURL", admin_url);
-    }
-
-    /**
-     * Commit parameter changes
-     */
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-        String select = HttpInput.getID(request, "choice");
-
-        if (select == null) {
-            CMS.debug("SecurityDomainPanel: choice not found");
-            context.put("updateStatus", "failure");
-            throw new IOException("choice not found");
-        }
-        IConfigStore config = CMS.getConfigStore();
-
-        try {
-            if (select.equals("newdomain")) {
-                config.putString("preop.securitydomain.select", "new");
-                config.putString("securitydomain.select", "new");
-                config.putString("preop.securitydomain.name", HttpInput.getDomainName(request, "sdomainName"));
-                config.putString("securitydomain.name", HttpInput.getDomainName(request, "sdomainName"));
-                config.putString("securitydomain.host", CMS.getEENonSSLHost());
-                config.putString("securitydomain.httpport", CMS.getEENonSSLPort());
-                config.putString("securitydomain.httpsagentport", CMS.getAgentPort());
-                config.putString("securitydomain.httpseeport", CMS.getEESSLPort());
-                config.putString("securitydomain.httpsadminport", CMS.getAdminPort());
-
-                // make sure the subsystem certificate is issued locallly
-                config.putString("preop.cert.subsystem.type", "local");
-                config.putString("preop.cert.subsystem.profile", "subsystemCert.profile");
-
-                config.commit(false);
-            } else if (select.equals("existingdomain")) {
-                config.putString("preop.securitydomain.select", "existing");
-                config.putString("securitydomain.select", "existing");
-
-                // make sure the subsystem certificate is issued by the security domain
-                config.putString("preop.cert.subsystem.type", "remote");
-                config.putString("preop.cert.subsystem.profile", "caInternalAuthSubsystemCert");
-
-                String admin_url = HttpInput.getURL(request, "sdomainURL");
-                String hostname = "";
-                int admin_port = -1;
-
-                if (admin_url != null) {
-                    URL admin_u = new URL(admin_url);
-                    hostname = admin_u.getHost();
-                    admin_port = admin_u.getPort();
-                    context.put("sdomainURL", admin_url);
-                    config.putString("securitydomain.host", hostname);
-                    config.putInteger("securitydomain.httpsadminport", admin_port);
-                }
-                config.commit(false);
-
-                ConfigurationUtils.importCertChain(hostname, admin_port, "/ca/admin/ca/getCertChain", "securitydomain");
-            } else {
-                CMS.debug("SecurityDomainPanel: invalid choice " + select);
-                throw new IOException("invalid choice " + select);
-            }
-
-            config.commit(false);
-
-            context.put("cstype", config.getString("cs.type"));
-            context.put("wizardname", config.getString("preop.wizard.name"));
-            context.put("panelname", "Security Domain Configuration");
-            context.put("systemname", config.getString("preop.system.name"));
-        } catch (Exception e) {
-            CMS.debug("SecurityDomainPanel update(): Exception thrown:" + e);
-            e.printStackTrace();
-            context.put("errorString", e.toString());
-            context.put("updateStatus", "failure");
-            throw new IOException(e);
-        }
-
-        context.put("updateStatus", "success");
-    }
-
-    /**
-     * If validate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        IConfigStore config = CMS.getConfigStore();
-        String default_admin_url = "";
-        try {
-            initParams(request, context);
-        } catch (IOException e) {
-        }
-
-        try {
-            default_admin_url = config.getString("preop.securitydomain.admin_url", "");
-        } catch (Exception e) {
-        }
-
-        if (default_admin_url != null) {
-            String r = null;
-
-            try {
-                // check to see if "default" security domain exists on local machine
-                URL u = new URL(default_admin_url);
-
-                String hostname = u.getHost();
-                int port = u.getPort();
-                ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
-                r = pingCS(hostname, port, true, certApprovalCallback);
-            } catch (Exception e) {
-            }
-
-            if (r != null) {
-                // "default" security domain exists on local machine;
-                // refill "sdomainURL" in with "default" security domain
-                // as an initial "guess"
-                context.put("sdomainURL", default_admin_url);
-            } else {
-                // "default" security domain does NOT exist on local machine;
-                // leave "sdomainURL" blank
-                context.put("sdomainURL", "");
-            }
-        }
-
-        try {
-            context.put("machineName", config.getString("machineName"));
-            context.put("http_ee_port", CMS.getEENonSSLPort());
-            context.put("https_agent_port", CMS.getAgentPort());
-            context.put("https_ee_port", CMS.getEESSLPort());
-            context.put("https_admin_port", CMS.getAdminPort());
-            context.put("sdomainAdminURL",
-                        config.getString("preop.securitydomain.admin_url"));
-        } catch (EBaseException e) {
-        }
-
-        // Information for "existing" Security Domain CAs
-        String initDaemon = "pki-cad";
-        String instanceId = "&lt;security_domain_instance_name&gt;";
-        String os = System.getProperty("os.name");
-        if (os.equalsIgnoreCase("Linux")) {
-            context.put("initCommand", "/sbin/service " + initDaemon);
-            context.put("instanceId", instanceId);
-        } else {
-            /* default case:  e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
-            context.put("initCommand", "/etc/init.d/" + initDaemon);
-            context.put("instanceId", instanceId);
-        }
-
-        context.put("title", "Security Domain");
-        context.put("panel", "admin/console/config/securitydomainpanel.vm");
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java
deleted file mode 100644
index ddfa8fae1..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java
+++ /dev/null
@@ -1,398 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.StringWriter;
-import java.net.InetAddress;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Random;
-import java.util.Vector;
-
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.OutputKeys;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPAttributeSet;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPSearchConstraints;
-import netscape.ldap.LDAPSearchResults;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISecurityDomainSessionTable;
-import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.base.UnauthorizedException;
-import com.netscape.certsrv.ldap.ILdapConnFactory;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.system.DomainInfo;
-import com.netscape.certsrv.system.InstallToken;
-import com.netscape.certsrv.system.SecurityDomainHost;
-import com.netscape.certsrv.system.SecurityDomainSubsystem;
-import com.netscape.cms.servlet.processors.Processor;
-import com.netscape.cmsutil.xml.XMLObject;
-
-/**
- * @author Endi S. Dewata
- */
-public class SecurityDomainProcessor extends Processor {
-
-    public final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
-            "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
-
-    public final static String[] TYPES = { "CA", "KRA", "OCSP", "TKS", "RA", "TPS" };
-
-    Random random = new Random();
-
-    public SecurityDomainProcessor(Locale locale) throws EPropertyNotFound, EBaseException {
-        super("securitydomain", locale);
-    }
-
-    public InstallToken getInstallToken(
-            String user,
-            String hostname,
-            String subsystem) throws EBaseException {
-
-        String groupname = ConfigurationUtils.getGroupName(user, subsystem);
-
-        if (groupname == null) {
-            String message = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
-                    user,
-                    ILogger.FAILURE,
-                    "Enterprise " + subsystem + " Administrators");
-            audit(message);
-
-            throw new UnauthorizedException("Access denied.");
-        }
-
-        String message = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
-                user,
-                ILogger.SUCCESS,
-                groupname);
-        audit(message);
-
-        String ip = "";
-        try {
-            ip = InetAddress.getByName(hostname).getHostAddress();
-        } catch (Exception e) {
-            CMS.debug("Unable to determine IP address for "+hostname);
-        }
-
-        // assign cookie
-        Long num = random.nextLong();
-        String cookie = num.toString();
-
-        String auditParams = "operation;;issue_token+token;;" + cookie + "+ip;;" + ip +
-                      "+uid;;" + user + "+groupname;;" + groupname;
-
-        ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable();
-        int status = ctable.addEntry(cookie, ip, user, groupname);
-
-        if (status == ISecurityDomainSessionTable.SUCCESS) {
-            message = CMS.getLogMessage(
-                               LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
-                               user,
-                               ILogger.SUCCESS,
-                               auditParams);
-            audit(message);
-
-        } else {
-            message = CMS.getLogMessage(
-                               LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
-                               user,
-                               ILogger.FAILURE,
-                               auditParams);
-            audit(message);
-
-            throw new PKIException("Failed to update security domain.");
-        }
-
-
-        return new InstallToken(cookie);
-    }
-
-    public DomainInfo getDomainInfo() throws EBaseException {
-
-        ILdapConnFactory connFactory = null;
-        LDAPConnection conn = null;
-
-        try {
-            LDAPSearchConstraints cons = null;
-            String[] attrs = null;
-
-            IConfigStore cs = CMS.getConfigStore();
-            String basedn = cs.getString("internaldb.basedn");
-            String dn = "ou=Security Domain," + basedn;
-            String filter = "objectclass=pkiSecurityGroup";
-
-            IConfigStore ldapConfig = cs.getSubStore("internaldb");
-            connFactory = CMS.getLdapBoundConnFactory();
-            connFactory.init(ldapConfig);
-            conn = connFactory.getConn();
-
-            // get the security domain name
-            String name = (String) conn.read(dn).getAttribute("name").getStringValues().nextElement();
-            CMS.debug("SecurityDomainProcessor: name: "+name);
-
-            DomainInfo domain = new DomainInfo();
-            domain.setName(name);
-
-            // this should return CAList, KRAList etc.
-            LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
-                    attrs, true, cons);
-
-            while (res.hasMoreElements()) {
-                dn = res.next().getDN();
-                String listName = dn.substring(3, dn.indexOf(","));
-                String subType = listName.substring(0, listName.indexOf("List"));
-                CMS.debug("SecurityDomainProcessor: subtype: "+subType);
-
-                filter = "objectclass=pkiSubsystem";
-                LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
-                        attrs, false, cons);
-
-                while (res2.hasMoreElements()) {
-                    LDAPEntry entry = res2.next();
-                    CMS.debug("SecurityDomainProcessor:  - "+entry.getDN());
-
-                    SecurityDomainHost host = new SecurityDomainHost();
-
-                    LDAPAttributeSet entryAttrs = entry.getAttributeSet();
-
-                    @SuppressWarnings("unchecked")
-                    Enumeration<LDAPAttribute> attrsInSet = entryAttrs.getAttributes();
-                    while (attrsInSet.hasMoreElements()) {
-                        LDAPAttribute nextAttr = attrsInSet.nextElement();
-                        String attrName = nextAttr.getName();
-                        String attrValue = (String) nextAttr.getStringValues().nextElement();
-                        CMS.debug("SecurityDomainProcessor:    - "+attrName+": "+attrValue);
-
-                        if ("Host".equalsIgnoreCase(attrName)) {
-                            host.setHostname(attrValue);
-
-                        } else if ("UnSecurePort".equalsIgnoreCase(attrName)) {
-                            host.setPort(attrValue);
-
-                        } else if ("SecurePort".equalsIgnoreCase(attrName)) {
-                            host.setSecurePort(attrValue);
-
-                        } else if ("SecureEEClientAuthPort".equalsIgnoreCase(attrName)) {
-                            host.setSecureEEClientAuthPort(attrValue);
-
-                        } else if ("SecureAgentPort".equalsIgnoreCase(attrName)) {
-                            host.setSecureAgentPort(attrValue);
-
-                        } else if ("SecureAdminPort".equalsIgnoreCase(attrName)) {
-                            host.setSecureAdminPort(attrValue);
-
-                        } else if ("Clone".equalsIgnoreCase(attrName)) {
-                            host.setClone(attrValue);
-
-                        } else if ("SubsystemName".equalsIgnoreCase(attrName)) {
-                            host.setSubsystemName(attrValue);
-
-                        } else if ("DomainManager".equalsIgnoreCase(attrName)) {
-                            host.setDomainManager(attrValue);
-                        }
-                    }
-
-                    String port = host.getSecurePort();
-                    if (port == null) port = host.getSecureEEClientAuthPort();
-                    host.setId(subType+" "+host.getHostname()+" "+port);
-
-                    domain.addHost(subType, host);
-                }
-            }
-
-            return domain;
-
-        } catch (Exception e) {
-            CMS.debug("SecurityDomainProcessor: Failed to read domain info from ldap " + e);
-            throw new EBaseException(e.getMessage(), e);
-
-        } finally {
-            if (conn != null && connFactory != null) {
-                CMS.debug("Releasing ldap connection");
-                connFactory.returnConn(conn);
-            }
-        }
-    }
-
-    public XMLObject getDomainXML() throws EBaseException, ParserConfigurationException {
-        return convertDomainInfoToXMLObject(getDomainInfo());
-    }
-
-    public static XMLObject convertDomainInfoToXMLObject(DomainInfo domain) throws ParserConfigurationException {
-
-        XMLObject xmlObject = new XMLObject();
-
-        Node domainInfo = xmlObject.createRoot("DomainInfo");
-        xmlObject.addItemToContainer(domainInfo, "Name", domain.getName());
-
-        for (String subType : TYPES) {
-            SecurityDomainSubsystem subsystem = domain.getSubsystem(subType);
-            Node listNode = xmlObject.createContainer(domainInfo, subType+"List");
-
-            int counter;
-            if (subsystem == null) {
-                counter = 0;
-
-            } else {
-                counter = subsystem.getHosts().length;
-
-                for (SecurityDomainHost host : subsystem.getHosts()) {
-                    Node node = xmlObject.createContainer(listNode, subType);
-
-                    String value = host.getHostname();
-                    if (value != null) xmlObject.addItemToContainer(node, "Host", value);
-
-                    value = host.getPort();
-                    if (value != null) xmlObject.addItemToContainer(node, "UnSecurePort", value);
-
-                    value = host.getSecurePort();
-                    if (value != null) xmlObject.addItemToContainer(node, "SecurePort", value);
-
-                    value = host.getSecureEEClientAuthPort();
-                    if (value != null) xmlObject.addItemToContainer(node, "SecureEEClientAuthPort", value);
-
-                    value = host.getSecureAgentPort();
-                    if (value != null) xmlObject.addItemToContainer(node, "SecureAgentPort", value);
-
-                    value = host.getSecureAdminPort();
-                    if (value != null) xmlObject.addItemToContainer(node, "SecureAdminPort", value);
-
-                    value = host.getClone();
-                    if (value != null) xmlObject.addItemToContainer(node, "Clone", value);
-
-                    value = host.getSubsystemName();
-                    if (value != null) xmlObject.addItemToContainer(node, "SubsystemName", value);
-
-                    value = host.getDomainManager();
-                    if (value != null) xmlObject.addItemToContainer(node, "DomainManager", value);
-                }
-            }
-
-            xmlObject.addItemToContainer(
-                    listNode, "SubsystemCount", Integer.toString(counter));
-        }
-
-        return xmlObject;
-    }
-
-    public static DomainInfo convertXMLObjectToDomainInfo(XMLObject xmlObject) {
-
-        DomainInfo domain = new DomainInfo();
-        Document doc = xmlObject.getDocument();
-        Node rootNode = doc.getFirstChild();
-
-        Vector<String> values = xmlObject.getValuesFromContainer(rootNode, "Name");
-        if (!values.isEmpty()) domain.setName(values.firstElement());
-
-        for (String type : TYPES) {
-            NodeList hosts = doc.getElementsByTagName(type);
-            for (int j=0; j<hosts.getLength(); j++) {
-                Node hostNode = hosts.item(j);
-                SecurityDomainHost host = new SecurityDomainHost();
-
-                values = xmlObject.getValuesFromContainer(hostNode, "Host");
-                if (!values.isEmpty()) host.setHostname(values.firstElement());
-
-                values = xmlObject.getValuesFromContainer(hostNode, "UnSecurePort");
-                if (!values.isEmpty()) host.setPort(values.firstElement());
-
-                values = xmlObject.getValuesFromContainer(hostNode, "SecurePort");
-                if (!values.isEmpty()) host.setSecurePort(values.firstElement());
-
-                values = xmlObject.getValuesFromContainer(hostNode, "SecureEEClientAuthPort");
-                if (!values.isEmpty()) host.setSecureEEClientAuthPort(values.firstElement());
-
-                values = xmlObject.getValuesFromContainer(hostNode, "SecureAgentPort");
-                if (!values.isEmpty()) host.setSecureAgentPort(values.firstElement());
-
-                values = xmlObject.getValuesFromContainer(hostNode, "SecureAdminPort");
-                if (!values.isEmpty()) host.setSecureAdminPort(values.firstElement());
-
-                values = xmlObject.getValuesFromContainer(hostNode, "Clone");
-                if (!values.isEmpty()) host.setClone(values.firstElement());
-
-                values = xmlObject.getValuesFromContainer(hostNode, "SubsystemName");
-                if (!values.isEmpty()) host.setSubsystemName(values.firstElement());
-
-                values = xmlObject.getValuesFromContainer(hostNode, "DomainManager");
-                if (!values.isEmpty()) host.setDomainManager(values.firstElement());
-
-                String port = host.getSecurePort();
-                if (port == null) port = host.getSecureEEClientAuthPort();
-                host.setId(type+" "+host.getHostname()+" "+port);
-
-                domain.addHost(type, host);
-            }
-        }
-
-        return domain;
-    }
-
-    public static void main(String args[]) throws Exception {
-
-        DomainInfo before = new DomainInfo();
-        before.setName("EXAMPLE");
-
-        SecurityDomainHost host = new SecurityDomainHost();
-        host.setId("CA localhost 8443");
-        host.setHostname("localhost");
-        host.setPort("8080");
-        host.setSecurePort("8443");
-        host.setDomainManager("TRUE");
-
-        before.addHost("CA", host);
-
-        System.out.println("Before:");
-        System.out.println(before);
-
-        XMLObject xmlObject = convertDomainInfoToXMLObject(before);
-        Document document = xmlObject.getDocument();
-
-        Transformer transformer = TransformerFactory.newInstance().newTransformer();
-        transformer.setOutputProperty(OutputKeys.INDENT, "yes");
-        transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
-
-        StringWriter sw = new StringWriter();
-        transformer.transform(new DOMSource(document), new StreamResult(sw));
-
-        System.out.println("Domain XML:");
-        System.out.println(sw);
-
-        DomainInfo after = convertXMLObjectToDomainInfo(xmlObject);
-
-        System.out.println("After:");
-        System.out.println(after);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainService.java b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainService.java
deleted file mode 100644
index 399c28a35..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainService.java
+++ /dev/null
@@ -1,74 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.Request;
-import javax.ws.rs.core.UriInfo;
-
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.system.DomainInfo;
-import com.netscape.certsrv.system.InstallToken;
-import com.netscape.certsrv.system.SecurityDomainResource;
-import com.netscape.cms.servlet.base.PKIService;
-
-/**
- * @author alee
- */
-public class SecurityDomainService extends PKIService implements SecurityDomainResource {
-
-    @Context
-    private UriInfo uriInfo;
-
-    @Context
-    private HttpHeaders headers;
-
-    @Context
-    private Request request;
-
-    @Context
-    private HttpServletRequest servletRequest;
-
-    @Override
-    public InstallToken getInstallToken(String hostname, String subsystem) {
-        try {
-            // Get uid from realm authentication.
-            String user = servletRequest.getUserPrincipal().getName();
-
-            SecurityDomainProcessor processor = new SecurityDomainProcessor(getLocale(headers));
-            return processor.getInstallToken(user, hostname, subsystem);
-
-        } catch (EBaseException e) {
-            throw new PKIException(e.getMessage(), e);
-        }
-    }
-
-    @Override
-    public DomainInfo getDomainInfo() throws PKIException {
-        try {
-            SecurityDomainProcessor processor = new SecurityDomainProcessor(getLocale(headers));
-            return processor.getDomainInfo();
-
-        } catch (EBaseException e) {
-            throw new PKIException(e.getMessage(), e);
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
deleted file mode 100644
index 45a4fe106..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
+++ /dev/null
@@ -1,491 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.context.Context;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.util.HttpInput;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-
-public class SizePanel extends WizardPanelBase {
-    private Vector<Cert> mCerts = null;
-    private WizardServlet mServlet = null;
-
-    private String default_ecc_curve_name;
-    private String default_rsa_key_size;
-    private boolean mShowSigning = false;
-
-    public SizePanel() {
-    }
-
-    /**
-     * Initializes this panel.
-     */
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Key Pairs");
-        setId(id);
-        mServlet = servlet;
-    }
-
-    public PropertySet getUsage() {
-        PropertySet set = new PropertySet();
-
-        Descriptor choiceDesc =
-                new Descriptor(
-                        IDescriptor.CHOICE,
-                        "default,custom",
-                        null, /* no default parameter */
-                        "If 'default', the key size will be configured automatically. If 'custom', the key size will be set to the value of the parameter 'custom_size'.");
-
-        set.add("choice", choiceDesc);
-
-        Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
-                null, /* no default parameter */
-                "Custom Key Size");
-
-        set.add("custom_size", customSizeDesc);
-
-        return set;
-    }
-
-    public void cleanUp() throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        /* clean up if necessary*/
-        try {
-            @SuppressWarnings("unused")
-            boolean done = cs.getBoolean("preop.SizePanel.done"); // check for errors
-            cs.putBoolean("preop.SizePanel.done", false);
-            cs.commit(false);
-        } catch (Exception e) {
-        }
-    }
-
-    public boolean isPanelDone() {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            boolean s = cs.getBoolean("preop.SizePanel.done", false);
-            if (s != true) {
-                return false;
-            } else {
-                return true;
-            }
-        } catch (EBaseException e) {
-        }
-
-        return false;
-    }
-
-    /**
-     * Display the panel.
-     */
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        CMS.debug("SizePanel: display()");
-        try {
-            initParams(request, context);
-        } catch (IOException e) {
-        }
-
-        context.put("firsttime", "false");
-        String errorString = "";
-        mCerts = new Vector<Cert>();
-
-        IConfigStore config = CMS.getConfigStore();
-        try {
-            @SuppressWarnings("unused")
-            boolean done = config.getBoolean("preop.SizePanel.done"); // check whether it's first time
-        } catch (Exception e) {
-            context.put("firsttime", "true");
-        }
-
-        try {
-            default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256");
-        } catch (Exception e) {
-        }
-
-        try {
-            default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048");
-        } catch (Exception e) {
-        }
-
-        try {
-            // same token for now
-            String token = config.getString(PRE_CONF_CA_TOKEN);
-            String certTags = config.getString("preop.cert.list");
-            String rsaCertTags = config.getString("preop.cert.rsalist", "");
-            context.put("rsaTags", rsaCertTags);
-            StringTokenizer st = new StringTokenizer(certTags, ",");
-            mShowSigning = false;
-
-            while (st.hasMoreTokens()) {
-                String certTag = st.nextToken();
-                String nn = config.getString(PCERT_PREFIX + certTag + ".nickname");
-                Cert c = new Cert(token, nn, certTag);
-
-                String s = config.getString(PCERT_PREFIX + certTag + ".keysize.select", "default");
-
-                if (s.equals("default")) {
-                    c.setKeyOption("default");
-                }
-                if (s.equals("custom")) {
-                    c.setKeyOption("custom");
-                }
-
-                s = config.getString(PCERT_PREFIX + certTag + ".keysize.custom_size",
-                        default_rsa_key_size);
-                c.setCustomKeysize(s);
-
-                s = config.getString(PCERT_PREFIX + certTag + ".curvename.custom_name",
-                        default_ecc_curve_name);
-                c.setCustomCurvename(s);
-
-                boolean signingRequired = config.getBoolean(
-                        PCERT_PREFIX + certTag + ".signing.required",
-                        false);
-                c.setSigningRequired(signingRequired);
-                if (signingRequired)
-                    mShowSigning = true;
-
-                String userfriendlyname = config.getString(
-                        PCERT_PREFIX + certTag + ".userfriendlyname");
-                c.setUserFriendlyName(userfriendlyname);
-                boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true);
-                c.setEnable(enable);
-                mCerts.addElement(c);
-            }// while
-        } catch (Exception e) {
-            CMS.debug("SizePanel: display() " + e.toString());
-        }
-        CMS.debug("SizePanel: display() 1");
-
-        context.put("show_signing", mShowSigning ? "true" : "false");
-        context.put("certs", mCerts);
-        context.put("errorString", errorString);
-        context.put("default_keysize", default_rsa_key_size);
-        context.put("default_ecc_curvename", default_ecc_curve_name);
-        context.put("panel", "admin/console/config/sizepanel.vm");
-    }
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-    }
-
-    /**
-     * Commit parameter changes
-     */
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException, NumberFormatException {
-        CMS.debug("SizePanel: update()");
-        boolean hasErr = false;
-        IConfigStore config = CMS.getConfigStore();
-        String select1 = "";
-        String val1 = null;
-        boolean hasChanged = false;
-        try {
-            select1 = config.getString("preop.subsystem.select", "");
-        } catch (Exception e) {
-        }
-
-        context.put("firsttime", "false");
-        try {
-            @SuppressWarnings("unused")
-            boolean done = config.getBoolean("preop.SizePanel.done"); // check whether it's first time
-        } catch (Exception e) {
-            context.put("firsttime", "true");
-            if (select1.equals("clone")) {
-                // preset the sslserver dn for cloning case
-                try {
-                    String val = config.getString("preop.cert.sslserver.dn", "");
-                    config.putString("preop.cert.sslserver.dn", val + ",o=clone");
-                } catch (Exception ee) {
-                }
-            }
-        }
-
-        String token = "";
-        try {
-            token = config.getString(PRE_CONF_CA_TOKEN, "");
-            Enumeration<Cert> c = mCerts.elements();
-
-            while (c.hasMoreElements()) {
-                Cert cert = c.nextElement();
-                String ct = cert.getCertTag();
-                boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true);
-                if (!enable)
-                    continue;
-
-                String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa or ecc
-
-                String keyalgorithm = HttpInput.getString(request, ct + "_keyalgorithm");
-                if (keyalgorithm == null) {
-                    if (keytype != null && keytype.equals("ecc")) {
-                        keyalgorithm = "SHA256withEC";
-                    } else {
-                        keyalgorithm = "SHA256withRSA";
-                    }
-                }
-
-                String signingalgorithm = HttpInput.getString(request, ct + "_signingalgorithm");
-                if (signingalgorithm == null) {
-                    signingalgorithm = keyalgorithm;
-                }
-
-                String select = HttpInput.getID(request, ct + "_choice");
-
-                if (select == null) {
-                    CMS.debug("SizePanel: " + ct + "_choice not found");
-                    throw new IOException(
-                            "SizePanel: " + ct + "_choice not found");
-                }
-                CMS.debug("SizePanel: update() keysize choice selected:" + select);
-                String oldkeysize = config.getString(PCERT_PREFIX + ct + ".keysize.size", "");
-                String oldkeytype = config.getString(PCERT_PREFIX + ct + ".keytype", "");
-                String oldkeyalgorithm = config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
-                String oldsigningalgorithm = config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
-                String oldcurvename = config.getString(PCERT_PREFIX + ct + ".curvename.name", "");
-
-                if (select.equals("default")) {
-                    // XXXrenaming these...keep for now just in case
-                    config.putString("preop.keysize.select", "default");
-                    if (keytype != null && keytype.equals("ecc")) {
-                        config.putString("preop.curvename.custom_name", default_ecc_curve_name);
-                        config.putString("preop.curvename.name", default_ecc_curve_name);
-                    } else {
-                        config.putString("preop.keysize.custom_size", default_rsa_key_size);
-                        config.putString("preop.keysize.size", default_rsa_key_size);
-                    }
-
-                    config.putString(PCERT_PREFIX + ct + ".keytype", keytype);
-                    config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm);
-                    config.putString(PCERT_PREFIX + ct + ".signingalgorithm", signingalgorithm);
-                    config.putString(PCERT_PREFIX + ct + ".keysize.select", "default");
-
-                    if (keytype != null && keytype.equals("ecc")) {
-                        config.putString(PCERT_PREFIX + ct +".curvename.custom_name",
-                                default_ecc_curve_name);
-                        config.putString(PCERT_PREFIX + ct + ".curvename.name",
-                                default_ecc_curve_name);
-                    } else {
-                        config.putString(PCERT_PREFIX + ct + ".keysize.custom_size",
-                                default_rsa_key_size);
-                        config.putString(PCERT_PREFIX + ct + ".keysize.size",
-                                default_rsa_key_size);
-                    }
-                } else if (select.equals("custom")) {
-                    // XXXrenaming these...keep for now just in case
-                    config.putString("preop.keysize.select", "custom");
-                    if (keytype != null && keytype.equals("ecc")) {
-                        config.putString("preop.curvename.name",
-                                HttpInput.getString(request, ct + "_custom_curvename"));
-                        config.putString("preop.curvename.custom_name",
-                                HttpInput.getString(request, ct + "_custom_curvename"));
-                    } else {
-                        config.putString("preop.keysize.size",
-                                HttpInput.getKeySize(request, ct + "_custom_size", keytype));
-                        config.putString("preop.keysize.custom_size",
-                                HttpInput.getKeySize(request, ct + "_custom_size", keytype));
-                    }
-
-                    config.putString(PCERT_PREFIX + ct + ".keytype", keytype);
-                    config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm);
-                    config.putString(PCERT_PREFIX + ct + ".signingalgorithm", signingalgorithm);
-                    config.putString(PCERT_PREFIX + ct + ".keysize.select", "custom");
-
-                    if (keytype != null && keytype.equals("ecc")) {
-                        config.putString(PCERT_PREFIX + ct + ".curvename.custom_name",
-                                HttpInput.getString(request, ct + "_custom_curvename"));
-                        config.putString(PCERT_PREFIX + ct + ".curvename.name",
-                                HttpInput.getString(request, ct + "_custom_curvename"));
-                    } else {
-                        config.putString(PCERT_PREFIX + ct + ".keysize.custom_size",
-                                HttpInput.getKeySize(request, ct + "_custom_size"));
-                        config.putString(PCERT_PREFIX + ct + ".keysize.size",
-                                HttpInput.getKeySize(request, ct + "_custom_size"));
-                    }
-                } else {
-                    CMS.debug("SizePanel: invalid choice " + select);
-                    throw new IOException("invalid choice " + select);
-                }
-
-                String newkeysize = config.getString(PCERT_PREFIX + ct + ".keysize.size", "");
-                String newkeytype = config.getString(PCERT_PREFIX + ct + ".keytype", "");
-                String newkeyalgorithm = config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
-                String newsigningalgorithm = config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
-                String newcurvename = config.getString(PCERT_PREFIX + ct + ".curvename.name", "");
-
-                if (!oldkeysize.equals(newkeysize) ||
-                        !oldkeytype.equals(newkeytype) ||
-                        !oldkeyalgorithm.equals(newkeyalgorithm) ||
-                        !oldsigningalgorithm.equals(newsigningalgorithm) ||
-                        !oldcurvename.equals(newcurvename))
-                    hasChanged = true;
-            }// while
-
-            try {
-                config.commit(false);
-            } catch (EBaseException e) {
-                CMS.debug("SizePanel: update() Exception caught at config commit: " + e.toString());
-            }
-
-            val1 = HttpInput.getID(request, "generateKeyPair");
-
-            if (hasChanged || (val1 != null && !val1.equals(""))) {
-                mServlet.cleanUpFromPanel(mServlet.getPanelNo(request));
-            } else if (isPanelDone()) {
-                context.put("updateStatus", "success");
-                return;
-            }
-        } catch (IOException e) {
-            CMS.debug("SizePanel: update() IOException caught: " + e.toString());
-            context.put("updateStatus", "failure");
-            throw e;
-        } catch (NumberFormatException e) {
-            CMS.debug("SizePanel: update() NumberFormatException caught: " + e.toString());
-            context.put("updateStatus", "failure");
-            throw e;
-        } catch (Exception e) {
-            CMS.debug("SizePanel: update() Exception caught: " + e.toString());
-        }
-
-        // generate key pair
-        Enumeration<Cert> c = mCerts.elements();
-
-        while (c.hasMoreElements()) {
-            Cert cert = c.nextElement();
-            String ct = cert.getCertTag();
-            String friendlyName = ct;
-            boolean enable = true;
-            try {
-                enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true);
-                friendlyName = config.getString(PCERT_PREFIX + ct + ".userfriendlyname", ct);
-            } catch (Exception e) {
-            }
-
-            if (!enable)
-                continue;
-
-            try {
-                String keytype = config.getString(PCERT_PREFIX + ct + ".keytype");
-
-                if (keytype.equals("rsa")) {
-                    int keysize = config.getInteger(PCERT_PREFIX + ct + ".keysize.size");
-                    ConfigurationUtils.createRSAKeyPair(token, keysize, config, ct);
-                } else {
-                    String curveName = config.getString(PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name);
-                    ConfigurationUtils.createECCKeyPair(token, curveName, config, ct);
-                }
-                config.commit(false);
-            } catch (Exception e) {
-                CMS.debug(e);
-                CMS.debug("SizePanel: key generation failure: " + e.toString());
-                context.put("updateStatus", "failure");
-                throw new IOException("key generation failure for the certificate: " + friendlyName +
-                                      ".  See the logs for details.");
-            }
-        } // while
-
-        if (hasErr == false) {
-            config.putBoolean("preop.SizePanel.done", true);
-            try {
-                config.commit(false);
-            } catch (EBaseException e) {
-                CMS.debug("SizePanel: update() Exception caught at config commit: "+ e.toString());
-            }
-        }
-        CMS.debug("SizePanel: update() done");
-        context.put("updateStatus", "success");
-    }
-
-    public void initParams(HttpServletRequest request, Context context)
-                   throws IOException {
-        IConfigStore config = CMS.getConfigStore();
-        String s = "";
-        try {
-            context.put("title", "Key Pairs");
-
-            s = config.getString("preop.subsystem.select", "");
-            context.put("select", s);
-
-            s = config.getString("preop.hierarchy.select", "root");
-            context.put("hselect", s);
-
-            s = config.getString("preop.ecc.algorithm.list", "SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC");
-            context.put("ecclist", s);
-
-            s =
-                    config.getString("preop.rsa.algorithm.list",
-                            "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA");
-            context.put("rsalist", s);
-
-            s = config.getString("keys.ecc.curve.list", "nistp256");
-            context.put("curvelist", s);
-
-            s = config.getString("keys.ecc.curve.display.list", "nistp256");
-            context.put("displaycurvelist", s);
-
-            s = config.getString("pkicreate.subsystem_type");
-            context.put("subsystemtype", s);
-
-        } catch (Exception e) {
-            CMS.debug("SizePanel(): initParams: unable to set all initial parameters:" + e);
-        }
-    }
-
-    /**
-     * If validiate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        try {
-            initParams(request, context);
-        } catch (IOException e) {
-        }
-
-        context.put("certs", mCerts);
-        context.put("show_signing", mShowSigning ? "true" : "false");
-        context.put("default_keysize", default_rsa_key_size);
-        context.put("default_ecc_curvename", default_ecc_curve_name);
-
-        context.put("panel", "admin/console/config/sizepanel.vm");
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemCertDataFactory.java b/base/common/src/com/netscape/cms/servlet/csadmin/SystemCertDataFactory.java
deleted file mode 100644
index aaaf17163..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SystemCertDataFactory.java
+++ /dev/null
@@ -1,48 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-
-package com.netscape.cms.servlet.csadmin;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
-import com.netscape.certsrv.system.SystemCertData;
-
-/**
- * @author edewata
- */
-public class SystemCertDataFactory {
-
-    public static SystemCertData create(Cert cert) {
-        SystemCertData data = new SystemCertData();
-        data.setCert(cert.getCert());
-        data.setRequest(cert.getRequest());
-        data.setTag(cert.getCertTag());
-        data.setCertChain(cert.getCertChain());
-        return data;
-    }
-
-    public static List<SystemCertData> create(Collection<Cert> certs) {
-        List<SystemCertData> result = new ArrayList<SystemCertData>();
-        for (Cert cert : certs) {
-            result.add(create(cert));
-        }
-        return result;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
deleted file mode 100644
index c6100148f..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
+++ /dev/null
@@ -1,1277 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.math.BigInteger;
-import java.net.MalformedURLException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.net.URL;
-import java.security.NoSuchAlgorithmException;
-import java.util.Collection;
-import java.util.Enumeration;
-import java.util.Iterator;
-import java.util.Random;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Request;
-import javax.ws.rs.core.UriInfo;
-
-import netscape.security.x509.X509CertImpl;
-
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.CryptoManager.NotInitializedException;
-import org.mozilla.jss.NoSuchTokenException;
-import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.crypto.TokenException;
-import org.mozilla.jss.util.IncorrectPasswordException;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.BadRequestException;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.ocsp.IOCSPAuthority;
-import com.netscape.certsrv.system.ConfigurationRequest;
-import com.netscape.certsrv.system.ConfigurationResponse;
-import com.netscape.certsrv.system.SystemCertData;
-import com.netscape.certsrv.system.SystemConfigResource;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cms.servlet.base.PKIService;
-import com.netscape.cmsutil.crypto.CryptoUtil;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * @author alee
- *
- */
-public class SystemConfigService extends PKIService implements SystemConfigResource {
-    @Context
-    private UriInfo uriInfo;
-
-    @Context
-    private HttpHeaders headers;
-
-    @Context
-    private Request request;
-
-    @Context
-    private HttpServletRequest servletRequest;
-
-    IConfigStore cs;
-    String csType;
-    String csSubsystem;
-    String csState;
-    boolean isMasterCA = false;
-    String instanceRoot;
-
-    public static String SUCCESS = "0";
-    public static final String RESTART_SERVER_AFTER_CONFIGURATION =
-            "restart_server_after_configuration";
-
-    public SystemConfigService() throws EPropertyNotFound, EBaseException {
-        cs = CMS.getConfigStore();
-        csType = cs.getString("cs.type");
-        csSubsystem = csType.toLowerCase();
-        csState = cs.getString("cs.state");
-        String domainType = cs.getString("securitydomain.select", "existingdomain");
-        if (csType.equals("CA") && domainType.equals("new")) {
-            isMasterCA = true;
-        }
-        instanceRoot = cs.getString("instanceRoot");
-    }
-
-    /* (non-Javadoc)
-     * @see com.netscape.cms.servlet.csadmin.SystemConfigurationResource#configure(javax.ws.rs.core.MultivaluedMap)
-     */
-    @Override
-    public ConfigurationResponse configure(MultivaluedMap<String, String> form) {
-        ConfigurationRequest data = new ConfigurationRequest(form);
-        return configure(data);
-    }
-
-    /* (non-Javadoc)
-     * @see com.netscape.cms.servlet.csadmin.SystemConfigurationResource#configure(com.netscape.cms.servlet.csadmin.data.ConfigurationData)
-     */
-    @Override
-    public ConfigurationResponse configure(ConfigurationRequest data){
-        if (csState.equals("1")) {
-            throw new BadRequestException("System is already configured");
-        }
-
-        String certList;
-        try {
-            certList = cs.getString("preop.cert.list");
-        } catch (Exception e) {
-            e.printStackTrace();
-            throw new PKIException("Unable to get certList from config file");
-        }
-
-        CMS.debug("SystemConfigService(): configure() called");
-        CMS.debug(data.toString());
-
-        validateData(data);
-        ConfigurationResponse response = new ConfigurationResponse();
-
-        if (data.getStandAlone() && data.getStepTwo()) {
-                // Stand-alone PKI (Step 2)
-                // Special case to import the external CA and its Chain
-                certList = "external_signing" + "," + certList;
-        }
-
-        // specify module and log into token
-        CMS.debug("=== Token Panel ===");
-        String token = data.getToken();
-        if (token == null) {
-            token = ConfigurationRequest.TOKEN_DEFAULT;
-        }
-        tokenPanel(data, token);
-
-        //configure security domain
-        CMS.debug("=== Security Domain Panel ===");
-        String securityDomainType = data.getSecurityDomainType();
-        String domainXML = securityDomainPanel(data, securityDomainType);
-
-        //subsystem panel
-        CMS.debug("=== Subsystem Panel ===");
-        cs.putString("preop.subsystem.name", data.getSubsystemName());
-
-        // is this a clone of another subsystem?
-        if (data.getIsClone().equals("false")) {
-            cs.putString("preop.subsystem.select", "new");
-            cs.putString("subsystem.select", "New");
-        } else {
-            cs.putString("preop.subsystem.select", "clone");
-            cs.putString("subsystem.select", "Clone");
-            getCloningData(data, certList, token, domainXML);
-        }
-
-        // Hierarchy Panel
-        CMS.debug("=== Hierarchy Panel ===");
-        hierarchyPanel(data);
-
-        // TPS Panels
-        if (csType.equals("TPS")) {
-
-            // get subsystem certificate nickname
-            String subsystemNick = null;
-            for (SystemCertData cdata: data.getSystemCerts()) {
-                if (cdata.getTag().equals("subsystem")) {
-                    subsystemNick = cdata.getNickname();
-                    break;
-                }
-            }
-            if ((subsystemNick == null) || subsystemNick.isEmpty()) {
-                throw new BadRequestException("No nickname provided for subsystem certificate");
-            }
-
-            // CA Info Panel
-            caInfoPanel(data, subsystemNick);
-
-            // retrieve and import CA cert
-
-            // TKS Info Panel
-            tksInfoPanel(data, subsystemNick);
-
-            //DRM Info Panel
-            kraInfoPanel(data, subsystemNick);
-
-            //AuthDBPanel
-            ConfigurationUtils.updateAuthdbInfo(data.getAuthdbBaseDN(),
-                    data.getAuthdbHost(), data.getAuthdbPort(),
-                    data.getAuthdbSecureConn());
-
-        }
-
-        // Database Panel
-        CMS.debug("=== Database Panel ===");
-        databasePanel(data);
-
-        // SizePanel, NamePanel, CertRequestPanel
-        //handle the CA URL
-        CMS.debug("=== Size Panel, Name Panel, CertRequest Panel ===");
-        try {
-            if ((data.getHierarchy() == null) || (data.getHierarchy().equals("join"))) {
-                String url = data.getIssuingCA();
-                if (url.equals("External CA")) {
-                    CMS.debug("external CA selected");
-                    cs.putString("preop.ca.type", "otherca");
-                    cs.putString("preop.ca.pkcs7", "");
-                    cs.putInteger("preop.ca.certchain.size", 0);
-                    if (csType.equals("CA")) {
-                        cs.putString("preop.cert.signing.type", "remote");
-                    }
-                } else {
-                    CMS.debug("local CA selected");
-                    url = url.substring(url.indexOf("https"));
-                    cs.putString("preop.ca.url", url);
-
-                    URL urlx = new URL(url);
-                    String host = urlx.getHost();
-                    int port = urlx.getPort();
-                    int admin_port = ConfigurationUtils.getPortFromSecurityDomain(domainXML,
-                            host, port, "CA", "SecurePort", "SecureAdminPort");
-
-                    cs.putString("preop.ca.type", "sdca");
-                    cs.putString("preop.ca.hostname", host);
-                    cs.putInteger("preop.ca.httpsport", port);
-                    cs.putInteger("preop.ca.httpsadminport", admin_port);
-
-                    if (!data.getIsClone().equals("true")) {
-                       ConfigurationUtils.importCertChain(host, admin_port, "/ca/admin/ca/getCertChain", "ca");
-                    }
-
-                    if (csType.equals("CA")) {
-                        cs.putString("preop.cert.signing.type", "remote");
-                        cs.putString("preop.cert.signing.profile","caInstallCACert");
-                    }
-                }
-            }
-        } catch (Exception e) {
-            throw new PKIException("Error in obtaining certificate chain from issuing CA: " + e);
-        }
-
-        boolean generateServerCert = data.getGenerateServerCert().equalsIgnoreCase("false")? false : true;
-        boolean hasSigningCert = false;
-        Vector<Cert> certs = new Vector<Cert>();
-        try {
-            StringTokenizer t = new StringTokenizer(certList, ",");
-            while (t.hasMoreTokens()) {
-                String ct = t.nextToken();
-                String certStr;
-                boolean enable = cs.getBoolean("preop.cert." + ct + ".enable", true);
-                if (!enable) continue;
-
-                Collection<SystemCertData> certData = data.getSystemCerts();
-                Iterator<SystemCertData> iterator = certData.iterator();
-                SystemCertData cdata = null;
-                boolean cdata_found = false;
-                while (iterator.hasNext()) {
-                    cdata = iterator.next();
-                    if (cdata.getTag().equals(ct)) {
-                        cdata_found = true;
-                        CMS.debug("Found data for '" + ct + "'");
-                        break;
-                    }
-                }
-                if (!cdata_found) {
-                    CMS.debug("No data for '" + ct + "' was found!");
-                    throw new BadRequestException("No data for '" + ct + "' was found!");
-                }
-
-                if (data.getStandAlone() && data.getStepTwo()) {
-                    // Stand-alone PKI (Step 2)
-                    if (ct.equals("external_signing")) {
-                        String b64 = cdata.getCert();
-                        if ((b64!= null) && (b64.length()>0) && (!b64.startsWith("..."))) {
-                            hasSigningCert = true;
-                            if (data.getIssuingCA().equals("External CA")) {
-                                String nickname = (cdata.getNickname() != null) ? cdata.getNickname() : "caSigningCert External CA";
-                                String tokenName = cdata.getToken() != null ? cdata.getToken() : token;
-                                Cert certObj = new Cert(tokenName, nickname, ct);
-                                ConfigurationUtils.setExternalCACert(b64, csSubsystem, cs, certObj);
-                                CMS.debug("Step 2:  certStr for '" + ct + "' is " + b64);
-                                String certChainStr = cdata.getCertChain();
-                                if (certChainStr != null) {
-                                    ConfigurationUtils.setExternalCACertChain(certChainStr, csSubsystem, cs, certObj);
-                                    CMS.debug("Step 2:  certChainStr for '" + ct + "' is " + certChainStr);
-                                    certs.addElement(certObj);
-                                } else {
-                                    throw new BadRequestException("CertChain not provided");
-                                }
-                            }
-                            continue;
-                        }
-                    }
-                }
-
-                if (!generateServerCert && ct.equals("sslserver")) {
-                    if (!cdata.getToken().equals("internal")) {
-                        cs.putString(csSubsystem + ".cert.sslserver.nickname", cdata.getNickname());
-                    } else {
-                        cs.putString(csSubsystem + ".cert.sslserver.nickname", data.getToken() +
-                                ":" + cdata.getNickname());
-                    }
-                    cs.putString(csSubsystem + ".sslserver.nickname", cdata.getNickname());
-                    cs.putString(csSubsystem + ".sslserver.cert", cdata.getCert());
-                    cs.putString(csSubsystem + ".sslserver.certreq", cdata.getRequest());
-                    cs.putString(csSubsystem + ".sslserver.tokenname", cdata.getToken());
-                    continue;
-                }
-
-                String keytype = (cdata.getKeyType() != null) ? cdata.getKeyType() : "rsa";
-
-                String keyalgorithm = cdata.getKeyAlgorithm();
-                if (keyalgorithm == null) {
-                    keyalgorithm = (keytype.equals("ecc")) ? "SHA256withEC" : "SHA256withRSA";
-                }
-
-                String signingalgorithm = (cdata.getSigningAlgorithm() != null)?  cdata.getSigningAlgorithm(): keyalgorithm ;
-                String nickname = (cdata.getNickname() != null) ? cdata.getNickname() :
-                    cs.getString("preop.cert." + ct + ".nickname");
-                String dn = (cdata.getSubjectDN() != null)? cdata.getSubjectDN() :
-                    cs.getString("preop.cert." + ct + ".dn");
-
-
-                cs.putString("preop.cert." + ct + ".keytype", keytype);
-                cs.putString("preop.cert." + ct + ".keyalgorithm", keyalgorithm);
-                cs.putString("preop.cert." + ct + ".signingalgorithm", signingalgorithm);
-                cs.putString("preop.cert." + ct + ".nickname", nickname);
-                cs.putString("preop.cert." + ct + ".dn", dn);
-
-                if (!data.getStepTwo()) {
-                    if (keytype.equals("ecc")) {
-                        String curvename = (cdata.getKeyCurveName() != null) ?
-                                cdata.getKeyCurveName() : cs.getString("keys.ecc.curve.default");
-                        cs.putString("preop.cert." + ct + ".curvename.name", curvename);
-                        ConfigurationUtils.createECCKeyPair(token, curvename, cs, ct);
-                    } else {
-                        String keysize = cdata.getKeySize() != null ? cdata.getKeySize() : cs
-                                .getString("keys.rsa.keysize.default");
-                        cs.putString("preop.cert." + ct + ".keysize.size", keysize);
-                        ConfigurationUtils.createRSAKeyPair(token, Integer.parseInt(keysize), cs, ct);
-                    }
-                } else {
-                    CMS.debug("configure(): step two selected.  keys will not be generated for '" + ct + "'");
-                }
-
-                String tokenName = cdata.getToken() != null ? cdata.getToken() : token;
-                Cert certObj = new Cert(tokenName, nickname, ct);
-                certObj.setDN(dn);
-                certObj.setSubsystem(cs.getString("preop.cert." + ct + ".subsystem"));
-                certObj.setType(cs.getString("preop.cert." + ct + ".type"));
-
-                if (!data.getStepTwo()) {
-                    ConfigurationUtils.configCert(null, null, null, certObj, null);
-                } else {
-                    String subsystem = cs.getString("preop.cert." + ct + ".subsystem");
-                    if (data.getStandAlone()) {
-                        // Stand-alone PKI (Step 2)
-                        certStr = cdata.getCert();
-                        certStr = CryptoUtil.stripCertBrackets(certStr.trim());
-                        certStr = CryptoUtil.normalizeCertStr(certStr);
-                        cs.putString(subsystem + "." + ct + ".cert", certStr);
-                    } else {
-                        certStr = cs.getString(subsystem + "." + ct + ".cert" );
-                    }
-
-                    certObj.setCert(certStr);
-                    CMS.debug("Step 2:  certStr for '" + ct + "' is " + certStr);
-                }
-
-                // Handle Cert Requests for everything EXCEPT Stand-alone PKI (Step 2)
-                if (data.getStandAlone()) {
-                    if (!data.getStepTwo()) {
-                        // Stand-alone PKI (Step 1)
-                        ConfigurationUtils.handleCertRequest(cs, ct, certObj);
-
-                        CMS.debug("Stand-alone " + csType + " Admin CSR");
-                        String adminSubjectDN = data.getAdminSubjectDN();
-                        String certreqStr = data.getAdminCertRequest();
-                        certreqStr = CryptoUtil.normalizeCertAndReq(certreqStr);
-                        cs.putString("preop.cert.admin.dn", adminSubjectDN);
-                        cs.putString(csSubsystem + ".admin.certreq", certreqStr);
-                        cs.putString(csSubsystem + ".admin.cert", "...paste certificate here...");
-                    }
-                } else {
-                    ConfigurationUtils.handleCertRequest(cs, ct, certObj);
-                }
-
-                if (data.getIsClone().equals("true")) {
-                    ConfigurationUtils.updateCloneConfig();
-                }
-
-                // to determine if we have the signing cert when using an external ca
-                // this will only execute on a ca or stand-alone pki
-                String b64 = cdata.getCert();
-                if ((ct.equals("signing") || ct.equals("external_signing")) && (b64!= null) && (b64.length()>0) && (!b64.startsWith("..."))) {
-                    hasSigningCert = true;
-                    if (data.getIssuingCA().equals("External CA")) {
-                        b64 = CryptoUtil.stripCertBrackets(b64.trim());
-                        certObj.setCert(CryptoUtil.normalizeCertStr(b64));
-
-                        if (cdata.getCertChain() != null) {
-                            certObj.setCertChain(cdata.getCertChain());
-                        } else {
-                            throw new BadRequestException("CertChain not provided");
-                        }
-                    }
-                }
-
-                certs.addElement(certObj);
-            }
-            // make sure to commit changes here for step 1
-            cs.commit(false);
-
-        } catch (NumberFormatException e) {
-            // move these validations to validate()?
-            throw new BadRequestException("Non-integer value for key size");
-        } catch (NoSuchAlgorithmException e) {
-            e.printStackTrace();
-            throw new BadRequestException("Invalid algorithm " + e);
-        } catch (Exception e) {
-            e.printStackTrace();
-            throw new PKIException("Error in setting certificate names and key sizes: " + e);
-        }
-
-        // non-Stand-alone PKI submitting CSRs to external ca
-        if ((data.getIssuingCA()!= null) && data.getIssuingCA().equals("External CA") && (!hasSigningCert)) {
-            CMS.debug("Submit CSRs to external ca . . .");
-            response.setSystemCerts(SystemCertDataFactory.create(certs));
-            response.setStatus(SUCCESS);
-            return response;
-        }
-
-        Enumeration<Cert> c = certs.elements();
-        while (c.hasMoreElements()) {
-            Cert cert = c.nextElement();
-            int ret;
-            try {
-                CMS.debug("Processing '" + cert.getCertTag() + "' certificate:");
-                ret = ConfigurationUtils.handleCerts(cert);
-                ConfigurationUtils.setCertPermissions(cert.getCertTag());
-                CMS.debug("Processed '" + cert.getCertTag() + "' certificate.");
-            } catch (Exception e) {
-                e.printStackTrace();
-                throw new PKIException("Error in configuring system certificates" + e);
-            }
-            if (ret != 0) {
-                throw new PKIException("Error in configuring system certificates");
-            }
-        }
-        response.setSystemCerts(SystemCertDataFactory.create(certs));
-
-        // BackupKeyCertPanel/SavePKCS12Panel
-        CMS.debug("=== BackupKeyCert Panel/SavePKCS12 Panel ===");
-        if (data.getBackupKeys().equals("true")) {
-            try {
-                ConfigurationUtils.backupKeys(data.getBackupPassword(), data.getBackupFile());
-            } catch (Exception e) {
-                e.printStackTrace();
-                throw new PKIException("Error in creating pkcs12 to backup keys and certs: " + e);
-            }
-        }
-
-        // AdminPanel
-        CMS.debug("=== Admin Panel ===");
-        adminPanel(data, response);
-
-        // Done Panel
-        // Create or update security domain
-        CMS.debug("=== Done Panel ===");
-        try {
-            if (securityDomainType.equals(ConfigurationRequest.NEW_DOMAIN)) {
-                ConfigurationUtils.createSecurityDomain();
-            } else {
-                ConfigurationUtils.updateSecurityDomain();
-            }
-            cs.putString("service.securityDomainPort", CMS.getAgentPort());
-            cs.putString("securitydomain.store", "ldap");
-            cs.commit(false);
-        } catch (Exception e) {
-            e.printStackTrace();
-            throw new PKIException("Error while updating security domain: " + e);
-        }
-
-        // need to push connector information to the CA
-        String ca_host="";
-        try {
-            ca_host = cs.getString("preop.ca.hostname", "");
-        } catch (EBaseException e) {
-            e.printStackTrace();
-        }
-
-        // need to push connector information to the CA
-        try {
-            if (csType.equals("KRA") && (!data.getStandAlone()) && (!ca_host.equals(""))) {
-                ConfigurationUtils.updateConnectorInfo(CMS.getAgentHost(), CMS.getAgentPort());
-                ConfigurationUtils.setupClientAuthUser();
-            }
-        } catch (Exception e) {
-            e.printStackTrace();
-            throw new PKIException("Errors in pushing KRA connector information to the CA: " + e);
-        }
-
-        // import the CA certificate into the OCSP
-        // configure the CRL Publishing to OCSP in CA
-        try {
-            if (csType.equals("OCSP") && (!ca_host.equals(""))) {
-                CMS.reinit(IOCSPAuthority.ID);
-                ConfigurationUtils.importCACertToOCSP();
-                if (!data.getStandAlone()) {
-                    ConfigurationUtils.updateOCSPConfig();
-                    ConfigurationUtils.setupClientAuthUser();
-                }
-            }
-        } catch (Exception e) {
-            e.printStackTrace();
-            throw new PKIException("Errors in configuring CA publishing to OCSP: " + e);
-        }
-
-        if (!data.getIsClone().equals("true")) {
-            try {
-                if (csType.equals("CA") || csType.equals("KRA")) {
-                     ConfigurationUtils.updateNextRanges();
-                }
-            } catch (Exception e) {
-                e.printStackTrace();
-                throw new PKIException("Errors in updating next serial number ranges in DB: " + e);
-            }
-        }
-
-        try {
-            if (data.getIsClone().equals("true") && csType.equalsIgnoreCase("CA")
-                    && ConfigurationUtils.isSDHostDomainMaster(cs)) {
-                // cloning a domain master CA, the clone is also master of its domain
-                cs.putString("securitydomain.host", CMS.getEEHost());
-                cs.putString("securitydomain.httpport", CMS.getEENonSSLPort());
-                cs.putString("securitydomain.httpsadminport", CMS.getAdminPort());
-                cs.putString("securitydomain.httpsagentport", CMS.getAgentPort());
-                cs.putString("securitydomain.httpseeport", CMS.getEESSLPort());
-                cs.putString("securitydomain.select", "new");
-
-            }
-        } catch (Exception e1) {
-            e1.printStackTrace();
-            throw new PKIException("Errors in determining if security domain host is a master CA");
-        }
-
-        try {
-            ConfigurationUtils.setupDBUser();
-        } catch (Exception e) {
-            e.printStackTrace();
-            throw new PKIException("Errors in creating or updating dbuser: " + e);
-        }
-
-        if (csType.equals("TPS")) {
-            try {
-                ConfigurationUtils.addProfilesToTPSUser(data.getAdminUID());
-
-                URI secdomainURI = new URI(data.getSecurityDomainUri());
-
-                // register TPS with CA
-                URI caURI = new URI(data.getCaUri());
-                ConfigurationUtils.registerUser(secdomainURI, caURI, "ca");
-
-                // register TPS with TKS
-                URI tksURI = new URI(data.getTksUri());
-                ConfigurationUtils.registerUser(secdomainURI, tksURI, "tks");
-
-                if (data.getEnableServerSideKeyGen().equalsIgnoreCase("true")) {
-                    URI kraURI = new URI(data.getKraUri());
-                    ConfigurationUtils.registerUser(secdomainURI, kraURI, "kra");
-                    String transportCert = ConfigurationUtils.getTransportCert(secdomainURI, kraURI);
-                    ConfigurationUtils.exportTransportCert(secdomainURI, tksURI, transportCert);
-                }
-
-                // generate shared secret from the tks
-                ConfigurationUtils.getSharedSecret(
-                        tksURI.getHost(),
-                        tksURI.getPort(),
-                        Boolean.getBoolean(data.getImportSharedSecret()));
-
-            } catch (URISyntaxException e) {
-                throw new BadRequestException("Invalid URI for CA, TKS or KRA");
-            } catch (Exception e) {
-                e.printStackTrace();
-                throw new PKIException("Errors in registering TPS to CA, TKS or KRA: " + e);
-            }
-        }
-
-        cs.putInteger("cs.state", 1);
-
-        // update serial numbers for clones
-
-        // save some variables, remove remaining preops
-        try {
-            ConfigurationUtils.removePreopConfigEntries();
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            throw new PKIException("Errors when removing preop config entries: " + e);
-        }
-
-        // Create an empty file that designates the fact that although
-        // this server instance has been configured, it has NOT yet
-        // been restarted!
-        String restart_server = instanceRoot + "/conf/" + RESTART_SERVER_AFTER_CONFIGURATION;
-        Utils.exec("touch " + restart_server);
-        Utils.exec("chmod 00660 " + restart_server);
-
-        response.setStatus(SUCCESS);
-        return response;
-    }
-
-    private void caInfoPanel(ConfigurationRequest data, String subsystemNick) {
-        URI caUri = null;
-        try {
-            caUri = new URI(data.getCaUri());
-        } catch (URISyntaxException e) {
-            throw new BadRequestException("Invalid caURI " + caUri);
-        }
-        ConfigurationUtils.updateCAConnInfo(caUri, subsystemNick);
-    }
-
-    private void tksInfoPanel(ConfigurationRequest data, String subsystemNick) {
-        URI tksUri = null;
-        try {
-            tksUri = new URI(data.getTksUri());
-        } catch (URISyntaxException e) {
-            throw new BadRequestException("Invalid tksURI " + tksUri);
-        }
-
-        ConfigurationUtils.updateTKSConnInfo(tksUri, subsystemNick);
-    }
-
-    private void kraInfoPanel(ConfigurationRequest data, String subsystemNick) {
-        URI kraUri = null;
-        try {
-            kraUri = new URI(data.getCaUri());
-        } catch (URISyntaxException e) {
-            throw new BadRequestException("Invalid kraURI " + kraUri);
-        }
-        boolean keyGen = data.getEnableServerSideKeyGen().equalsIgnoreCase("true");
-        ConfigurationUtils.updateKRAConnInfo(keyGen, kraUri, subsystemNick);
-    }
-
-    private void adminPanel(ConfigurationRequest data, ConfigurationResponse response) {
-        if (!data.getIsClone().equals("true")) {
-            try {
-                X509CertImpl admincerts[] = new X509CertImpl[1];
-                ConfigurationUtils.createAdmin(data.getAdminUID(), data.getAdminEmail(),
-                        data.getAdminName(), data.getAdminPassword());
-                if (data.getImportAdminCert().equalsIgnoreCase("true")) {
-                    String b64 = CryptoUtil.stripCertBrackets(data.getAdminCert().trim());
-                    if (data.getStandAlone() && data.getStepTwo()) {
-                        // Stand-alone PKI (Step 2)
-                        CMS.debug("adminPanel:  Stand-alone " + csType + " Admin Cert");
-                        cs.putString(csSubsystem + ".admin.cert", b64);
-                        cs.commit(false);
-                    }
-                    // Convert Admin Cert to X509CertImpl
-                    byte[] b = CryptoUtil.base64Decode(b64);
-                    admincerts[0] = new X509CertImpl(b);
-                } else {
-                    if (csType.equals("CA")) {
-                        ConfigurationUtils.createAdminCertificate(data.getAdminCertRequest(),
-                                data.getAdminCertRequestType(), data.getAdminSubjectDN());
-
-                        String serialno = cs.getString("preop.admincert.serialno.0");
-                        ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(ICertificateAuthority.ID);
-                        ICertificateRepository repo = ca.getCertificateRepository();
-                        admincerts[0] = repo.getX509Certificate(new BigInteger(serialno, 16));
-                    } else {
-                        String type = cs.getString("preop.ca.type", "");
-                        String ca_hostname = "";
-                        int ca_port = -1;
-                        if (type.equals("sdca")) {
-                            ca_hostname = cs.getString("preop.ca.hostname");
-                            ca_port = cs.getInteger("preop.ca.httpsport");
-                        } else {
-                            ca_hostname = cs.getString("securitydomain.host", "");
-                            ca_port = cs.getInteger("securitydomain.httpseeport");
-                        }
-                        String b64 = ConfigurationUtils.submitAdminCertRequest(ca_hostname, ca_port,
-                                data.getAdminProfileID(), data.getAdminCertRequestType(),
-                                data.getAdminCertRequest(), data.getAdminSubjectDN());
-                        b64 = CryptoUtil.stripCertBrackets(b64.trim());
-                        byte[] b = CryptoUtil.base64Decode(b64);
-                        admincerts[0] = new X509CertImpl(b);
-                    }
-                }
-                CMS.reinit(IUGSubsystem.ID);
-
-                IUGSubsystem ug = (IUGSubsystem) CMS.getSubsystem(IUGSubsystem.ID);
-                IUser user = ug.getUser(data.getAdminUID());
-                user.setX509Certificates(admincerts);
-                ug.addUserCert(user);
-                response.setAdminCert(admincerts[0]);
-
-            } catch (Exception e) {
-                e.printStackTrace();
-                throw new PKIException("Error in creating admin user: " + e);
-            }
-        }
-    }
-
-    private void databasePanel(ConfigurationRequest data) {
-        cs.putString("internaldb.ldapconn.host", data.getDsHost());
-        cs.putString("internaldb.ldapconn.port", data.getDsPort());
-        cs.putString("internaldb.database", data.getDatabase());
-        cs.putString("internaldb.basedn", data.getBaseDN());
-        cs.putString("internaldb.ldapauth.bindDN", data.getBindDN());
-        cs.putString("internaldb.ldapconn.secureConn", (data.getSecureConn().equals("on") ? "true" : "false"));
-        cs.putString("preop.database.removeData", data.getRemoveData());
-
-        if (csType.equals("TPS")) {
-            cs.putString("tokendb.activityBaseDN", "ou=Activities," + data.getBaseDN());
-            cs.putString("tokendb.baseDN", "ou=Tokens," + data.getBaseDN());
-            cs.putString("tokendb.certBaseDN", "ou=Certificates," + data.getBaseDN());
-            cs.putString("tokendb.userBaseDN", data.getBaseDN());
-            cs.putString("tokendb.hostport", data.getDsHost() + ":" + data.getDsPort());
-        }
-
-        try {
-            cs.commit(false);
-        } catch (EBaseException e2) {
-            e2.printStackTrace();
-            throw new PKIException("Unable to commit config parameters to file");
-        }
-
-        if (data.getIsClone().equals("true")) {
-            String masterhost = "";
-            String masterport = "";
-            String masterbasedn = "";
-            String realhostname = "";
-            try {
-                masterhost = cs.getString("preop.internaldb.master.ldapconn.host", "");
-                masterport = cs.getString("preop.internaldb.master.ldapconn.port", "");
-                masterbasedn = cs.getString("preop.internaldb.master.basedn", "");
-                realhostname = cs.getString("machineName", "");
-            } catch (Exception e) {
-            }
-
-            if (masterhost.equals(realhostname) && masterport.equals(data.getDsPort())) {
-                throw new BadRequestException("Master and clone must not share the same internal database");
-            }
-
-            if (!masterbasedn.equals(data.getBaseDN())) {
-                throw new BadRequestException("Master and clone should have the same base DN");
-            }
-
-            String masterReplicationPort = data.getMasterReplicationPort();
-            if ((masterReplicationPort != null) && (!masterReplicationPort.equals(""))) {
-                cs.putString("internaldb.ldapconn.masterReplicationPort", masterReplicationPort);
-            } else {
-                cs.putString("internaldb.ldapconn.masterReplicationPort", masterport);
-            }
-
-            String cloneReplicationPort = data.getCloneReplicationPort();
-            if ((cloneReplicationPort == null) || (cloneReplicationPort.length() == 0)) {
-                cloneReplicationPort = data.getDsPort();
-            }
-            cs.putString("internaldb.ldapconn.cloneReplicationPort", cloneReplicationPort);
-
-            String replicationSecurity = data.getReplicationSecurity();
-            if ((cloneReplicationPort == data.getDsPort()) && (data.getSecureConn().equals("on"))) {
-                replicationSecurity = "SSL";
-            } else if (replicationSecurity == null) {
-                replicationSecurity = "None";
-            }
-            cs.putString("internaldb.ldapconn.replicationSecurity", replicationSecurity);
-
-            cs.putString("preop.internaldb.replicateSchema", data.getReplicateSchema());
-        }
-
-        try {
-            /* BZ 430745 create password for replication manager */
-            String replicationpwd = Integer.toString(new Random().nextInt());
-
-            IConfigStore psStore = null;
-            String passwordFile = null;
-            passwordFile = cs.getString("passwordFile");
-            psStore = CMS.createFileConfigStore(passwordFile);
-            psStore.putString("internaldb", data.getBindpwd());
-            psStore.putString("replicationdb", replicationpwd);
-            psStore.commit(false);
-
-            if (!data.getStepTwo()) {
-                ConfigurationUtils.populateDB();
-
-                cs.putString("preop.internaldb.replicationpwd", replicationpwd);
-                cs.putString("preop.database.removeData", "false");
-                cs.commit(false);
-
-                if (data.getIsClone().equals("true")) {
-                    CMS.debug("Start setting up replication.");
-                    ConfigurationUtils.setupReplication();
-                }
-
-                ConfigurationUtils.reInitSubsystem(csType);
-                ConfigurationUtils.populateDBManager();
-                ConfigurationUtils.populateVLVIndexes();
-            }
-        } catch (Exception e) {
-            throw new PKIException("Error in populating database" + e);
-        }
-    }
-
-    private void hierarchyPanel(ConfigurationRequest data) {
-        if (csType.equals("CA") && data.getIsClone().equals("false")) {
-            if (data.getHierarchy().equals("root")) {
-                cs.putString("preop.hierarchy.select", "root");
-                cs.putString("hierarchy.select", "Root");
-                cs.putString("preop.ca.type", "sdca");
-            } else if (data.getHierarchy().equals("join")) {
-                cs.putString("preop.cert.signing.type", "remote");
-                cs.putString("preop.hierarchy.select", "join");
-                cs.putString("hierarchy.select", "Subordinate");
-            } else {
-                throw new BadRequestException("Invalid hierarchy provided");
-            }
-        }
-    }
-
-    private void getCloningData(ConfigurationRequest data, String certList, String token, String domainXML) {
-        StringTokenizer t = new StringTokenizer(certList, ",");
-        while (t.hasMoreTokens()) {
-            String tag = t.nextToken();
-            if (tag.equals("sslserver")) {
-                cs.putBoolean("preop.cert." + tag + ".enable", true);
-            } else {
-                cs.putBoolean("preop.cert." + tag + ".enable", false);
-            }
-        }
-
-        String cloneUri = data.getCloneUri();
-        URL url = null;
-        try {
-            url = new URL(cloneUri);
-        } catch (MalformedURLException e) {
-            // should not reach here as this check is done in validate()
-        }
-        String masterHost = url.getHost();
-        int masterPort = url.getPort();
-
-        // check and store cloneURI information
-        boolean validCloneUri;
-        try {
-            validCloneUri = ConfigurationUtils.isValidCloneURI(domainXML, masterHost, masterPort);
-        } catch (Exception e) {
-            e.printStackTrace();
-            throw new PKIException("Error in determining whether clone URI is valid");
-        }
-
-        if (!validCloneUri) {
-            throw new BadRequestException(
-                    "Invalid clone URI provided.  Does not match the available subsystems in the security domain");
-        }
-
-        if (csType.equals("CA")) {
-            try {
-                int masterAdminPort = ConfigurationUtils.getPortFromSecurityDomain(domainXML,
-                        masterHost, masterPort, "CA", "SecurePort", "SecureAdminPort");
-                ConfigurationUtils.importCertChain(masterHost, masterAdminPort, "/ca/admin/ca/getCertChain",
-                        "clone");
-            } catch (Exception e) {
-                e.printStackTrace();
-                throw new PKIException("Failed to import certificate chain from master" + e);
-            }
-        }
-
-        try {
-            ConfigurationUtils.getConfigEntriesFromMaster();
-        } catch (Exception e) {
-            e.printStackTrace();
-            throw new PKIException("Failed to obtain configuration entries from the master for cloning " + e);
-        }
-
-        // restore certs from P12 file
-        if (token.equals(ConfigurationRequest.TOKEN_DEFAULT)) {
-            String p12File = data.getP12File();
-            String p12Pass = data.getP12Password();
-            try {
-                ConfigurationUtils.restoreCertsFromP12(p12File, p12Pass);
-            } catch (Exception e) {
-                e.printStackTrace();
-                throw new PKIException("Failed to restore certificates from p12 file" + e);
-            }
-        }
-
-        boolean cloneReady = ConfigurationUtils.isCertdbCloned();
-        if (!cloneReady) {
-            CMS.debug("clone does not have all the certificates.");
-            throw new PKIException("Clone does not have all the required certificates");
-        }
-    }
-
-    private String securityDomainPanel(ConfigurationRequest data, String securityDomainType) {
-        String domainXML = null;
-        String securityDomainName = data.getSecurityDomainName();
-        String securityDomainURL = data.getSecurityDomainUri();
-
-        if (securityDomainType.equals(ConfigurationRequest.NEW_DOMAIN)) {
-            cs.putString("preop.securitydomain.select", "new");
-            cs.putString("securitydomain.select", "new");
-            cs.putString("preop.securitydomain.name", securityDomainName);
-            cs.putString("securitydomain.name", securityDomainName);
-            cs.putString("securitydomain.host", CMS.getEENonSSLHost());
-            cs.putString("securitydomain.httpport", CMS.getEENonSSLPort());
-            cs.putString("securitydomain.httpsagentport", CMS.getAgentPort());
-            cs.putString("securitydomain.httpseeport", CMS.getEESSLPort());
-            cs.putString("securitydomain.httpsadminport", CMS.getAdminPort());
-            // Stand-alone PKI (Step 1)
-            if (data.getStandAlone()) {
-                cs.putString("preop.cert.subsystem.type", "remote");
-            } else {
-                cs.putString("preop.cert.subsystem.type", "local");
-            }
-            cs.putString("preop.cert.subsystem.profile", "subsystemCert.profile");
-        } else {
-            cs.putString("preop.securitydomain.select", "existing");
-            cs.putString("securitydomain.select", "existing");
-            cs.putString("preop.cert.subsystem.type", "remote");
-            cs.putString("preop.cert.subsystem.profile", "caInternalAuthSubsystemCert");
-
-            // contact and log onto security domain
-            URL secdomainURL;
-            String host;
-            int port;
-            try {
-                secdomainURL = new URL(securityDomainURL);
-                host = secdomainURL.getHost();
-                port = secdomainURL.getPort();
-                cs.putString("securitydomain.host", host);
-                cs.putInteger("securitydomain.httpsadminport",port);
-                ConfigurationUtils.importCertChain(host, port, "/ca/admin/ca/getCertChain", "securitydomain");
-            } catch (Exception e) {
-                e.printStackTrace();
-                throw new PKIException("Failed to import certificate chain from security domain master: " + e);
-            }
-
-            // log onto security domain and get token
-            String user = data.getSecurityDomainUser();
-            String pass = data.getSecurityDomainPassword();
-            String installToken;
-            try {
-                installToken = ConfigurationUtils.getInstallToken(host, port, user, pass);
-            } catch (Exception e) {
-                e.printStackTrace();
-                throw new PKIException("Failed to obtain installation token from security domain: " + e);
-            }
-
-            if (installToken == null) {
-                throw new PKIException("Failed to obtain installation token from security domain");
-            }
-            CMS.setConfigSDSessionId(installToken);
-
-            try {
-                domainXML = ConfigurationUtils.getDomainXML(host, port, true);
-                ConfigurationUtils.getSecurityDomainPorts(domainXML, host, port);
-            } catch (Exception e) {
-                e.printStackTrace();
-                throw new PKIException("Failed to obtain security domain decriptor from security domain master: " + e);
-            }
-        }
-        return domainXML;
-    }
-
-    private void tokenPanel(ConfigurationRequest data, String token) {
-        cs.putString("preop.module.token", token);
-
-        if (! token.equals(ConfigurationRequest.TOKEN_DEFAULT)) {
-            try {
-                CryptoManager cryptoManager = CryptoManager.getInstance();
-                CryptoToken ctoken = cryptoManager.getTokenByName(token);
-                String tokenpwd = data.getTokenPassword();
-                ConfigurationUtils.loginToken(ctoken, tokenpwd);
-            } catch (NotInitializedException e) {
-                throw new PKIException("Token is not initialized");
-            } catch (NoSuchTokenException e) {
-                throw new BadRequestException("Invalid Token provided. No such token.");
-            } catch (TokenException e) {
-                e.printStackTrace();
-                throw new PKIException("Token Exception" + e);
-            } catch (IncorrectPasswordException e) {
-                throw new BadRequestException("Incorrect Password provided for token.");
-            }
-        }
-    }
-
-    private void validateData(ConfigurationRequest data) {
-        // get required info from CS.cfg
-        String preopPin;
-        try {
-            preopPin = cs.getString("preop.pin");
-        } catch (Exception e) {
-            CMS.debug("validateData: Failed to get required config form CS.cfg");
-            e.printStackTrace();
-            throw new PKIException("Unable to retrieve required configuration from configuration files");
-        }
-
-        // get the preop pin and validate it
-        String pin = data.getPin();
-        if (pin == null) {
-            throw new BadRequestException("No preop pin provided");
-        }
-        if (!preopPin.equals(pin)) {
-            throw new BadRequestException("Incorrect pin provided");
-        }
-
-        // validate legal stand-alone PKI subsystems
-        if (data.getStandAlone()) {
-            // ADD checks for valid types of Stand-alone PKI subsystems here
-            // AND to the 'checkStandalonePKI()' Python method of
-            // the 'ConfigurationFile' Python class in the Python file called
-            // 'pkihelper.py'
-            if (!csType.equals("KRA")) {
-                throw new BadRequestException("Stand-alone PKI " + csType + " subsystems are currently NOT supported!");
-            }
-            if ((data.getIsClone() != null) && (data.getIsClone().equals("true"))) {
-                throw new BadRequestException("A stand-alone PKI subsystem cannot be a clone");
-            }
-        }
-
-        // validate security domain settings
-        String domainType = data.getSecurityDomainType();
-        if (domainType == null) {
-            throw new BadRequestException("Security Domain Type not provided");
-        }
-
-        if (domainType.equals(ConfigurationRequest.NEW_DOMAIN)) {
-            if (!(data.getStandAlone() || csType.equals("CA"))) {
-                throw new BadRequestException("New Domain is only valid for stand-alone PKI or CA subsytems");
-            }
-            if (data.getSecurityDomainName() == null) {
-                throw new BadRequestException("Security Domain Name is not provided");
-            }
-        } else if (domainType.equals(ConfigurationRequest.EXISTING_DOMAIN)) {
-            if (data.getStandAlone()) {
-                throw new BadRequestException("Existing security domains are not valid for stand-alone PKI subsytems");
-            }
-
-            String domainURI = data.getSecurityDomainUri();
-            if (domainURI == null) {
-                throw new BadRequestException("Existing security domain requested, but no security domain URI provided");
-            }
-
-            try {
-                @SuppressWarnings("unused")
-                URL admin_u = new URL(domainURI);  // check for invalid URL
-            } catch (MalformedURLException e) {
-                throw new BadRequestException("Invalid security domain URI");
-            }
-            if ((data.getSecurityDomainUser() == null) || (data.getSecurityDomainPassword() == null)) {
-                throw new BadRequestException("Security domain user or password not provided");
-            }
-
-        } else {
-            throw new BadRequestException("Invalid security domain URI provided");
-        }
-
-        if ((data.getSubsystemName() == null) || (data.getSubsystemName().length() ==0)) {
-            throw new BadRequestException("Invalid or no subsystem name provided");
-        }
-
-        if ((data.getIsClone() != null) && (data.getIsClone().equals("true"))) {
-            String cloneUri = data.getCloneUri();
-            if (cloneUri == null) {
-                throw new BadRequestException("Clone selected, but no clone URI provided");
-            }
-            try {
-                @SuppressWarnings("unused")
-                URL url = new URL(cloneUri); // check for invalid URL
-                // confirm protocol is https
-            } catch (MalformedURLException e) {
-                throw new BadRequestException("Invalid clone URI");
-            }
-
-            if (data.getToken().equals(ConfigurationRequest.TOKEN_DEFAULT)) {
-                if (data.getP12File() == null) {
-                    throw new BadRequestException("P12 filename not provided");
-                }
-
-                if (data.getP12Password() == null) {
-                    throw new BadRequestException("P12 password not provided");
-                }
-            }
-        } else {
-            data.setIsClone("false");
-        }
-
-        String dsHost = data.getDsHost();
-        if (dsHost == null || dsHost.length() == 0) {
-            throw new BadRequestException("Internal database host not provided");
-        }
-
-        try {
-            Integer.parseInt(data.getDsPort());  // check for errors
-        } catch (NumberFormatException e) {
-            throw new BadRequestException("Internal database port is invalid");
-        }
-
-        String basedn = data.getBaseDN();
-        if (basedn == null || basedn.length() == 0) {
-            throw new BadRequestException("Internal database basedn not provided");
-        }
-
-        String binddn = data.getBindDN();
-        if (binddn == null || binddn.length() == 0) {
-            throw new BadRequestException("Internal database basedn not provided");
-        }
-
-        String database = data.getDatabase();
-        if (database == null || database.length() == 0) {
-            throw new BadRequestException("Internal database database name not provided");
-        }
-
-        String bindpwd = data.getBindpwd();
-        if (bindpwd == null || bindpwd.length() == 0) {
-            throw new BadRequestException("Internal database database name not provided");
-        }
-
-        String masterReplicationPort = data.getMasterReplicationPort();
-        if (masterReplicationPort != null && masterReplicationPort.length() > 0) {
-            try {
-                Integer.parseInt(masterReplicationPort); // check for errors
-            } catch (NumberFormatException e) {
-                throw new BadRequestException("Master replication port is invalid");
-            }
-        }
-
-        String cloneReplicationPort = data.getCloneReplicationPort();
-        if (cloneReplicationPort != null && cloneReplicationPort.length() > 0) {
-            try {
-                Integer.parseInt(cloneReplicationPort); // check for errors
-            } catch (Exception e) {
-                throw new BadRequestException("Clone replication port is invalid");
-            }
-        }
-
-        if ((data.getReplicateSchema() != null) && (data.getReplicateSchema().equalsIgnoreCase("false"))) {
-            data.setReplicateSchema("false");
-        } else {
-            data.setReplicateSchema("true");
-        }
-
-        if ((data.getBackupKeys() != null) && data.getBackupKeys().equals("true")) {
-            if ((data.getBackupFile() == null) || (data.getBackupFile().length()<=0)) {
-                //TODO: also check for valid path, perhaps by touching file there
-                throw new BadRequestException("Invalid key backup file name");
-            }
-
-            if ((data.getBackupPassword() == null) || (data.getBackupPassword().length()<8)) {
-                throw new BadRequestException("key backup password must be at least 8 characters");
-            }
-        } else {
-            data.setBackupKeys("false");
-        }
-
-        if (csType.equals("CA") && (data.getHierarchy() == null)) {
-            throw new BadRequestException("Hierarchy is required for CA, not provided");
-        }
-
-        if (data.getIsClone().equals("false")) {
-            if ((data.getAdminUID() == null) || (data.getAdminUID().length() == 0)) {
-                throw new BadRequestException("Admin UID not provided");
-            }
-            if ((data.getAdminPassword() == null) || (data.getAdminPassword().length() == 0)) {
-                throw new BadRequestException("Admin Password not provided");
-            }
-            if ((data.getAdminEmail() == null) || (data.getAdminEmail().length() == 0)) {
-                throw new BadRequestException("Admin UID not provided");
-            }
-            if ((data.getAdminName() == null) || (data.getAdminName().length() == 0)) {
-                throw new BadRequestException("Admin name not provided");
-            }
-
-            if (data.getImportAdminCert() == null) {
-                data.setImportAdminCert("false");
-            }
-
-            if (data.getImportAdminCert().equalsIgnoreCase("true")) {
-                if (data.getAdminCert() == null) {
-                    throw new BadRequestException("Admin Cert not provided");
-                }
-            } else {
-                if ((data.getAdminCertRequest() == null) || (data.getAdminCertRequest().length() == 0)) {
-                    throw new BadRequestException("Admin cert request not provided");
-                }
-                if ((data.getAdminCertRequestType() == null) || (data.getAdminCertRequestType().length() == 0)) {
-                    throw new BadRequestException("Admin cert request type not provided");
-                }
-                if ((data.getAdminSubjectDN() == null) || (data.getAdminSubjectDN().length() == 0)) {
-                    throw new BadRequestException("Admin subjectDN not provided");
-                }
-            }
-        }
-
-        if (data.getGenerateServerCert() == null) {
-            data.setGenerateServerCert("true");
-        }
-
-        if (csType.equals("TPS")) {
-            if ((data.getCaUri() == null) || data.getCaUri().isEmpty()) {
-                throw new BadRequestException("CA URI not provided");
-            }
-            try {
-                @SuppressWarnings("unused")
-                URI ca_uri = new URI(data.getCaUri());
-            } catch (URISyntaxException e) {
-                throw new BadRequestException("Invalid CA URI");
-            }
-
-            if ((data.getTksUri() == null) || data.getTksUri().isEmpty()) {
-                throw new BadRequestException("TKS URI not provided");
-            }
-            try {
-                @SuppressWarnings("unused")
-                URI tks_uri = new URI(data.getTksUri());
-            } catch (URISyntaxException e) {
-                throw new BadRequestException("Invalid TKS URI");
-            }
-
-            if (data.getEnableServerSideKeyGen().equalsIgnoreCase("true")) {
-                if ((data.getKraUri() == null) || data.getKraUri().isEmpty()) {
-                    throw new BadRequestException("KRA URI required if server-side key generation requested");
-                }
-                try {
-                    @SuppressWarnings("unused")
-                    URI kra_uri = new URI(data.getKraUri());
-                } catch (URISyntaxException e) {
-                    throw new BadRequestException("Invalid KRA URI");
-                }
-            }
-
-            if ((data.getAuthdbBaseDN()==null) || data.getAuthdbBaseDN().isEmpty()) {
-                throw new BadRequestException("Authentication Database baseDN not provided");
-            }
-            if ((data.getAuthdbHost()==null) || data.getAuthdbHost().isEmpty()) {
-                throw new BadRequestException("Authentication Database hostname not provided");
-            }
-            if ((data.getAuthdbPort()==null) || data.getAuthdbPort().isEmpty()) {
-                throw new BadRequestException("Authentication Database port not provided");
-            }
-            if ((data.getAuthdbSecureConn()==null) || data.getAuthdbSecureConn().isEmpty()) {
-                throw new BadRequestException("Authentication Database secure conn not provided");
-            }
-
-            try {
-                Integer.parseInt(data.getAuthdbPort()); // check for errors
-            } catch (NumberFormatException e) {
-                throw new BadRequestException("Authdb port is invalid");
-            }
-
-            // TODO check connection with authdb
-
-            if (data.getImportSharedSecret().equalsIgnoreCase("true")) {
-                data.setImportSharedSecret("true");
-            } else {
-                data.setImportSharedSecret("false");
-            }
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/TKSInfoPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/TKSInfoPanel.java
deleted file mode 100644
index cb7667193..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/TKSInfoPanel.java
+++ /dev/null
@@ -1,145 +0,0 @@
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.velocity.context.Context;
-import org.xml.sax.SAXException;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.util.HttpInput;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-
-public class TKSInfoPanel extends WizardPanelBase {
-
-    public TKSInfoPanel() {
-    }
-
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("TKS Information");
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("TKS Information");
-        setId(id);
-    }
-
-    public boolean shouldSkip() {
-        return false;
-    }
-
-    public void cleanUp() throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        cs.putString("preop.tksinfo.select", "");
-    }
-
-    public boolean isPanelDone() {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            String s = cs.getString("preop.tksinfo.select", "");
-            if (s != null && !s.isEmpty()) {
-                return true;
-            }
-        } catch (EBaseException e) {
-        }
-        return false;
-    }
-
-    public PropertySet getUsage() {
-        return new PropertySet();
-    }
-
-
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        String errorString = "";
-        context.put("title", "TKS Information");
-        context.put("panel", "admin/console/config/tksinfopanel.vm");
-        IConfigStore config = CMS.getConfigStore();
-
-        if (isPanelDone()) {
-            // TODO - put selected URL in selection box
-            // String s = config.getString("preop.tksinfo.select");
-        }
-
-        // get TKS URLs
-        Vector<String> v = null;
-        try {
-            v = ConfigurationUtils.getUrlListFromSecurityDomain(config, "TKS", "SecureAdminPort");
-            if (v == null) {
-                errorString = "No TKS found.  CA, TKS and optionally DRM " +
-                              " must be installed prior to TPS installation";
-                context.put("errorString", errorString);
-                context.put("preop.tksinfo.errorString", errorString);
-                return;
-            }
-
-            config.putString("preop.tks.list", StringUtils.join(v,","));
-            config.commit(false);
-        } catch (EBaseException | IOException | SAXException | ParserConfigurationException e) {
-            e.printStackTrace();
-            errorString = "Failed to get TKS information from security domain. " + e;
-            context.put("errorString", errorString);
-            context.put("preop.tksinfo.errorString", errorString);
-            return;
-        }
-
-        context.put("urls", v);
-        context.put("urls_size", v.size());
-        context.put("errorString", "");
-        context.put("preop.tksinfo.errorString", "");
-    }
-
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-    }
-
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-        IConfigStore config = CMS.getConfigStore();
-        String subsystemNick;
-        try {
-            subsystemNick = config.getString("preop.cert.subsystem.nickname");
-        } catch (EBaseException e1) {
-            e1.printStackTrace();
-            throw new IOException("Failed to get subsystem certificate nickname");
-        }
-
-        String url = HttpInput.getString(request, "urls");
-        String parsedURI = url.substring(url.lastIndexOf("http"));
-        URI tksUri = null;
-        try {
-            tksUri = new URI(parsedURI);
-        } catch (URISyntaxException e) {
-            throw new IOException("Invalid URI " + parsedURI);
-        }
-
-        ConfigurationUtils.updateTKSConnInfo(tksUri, subsystemNick);
-        context.put("updateStatus", "success");
-    }
-
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java b/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
deleted file mode 100644
index 745962c72..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
+++ /dev/null
@@ -1,145 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.w3c.dom.Node;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISecurityDomainSessionTable;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cmsutil.xml.XMLObject;
-
-public class TokenAuthenticate extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -9098593390260940853L;
-    private final static String SUCCESS = "0";
-
-    public TokenAuthenticate() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-    }
-
-    /**
-     * Process the HTTP request.
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-        IConfigStore config = CMS.getConfigStore();
-
-        String sessionId = httpReq.getParameter("sessionID");
-        CMS.debug("TokenAuthentication: sessionId=" + sessionId);
-        String givenHost = httpReq.getParameter("hostname");
-        CMS.debug("TokenAuthentication: givenHost=" + givenHost);
-
-        boolean checkIP = false;
-        try {
-            checkIP = config.getBoolean("securitydomain.checkIP", false);
-        } catch (Exception e) {
-        }
-
-        ISecurityDomainSessionTable table = CMS.getSecurityDomainSessionTable();
-        String uid = "";
-        String gid = "";
-        CMS.debug("TokenAuthentication: checking session in the session table");
-        if (table.isSessionIdExist(sessionId)) {
-            CMS.debug("TokenAuthentication: found session");
-            if (checkIP) {
-                String hostname = table.getIP(sessionId);
-                if (!hostname.equals(givenHost)) {
-                    CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost="
-                            + givenHost + " are different");
-                    CMS.debug("TokenAuthenticate authenticate failed, wrong hostname.");
-                    outputError(httpResp, "Error: Failed Authentication");
-                    return;
-                }
-            }
-
-            uid = table.getUID(sessionId);
-            gid = table.getGroup(sessionId);
-        } else {
-            CMS.debug("TokenAuthentication: session not found");
-            CMS.debug("TokenAuthentication authenticate failed, session id does not exist.");
-            outputError(httpResp, "Error: Failed Authentication");
-            return;
-        }
-
-        CMS.debug("TokenAuthenticate successfully authenticate");
-        try {
-            XMLObject xmlObj = null;
-
-            xmlObj = new XMLObject();
-
-            Node root = xmlObj.createRoot("XMLResponse");
-
-            xmlObj.addItemToContainer(root, "Status", SUCCESS);
-            xmlObj.addItemToContainer(root, "uid", uid);
-            xmlObj.addItemToContainer(root, "gid", gid);
-            byte[] cb = xmlObj.toByteArray();
-
-            outputResult(httpResp, "application/xml", cb);
-        } catch (Exception e) {
-            CMS.debug("Failed to send the XML output");
-        }
-    }
-
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader("accept-language");
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                    UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java b/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java
deleted file mode 100644
index b2d081f22..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java
+++ /dev/null
@@ -1,191 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.resteasy.spi.BadRequestException;
-import org.w3c.dom.Node;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.system.KRAConnectorInfo;
-import com.netscape.cms.servlet.admin.KRAConnectorProcessor;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-import com.netscape.cmsutil.xml.XMLObject;
-
-public class UpdateConnector extends CMSServlet {
-
-    private static final long serialVersionUID = 972871860008509849L;
-    private final static String SUCCESS = "0";
-    private final static String FAILED = "1";
-    private final static String AUTH_FAILURE = "2";
-
-    public UpdateConnector() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        CMS.debug("UpdateConnector: initializing...");
-        super.init(sc);
-        CMS.debug("UpdateConnector: done initializing...");
-    }
-
-    public KRAConnectorInfo createConnectorInfo(HttpServletRequest httpReq) {
-        KRAConnectorInfo info = new KRAConnectorInfo();
-        info.setHost(httpReq.getParameter(KRAConnectorProcessor.PREFIX + ".host"));
-        info.setPort(httpReq.getParameter(KRAConnectorProcessor.PREFIX + ".port"));
-        info.setTimeout(httpReq.getParameter(KRAConnectorProcessor.PREFIX + ".timeout"));
-        info.setTransportCert(httpReq.getParameter(KRAConnectorProcessor.PREFIX + ".transportCert"));
-        info.setUri(httpReq.getParameter(KRAConnectorProcessor.PREFIX + ".uri"));
-        info.setLocal(httpReq.getParameter(KRAConnectorProcessor.PREFIX + ".local"));
-        info.setEnable(httpReq.getParameter(KRAConnectorProcessor.PREFIX + ".enable"));
-        return info;
-    }
-
-    /**
-     * Process the HTTP request.
-     */
-    protected void process(CMSRequest cmsReq) throws EBaseException {
-        CMS.debug("UpdateConnector: processing...");
-
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = null;
-        try {
-            authToken = authenticate(cmsReq);
-            CMS.debug("UpdateConnector authentication successful.");
-        } catch (Exception e) {
-            CMS.debug("UpdateConnector: authentication failed.");
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                            e.toString()));
-            outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated",
-                        null);
-            return;
-        }
-
-        if (authToken == null) {
-            CMS.debug("UpdateConnector: authentication failed.");
-            outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated",
-                        null);
-            return;
-        }
-
-        AuthzToken authzToken = null;
-        try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
-                    "modify");
-            CMS.debug("UpdateConnector authorization successful.");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            outputError(httpResp, "Error: Not authorized");
-            return;
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            outputError(httpResp,
-                    "Error: Encountered problem during authorization.");
-            return;
-        }
-
-        if (authzToken == null) {
-            outputError(httpResp, "Error: Not authorized");
-            return;
-        }
-
-        String status = SUCCESS;
-        String error = "";
-        KRAConnectorProcessor processor = new KRAConnectorProcessor(getLocale(httpReq));
-        KRAConnectorInfo info = createConnectorInfo(httpReq);
-        try {
-            processor.addConnector(info);
-        } catch (BadRequestException | PKIException e) {
-            status = FAILED;
-            error = e.getMessage();
-        }
-
-        // send success status back to the requestor
-        try {
-            CMS.debug("UpdateConnector: Sending response");
-            XMLObject xmlObj = new XMLObject();
-            Node root = xmlObj.createRoot("XMLResponse");
-            if (status.equals(SUCCESS)) {
-                xmlObj.addItemToContainer(root, "Status", SUCCESS);
-            } else {
-                xmlObj.addItemToContainer(root, "Status", FAILED);
-                xmlObj.addItemToContainer(root, "Error", error);
-            }
-
-            byte[] cb = xmlObj.toByteArray();
-
-            outputResult(httpResp, "application/xml", cb);
-        } catch (Exception e) {
-            CMS.debug("UpdateConnector: Failed to send the XML output");
-        }
-    }
-
-    protected void setDefaultTemplates(ServletConfig sc) {
-    }
-
-    protected void renderTemplate(
-            CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-            throws IOException {// do nothing
-    }
-
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader("accept-language");
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                    UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java b/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
deleted file mode 100644
index b783c359b..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
+++ /dev/null
@@ -1,570 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.util.Locale;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPAttributeSet;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPModification;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.ldap.ILdapConnFactory;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-import com.netscape.cmsutil.xml.XMLObject;
-
-public class UpdateDomainXML extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 4059169588555717548L;
-    private final static String SUCCESS = "0";
-    private final static String FAILED = "1";
-    private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
-            "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
-    private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
-            "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
-
-    public UpdateDomainXML() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        CMS.debug("UpdateDomainXML: initializing...");
-        super.init(sc);
-        CMS.debug("UpdateDomainXML: done initializing...");
-    }
-
-    private String remove_from_ldap(String dn) {
-        CMS.debug("UpdateDomainXML: delete_from_ldap: starting dn: " + dn);
-        String status = SUCCESS;
-        ILdapConnFactory connFactory = null;
-        LDAPConnection conn = null;
-        IConfigStore cs = CMS.getConfigStore();
-
-        try {
-            IConfigStore ldapConfig = cs.getSubStore("internaldb");
-            connFactory = CMS.getLdapBoundConnFactory();
-            connFactory.init(ldapConfig);
-            conn = connFactory.getConn();
-            conn.delete(dn);
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() != LDAPException.NO_SUCH_OBJECT) {
-                status = FAILED;
-                CMS.debug("Failed to delete entry" + e.toString());
-            }
-        } catch (Exception e) {
-            CMS.debug("Failed to delete entry" + e.toString());
-        } finally {
-            try {
-                if ((conn != null) && (connFactory != null)) {
-                    CMS.debug("Releasing ldap connection");
-                    connFactory.returnConn(conn);
-                }
-            } catch (Exception e) {
-                CMS.debug("Error releasing the ldap connection" + e.toString());
-            }
-        }
-        return status;
-    }
-
-    private String modify_ldap(String dn, LDAPModification mod) {
-        CMS.debug("UpdateDomainXML: modify_ldap: starting dn: " + dn);
-        String status = SUCCESS;
-        ILdapConnFactory connFactory = null;
-        LDAPConnection conn = null;
-        IConfigStore cs = CMS.getConfigStore();
-
-        try {
-            IConfigStore ldapConfig = cs.getSubStore("internaldb");
-            connFactory = CMS.getLdapBoundConnFactory();
-            connFactory.init(ldapConfig);
-            conn = connFactory.getConn();
-            conn.modify(dn, mod);
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() != LDAPException.NO_SUCH_OBJECT) {
-                status = FAILED;
-                CMS.debug("Failed to modify entry" + e.toString());
-            }
-        } catch (Exception e) {
-            CMS.debug("Failed to modify entry" + e.toString());
-        } finally {
-            try {
-                if ((conn != null) && (connFactory != null)) {
-                    CMS.debug("Releasing ldap connection");
-                    connFactory.returnConn(conn);
-                }
-            } catch (Exception e) {
-                CMS.debug("Error releasing the ldap connection" + e.toString());
-            }
-        }
-        return status;
-    }
-
-    private String add_to_ldap(LDAPEntry entry, String dn) {
-        CMS.debug("UpdateDomainXML: add_to_ldap: starting");
-        String status = SUCCESS;
-        ILdapConnFactory connFactory = null;
-        LDAPConnection conn = null;
-        IConfigStore cs = CMS.getConfigStore();
-
-        try {
-            IConfigStore ldapConfig = cs.getSubStore("internaldb");
-            connFactory = CMS.getLdapBoundConnFactory();
-            connFactory.init(ldapConfig);
-            conn = connFactory.getConn();
-            conn.add(entry);
-        } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
-                CMS.debug("UpdateDomainXML: Entry already exists");
-                try {
-                    conn.delete(dn);
-                    conn.add(entry);
-                } catch (LDAPException ee) {
-                    CMS.debug("UpdateDomainXML: Error when replacing existing entry " + ee.toString());
-                    status = FAILED;
-                }
-            } else {
-                CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: " + e.toString());
-                status = FAILED;
-            }
-        } catch (Exception e) {
-            CMS.debug("Failed to add entry" + e.toString());
-        } finally {
-            try {
-                if ((conn != null) && (connFactory != null)) {
-                    CMS.debug("Releasing ldap connection");
-                    connFactory.returnConn(conn);
-                }
-            } catch (Exception e) {
-                CMS.debug("Error releasing the ldap connection" + e.toString());
-            }
-        }
-        return status;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param op 'downloadBIN' - return the binary certificate chain
-     * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq) throws EBaseException {
-        CMS.debug("UpdateDomainXML: processing...");
-        String status = SUCCESS;
-        String status2 = SUCCESS;
-
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        CMS.debug("UpdateDomainXML process: authentication starts");
-        IAuthToken authToken = null;
-        try {
-            authToken = authenticate(cmsReq);
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                            e.toString()));
-            outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated",
-                        null);
-            return;
-        }
-        if (authToken == null) {
-            CMS.debug("UpdateDomainXML process: authToken is null");
-            outputError(httpResp, AUTH_FAILURE, "Error: not authenticated",
-                        null);
-            return;
-        }
-        CMS.debug("UpdateDomainXML process: authentication done");
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
-                    "modify");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            outputError(httpResp, "Error: Not authorized");
-            return;
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            outputError(httpResp,
-                    "Error: Encountered problem during authorization.");
-            return;
-        }
-        if (authzToken == null) {
-            CMS.debug("UpdateDomainXML process: authorization error");
-            outputError(httpResp, "Error: Not authorized");
-            return;
-        }
-
-        String list = httpReq.getParameter("list");
-        String type = httpReq.getParameter("type");
-        String host = httpReq.getParameter("host");
-        String name = httpReq.getParameter("name");
-        String sport = httpReq.getParameter("sport");
-        String agentsport = httpReq.getParameter("agentsport");
-        String adminsport = httpReq.getParameter("adminsport");
-        String eecaport = httpReq.getParameter("eeclientauthsport");
-        String httpport = httpReq.getParameter("httpport");
-        String domainmgr = httpReq.getParameter("dm");
-        String clone = httpReq.getParameter("clone");
-        String operation = httpReq.getParameter("operation");
-
-        // ensure required parameters are present
-        // especially important for DS syntax checking
-        String missing = "";
-        if ((host == null) || host.equals("")) {
-            missing += " host ";
-        }
-        if ((name == null) || name.equals("")) {
-            missing += " name ";
-        }
-        if ((sport == null) || sport.equals("")) {
-            missing += " sport ";
-        }
-        if ((type == null) || type.equals("")) {
-            missing += " type ";
-        }
-        if ((clone == null) || clone.equals("")) {
-            clone = "false";
-        }
-
-        if (!missing.equals("")) {
-            CMS.debug("UpdateDomainXML process: required parameters:" + missing +
-                      "not provided in request");
-            outputError(httpResp, "Error: required parameters: " + missing +
-                        "not provided in request");
-            return;
-        }
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditParams = "host;;" + host + "+name;;" + name + "+sport;;" + sport +
-                             "+clone;;" + clone + "+type;;" + type;
-        if (operation != null) {
-            auditParams += "+operation;;" + operation;
-        } else {
-            auditParams += "+operation;;add";
-        }
-
-        String basedn = null;
-        String secstore = null;
-
-        IConfigStore cs = CMS.getConfigStore();
-
-        try {
-            basedn = cs.getString("internaldb.basedn");
-            secstore = cs.getString("securitydomain.store");
-        } catch (Exception e) {
-            CMS.debug("Unable to determine security domain name or basedn. Please run the domaininfo migration script");
-        }
-
-        if ((basedn != null) && (secstore != null) && (secstore.equals("ldap"))) {
-            // update in ldap
-
-            LDAPEntry entry = null;
-            String listName = type + "List";
-            String cn = host + ":";
-
-            if ((adminsport != null) && (adminsport != "")) {
-                cn += adminsport;
-            } else {
-                cn += sport;
-            }
-
-            String dn = "cn=" + cn + ",cn=" + listName + ",ou=Security Domain," + basedn;
-            CMS.debug("UpdateDomainXML: updating LDAP entry: " + dn);
-
-            LDAPAttributeSet attrs = null;
-            attrs = new LDAPAttributeSet();
-            attrs.add(new LDAPAttribute("objectclass", "top"));
-            attrs.add(new LDAPAttribute("objectclass", "pkiSubsystem"));
-            attrs.add(new LDAPAttribute("cn", cn));
-            attrs.add(new LDAPAttribute("Host", host));
-            attrs.add(new LDAPAttribute("SecurePort", sport));
-
-            if ((agentsport != null) && (!agentsport.equals(""))) {
-                attrs.add(new LDAPAttribute("SecureAgentPort", agentsport));
-            }
-            if ((adminsport != null) && (!adminsport.equals(""))) {
-                attrs.add(new LDAPAttribute("SecureAdminPort", adminsport));
-            }
-            if ((httpport != null) && (!httpport.equals(""))) {
-                attrs.add(new LDAPAttribute("UnSecurePort", httpport));
-            }
-            if ((eecaport != null) && (!eecaport.equals(""))) {
-                attrs.add(new LDAPAttribute("SecureEEClientAuthPort", eecaport));
-            }
-            if ((domainmgr != null) && (!domainmgr.equals(""))) {
-                attrs.add(new LDAPAttribute("DomainManager", domainmgr.toUpperCase()));
-            }
-            attrs.add(new LDAPAttribute("clone", clone.toUpperCase()));
-            attrs.add(new LDAPAttribute("SubsystemName", name));
-            entry = new LDAPEntry(dn, attrs);
-
-            if ((operation != null) && (operation.equals("remove"))) {
-                status = remove_from_ldap(dn);
-                String adminUserDN;
-                if ((agentsport != null) && (!agentsport.equals(""))) {
-                    adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + ",ou=People," + basedn;
-                } else {
-                    adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn;
-                }
-                String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" +
-                                             "+resource;;" + adminUserDN;
-                if (status.equals(SUCCESS)) {
-                    // remove the user for this subsystem's admin
-                    status2 = remove_from_ldap(adminUserDN);
-                    if (status2.equals(SUCCESS)) {
-                        auditMessage = CMS.getLogMessage(
-                                               LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                                               auditSubjectID,
-                                               ILogger.SUCCESS,
-                                               userAuditParams);
-                        audit(auditMessage);
-
-                        // remove this user from the subsystem group
-                        userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" +
-                                              "+source;;UpdateDomainXML" +
-                                              "+resource;;Subsystem Group+user;;" + adminUserDN;
-                        dn = "cn=Subsystem Group, ou=groups," + basedn;
-                        LDAPModification mod = new LDAPModification(LDAPModification.DELETE,
-                                new LDAPAttribute("uniqueMember", adminUserDN));
-                        status2 = modify_ldap(dn, mod);
-                        if (status2.equals(SUCCESS)) {
-                            auditMessage = CMS.getLogMessage(
-                                                   LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                                                   auditSubjectID,
-                                                   ILogger.SUCCESS,
-                                                   userAuditParams);
-                        } else {
-                            auditMessage = CMS.getLogMessage(
-                                                   LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                                                   auditSubjectID,
-                                                   ILogger.FAILURE,
-                                                   userAuditParams);
-                        }
-                        audit(auditMessage);
-                    } else { // error deleting user
-                        auditMessage = CMS.getLogMessage(
-                                               LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-                                               auditSubjectID,
-                                               ILogger.FAILURE,
-                                               userAuditParams);
-                        audit(auditMessage);
-                    }
-                }
-            } else {
-                status = add_to_ldap(entry, dn);
-            }
-        } else {
-            // update the domain.xml file
-            String path = CMS.getConfigStore().getString("instanceRoot", "")
-                    + "/conf/domain.xml";
-
-            CMS.debug("UpdateDomainXML: got path=" + path);
-
-            try {
-                // using domain.xml file
-                CMS.debug("UpdateDomainXML: Inserting new domain info");
-                XMLObject parser = new XMLObject(new FileInputStream(path));
-                Node n = parser.getContainer(list);
-                int count = 0;
-
-                if ((operation != null) && (operation.equals("remove"))) {
-                    // delete node
-                    Document doc = parser.getDocument();
-                    NodeList nodeList = doc.getElementsByTagName(type);
-                    int len = nodeList.getLength();
-
-                    for (int i = 0; i < len; i++) {
-                        Node nn = nodeList.item(i);
-                        Vector<String> v_name = parser.getValuesFromContainer(nn, "SubsystemName");
-                        Vector<String> v_host = parser.getValuesFromContainer(nn, "Host");
-                        Vector<String> v_adminport = parser.getValuesFromContainer(nn, "SecureAdminPort");
-                        if ((v_name.elementAt(0).equals(name)) && (v_host.elementAt(0).equals(host))
-                                && (v_adminport.elementAt(0).equals(adminsport))) {
-                            Node parent = nn.getParentNode();
-                            parent.removeChild(nn);
-                            count--;
-                            break;
-                        }
-                    }
-                } else {
-                    // add node
-                    Node parent = parser.createContainer(n, type);
-                    parser.addItemToContainer(parent, "SubsystemName", name);
-                    parser.addItemToContainer(parent, "Host", host);
-                    parser.addItemToContainer(parent, "SecurePort", sport);
-                    parser.addItemToContainer(parent, "SecureAgentPort", agentsport);
-                    parser.addItemToContainer(parent, "SecureAdminPort", adminsport);
-                    parser.addItemToContainer(parent, "SecureEEClientAuthPort", eecaport);
-                    parser.addItemToContainer(parent, "UnSecurePort", httpport);
-                    parser.addItemToContainer(parent, "DomainManager", domainmgr.toUpperCase());
-                    parser.addItemToContainer(parent, "Clone", clone.toUpperCase());
-                    count++;
-                }
-                //update count
-
-                String countS = "";
-                NodeList nlist = n.getChildNodes();
-                Node countnode = null;
-                for (int i = 0; i < nlist.getLength(); i++) {
-                    Element nn = (Element) nlist.item(i);
-                    String tagname = nn.getTagName();
-                    if (tagname.equals("SubsystemCount")) {
-                        countnode = nn;
-                        NodeList nlist1 = nn.getChildNodes();
-                        Node nn1 = nlist1.item(0);
-                        countS = nn1.getNodeValue();
-                        break;
-                    }
-                }
-
-                CMS.debug("UpdateDomainXML process: SubsystemCount=" + countS);
-                try {
-                    count += Integer.parseInt(countS);
-                } catch (Exception ee) {
-                }
-
-                n.removeChild(countnode);
-                parser.addItemToContainer(n, "SubsystemCount", "" + count);
-
-                // recreate domain.xml
-                CMS.debug("UpdateDomainXML: Recreating domain.xml");
-                byte[] b = parser.toByteArray();
-                FileOutputStream fos = new FileOutputStream(path);
-                fos.write(b);
-                fos.close();
-            } catch (Exception e) {
-                CMS.debug("Failed to update domain.xml file" + e.toString());
-                status = FAILED;
-            }
-
-        }
-
-        if (status.equals(SUCCESS)) {
-            auditMessage = CMS.getLogMessage(
-                               LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
-                               auditSubjectID,
-                               ILogger.SUCCESS,
-                               auditParams);
-        } else {
-            // what if already exists or already deleted
-            auditMessage = CMS.getLogMessage(
-                               LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
-                               auditSubjectID,
-                               ILogger.FAILURE,
-                               auditParams);
-        }
-        audit(auditMessage);
-
-        if (status.equals(SUCCESS) && status2.equals(SUCCESS)) {
-            status = SUCCESS;
-        } else {
-            status = FAILED;
-        }
-
-        try {
-            // send success status back to the requestor
-            CMS.debug("UpdateDomainXML: Sending response");
-            XMLObject xmlObj = new XMLObject();
-            Node root = xmlObj.createRoot("XMLResponse");
-
-            xmlObj.addItemToContainer(root, "Status", status);
-            byte[] cb = xmlObj.toByteArray();
-
-            outputResult(httpResp, "application/xml", cb);
-        } catch (Exception e) {
-            CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString());
-        }
-    }
-
-    protected String securityDomainXMLtoLDAP(String xmltag) {
-        if (xmltag.equals("Host"))
-            return "host";
-        else
-            return xmltag;
-    }
-
-    protected void setDefaultTemplates(ServletConfig sc) {
-    }
-
-    protected void renderTemplate(
-            CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-            throws IOException {// do nothing
-    }
-
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader("accept-language");
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                    UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java b/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
deleted file mode 100644
index b99a298a9..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
+++ /dev/null
@@ -1,290 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.w3c.dom.Node;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.dbs.repository.IRepository;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-import com.netscape.cmsutil.xml.XMLObject;
-
-public class UpdateNumberRange extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -1584171713024263331L;
-    private final static String SUCCESS = "0";
-    private final static String AUTH_FAILURE = "2";
-    private final static String LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER =
-            "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1";
-
-    public UpdateNumberRange() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        CMS.debug("UpdateNumberRange: initializing...");
-        super.init(sc);
-        CMS.debug("UpdateNumberRange: done initializing...");
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param op 'downloadBIN' - return the binary certificate chain
-     * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq) throws EBaseException {
-        CMS.debug("UpdateNumberRange: processing...");
-
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        CMS.debug("UpdateNumberRange process: authentication starts");
-        IAuthToken authToken = authenticate(cmsReq);
-        if (authToken == null) {
-            CMS.debug("UpdateNumberRange process: authToken is null");
-            outputError(httpResp, AUTH_FAILURE, "Error: not authenticated",
-                        null);
-        }
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
-                    "modify");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            outputError(httpResp, "Error: Not authorized");
-            return;
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            outputError(httpResp,
-                    "Error: Encountered problem during authorization.");
-            return;
-        }
-        if (authzToken == null) {
-            outputError(httpResp, "Error: Not authorized");
-            return;
-        }
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditParams = "source;;updateNumberRange";
-
-        try {
-            String type = httpReq.getParameter("type");
-            IConfigStore cs = CMS.getConfigStore();
-            String cstype = cs.getString("cs.type", "");
-
-            auditParams += "+type;;" + type;
-
-            BigInteger beginNum = null;
-            BigInteger endNum = null;
-            BigInteger oneNum = new BigInteger("1");
-            String endNumConfig = null;
-            String cloneNumConfig = null;
-            String nextEndConfig = null;
-            int radix = 10;
-
-            IRepository repo = null;
-            if (cstype.equals("KRA")) {
-                IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem(
-                        IKeyRecoveryAuthority.ID);
-                if (type.equals("request")) {
-                    repo = kra.getRequestQueue().getRequestRepository();
-                } else if (type.equals("serialNo")) {
-                    repo = kra.getKeyRepository();
-                } else if (type.equals("replicaId")) {
-                    repo = kra.getReplicaRepository();
-                }
-            } else { // CA
-                ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(
-                        ICertificateAuthority.ID);
-                if (type.equals("request")) {
-                    repo = ca.getRequestQueue().getRequestRepository();
-                } else if (type.equals("serialNo")) {
-                    repo = ca.getCertificateRepository();
-                } else if (type.equals("replicaId")) {
-                    repo = ca.getReplicaRepository();
-                }
-            }
-
-            // checkRanges for replicaID - we do this each time a replica is created.
-            // This needs to be done beforehand to ensure that we always have enough
-            // replica numbers
-            if (type.equals("replicaId")) {
-                CMS.debug("Checking replica number ranges");
-                repo.checkRanges();
-            }
-
-            if (type.equals("request")) {
-                radix = 10;
-                endNumConfig = "dbs.endRequestNumber";
-                cloneNumConfig = "dbs.requestCloneTransferNumber";
-                nextEndConfig = "dbs.nextEndRequestNumber";
-            } else if (type.equals("serialNo")) {
-                radix = 16;
-                endNumConfig = "dbs.endSerialNumber";
-                cloneNumConfig = "dbs.serialCloneTransferNumber";
-                nextEndConfig = "dbs.nextEndSerialNumber";
-            } else if (type.equals("replicaId")) {
-                radix = 10;
-                endNumConfig = "dbs.endReplicaNumber";
-                cloneNumConfig = "dbs.replicaCloneTransferNumber";
-                nextEndConfig = "dbs.nextEndReplicaNumber";
-            }
-
-            String endNumStr = cs.getString(endNumConfig, "");
-            endNum = new BigInteger(endNumStr, radix);
-            String decrementStr = cs.getString(cloneNumConfig, "");
-            BigInteger decrement = new BigInteger(decrementStr, radix);
-            beginNum = endNum.subtract(decrement).add(oneNum);
-
-            if (beginNum.compareTo(repo.getTheSerialNumber()) < 0) {
-                String nextEndNumStr = cs.getString(nextEndConfig, "");
-                BigInteger endNum2 = new BigInteger(nextEndNumStr, radix);
-                CMS.debug("Transferring from the end of on-deck range");
-                String newValStr = endNum2.subtract(decrement).toString(radix);
-                repo.setNextMaxSerial(newValStr);
-                cs.putString(nextEndConfig, newValStr);
-                beginNum = endNum2.subtract(decrement).add(oneNum);
-                endNum = endNum2;
-            } else {
-                CMS.debug("Transferring from the end of the current range");
-                String newValStr = beginNum.subtract(oneNum).toString(radix);
-                repo.setMaxSerial(newValStr);
-                cs.putString(endNumConfig, newValStr);
-            }
-
-            if (beginNum == null) {
-                CMS.debug("UpdateNumberRange::process() - " +
-                           "beginNum is null!");
-                auditMessage = CMS.getLogMessage(
-                                   LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER,
-                                   auditSubjectID,
-                                   ILogger.FAILURE,
-                                   auditParams);
-                audit(auditMessage);
-                return;
-            }
-
-            // Enable serial number management in master for certs and requests
-            if (type.equals("replicaId")) {
-                repo.setEnableSerialMgmt(true);
-            }
-
-            // insert info
-            CMS.debug("UpdateNumberRange: Sending response");
-
-            // send success status back to the requestor
-            XMLObject xmlObj = new XMLObject();
-            Node root = xmlObj.createRoot("XMLResponse");
-
-            xmlObj.addItemToContainer(root, "Status", SUCCESS);
-            xmlObj.addItemToContainer(root, "beginNumber", beginNum.toString(radix));
-            xmlObj.addItemToContainer(root, "endNumber", endNum.toString(radix));
-            byte[] cb = xmlObj.toByteArray();
-
-            outputResult(httpResp, "application/xml", cb);
-            cs.commit(false);
-
-            auditParams += "+beginNumber;;" + beginNum.toString(radix) +
-                          "+endNumber;;" + endNum.toString(radix);
-
-            auditMessage = CMS.getLogMessage(
-                               LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER,
-                               auditSubjectID,
-                               ILogger.SUCCESS,
-                               auditParams);
-            audit(auditMessage);
-
-        } catch (Exception e) {
-            CMS.debug("UpdateNumberRange: Failed to update number range. Exception: " + e.toString());
-
-            auditMessage = CMS.getLogMessage(
-                               LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER,
-                               auditSubjectID,
-                               ILogger.FAILURE,
-                               auditParams);
-            audit(auditMessage);
-
-            outputError(httpResp, "Error: Failed to update number range.");
-        }
-    }
-
-    protected void setDefaultTemplates(ServletConfig sc) {
-    }
-
-    protected void renderTemplate(
-            CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-            throws IOException {// do nothing
-    }
-
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader("accept-language");
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                    UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java b/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java
deleted file mode 100644
index c34df8b9c..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java
+++ /dev/null
@@ -1,180 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.w3c.dom.Node;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-import com.netscape.cmsutil.xml.XMLObject;
-
-public class UpdateOCSPConfig extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 42812270761684404L;
-    private final static String SUCCESS = "0";
-    private final static String AUTH_FAILURE = "2";
-
-    public UpdateOCSPConfig() {
-        super();
-    }
-
-    /**
-     * initialize the servlet.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        CMS.debug("UpdateOCSPConfig: initializing...");
-        super.init(sc);
-        CMS.debug("UpdateOCSPConfig: done initializing...");
-    }
-
-    protected void process(CMSRequest cmsReq) throws EBaseException {
-        CMS.debug("UpdateOCSPConfig: processing...");
-
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        CMS.debug("UpdateOCSPConfig process: authentication starts");
-        IAuthToken authToken = authenticate(cmsReq);
-        if (authToken == null) {
-            CMS.debug("UpdateOCSPConfig process: authToken is null");
-            outputError(httpResp, AUTH_FAILURE, "Error: not authenticated",
-                        null);
-        }
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
-                    "modify");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            outputError(httpResp, "Error: Not authorized");
-            return;
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            outputError(httpResp,
-                    "Error: Encountered problem during authorization.");
-            return;
-        }
-        if (authzToken == null) {
-            outputError(httpResp, "Error: Not authorized");
-            return;
-        }
-
-        IConfigStore cs = CMS.getConfigStore();
-        String nickname = "";
-
-        // get nickname
-        try {
-            nickname = cs.getString("ca.subsystem.nickname", "");
-            String tokenname = cs.getString("ca.subsystem.tokenname", "");
-            if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token"))
-                nickname = tokenname + ":" + nickname;
-        } catch (Exception e) {
-        }
-
-        CMS.debug("UpdateOCSPConfig process: nickname=" + nickname);
-
-        String ocsphost = httpReq.getParameter("ocsp_host");
-        String ocspport = httpReq.getParameter("ocsp_port");
-        String ocspname = ocsphost.replace('.', '-')+"-"+ocspport;
-        String publisherPrefix = "ca.publish.publisher.instance.OCSPPublisher-"+ocspname;
-        String rulePrefix = "ca.publish.rule.instance.ocsprule-"+ocspname;
-        try {
-            cs.putString("ca.publish.enable", "true");
-            cs.putString(publisherPrefix+".host", ocsphost);
-            cs.putString(publisherPrefix+".port", ocspport);
-            cs.putString(publisherPrefix+".nickName", nickname);
-            cs.putString(publisherPrefix+".path", "/ocsp/agent/ocsp/addCRL");
-            cs.putString(publisherPrefix+".pluginName", "OCSPPublisher");
-            cs.putString(publisherPrefix+".enableClientAuth", "true");
-            cs.putString(rulePrefix+".enable", "true");
-            cs.putString(rulePrefix+".mapper", "NoMap");
-            cs.putString(rulePrefix+".pluginName", "Rule");
-            cs.putString(rulePrefix+".publisher", "OCSPPublisher-"+ocspname);
-            cs.putString(rulePrefix+".type", "crl");
-            cs.commit(false);
-            // insert info
-            CMS.debug("UpdateOCSPConfig: Sending response");
-
-            // send success status back to the requestor
-            XMLObject xmlObj = new XMLObject();
-            Node root = xmlObj.createRoot("XMLResponse");
-
-            xmlObj.addItemToContainer(root, "Status", SUCCESS);
-            byte[] cb = xmlObj.toByteArray();
-
-            outputResult(httpResp, "application/xml", cb);
-        } catch (Exception e) {
-            CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: " + e.toString());
-            outputError(httpResp, "Error: Failed to update OCSP configuration.");
-        }
-    }
-
-    protected void setDefaultTemplates(ServletConfig sc) {
-    }
-
-    protected void renderTemplate(
-            CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-            throws IOException {// do nothing
-    }
-
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader("accept-language");
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                    UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java
deleted file mode 100644
index b5e921822..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java
+++ /dev/null
@@ -1,128 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.IOException;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.context.Context;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-
-public class WelcomePanel extends WizardPanelBase {
-
-    public WelcomePanel() {
-    }
-
-    /**
-     * Initializes this panel.
-     */
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        setPanelNo(panelno);
-        setName("Welcome");
-        setId(id);
-    }
-
-    public void cleanUp() throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        cs.putBoolean("preop.welcome.done", false);
-    }
-
-    public boolean isPanelDone() {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            return cs.getBoolean("preop.welcome.done");
-        } catch (EBaseException e) {
-        }
-        return false;
-    }
-
-    public PropertySet getUsage() {
-        PropertySet set = new PropertySet();
-
-        /* XXX */
-
-        return set;
-    }
-
-    /**
-     * Display the panel.
-     */
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-        IConfigStore cs = CMS.getConfigStore();
-        CMS.debug("WelcomePanel: display()");
-        context.put("title", "Welcome");
-        try {
-            context.put("cstype", cs.getString("cs.type"));
-            context.put("wizardname", cs.getString("preop.wizard.name"));
-            context.put("panelname",
-                    cs.getString("preop.system.fullname") + " Configuration Wizard");
-            context.put("systemname",
-                    cs.getString("preop.system.name"));
-            context.put("fullsystemname",
-                    cs.getString("preop.system.fullname"));
-            context.put("productname",
-                    cs.getString("preop.product.name"));
-            context.put("productversion",
-                    cs.getString("cms.product.version"));
-        } catch (EBaseException e) {
-        }
-        context.put("panel", "admin/console/config/welcomepanel.vm");
-    }
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-    }
-
-    /**
-     * Commit parameter changes
-     */
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            cs.putBoolean("preop.welcome.done", true);
-            cs.commit(false);
-        } catch (EBaseException e) {
-        }
-    }
-
-    /**
-     * If validiate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {/* This should never be called */
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
deleted file mode 100644
index 4fe641240..000000000
--- a/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
+++ /dev/null
@@ -1,306 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.csadmin;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.net.URLEncoder;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.context.Context;
-import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.property.PropertySet;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cms.servlet.wizard.IWizardPanel;
-import com.netscape.cms.servlet.wizard.WizardServlet;
-import com.netscape.cmsutil.xml.XMLObject;
-
-public class WizardPanelBase implements IWizardPanel {
-    public static String PCERT_PREFIX = "preop.cert.";
-    public static String SUCCESS = "0";
-    public static String FAILURE = "1";
-    public static String AUTH_FAILURE = "2";
-
-    /**
-     * Definition for static variables in CS.cfg
-     */
-    public static final String CONF_CA_CERT = "ca.signing.cert";
-    public static final String CONF_CA_CERTREQ = "ca.signing.certreq";
-    public static final String CONF_CA_CERTNICKNAME = "ca.signing.certnickname";
-
-    public static final String PRE_CONF_ADMIN_NAME = "preop.admin.name";
-    public static final String PRE_CONF_AGENT_GROUP = "preop.admin.group";
-
-    /**
-     * Definition for "preop" static variables in CS.cfg
-     * -- "preop" config parameters should not assumed to exist after configuation
-     */
-
-    public static final String PRE_CONF_CA_TOKEN = "preop.module.token";
-    public static final String PRE_CA_TYPE = "preop.ca.type";
-    public static final String PRE_OTHER_CA = "otherca";
-    public static final String PRE_ROOT_CA = "rootca";
-
-    private String mName = null;
-    private int mPanelNo = 0;
-    private String mId = null;
-
-    /**
-     * Initializes this panel.
-     */
-    public void init(ServletConfig config, int panelno)
-            throws ServletException {
-        mPanelNo = panelno;
-    }
-
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-            throws ServletException {
-        mPanelNo = panelno;
-    }
-
-    /**
-     * Cleans up this panel so that isPanelDone() will return false.
-     */
-    public void cleanUp() throws IOException {
-    }
-
-    public String getName() {
-        return mName;
-    }
-
-    public int getPanelNo() {
-        return mPanelNo;
-    }
-
-    public void setPanelNo(int num) {
-        mPanelNo = num;
-    }
-
-    public void setName(String name) {
-        mName = name;
-    }
-
-    public void setId(String id) {
-        mId = id;
-    }
-
-    public String getId() {
-        return mId;
-    }
-
-    public PropertySet getUsage() {
-        PropertySet set = null;
-
-        return set;
-    }
-
-    /**
-     * Should we skip this panel?
-     */
-    public boolean shouldSkip() {
-        return false;
-    }
-
-    /**
-     * Is this panel done
-     */
-    public boolean isPanelDone() {
-        return false;
-    }
-
-    /**
-     * Show "Apply" button on frame?
-     */
-    public boolean showApplyButton() {
-        return false;
-    }
-
-    /**
-     * Is this a subPanel?
-     */
-    public boolean isSubPanel() {
-        return false;
-    }
-
-    public boolean isLoopbackPanel() {
-        return false;
-    }
-
-    /**
-     * has subPanels?
-     */
-    public boolean hasSubPanel() {
-        return false;
-    }
-
-    /**
-     * Display the panel.
-     */
-    public void display(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-    }
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-    }
-
-    /**
-     * Commit parameter changes
-     */
-    public void update(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) throws IOException {
-    }
-
-    /**
-     * If validiate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-            HttpServletResponse response,
-            Context context) {
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    public Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader("accept-language");
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                    UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-
-    public boolean authenticate(String hostname, int port, boolean https,
-            String servlet, String uri) throws IOException {
-        CMS.debug("WizardPanelBase authenticate start");
-        String c = ConfigurationUtils.getHttpResponse(hostname, port, https, servlet, uri, null);
-        IConfigStore cs = CMS.getConfigStore();
-
-        if (c != null) {
-            try {
-                ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
-                XMLObject parser = null;
-
-                try {
-                    parser = new XMLObject(bis);
-                } catch (Exception e) {
-                    CMS.debug("WizardPanelBase::authenticate() - "
-                             + "Exception=" + e.toString());
-                    throw new IOException(e.toString());
-                }
-
-                String status = parser.getValue("Status");
-
-                CMS.debug("WizardPanelBase authenticate: status=" + status);
-
-                if (status.equals(SUCCESS)) {
-                    String cookie = parser.getValue("Cookie");
-                    cs.putString("preop.cookie", cookie);
-                    return true;
-                } else {
-                    return false;
-                }
-            } catch (Exception e) {
-                CMS.debug("WizardPanelBase: authenticate: " + e.toString());
-                throw new IOException(e.toString());
-            }
-        }
-
-        return false;
-    }
-
-    public String pingCS(String hostname, int port, boolean https,
-                          SSLCertificateApprovalCallback certApprovalCallback)
-            throws IOException {
-        CMS.debug("WizardPanelBase pingCS: started");
-
-        String c = ConfigurationUtils.getHttpResponse(hostname, port, https,
-                                    "/ca/admin/ca/getStatus",
-                                    null, null, certApprovalCallback);
-
-        if (c != null) {
-            try {
-                ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
-                XMLObject parser = null;
-                String state = null;
-
-                try {
-                    parser = new XMLObject(bis);
-                    CMS.debug("WizardPanelBase pingCS: got XML parsed");
-                    state = parser.getValue("State");
-
-                    if (state != null) {
-                        CMS.debug("WizardPanelBase pingCS: state=" + state);
-                    }
-                } catch (Exception e) {
-                    CMS.debug("WizardPanelBase: pingCS: parser failed"
-                             + e.toString());
-                }
-
-                return state;
-            } catch (Exception e) {
-                CMS.debug("WizardPanelBase: pingCS: " + e.toString());
-                throw new IOException(e.toString());
-            }
-        }
-
-        CMS.debug("WizardPanelBase pingCS: stopped");
-        return null;
-    }
-
-    public void reloginSecurityDomain(HttpServletResponse response) {
-        IConfigStore cs = CMS.getConfigStore();
-        try {
-            String hostname = cs.getString("securitydomain.host", "");
-            int port = cs.getInteger("securitydomain.httpsadminport", -1);
-            String cs_hostname = cs.getString("machineName", "");
-            int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1);
-            int panel = getPanelNo();
-            String subsystem = cs.getString("cs.type", "");
-            String urlVal =
-                    "https://"
-                            + cs_hostname + ":" + cs_port + "/" + subsystem.toLowerCase()
-                            + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem;
-            String encodedValue = URLEncoder.encode(urlVal, "UTF-8");
-            String sdurl = "https://" + hostname + ":" + port + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue;
-            response.sendRedirect(sdurl);
-        } catch (Exception e) {
-            CMS.debug("WizardPanelBase reloginSecurityDomain: Exception=" + e.toString());
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java b/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java
deleted file mode 100644
index c7532c7aa..000000000
--- a/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java
+++ /dev/null
@@ -1,134 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2009 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.filter;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-
-public class AdminRequestFilter implements Filter {
-    private static final String HTTPS_SCHEME = "https";
-    private static final String HTTPS_PORT = "https_port";
-    private static final String HTTPS_ROLE = "Admin";
-    private static final String PROXY_PORT = "proxy_port";
-
-    private FilterConfig config;
-
-    /* Create a new AdminRequestFilter */
-    public AdminRequestFilter() {
-    }
-
-    public void init(FilterConfig filterConfig)
-                throws ServletException {
-        this.config = filterConfig;
-    }
-
-    public void doFilter(ServletRequest request,
-                          ServletResponse response,
-                          FilterChain chain)
-                throws java.io.IOException,
-                       ServletException {
-        String filterName = getClass().getName();
-
-        String scheme = null;
-        int port = 0;
-
-        String request_port = null;
-        String param_https_port = null;
-        String param_proxy_port = null;
-        String msg = null;
-        String param_active = null;
-
-        // CMS.debug("Entering the admin filter");
-        param_active = config.getInitParameter("active");
-
-        if (request instanceof HttpServletRequest) {
-            HttpServletResponse resp = (HttpServletResponse) response;
-
-            // RFC 1738:  verify that scheme is "https"
-            scheme = request.getScheme();
-            if (!scheme.equals(HTTPS_SCHEME)) {
-                msg = "The scheme MUST be '" + HTTPS_SCHEME
-                        + "', NOT '" + scheme + "'!";
-                CMS.debug(filterName + ":  " + msg);
-                resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
-                return;
-            }
-
-            // Always obtain an "https" port from request
-            port = request.getLocalPort();
-            request_port = Integer.toString(port);
-
-            // Always obtain the "https" port passed in as a parameter
-            param_https_port = config.getInitParameter(HTTPS_PORT);
-            if (param_https_port == null) {
-                msg = "The <param-name> '" + HTTPS_PORT
-                        + "' </param-name> " + "MUST be specified in 'web.xml'!";
-                CMS.debug(filterName + ":  " + msg);
-                resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
-                return;
-            }
-
-            param_proxy_port = config.getInitParameter(PROXY_PORT);
-            boolean bad_port = false;
-
-            // Compare the request and param "https" ports
-            if (!param_https_port.equals(request_port)) {
-                String uri = ((HttpServletRequest) request).getRequestURI();
-                if (param_proxy_port != null) {
-                    if (!param_proxy_port.equals(request_port)) {
-                        msg = "Use HTTPS port '" + param_https_port
-                                + "' or proxy port '" + param_proxy_port
-                                + "' instead of '" + request_port
-                                + "' when performing " + HTTPS_ROLE + " tasks!";
-                        bad_port = true;
-                    }
-                } else {
-                    msg = "Use HTTPS port '" + param_https_port
-                            + "' instead of '" + request_port
-                            + "' when performing " + HTTPS_ROLE + " tasks!";
-                    bad_port = true;
-                }
-                if (bad_port) {
-                    CMS.debug(filterName + ":  " + msg);
-                    CMS.debug(filterName + ": uri is " + uri);
-                    if ((param_active != null) && (param_active.equals("false"))) {
-                        CMS.debug("Filter is disabled .. continuing");
-                    } else {
-                        resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
-                        return;
-                    }
-                }
-            }
-        }
-
-        // CMS.debug("Exiting the admin filter");
-
-        chain.doFilter(request, response);
-    }
-
-    public void destroy() {
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java b/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java
deleted file mode 100644
index 4225aed77..000000000
--- a/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java
+++ /dev/null
@@ -1,134 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2009 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.filter;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-
-public class AgentRequestFilter implements Filter {
-    private static final String HTTPS_SCHEME = "https";
-    private static final String HTTPS_PORT = "https_port";
-    private static final String HTTPS_ROLE = "Agent";
-    private static final String PROXY_PORT = "proxy_port";
-
-    private FilterConfig config;
-
-    /* Create a new AgentRequestFilter */
-    public AgentRequestFilter() {
-    }
-
-    public void init(FilterConfig filterConfig)
-                throws ServletException {
-        this.config = filterConfig;
-    }
-
-    public void doFilter(ServletRequest request,
-                          ServletResponse response,
-                          FilterChain chain)
-                throws java.io.IOException,
-                       ServletException {
-        String filterName = getClass().getName();
-
-        String scheme = null;
-        int port = 0;
-
-        String request_port = null;
-        String param_https_port = null;
-        String param_proxy_port = null;
-        String msg = null;
-
-        String param_active = null;
-
-        // CMS.debug("Entering the agent filter");
-        param_active = config.getInitParameter("active");
-
-        if (request instanceof HttpServletRequest) {
-            HttpServletResponse resp = (HttpServletResponse) response;
-
-            // RFC 1738:  verify that scheme is "https"
-            scheme = request.getScheme();
-            if (!scheme.equals(HTTPS_SCHEME)) {
-                msg = "The scheme MUST be '" + HTTPS_SCHEME
-                        + "', NOT '" + scheme + "'!";
-                CMS.debug(filterName + ":  " + msg);
-                resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
-                return;
-            }
-
-            // Always obtain an "https" port from request
-            port = request.getLocalPort();
-            request_port = Integer.toString(port);
-
-            // Always obtain the "https" port passed in as a parameter
-            param_https_port = config.getInitParameter(HTTPS_PORT);
-            if (param_https_port == null) {
-                msg = "The <param-name> '" + HTTPS_PORT
-                        + "' </param-name> " + "MUST be specified in 'web.xml'!";
-                CMS.debug(filterName + ":  " + msg);
-                resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
-                return;
-            }
-
-            param_proxy_port = config.getInitParameter(PROXY_PORT);
-            boolean bad_port = false;
-
-            // Compare the request and param "https" ports
-            if (!param_https_port.equals(request_port)) {
-                String uri = ((HttpServletRequest) request).getRequestURI();
-                if (param_proxy_port != null) {
-                    if (!param_proxy_port.equals(request_port)) {
-                        msg = "Use HTTPS port '" + param_https_port
-                                + "' or proxy port '" + param_proxy_port
-                                + "' instead of '" + request_port
-                                + "' when performing " + HTTPS_ROLE + " tasks!";
-                        bad_port = true;
-                    }
-                } else {
-                    msg = "Use HTTPS port '" + param_https_port
-                            + "' instead of '" + request_port
-                            + "' when performing " + HTTPS_ROLE + " tasks!";
-                    bad_port = true;
-                }
-                if (bad_port) {
-                    CMS.debug(filterName + ":  " + msg);
-                    CMS.debug(filterName + ": uri is " + uri);
-                    if ((param_active != null) && (param_active.equals("false"))) {
-                        CMS.debug("Filter is disabled .. continuing");
-                    } else {
-                        resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
-                        return;
-                    }
-                }
-            }
-        }
-        // CMS.debug("Exiting the Agent filter");
-
-        chain.doFilter(request, response);
-    }
-
-    public void destroy() {
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java b/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java
deleted file mode 100644
index 8c62cd311..000000000
--- a/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java
+++ /dev/null
@@ -1,133 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2010 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.filter;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-
-public class EEClientAuthRequestFilter implements Filter {
-    private static final String HTTPS_SCHEME = "https";
-    private static final String HTTPS_PORT = "https_port";
-    private static final String HTTPS_ROLE = "EE Client Auth";
-    private static final String PROXY_PORT = "proxy_port";
-
-    private FilterConfig config;
-
-    /* Create a new EEClientAuthRequestFilter */
-    public EEClientAuthRequestFilter() {
-    }
-
-    public void init(FilterConfig filterConfig)
-                throws ServletException {
-        this.config = filterConfig;
-    }
-
-    public void doFilter(ServletRequest request,
-                          ServletResponse response,
-                          FilterChain chain)
-                throws java.io.IOException,
-                       ServletException {
-        String filterName = getClass().getName();
-
-        String scheme = null;
-        int port = 0;
-
-        String request_port = null;
-        String param_https_port = null;
-        String msg = null;
-        String param_active = null;
-        String param_proxy_port = null;
-
-        // CMS.debug("Entering the EECA filter");
-        param_active = config.getInitParameter("active");
-
-        if (request instanceof HttpServletRequest) {
-            HttpServletResponse resp = (HttpServletResponse) response;
-
-            // RFC 1738:  verify that scheme is "https"
-            scheme = request.getScheme();
-            if (!scheme.equals(HTTPS_SCHEME)) {
-                msg = "The scheme MUST be '" + HTTPS_SCHEME
-                        + "', NOT '" + scheme + "'!";
-                CMS.debug(filterName + ":  " + msg);
-                resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
-                return;
-            }
-
-            // Always obtain an "https" port from request
-            port = request.getLocalPort();
-            request_port = Integer.toString(port);
-
-            // Always obtain the "https" port passed in as a parameter
-            param_https_port = config.getInitParameter(HTTPS_PORT);
-            if (param_https_port == null) {
-                msg = "The <param-name> '" + HTTPS_PORT
-                        + "' </param-name> " + "MUST be specified in 'web.xml'!";
-                CMS.debug(filterName + ":  " + msg);
-                resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
-                return;
-            }
-
-            param_proxy_port = config.getInitParameter(PROXY_PORT);
-            boolean bad_port = false;
-
-            // Compare the request and param "https" ports
-            if (!param_https_port.equals(request_port)) {
-                String uri = ((HttpServletRequest) request).getRequestURI();
-                if (param_proxy_port != null) {
-                    if (!param_proxy_port.equals(request_port)) {
-                        msg = "Use HTTPS port '" + param_https_port
-                                + "' or proxy port '" + param_proxy_port
-                                + "' instead of '" + request_port
-                                + "' when performing " + HTTPS_ROLE + " tasks!";
-                        bad_port = true;
-                    }
-                } else {
-                    msg = "Use HTTPS port '" + param_https_port
-                            + "' instead of '" + request_port
-                            + "' when performing " + HTTPS_ROLE + " tasks!";
-                    bad_port = true;
-                }
-                if (bad_port) {
-                    CMS.debug(filterName + ":  " + msg);
-                    CMS.debug(filterName + ": uri is " + uri);
-                    if ((param_active != null) && (param_active.equals("false"))) {
-                        CMS.debug("Filter is disabled .. continuing");
-                    } else {
-                        resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
-                        return;
-                    }
-                }
-            }
-        }
-        // CMS.debug("exiting the EECA filter");
-
-        chain.doFilter(request, response);
-    }
-
-    public void destroy() {
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java b/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java
deleted file mode 100644
index 8a8bea01c..000000000
--- a/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java
+++ /dev/null
@@ -1,186 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2009 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.filter;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-
-public class EERequestFilter implements Filter {
-    private static final String HTTP_SCHEME = "http";
-    private static final String HTTP_PORT = "http_port";
-    private static final String HTTP_ROLE = "EE";
-    private static final String HTTPS_SCHEME = "https";
-    private static final String HTTPS_PORT = "https_port";
-    private static final String HTTPS_ROLE = "EE";
-    private static final String PROXY_PORT = "proxy_port";
-    private static final String PROXY_HTTP_PORT = "proxy_http_port";
-
-    private FilterConfig config;
-
-    /* Create a new EERequestFilter */
-    public EERequestFilter() {
-    }
-
-    public void init(FilterConfig filterConfig)
-                throws ServletException {
-        this.config = filterConfig;
-    }
-
-    public void doFilter(ServletRequest request,
-                          ServletResponse response,
-                          FilterChain chain)
-                throws java.io.IOException,
-                       ServletException {
-        String filterName = getClass().getName();
-
-        String scheme = null;
-        int port = 0;
-
-        String request_port = null;
-        String param_http_port = null;
-        String param_https_port = null;
-        String param_proxy_port = null;
-        String param_proxy_http_port = null;
-        String msg = null;
-        String param_active = null;
-
-        // CMS.debug("Entering the EE filter");
-        param_active = config.getInitParameter("active");
-
-        if (request instanceof HttpServletRequest) {
-            HttpServletResponse resp = (HttpServletResponse) response;
-
-            // RFC 1738:  verify that scheme is either "http" or "https"
-            scheme = request.getScheme();
-            if ((!scheme.equals(HTTP_SCHEME)) &&
-                    (!scheme.equals(HTTPS_SCHEME))) {
-                msg = "The scheme MUST be either '" + HTTP_SCHEME
-                        + "' or '" + HTTPS_SCHEME
-                        + "', NOT '" + scheme + "'!";
-                CMS.debug(filterName + ":  " + msg);
-                resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
-                return;
-            }
-
-            // Always obtain either an "http" or an "https" port from request
-            port = request.getLocalPort();
-            request_port = Integer.toString(port);
-
-            // Always obtain the "http" port passed in as a parameter
-            param_http_port = config.getInitParameter(HTTP_PORT);
-            if (param_http_port == null) {
-                msg = "The <param-name> '" + HTTP_PORT
-                        + "' </param-name> " + "MUST be specified in 'web.xml'!";
-                CMS.debug(filterName + ":  " + msg);
-                resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
-                return;
-            }
-
-            // Always obtain the "https" port passed in as a parameter
-            param_https_port = config.getInitParameter(HTTPS_PORT);
-            if (param_https_port == null) {
-                msg = "The <param-name> '" + HTTPS_PORT
-                        + "' </param-name> " + "MUST be specified in 'web.xml'!";
-                CMS.debug(filterName + ":  " + msg);
-                resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
-                return;
-            }
-
-            param_proxy_http_port = config.getInitParameter(PROXY_HTTP_PORT);
-            param_proxy_port = config.getInitParameter(PROXY_PORT);
-            boolean bad_port = false;
-
-            // If the scheme is "http", compare
-            // the request and param "http" ports;
-            // otherwise, if the scheme is "https", compare
-            // the request and param "https" ports
-            if (scheme.equals(HTTP_SCHEME)) {
-                if (!param_http_port.equals(request_port)) {
-                    String uri = ((HttpServletRequest) request).getRequestURI();
-                    if (param_proxy_http_port != null) {
-                        if (!param_proxy_http_port.equals(request_port)) {
-                            msg = "Use HTTP port '" + param_http_port
-                                    + "' or proxy port '" + param_proxy_http_port
-                                    + "' instead of '" + request_port
-                                    + "' when performing " + HTTP_ROLE + " tasks!";
-                            bad_port = true;
-                        }
-                    } else {
-                        msg = "Use HTTP port '" + param_http_port
-                                + "' instead of '" + request_port
-                                + "' when performing " + HTTP_ROLE + " tasks!";
-                        bad_port = true;
-                    }
-                    if (bad_port) {
-                        CMS.debug(filterName + ":  " + msg);
-                        CMS.debug(filterName + ": uri is " + uri);
-                        if ((param_active != null) && (param_active.equals("false"))) {
-                            CMS.debug("Filter is disabled .. continuing");
-                        } else {
-                            resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
-                            return;
-                        }
-                    }
-                }
-            } else if (scheme.equals(HTTPS_SCHEME)) {
-                if (!param_https_port.equals(request_port)) {
-                    String uri = ((HttpServletRequest) request).getRequestURI();
-                    if (param_proxy_port != null) {
-                        if (!param_proxy_port.equals(request_port)) {
-                            msg = "Use HTTPS port '" + param_https_port
-                                    + "' or proxy port '" + param_proxy_port
-                                    + "' instead of '" + request_port
-                                    + "' when performing " + HTTPS_ROLE + " tasks!";
-                            bad_port = true;
-                        }
-                    } else {
-                        msg = "Use HTTPS port '" + param_https_port
-                                + "' instead of '" + request_port
-                                + "' when performing " + HTTPS_ROLE + " tasks!";
-                        bad_port = true;
-                    }
-                    if (bad_port) {
-                        CMS.debug(filterName + ":  " + msg);
-                        CMS.debug(filterName + ": uri is " + uri);
-                        if ((param_active != null) && (param_active.equals("false"))) {
-                            CMS.debug("Filter is disabled .. continuing");
-                        } else {
-                            resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
-                            return;
-                        }
-                    }
-                }
-            }
-
-        }
-        // CMS.debug("Exiting the EE filter");
-
-        chain.doFilter(request, response);
-    }
-
-    public void destroy() {
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java b/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java
deleted file mode 100644
index e9faca86d..000000000
--- a/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java
+++ /dev/null
@@ -1,188 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.key;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.keydb.IKeyRecord;
-import com.netscape.certsrv.dbs.keydb.IKeyRepository;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.kra.IKeyService;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * A class representing a recoverKey servlet. This servlet
- * shows key information and presents a list of text boxes
- * so that recovery agents can type in their identifiers
- * and passwords.
- *
- * @version $Revision$, $Date$
- */
-public class ConfirmRecoverBySerial extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 2221819191344494389L;
-    private final static String INFO = "recoverBySerial";
-    private final static String TPL_FILE =
-            "confirmRecoverBySerial.template";
-
-    private final static String IN_SERIALNO = "serialNumber";
-    private final static String OUT_SERIALNO = IN_SERIALNO;
-    private final static String OUT_OP = "op";
-    private final static String OUT_SERVICE_URL = "serviceURL";
-    private final static String OUT_M = "noOfRequiredAgents";
-    private final static String OUT_ERROR = "errorDetails";
-
-    private IKeyRepository mKeyDB = null;
-    private IKeyService mRecoveryService = null;
-    private String mFormPath = null;
-
-    /**
-     * Constructs ConfirmRecoverBySerial servlet.
-     */
-    public ConfirmRecoverBySerial() {
-        super();
-    }
-
-    /**
-     * Initializes the servlet.
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-        mRecoveryService = (IKeyService) mAuthority;
-        mKeyDB = ((IKeyRecoveryAuthority) mAuthority).getKeyRepository();
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Serves HTTP request. The format of this request is
-     * as follows:
-     * confirmRecoverBySerial?
-     * [serialNumber=<serialno>]
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-
-        // Note that we should try to handle all the exceptions
-        // instead of passing it up back to the servlet
-        // framework.
-
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        authenticate(cmsReq);
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        BigInteger seqNum = BigInteger.ZERO;
-
-        try {
-            if (req.getParameter(IN_SERIALNO) != null) {
-                seqNum = new BigInteger(req.getParameter(IN_SERIALNO));
-            }
-
-            // make sure this page, which contains password
-            // information, is not cache. Too bad, this is
-            // only good for NS browser, not IE specifically.
-            resp.setHeader("pragma", "no-cache");
-
-            process(argSet, header, seqNum, req, resp, locale[0]);
-        } catch (NumberFormatException e) {
-            header.addStringValue(OUT_ERROR,
-                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            resp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-    }
-
-    /**
-     * Requests for a list of agent passwords.
-     */
-    private void process(CMSTemplateParams argSet,
-            IArgBlock header, BigInteger seq,
-            HttpServletRequest req, HttpServletResponse resp,
-            Locale locale) {
-        try {
-            header.addBigIntegerValue(OUT_SERIALNO, seq, 10);
-            header.addIntegerValue(OUT_M,
-                    mRecoveryService.getNoOfRequiredAgents());
-            header.addStringValue(OUT_OP,
-                    req.getParameter(OUT_OP));
-            header.addStringValue(OUT_SERVICE_URL,
-                    req.getRequestURI());
-
-            IKeyRecord rec = mKeyDB.readKeyRecord(seq);
-
-            KeyRecordParser.fillRecordIntoArg(rec, header);
-        } catch (EBaseException e) {
-            header.addStringValue(OUT_ERROR, e.toString(locale));
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java b/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java
deleted file mode 100644
index 03af65c1f..000000000
--- a/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java
+++ /dev/null
@@ -1,195 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.key;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.keydb.IKeyRecord;
-import com.netscape.certsrv.dbs.keydb.IKeyRepository;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Display a specific Key Archival Request
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public class DisplayBySerial extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -537957487396615246L;
-    private final static String INFO = "displayBySerial";
-    private final static String TPL_FILE = "displayBySerial.template";
-
-    private final static String IN_SERIALNO = "serialNumber";
-    private final static String OUT_OP = "op";
-    private final static String OUT_SERVICE_URL = "serviceURL";
-    private final static String OUT_ERROR = "errorDetails";
-
-    private IKeyRepository mKeyDB = null;
-    private String mFormPath = null;
-
-    /**
-     * Constructs displayBySerial servlet.
-     */
-    public DisplayBySerial() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * "displayBySerial.template" to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-        mKeyDB = ((IKeyRecoveryAuthority) mAuthority).getKeyRepository();
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param serialNumber serial number of the key archival request
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "read");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        // Note that we should try to handle all the exceptions
-        // instead of passing it up back to the servlet
-        // framework.
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-        BigInteger seqNum = BigInteger.ZERO;
-
-        try {
-            if (req.getParameter(IN_SERIALNO) != null) {
-                seqNum = new BigInteger(req.getParameter(IN_SERIALNO));
-            }
-            process(argSet, header, seqNum, req, resp, locale[0]);
-        } catch (NumberFormatException e) {
-            header.addStringValue(OUT_ERROR,
-                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            resp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-    }
-
-    /**
-     * Display information about a particular key.
-     */
-    private void process(CMSTemplateParams argSet,
-            IArgBlock header, BigInteger seq,
-            HttpServletRequest req, HttpServletResponse resp,
-            Locale locale) {
-        try {
-            header.addStringValue(OUT_OP,
-                    req.getParameter(OUT_OP));
-            header.addStringValue(OUT_SERVICE_URL,
-                    req.getRequestURI());
-            IKeyRecord rec = mKeyDB.readKeyRecord(seq);
-
-            KeyRecordParser.fillRecordIntoArg(rec, header);
-        } catch (EBaseException e) {
-            header.addStringValue(OUT_ERROR, e.toString(locale));
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java b/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java
deleted file mode 100644
index 48cac3785..000000000
--- a/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java
+++ /dev/null
@@ -1,214 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.key;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.keydb.IKeyRecord;
-import com.netscape.certsrv.dbs.keydb.IKeyRepository;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.kra.IKeyService;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Display a Specific Key Archival Request, and initiate
- * key recovery process
- *
- * @version $Revision$, $Date$
- */
-public class DisplayBySerialForRecovery extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 6876016034084761827L;
-    private final static String INFO = "displayBySerial";
-    private final static String TPL_FILE = "displayBySerialForRecovery.template";
-
-    private final static String IN_SERIALNO = "serialNumber";
-    private final static String OUT_OP = "op";
-    private final static String OUT_SERVICE_URL = "serviceURL";
-    private final static String OUT_ERROR = "errorDetails";
-
-    private IKeyRepository mKeyDB = null;
-    private String mFormPath = null;
-    private IKeyService mService = null;
-
-    /**
-     * Constructor
-     */
-    public DisplayBySerialForRecovery() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * "displayBySerialForRecovery.template" to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mFormPath = "/agent/" + mAuthority.getId() + "/" + TPL_FILE;
-        mKeyDB = ((IKeyRecoveryAuthority) mAuthority).getKeyRepository();
-        mService = (IKeyService) mAuthority;
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param serialNumber request ID of key archival request
-     * <li>http.param publicKeyData
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "read");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        // Note that we should try to handle all the exceptions
-        // instead of passing it up back to the servlet
-        // framework.
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        BigInteger seqNum = BigInteger.ZERO;
-
-        try {
-            if (req.getParameter(IN_SERIALNO) != null) {
-                seqNum = new BigInteger(req.getParameter(IN_SERIALNO));
-            }
-            process(argSet, header,
-                    req.getParameter("publicKeyData"),
-                    seqNum, req, resp, locale[0]);
-        } catch (NumberFormatException e) {
-            header.addStringValue(OUT_ERROR,
-                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
-        } catch (Exception e) {
-            e.printStackTrace();
-            System.out.println(e.toString());
-        }
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            resp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-    }
-
-    /**
-     * Display information about a particular key.
-     */
-    private synchronized void process(CMSTemplateParams argSet,
-            IArgBlock header, String publicKeyData, BigInteger seq,
-            HttpServletRequest req, HttpServletResponse resp,
-            Locale locale) {
-        try {
-            header.addIntegerValue("noOfRequiredAgents",
-                    mService.getNoOfRequiredAgents());
-            header.addStringValue(OUT_OP,
-                    req.getParameter(OUT_OP));
-            header.addStringValue("keySplitting",
-                    CMS.getConfigStore().getString("kra.keySplitting"));
-            header.addStringValue(OUT_SERVICE_URL,
-                    req.getRequestURI());
-            if (publicKeyData != null) {
-                header.addStringValue("publicKeyData",
-                        publicKeyData);
-            }
-            IKeyRecord rec = mKeyDB.readKeyRecord(seq);
-
-            KeyRecordParser.fillRecordIntoArg(rec, header);
-
-            // recovery identifier
-            header.addStringValue("recoveryID", mService.getRecoveryID());
-        } catch (EBaseException e) {
-            header.addStringValue(OUT_ERROR, e.toString(locale));
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java b/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java
deleted file mode 100644
index e59550af3..000000000
--- a/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java
+++ /dev/null
@@ -1,126 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.key;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.security.ITransportKeyUnit;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Retrieve Transport Certificate used to
- * wrap Private key Archival requests
- *
- * @version $Revision$, $Date$
- */
-public class DisplayTransport extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -6509083753395783705L;
-    private final static String INFO = "displayTransport";
-
-    /**
-     * Constructs displayTransport servlet.
-     */
-    public DisplayTransport() {
-        super();
-    }
-
-    /**
-     * Initializes the servlet.
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mTemplates.remove(ICMSRequest.SUCCESS);
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Process the HTTP request.
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "read");
-        } catch (Exception e) {
-            // do nothing for now
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        try {
-            IKeyRecoveryAuthority kra =
-                    (IKeyRecoveryAuthority) mAuthority;
-            ITransportKeyUnit tu = kra.getTransportKeyUnit();
-            org.mozilla.jss.crypto.X509Certificate transportCert =
-                    tu.getCertificate();
-
-            resp.setStatus(HttpServletResponse.SC_OK);
-            resp.setContentType("text/html");
-            String content = "";
-
-            content += "<HTML><PRE>";
-            String mime64 =
-                    "-----BEGIN CERTIFICATE-----\n" +
-                            CMS.BtoA(transportCert.getEncoded()) + "\n" +
-                            "-----END CERTIFICATE-----\n";
-
-            content += mime64;
-            content += "</PRE></HTML>";
-            resp.setContentType("text/html");
-            resp.getOutputStream().write(content.getBytes());
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java b/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java
deleted file mode 100644
index cd3988944..000000000
--- a/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java
+++ /dev/null
@@ -1,240 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.key;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Hashtable;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.keydb.IKeyRecord;
-import com.netscape.certsrv.dbs.keydb.IKeyRepository;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.kra.IKeyService;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * View the Key Recovery Request
- *
- * @version $Revision$, $Date$
- */
-public class ExamineRecovery extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -953282265332774966L;
-    private final static String INFO = "examineRecovery";
-    private final static String TPL_FILE = "examineRecovery.template";
-
-    private final static String OUT_OP = "op";
-    private final static String OUT_SERVICE_URL = "serviceURL";
-
-    private IKeyService mService = null;
-    private String mFormPath = null;
-
-    /**
-     * Constructs EA servlet.
-     */
-    public ExamineRecovery() {
-        super();
-    }
-
-    /**
-     * Initializes the servlet.
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mService = (IKeyService) mAuthority;
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param recoveryID recovery request ID
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-
-    public void process(CMSRequest cmsReq) throws EBaseException {
-
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "read");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        EBaseException error = null;
-
-        try {
-            process(argSet, header,
-                    req.getParameter("recoveryID"),
-                    req, resp, locale[0]);
-        } catch (EBaseException e) {
-            error = e;
-        } catch (Exception e) {
-            error = new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
-        }
-
-        /*
-         catch (NumberFormatException e) {
-         error = eBaseException(
-
-         header.addStringValue(OUT_ERROR,
-         MessageFormatter.getLocalizedString(
-         locale[0],
-         BaseResources.class.getName(),
-         BaseResources.INTERNAL_ERROR_1,
-         e.toString()));
-         }
-         */
-
-        try {
-            if (error == null) {
-                String xmlOutput = req.getParameter("xml");
-                if (xmlOutput != null && xmlOutput.equals("true")) {
-                    outputXML(resp, argSet);
-                } else {
-                    ServletOutputStream out = resp.getOutputStream();
-                    resp.setContentType("text/html");
-                    form.renderOutput(out, argSet);
-                    cmsReq.setStatus(ICMSRequest.SUCCESS);
-                }
-            } else {
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                cmsReq.setError(error);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-    }
-
-    /**
-     * Recovers a key. The p12 will be protected by the password
-     * provided by the administrator.
-     */
-    private void process(CMSTemplateParams argSet,
-            IArgBlock header, String recoveryID,
-            HttpServletRequest req, HttpServletResponse resp,
-            Locale locale)
-            throws EBaseException {
-        try {
-            header.addStringValue(OUT_OP,
-                    req.getParameter(OUT_OP));
-            header.addStringValue(OUT_SERVICE_URL,
-                    req.getRequestURI());
-            header.addStringValue("keySplitting",
-                    CMS.getConfigStore().getString("kra.keySplitting"));
-            Hashtable<String, Object> params = mService.getRecoveryParams(
-                    recoveryID);
-
-            if (params == null) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
-            }
-            String keyID = (String) params.get("keyID");
-            header.addStringValue("serialNumber", keyID);
-            header.addStringValue("recoveryID", recoveryID);
-
-            IKeyRepository mKeyDB =
-                    ((IKeyRecoveryAuthority) mAuthority).getKeyRepository();
-            IKeyRecord rec = mKeyDB.readKeyRecord(new
-                    BigInteger(keyID));
-            KeyRecordParser.fillRecordIntoArg(rec, header);
-
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, "Error e " + e);
-            throw e;
-        }
-
-        /*
-         catch (Exception e) {
-         header.addStringValue(OUT_ERROR, e.toString());
-         }
-         */
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java b/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java
deleted file mode 100644
index 7d24c7ceb..000000000
--- a/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java
+++ /dev/null
@@ -1,236 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.key;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.security.Credential;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Check to see if a Key Recovery Request has been approved
- *
- * @version $Revision$, $Date$
- */
-public class GetApprovalStatus extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -8257339915430654983L;
-    private final static String INFO = "getApprovalStatus";
-    private final static String TPL_FILE = "getApprovalStatus.template";
-    private final static String TPL_FINISH = "finishRecovery.template";
-
-    private final static String OUT_ERROR = "errorDetails";
-    private final static String OUT_STATUS = "status";
-
-    private com.netscape.certsrv.kra.IKeyService mService = null;
-    private String mFormPath = null;
-
-    /**
-     * Constructs getApprovalStatus servlet.
-     */
-    public GetApprovalStatus() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template files
-     * "getApprovalStatus.template" and "finishRecovery.template"
-     * to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        // mFormPath = "/"+authority.getId()+"/"+TPL_FILE;
-        mService = (com.netscape.certsrv.kra.IKeyService) mAuthority;
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param recoveryID request ID to check
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "read");
-        } catch (Exception e) {
-            // do nothing for now
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-        int rComplete = 0;
-
-        // get status and populate argSet
-        try {
-            String recoveryID = req.getParameter("recoveryID");
-
-            header.addStringValue("recoveryID", recoveryID);
-
-            Hashtable<String, Object> params = mService.getRecoveryParams(recoveryID);
-
-            if (params == null) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
-            }
-            header.addStringValue("serialNumber",
-                    (String) params.get("keyID"));
-            header.addStringValue("serialNumberInHex",
-                    new BigInteger((String) params.get("keyID")).toString(16));
-
-            int requiredNumber = mService.getNoOfRequiredAgents();
-
-            header.addIntegerValue("noOfRequiredAgents", requiredNumber);
-
-            Vector<Credential> dc = ((IKeyRecoveryAuthority) mService).getAppAgents(recoveryID);
-            Enumeration<Credential> agents = dc.elements();
-
-            while (agents.hasMoreElements()) {
-                IArgBlock rarg = CMS.createArgBlock();
-
-                rarg.addStringValue("agentName", agents.nextElement().getIdentifier());
-                argSet.addRepeatRecord(rarg);
-            }
-            if (dc.size() >= requiredNumber) {
-                // got all approval, return pk12
-                byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID);
-
-                if (pkcs12 != null) {
-                    rComplete = 1;
-                    header.addStringValue(OUT_STATUS, "complete");
-
-                    /*
-                     mService.destroyRecoveryParams(recoveryID);
-                     try {
-                     resp.setContentType("application/x-pkcs12");
-                     resp.getOutputStream().write(pkcs12);
-                     return;
-                     } catch (IOException e) {
-                     header.addStringValue(OUT_ERROR,
-                     MessageFormatter.getLocalizedString(
-                     locale[0],
-                     BaseResources.class.getName(),
-                     BaseResources.INTERNAL_ERROR_1,
-                     e.toString()));
-                     }
-                     */
-                } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) {
-                    // error in recovery process
-                    header.addStringValue(OUT_ERROR,
-                            ((IKeyRecoveryAuthority) mService).getError(recoveryID));
-                    rComplete = 1;
-                } else {
-                    // pk12 hasn't been created yet.
-                }
-            }
-        } catch (EBaseException e) {
-            header.addStringValue(OUT_ERROR, e.toString(locale[0]));
-            rComplete = 1;
-        }
-
-        try {
-            if (rComplete == 1) {
-                mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FINISH;
-            } else {
-                mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FILE;
-            }
-            if (mOutputTemplatePath != null)
-                mFormPath = mOutputTemplatePath;
-            try {
-                form = getTemplate(mFormPath, req, locale);
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-            }
-
-            ServletOutputStream out = resp.getOutputStream();
-
-            resp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java b/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java
deleted file mode 100644
index 773b91e65..000000000
--- a/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java
+++ /dev/null
@@ -1,265 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.key;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Get the recovered key in PKCS#12 format
- * - for asynchronous key recovery only
- *
- */
-public class GetAsyncPk12 extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 6933634840339605800L;
-
-    private final static String INFO = "getAsyncPk12";
-
-    private final static String TPL_FILE = "finishAsyncRecovery.template";
-
-    private final static String IN_PASSWORD = "p12Password";
-    private final static String IN_PASSWORD_AGAIN = "p12PasswordAgain";
-    private final static String OUT_ERROR = "errorDetails";
-
-    private com.netscape.certsrv.kra.IKeyService mService = null;
-
-    private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS =
-            "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
-
-    private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE =
-            "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
-
-    private String mFormPath = null;
-
-    /**
-     * Constructs getAsyncPk12 servlet.
-     */
-    public GetAsyncPk12() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * "finishAsyncRecovery.template" to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mFormPath = "/agent/" + mAuthority.getId() + "/" + TPL_FILE;
-        mService = (com.netscape.certsrv.kra.IKeyService) mAuthority;
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param reqID request id for recovery
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-        String auditMessage = null;
-        String agent = null;
-        String reqID = null;
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "download");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        // get status and populate argSet
-        try {
-            reqID = req.getParameter("reqID");
-            header.addStringValue("reqID", reqID);
-
-            // only the init DRM agent can get the pkcs12
-            SessionContext sContext = SessionContext.getContext();
-
-            if (sContext != null) {
-                agent = (String) sContext.get(SessionContext.USER_ID);
-            }
-
-            if (agent == null) {
-                CMS.debug("GetAsyncPk12::process() - agent is null!");
-                throw new EBaseException("agent is null");
-            }
-
-            String initAgent = "undefined";
-            initAgent = mService.getInitAgentAsyncKeyRecovery(reqID);
-
-            if ((initAgent.equals("undefined")) || !agent.equals(initAgent)) {
-                log(ILogger.LL_SECURITY,
-                        CMS.getLogMessage("CMSGW_INVALID_AGENT_ASYNC_3",
-                                reqID, initAgent));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_INVALID_AGENT_ASYNC",
-                                reqID, initAgent));
-            }
-
-            // The async recovery request must be in "approved" state
-            //  i.e. all required # of recovery agents approved
-            if (mService.isApprovedAsyncKeyRecovery(reqID) != true) {
-                CMS.debug("GetAsyncPk12::process() - # required recovery agents not met");
-                throw new EBaseException("# required recovery agents not met");
-            }
-
-            String password = req.getParameter(IN_PASSWORD);
-            String passwordAgain = req.getParameter(IN_PASSWORD_AGAIN);
-
-            if (password == null || password.equals("")) {
-                header.addStringValue(OUT_ERROR, "PKCS12 password not found");
-                throw new EBaseException("PKCS12 password not found");
-            }
-            if (passwordAgain == null || !passwordAgain.equals(password)) {
-                header.addStringValue(OUT_ERROR, "PKCS12 password not matched");
-                throw new EBaseException("PKCS12 password not matched");
-            }
-
-            // got all approval, return pk12
-            byte pkcs12[] = mService.doKeyRecovery(reqID, password);
-
-            if (pkcs12 != null) {
-                try {
-                    resp.setContentType("application/x-pkcs12");
-                    resp.getOutputStream().write(pkcs12);
-                    mRenderResult = false;
-
-                    auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
-                            agent,
-                            ILogger.SUCCESS,
-                            reqID,
-                            "");
-
-                    audit(auditMessage);
-
-                    return;
-                } catch (IOException e) {
-                    header.addStringValue(OUT_ERROR,
-                            CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
-                }
-            } else if (((IKeyRecoveryAuthority) mService).getError(reqID) != null) {
-                // error in recovery process
-                header.addStringValue(OUT_ERROR,
-                        ((IKeyRecoveryAuthority) mService).getError(reqID));
-            } else {
-                // pk12 hasn't been created yet. Shouldn't get here
-            }
-        } catch (EBaseException e) {
-            header.addStringValue(OUT_ERROR, e.toString(locale[0]));
-        }
-
-        if ((agent != null) && (reqID != null)) {
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
-                    agent,
-                    ILogger.FAILURE,
-                    reqID,
-                    "");
-
-            audit(auditMessage);
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            resp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/key/GetPk12.java b/base/common/src/com/netscape/cms/servlet/key/GetPk12.java
deleted file mode 100644
index c79a82f4d..000000000
--- a/base/common/src/com/netscape/cms/servlet/key/GetPk12.java
+++ /dev/null
@@ -1,259 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.key;
-
-import java.io.IOException;
-import java.util.Hashtable;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Get the recovered key in PKCS#12 format
- *
- * @version $Revision$, $Date$
- */
-public class GetPk12 extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 8974964964333880697L;
-
-    private final static String INFO = "getPk12";
-
-    private final static String TPL_FILE = "finishRecovery.template";
-
-    private final static String OUT_ERROR = "errorDetails";
-
-    private com.netscape.certsrv.kra.IKeyService mService = null;
-
-    private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS =
-            "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
-
-    private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE =
-            "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
-
-    private String mFormPath = null;
-
-    /**
-     * Constructs getPk12 servlet.
-     */
-    public GetPk12() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * "finishRecovery.template" to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mFormPath = "/agent/" + mAuthority.getId() + "/" + TPL_FILE;
-        mService = (com.netscape.certsrv.kra.IKeyService) mAuthority;
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param recoveryID ID of request to recover
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-        String auditMessage = null;
-        String recoveryID = null;
-        String agent = null;
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "download");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        // get status and populate argSet
-        try {
-            recoveryID = req.getParameter("recoveryID");
-
-            header.addStringValue("recoveryID", recoveryID);
-
-            Hashtable<String, Object> params = mService.getRecoveryParams(recoveryID);
-
-            if (params == null) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
-            }
-
-            // only the init DRM agent can get the pkcs12
-            SessionContext sContext = SessionContext.getContext();
-            if (sContext != null) {
-                agent = (String) sContext.get(SessionContext.USER_ID);
-            }
-
-            if (agent == null) {
-                CMS.debug("GetPk12::process() - agent is null!");
-                throw new EBaseException("agent is null");
-            }
-
-            String initAgent = (String) params.get("agent");
-
-            if (!agent.equals(initAgent)) {
-                log(ILogger.LL_SECURITY,
-
-                CMS.getLogMessage("CMSGW_INVALID_AGENT_3",
-                        recoveryID,
-                        initAgent));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_INVALID_AGENT",
-                                agent, initAgent, recoveryID));
-            }
-
-            header.addStringValue("serialNumber",
-                    (String) params.get("keyID"));
-
-            // got all approval, return pk12
-            byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID);
-
-            if (pkcs12 != null) {
-                mService.destroyRecoveryParams(recoveryID);
-                try {
-                    resp.setContentType("application/x-pkcs12");
-                    resp.getOutputStream().write(pkcs12);
-                    mRenderResult = false;
-
-                    auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
-                            agent,
-                            ILogger.SUCCESS,
-                            recoveryID,
-                            "");
-
-                    audit(auditMessage);
-
-                    return;
-                } catch (IOException e) {
-                    header.addStringValue(OUT_ERROR,
-                            CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
-                }
-            } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) {
-                // error in recovery process
-                header.addStringValue(OUT_ERROR,
-                        ((IKeyRecoveryAuthority) mService).getError(recoveryID));
-            } else {
-                // pk12 hasn't been created yet. Shouldn't get here
-            }
-        } catch (EBaseException e) {
-            header.addStringValue(OUT_ERROR, e.toString(locale[0]));
-        }
-
-        if ((agent != null) && (recoveryID != null)) {
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
-                    agent,
-                    ILogger.FAILURE,
-                    recoveryID,
-                    "");
-
-            audit(auditMessage);
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            resp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java b/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java
deleted file mode 100644
index 410039133..000000000
--- a/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java
+++ /dev/null
@@ -1,274 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2010 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.key;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.kra.IKeyService;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Approve an asynchronous key recovery request
- *
- */
-public class GrantAsyncRecovery extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -4200111795169532676L;
-    private final static String INFO = "grantAsyncRecovery";
-    private final static String TPL_FILE = "grantAsyncRecovery.template";
-
-    private final static String OUT_OP = "op";
-    private final static String OUT_SERVICE_URL = "serviceURL";
-    private final static String OUT_ERROR = "errorDetails";
-
-    private IKeyService mService = null;
-    private String mFormPath = null;
-
-    private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN =
-            "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4";
-
-    /**
-     * Constructs EA servlet.
-     */
-    public GrantAsyncRecovery() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * 'grantAsyncRecovery.template' to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-        mService = (IKeyService) mAuthority;
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param reqID request ID of the request to approve
-     * <li>http.param agentID User ID of the agent approving the request
-     *
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        CMS.debug("GrantAsyncRecovery: process() begins");
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "recover");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        String agentID = authToken.getInString("uid");
-        CMS.debug("GrantAsyncRecovery: process() agent uid=" + agentID);
-        CMS.debug("GrantAsyncRecovery: process() request id=" + req.getParameter("reqID"));
-        try {
-            process(argSet, header,
-                    req.getParameter("reqID"),
-                    agentID,
-                    req, resp, locale[0]);
-        } catch (NumberFormatException e) {
-            header.addStringValue(OUT_ERROR,
-                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
-        }
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            resp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-    }
-
-    /**
-     * Update agent approval list
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used whenever DRM agents login as recovery agents
-     * to approve key recovery requests
-     * </ul>
-     *
-     * @param argSet CMS template parameters
-     * @param header argument block
-     * @param reqID string containing the recovery request ID
-     * @param agentID string containing the agent ID
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @param locale the system locale
-     */
-    private void process(CMSTemplateParams argSet,
-            IArgBlock header, String reqID,
-            String agentID,
-            HttpServletRequest req, HttpServletResponse resp,
-            Locale locale) {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditRequestID = reqID;
-        String auditAgentID = agentID;
-
-        // "normalize" the "reqID"
-        if (auditRequestID != null) {
-            auditRequestID = auditRequestID.trim();
-
-            if (auditRequestID.equals("")) {
-                auditRequestID = ILogger.UNIDENTIFIED;
-            }
-        } else {
-            auditRequestID = ILogger.UNIDENTIFIED;
-        }
-
-        // "normalize" the "auditAgentID"
-        if (auditAgentID != null) {
-            auditAgentID = auditAgentID.trim();
-
-            if (auditAgentID.equals("")) {
-                auditAgentID = ILogger.UNIDENTIFIED;
-            }
-        } else {
-            auditAgentID = ILogger.UNIDENTIFIED;
-        }
-
-        try {
-            header.addStringValue(OUT_OP,
-                    req.getParameter(OUT_OP));
-            header.addStringValue(OUT_SERVICE_URL,
-                    req.getRequestURI());
-
-            // update approving agent list
-            mService.addAgentAsyncKeyRecovery(reqID, agentID);
-
-            header.addStringValue("requestID", reqID);
-            header.addStringValue("agentID", agentID);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditRequestID,
-                        auditAgentID);
-
-            audit(auditMessage);
-
-        } catch (EBaseException e) {
-            header.addStringValue(OUT_ERROR, e.toString(locale));
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequestID,
-                        auditAgentID);
-
-            audit(auditMessage);
-        } catch (Exception e) {
-            header.addStringValue(OUT_ERROR, e.toString());
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequestID,
-                        auditAgentID);
-
-            audit(auditMessage);
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java b/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java
deleted file mode 100644
index 9d57fbe7c..000000000
--- a/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java
+++ /dev/null
@@ -1,303 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.key;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Hashtable;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.kra.IKeyService;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Approve a key recovery request
- *
- * @version $Revision$, $Date$
- */
-public class GrantRecovery extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 991970686415492L;
-    private final static String INFO = "grantRecovery";
-    private final static String TPL_FILE = "grantRecovery.template";
-
-    private final static String OUT_OP = "op";
-    private final static String OUT_SERVICE_URL = "serviceURL";
-    private final static String OUT_ERROR = "errorDetails";
-
-    private IKeyService mService = null;
-    private String mFormPath = null;
-
-    private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN =
-            "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4";
-
-    /**
-     * Constructs EA servlet.
-     */
-    public GrantRecovery() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * 'grantRecovery.template' to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-        mService = (IKeyService) mAuthority;
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param recoveryID ID of the request to approve
-     * <li>http.param agentID User ID of the agent approving the request
-     * <li>http.param agentPWD Password of the agent approving the request
-     *
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "recover");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        String agentID = authToken.getInString("uid");
-        if (CMS.getConfigStore().getBoolean("kra.keySplitting")) {
-            agentID = req.getParameter("agentID");
-        }
-        try {
-            process(argSet, header,
-                    req.getParameter("recoveryID"),
-                    agentID,
-                    req.getParameter("agentPWD"),
-                    req, resp, locale[0]);
-        } catch (NumberFormatException e) {
-            header.addStringValue(OUT_ERROR,
-                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
-        }
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            resp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-    }
-
-    /**
-     * Recovers a key. The p12 will be protected by the password
-     * provided by the administrator.
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used whenever DRM agents login as recovery agents
-     * to approve key recovery requests
-     * </ul>
-     *
-     * @param argSet CMS template parameters
-     * @param header argument block
-     * @param recoveryID string containing the recovery ID
-     * @param agentID string containing the agent ID
-     * @param agentPWD string containing the agent password
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @param locale the system locale
-     */
-    private void process(CMSTemplateParams argSet,
-            IArgBlock header, String recoveryID,
-            String agentID, String agentPWD,
-            HttpServletRequest req, HttpServletResponse resp,
-            Locale locale) {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditRecoveryID = recoveryID;
-        String auditAgentID = agentID;
-
-        // "normalize" the "auditRecoveryID"
-        if (auditRecoveryID != null) {
-            auditRecoveryID = auditRecoveryID.trim();
-
-            if (auditRecoveryID.equals("")) {
-                auditRecoveryID = ILogger.UNIDENTIFIED;
-            }
-        } else {
-            auditRecoveryID = ILogger.UNIDENTIFIED;
-        }
-
-        // "normalize" the "auditAgentID"
-        if (auditAgentID != null) {
-            auditAgentID = auditAgentID.trim();
-
-            if (auditAgentID.equals("")) {
-                auditAgentID = ILogger.UNIDENTIFIED;
-            }
-        } else {
-            auditAgentID = ILogger.UNIDENTIFIED;
-        }
-
-        try {
-            header.addStringValue(OUT_OP,
-                    req.getParameter(OUT_OP));
-            header.addStringValue(OUT_SERVICE_URL,
-                    req.getRequestURI());
-
-            Hashtable<String, Object> h = mService.getRecoveryParams(recoveryID);
-
-            if (h == null) {
-                header.addStringValue(OUT_ERROR,
-                        "No such token found");
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRecoveryID,
-                            auditAgentID);
-
-                audit(auditMessage);
-
-                return;
-            }
-            header.addStringValue("serialNumber",
-                    (String) h.get("keyID"));
-            header.addStringValue("serialNumberInHex",
-                    new BigInteger((String) h.get("keyID")).toString(16));
-
-            mService.addDistributedCredential(recoveryID, agentID, agentPWD);
-            header.addStringValue("agentID",
-                    agentID);
-            header.addStringValue("recoveryID",
-                    recoveryID);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditRecoveryID,
-                        auditAgentID);
-
-            audit(auditMessage);
-
-        } catch (EBaseException e) {
-            header.addStringValue(OUT_ERROR, e.toString(locale));
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRecoveryID,
-                        auditAgentID);
-
-            audit(auditMessage);
-        } catch (Exception e) {
-            header.addStringValue(OUT_ERROR, e.toString());
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRecoveryID,
-                        auditAgentID);
-
-            audit(auditMessage);
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java b/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java
deleted file mode 100644
index 256f72879..000000000
--- a/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java
+++ /dev/null
@@ -1,102 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.key;
-
-import java.util.Date;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IPrettyPrintFormat;
-import com.netscape.certsrv.base.MetaInfo;
-import com.netscape.certsrv.dbs.keydb.IKeyRecord;
-
-/**
- * Output a 'pretty print' of a Key Archival record
- *
- * @version $Revision$, $Date$
- */
-public class KeyRecordParser {
-
-    public final static String OUT_STATE = "state";
-    public final static String OUT_OWNER_NAME = "ownerName";
-    public final static String OUT_SERIALNO = "serialNumber";
-    public final static String OUT_SERIALNO_IN_HEX = "serialNumberInHex";
-    public final static String OUT_KEY_ALGORITHM = "keyAlgorithm";
-    public final static String OUT_PUBLIC_KEY = "publicKey";
-    public final static String OUT_KEY_LEN = "keyLength";
-    public final static String OUT_KEY_EC_CURVE = "EllipticCurve";
-    public final static String OUT_ARCHIVED_BY = "archivedBy";
-    public final static String OUT_ARCHIVED_ON = "archivedOn";
-    public final static String OUT_RECOVERED_BY = "recoveredBy";
-    public final static String OUT_RECOVERED_ON = "recoveredOn";
-
-    /**
-     * Fills key record into argument block.
-     */
-    public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg)
-            throws EBaseException {
-        if (rec == null)
-            return;
-        rarg.addStringValue(OUT_STATE,
-                rec.getState().toString());
-        rarg.addStringValue(OUT_OWNER_NAME,
-                rec.getOwnerName());
-        rarg.addBigIntegerValue(OUT_SERIALNO,
-                rec.getSerialNumber(), 10);
-        rarg.addBigIntegerValue(OUT_SERIALNO_IN_HEX,
-                rec.getSerialNumber(), 16);
-        rarg.addStringValue(OUT_KEY_ALGORITHM,
-                rec.getAlgorithm());
-        // Possible Enhancement: sun's BASE64Encode is not
-        // fast. We may may to have our native implmenetation.
-        IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":");
-
-        rarg.addStringValue(OUT_PUBLIC_KEY,
-                pp.toHexString(rec.getPublicKeyData(), 0, 20));
-        Integer keySize = rec.getKeySize();
-
-        if (keySize == null) {
-            rarg.addIntegerValue(OUT_KEY_LEN, 512);
-        } else {
-            rarg.addIntegerValue(OUT_KEY_LEN, keySize.intValue());
-        }
-
-        // handles EC
-        MetaInfo metaInfo = rec.getMetaInfo();
-        if (metaInfo != null) {
-            String curve = (String)metaInfo.get(OUT_KEY_EC_CURVE);
-            if (curve != null) {
-                rarg.addStringValue(OUT_KEY_EC_CURVE, curve);
-            }
-        }
-
-        rarg.addStringValue(OUT_ARCHIVED_BY,
-                rec.getArchivedBy());
-        rarg.addLongValue(OUT_ARCHIVED_ON,
-                rec.getCreateTime().getTime() / 1000);
-        Date dateOfRevocation[] = rec.getDateOfRevocation();
-
-        if (dateOfRevocation != null) {
-            rarg.addStringValue(OUT_RECOVERED_BY,
-                    "null");
-            rarg.addStringValue(OUT_RECOVERED_ON,
-                    "null");
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyRequestDAO.java b/base/common/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
deleted file mode 100644
index bef0455a9..000000000
--- a/base/common/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
+++ /dev/null
@@ -1,263 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2011 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.key;
-
-import java.util.Collection;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.List;
-
-import javax.ws.rs.Path;
-import javax.ws.rs.core.UriBuilder;
-import javax.ws.rs.core.UriInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.dbs.keydb.IKeyRecord;
-import com.netscape.certsrv.dbs.keydb.IKeyRepository;
-import com.netscape.certsrv.dbs.keydb.KeyId;
-import com.netscape.certsrv.key.KeyArchivalRequest;
-import com.netscape.certsrv.key.KeyRecoveryRequest;
-import com.netscape.certsrv.key.KeyRequestInfo;
-import com.netscape.certsrv.key.KeyRequestInfos;
-import com.netscape.certsrv.key.KeyRequestResource;
-import com.netscape.certsrv.key.KeyResource;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.request.CMSRequestInfo;
-import com.netscape.certsrv.request.CMSRequestInfos;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.request.CMSRequestDAO;
-
-/**
- * @author alee
- *
- */
-public class KeyRequestDAO extends CMSRequestDAO {
-
-    private static String REQUEST_ARCHIVE_OPTIONS = IEnrollProfile.REQUEST_ARCHIVE_OPTIONS;
-    public static final String ATTR_SERIALNO = "serialNumber";
-
-    private IKeyRepository repo;
-    private IKeyRecoveryAuthority kra;
-
-    public KeyRequestDAO() {
-        super("kra");
-        kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" );
-        repo = kra.getKeyRepository();
-    }
-
-    /**
-     * Finds list of requests matching the specified search filter.
-     *
-     * If the filter corresponds to a VLV search, then that search is executed and the pageSize
-     * and start parameters are used. Otherwise, the maxResults and maxTime parameters are
-     * used in the regularly indexed search.
-     *
-     * @param filter - ldap search filter
-     * @param start - start position for VLV search
-     * @param pageSize - page size for VLV search
-     * @param maxResults - max results to be returned in normal search
-     * @param maxTime - max time for normal search
-     * @param uriInfo - uri context of request
-     * @return collection of key request info
-     * @throws EBaseException
-     */
-    @SuppressWarnings("unchecked")
-    public KeyRequestInfos listRequests(String filter, RequestId start, int pageSize, int maxResults, int maxTime,
-            UriInfo uriInfo) throws EBaseException {
-
-        KeyRequestInfos ret = new KeyRequestInfos();
-
-        CMSRequestInfos cmsInfos = listCMSRequests(filter, start, pageSize, maxResults, maxTime, uriInfo);
-
-        Collection<? extends CMSRequestInfo> cmsList = cmsInfos.getRequests();
-
-        // We absolutely know 100% that this list is a list
-        // of KeyRequestInfo objects. This is because the method
-        // createCMSRequestInfo. Is the only one adding to it
-
-        List<KeyRequestInfo> list = (List<KeyRequestInfo>) cmsList;
-        ret.setRequests(list);
-
-        ret.setLinks(cmsInfos.getLinks());
-
-        return ret;
-    }
-
-    /**
-     * Gets info for a specific request
-     *
-     * @param id
-     * @return info for specific request
-     * @throws EBaseException
-     */
-    public KeyRequestInfo getRequest(RequestId id, UriInfo uriInfo) throws EBaseException {
-        IRequest request = queue.findRequest(id);
-        if (request == null) {
-            return null;
-        }
-        KeyRequestInfo info = createKeyRequestInfo(request, uriInfo);
-        return info;
-    }
-
-    /**
-     * Submits an archival request and processes it.
-     *
-     * @param data
-     * @return info for the request submitted.
-     * @throws EBaseException
-     */
-    public KeyRequestInfo submitRequest(KeyArchivalRequest data, UriInfo uriInfo) throws EBaseException {
-        String clientId = data.getClientId();
-        String wrappedSecurityData = data.getWrappedPrivateData();
-        String dataType = data.getDataType();
-
-        boolean keyExists = doesKeyExist(clientId, "active", uriInfo);
-
-        if (keyExists == true) {
-            throw new EBaseException("Can not archive already active existing key!");
-        }
-
-        IRequest request = queue.newRequest(IRequest.SECURITY_DATA_ENROLLMENT_REQUEST);
-
-        request.setExtData(REQUEST_ARCHIVE_OPTIONS, wrappedSecurityData);
-        request.setExtData(IRequest.SECURITY_DATA_CLIENT_ID, clientId);
-        request.setExtData(IRequest.SECURITY_DATA_TYPE, dataType);
-
-        queue.processRequest(request);
-
-        queue.markAsServiced(request);
-
-        return createKeyRequestInfo(request, uriInfo);
-    }
-
-    /**
-     * Submits a key recovery request.
-     *
-     * @param data
-     * @return info on the recovery request created
-     * @throws EBaseException
-     */
-    public KeyRequestInfo submitRequest(KeyRecoveryRequest data, UriInfo uriInfo) throws EBaseException {
-        // set data using request.setExtData(field, data)
-
-        String wrappedSessionKeyStr = data.getTransWrappedSessionKey();
-        String wrappedPassPhraseStr = data.getSessionWrappedPassphrase();
-        String nonceDataStr = data.getNonceData();
-
-        IRequest request = queue.newRequest(IRequest.SECURITY_DATA_RECOVERY_REQUEST);
-
-        KeyId keyId = data.getKeyId();
-
-        Hashtable<String, Object> requestParams;
-
-        requestParams = ((IKeyRecoveryAuthority) authority).createVolatileRequest(request.getRequestId());
-
-        if (requestParams == null) {
-            throw new EBaseException("Can not create Volatile params in submitRequest!");
-        }
-
-        CMS.debug("Create volatile  params for recovery request. " + requestParams);
-
-        if (wrappedPassPhraseStr != null) {
-            requestParams.put(IRequest.SECURITY_DATA_SESS_PASS_PHRASE, wrappedPassPhraseStr);
-        }
-
-        if (wrappedSessionKeyStr != null) {
-            requestParams.put(IRequest.SECURITY_DATA_TRANS_SESS_KEY, wrappedSessionKeyStr);
-        }
-
-        if (nonceDataStr != null) {
-            requestParams.put(IRequest.SECURITY_DATA_IV_STRING_IN, nonceDataStr);
-        }
-
-        request.setExtData(ATTR_SERIALNO, keyId.toString());
-
-        queue.processRequest(request);
-
-        return createKeyRequestInfo(request, uriInfo);
-    }
-
-    public void approveRequest(RequestId id) throws EBaseException {
-        IRequest request = queue.findRequest(id);
-        request.setRequestStatus(RequestStatus.APPROVED);
-        queue.updateRequest(request);
-    }
-
-    public void rejectRequest(RequestId id) throws EBaseException {
-        IRequest request = queue.findRequest(id);
-        request.setRequestStatus(RequestStatus.CANCELED);
-        queue.updateRequest(request);
-    }
-
-    public void cancelRequest(RequestId id) throws EBaseException {
-        IRequest request = queue.findRequest(id);
-        request.setRequestStatus(RequestStatus.REJECTED);
-        queue.updateRequest(request);
-    }
-
-    private KeyRequestInfo createKeyRequestInfo(IRequest request, UriInfo uriInfo) {
-        KeyRequestInfo ret = new KeyRequestInfo();
-
-        ret.setRequestType(request.getRequestType());
-        ret.setRequestStatus(request.getRequestStatus());
-
-        Path keyRequestPath = KeyRequestResource.class.getAnnotation(Path.class);
-        RequestId rid = request.getRequestId();
-
-        UriBuilder reqBuilder = uriInfo.getBaseUriBuilder();
-        reqBuilder.path(keyRequestPath.value() + "/" + rid);
-        ret.setRequestURL(reqBuilder.build().toString());
-
-        Path keyPath = KeyResource.class.getAnnotation(Path.class);
-        String kid = request.getExtDataInString("keyrecord");
-
-        UriBuilder keyBuilder = uriInfo.getBaseUriBuilder();
-        keyBuilder.path(keyPath.value() + "/" + kid);
-        ret.setKeyURL(keyBuilder.build().toString());
-
-        return ret;
-    }
-
-    @Override
-    public KeyRequestInfo createCMSRequestInfo(IRequest request, UriInfo uriInfo) {
-        return createKeyRequestInfo(request, uriInfo);
-    }
-
-    //We only care if the key exists or not
-    private boolean doesKeyExist(String clientId, String keyStatus, UriInfo uriInfo) {
-        String state = "active";
-        String filter = "(&(" + IRequest.SECURITY_DATA_CLIENT_ID + "=" + clientId + ")"
-                + "(" + IRequest.SECURITY_DATA_STATUS + "=" + state + "))";
-        try {
-            Enumeration<IKeyRecord> existingKeys = null;
-
-            existingKeys = repo.searchKeys(filter, 1, 10);
-            if (existingKeys != null && existingKeys.hasMoreElements()) {
-                return true;
-            }
-        } catch (EBaseException e) {
-            return false;
-        }
-
-        return false;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyService.java b/base/common/src/com/netscape/cms/servlet/key/KeyService.java
deleted file mode 100644
index f642417e2..000000000
--- a/base/common/src/com/netscape/cms/servlet/key/KeyService.java
+++ /dev/null
@@ -1,372 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2011 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-
-package com.netscape.cms.servlet.key;
-
-
-import java.math.BigInteger;
-import java.util.Enumeration;
-import java.util.Hashtable;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Request;
-import javax.ws.rs.core.UriBuilder;
-import javax.ws.rs.core.UriInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.BadRequestException;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.HTTPGoneException;
-import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.base.UnauthorizedException;
-import com.netscape.certsrv.dbs.keydb.IKeyRecord;
-import com.netscape.certsrv.dbs.keydb.IKeyRepository;
-import com.netscape.certsrv.dbs.keydb.KeyId;
-import com.netscape.certsrv.key.KeyData;
-import com.netscape.certsrv.key.KeyDataInfo;
-import com.netscape.certsrv.key.KeyDataInfos;
-import com.netscape.certsrv.key.KeyRecoveryRequest;
-import com.netscape.certsrv.key.KeyRequestInfo;
-import com.netscape.certsrv.key.KeyResource;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.base.PKIService;
-import com.netscape.cmsutil.ldap.LDAPUtil;
-
-/**
- * @author alee
- *
- */
-public class KeyService extends PKIService implements KeyResource {
-
-    @Context
-    private UriInfo uriInfo;
-
-    @Context
-    private HttpHeaders headers;
-
-    @Context
-    private Request request;
-
-    @Context
-    private HttpServletRequest servletRequest;
-
-    private IKeyRepository repo;
-    private IKeyRecoveryAuthority kra;
-    private IRequestQueue queue;
-
-    private final static String LOGGING_SIGNED_AUDIT_SECURITY_DATA_RETRIEVE_KEY =
-            "LOGGING_SIGNED_AUDIT_SECURITY_DATA_RETRIEVE_KEY_5";
-
-    public static final int DEFAULT_MAXRESULTS = 100;
-    public static final int DEFAULT_MAXTIME = 10;
-
-    public KeyService() {
-        kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" );
-        repo = kra.getKeyRepository();
-        queue = kra.getRequestQueue();
-    }
-
-    /**
-     * Used to retrieve a key
-     * @param data
-     * @return
-     */
-    public KeyData retrieveKey(KeyRecoveryRequest data) {
-        // auth and authz
-        KeyId keyId = validateRequest(data);
-        RequestId requestID = data.getRequestId();
-        KeyData keyData;
-        try {
-            keyData = getKey(keyId, data);
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            auditRetrieveKey(ILogger.FAILURE, requestID, keyId, e.getMessage());
-            throw new PKIException(e.getMessage());
-        }
-        if (keyData == null) {
-            // no key record
-            auditRetrieveKey(ILogger.FAILURE, requestID, keyId, "No key record");
-            throw new HTTPGoneException("No key record.");
-        }
-        auditRetrieveKey(ILogger.SUCCESS, requestID, keyId, "None");
-        return keyData;
-    }
-
-    // retrieval - used to test integration with a browser
-    public KeyData retrieveKey(MultivaluedMap<String, String> form) {
-        KeyRecoveryRequest data = new KeyRecoveryRequest(form);
-        return retrieveKey(data);
-    }
-
-    public KeyData getKey(KeyId keyId, KeyRecoveryRequest data) throws EBaseException {
-        KeyData keyData;
-
-        RequestId rId = data.getRequestId();
-
-        String transWrappedSessionKey;
-        String sessionWrappedPassphrase;
-
-        IRequest request = queue.findRequest(rId);
-
-        if (request == null) {
-            return null;
-        }
-
-     // get wrapped key
-        IKeyRecord rec = repo.readKeyRecord(keyId.toBigInteger());
-        if (rec == null) {
-            return null;
-        }
-
-        Hashtable<String, Object> requestParams = kra.getVolatileRequest(
-                request.getRequestId());
-
-        if(requestParams == null) {
-            auditRetrieveKey(ILogger.FAILURE, rId, keyId, "cannot obtain volatile requestParams");
-            throw new EBaseException("Can't obtain Volatile requestParams in getKey!");
-        }
-
-        String sessWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_SESS_WRAPPED_DATA);
-        String passWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_PASS_WRAPPED_DATA);
-        String nonceData = (String) requestParams.get(IRequest.SECURITY_DATA_IV_STRING_OUT);
-
-        if (sessWrappedKeyData != null || passWrappedKeyData != null) {
-            //The recovery process has already placed a valid recovery
-            //package, either session key wrapped or pass wrapped, into the request.
-            //Request already has been processed.
-            keyData = new KeyData();
-
-        } else {
-            // The request has not yet been processed, let's see if the RecoveryRequestData contains
-            // the info now needed to process the recovery request.
-
-            transWrappedSessionKey   = data.getTransWrappedSessionKey();
-            sessionWrappedPassphrase = data.getSessionWrappedPassphrase();
-            nonceData = data.getNonceData();
-
-            if (transWrappedSessionKey == null) {
-                //There must be at least a transWrappedSessionKey input provided.
-                //The command AND the request have provided insufficient data, end of the line.
-                auditRetrieveKey(ILogger.FAILURE, rId, keyId, "insufficient input data");
-                throw new EBaseException("Can't retrieve key, insufficient input data!");
-            }
-
-            if (sessionWrappedPassphrase != null) {
-                requestParams.put(IRequest.SECURITY_DATA_SESS_PASS_PHRASE, sessionWrappedPassphrase);
-            }
-
-            if (transWrappedSessionKey != null) {
-                requestParams.put(IRequest.SECURITY_DATA_TRANS_SESS_KEY, transWrappedSessionKey);
-            }
-
-            if (nonceData != null) {
-                requestParams.put(IRequest.SECURITY_DATA_IV_STRING_IN, nonceData);
-            }
-
-            try {
-                // Has to be in this state or it won't go anywhere.
-                request.setRequestStatus(RequestStatus.BEGIN);
-                queue.processRequest(request);
-            } catch (EBaseException e) {
-                kra.destroyVolatileRequest(request.getRequestId());
-                throw new EBaseException(e.toString());
-            }
-
-            nonceData = null;
-            keyData = new KeyData();
-
-            sessWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_SESS_WRAPPED_DATA);
-            passWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_PASS_WRAPPED_DATA);
-            nonceData = (String) requestParams.get(IRequest.SECURITY_DATA_IV_STRING_OUT);
-
-        }
-
-        if (sessWrappedKeyData != null) {
-            keyData.setWrappedPrivateData(sessWrappedKeyData);
-        }
-        if (passWrappedKeyData != null) {
-            keyData.setWrappedPrivateData(passWrappedKeyData);
-        }
-        if (nonceData != null) {
-            keyData.setNonceData(nonceData);
-        }
-
-        kra.destroyVolatileRequest(request.getRequestId());
-
-        queue.markAsServiced(request);
-
-        return keyData;
-    }
-
-    private KeyId validateRequest(KeyRecoveryRequest data) {
-
-        // confirm request exists
-        RequestId reqId = data.getRequestId();
-        if (reqId == null) {
-            auditRetrieveKey(ILogger.FAILURE, null, null, "Request id not found");
-            // log error
-            throw new BadRequestException("Request id not found.");
-        }
-
-        // confirm that at least one wrapping method exists
-        // There must be at least the wrapped session key method.
-        if ((data.getTransWrappedSessionKey() == null)) {
-            auditRetrieveKey(ILogger.FAILURE, reqId, null, "No wrapping method found");
-            // log error
-            throw new BadRequestException("No wrapping method found.");
-        }
-
-        KeyRequestDAO reqDAO = new KeyRequestDAO();
-        KeyRequestInfo reqInfo;
-        try {
-            reqInfo = reqDAO.getRequest(reqId, uriInfo);
-        } catch (EBaseException e1) {
-            auditRetrieveKey(ILogger.FAILURE, reqId, null, "failed to get request");
-            // failed to get request
-            e1.printStackTrace();
-            throw new PKIException(e1.getMessage());
-        }
-        if (reqInfo == null) {
-            auditRetrieveKey(ILogger.FAILURE, reqId, null, "no request info available");
-            // request not found
-            throw new HTTPGoneException("No request information available.");
-        }
-
-        //confirm request is of the right type
-        String type = reqInfo.getRequestType();
-        if (!type.equals(IRequest.SECURITY_DATA_RECOVERY_REQUEST)) {
-            auditRetrieveKey(ILogger.FAILURE, reqId, null, "invalid request type");
-            // log error
-            throw new BadRequestException("Invalid request type");
-        }
-
-        //confirm that agent is originator of request, else throw 401
-        //  TO-DO
-
-        // confirm request is in approved state
-        RequestStatus status = reqInfo.getRequestStatus();
-        if (!status.equals(RequestStatus.APPROVED)) {
-            auditRetrieveKey(ILogger.FAILURE, reqId, null, "recovery request not approved");
-            // log error
-            throw new UnauthorizedException("Unauthorized request.  Recovery request not approved.");
-        }
-
-        return reqInfo.getKeyId();
-    }
-
-    /**
-     * Used to generate list of key infos based on the search parameters
-     */
-    public KeyDataInfos listKeys(String clientID, String status, Integer maxResults, Integer maxTime) {
-        // auth and authz
-
-        // get ldap filter
-        String filter = createSearchFilter(status, clientID);
-        CMS.debug("listKeys: filter is " + filter);
-
-        maxResults = maxResults == null ? DEFAULT_MAXRESULTS : maxResults;
-        maxTime = maxTime == null ? DEFAULT_MAXTIME : maxTime;
-
-        KeyDataInfos infos = new KeyDataInfos();
-        try {
-            Enumeration<IKeyRecord> e = null;
-
-            e = repo.searchKeys(filter, maxResults, maxTime);
-            if (e == null) {
-                throw new EBaseException("search results are null");
-            }
-
-            while (e.hasMoreElements()) {
-                IKeyRecord rec = e.nextElement();
-                if (rec != null) {
-                    infos.addKeyInfo(createKeyDataInfo(rec));
-                }
-            }
-
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            throw new PKIException(e.getMessage());
-        }
-        return infos;
-    }
-
-
-    public KeyDataInfo createKeyDataInfo(IKeyRecord rec) throws EBaseException {
-        KeyDataInfo ret = new KeyDataInfo();
-        ret.setClientID(rec.getClientId());
-        ret.setStatus(rec.getKeyStatus());
-        ret.setAlgorithm(rec.getAlgorithm());
-        ret.setSize(rec.getKeySize());
-        ret.setOwnerName(rec.getOwnerName());
-
-        Path keyPath = KeyResource.class.getAnnotation(Path.class);
-        BigInteger serial = rec.getSerialNumber();
-
-        UriBuilder keyBuilder = uriInfo.getBaseUriBuilder();
-        keyBuilder.path(keyPath.value() + "/" + serial);
-        ret.setKeyURL(keyBuilder.build().toString());
-
-        return ret;
-    }
-
-    private String createSearchFilter(String status, String clientID) {
-        String filter = "";
-        int matches = 0;
-
-        if ((status == null) && (clientID == null)) {
-            filter = "(serialno=*)";
-            return filter;
-        }
-
-        if (status != null) {
-            filter += "(status=" + LDAPUtil.escapeFilter(status) + ")";
-            matches ++;
-        }
-
-        if (clientID != null) {
-            filter += "(clientID=" + LDAPUtil.escapeFilter(clientID) + ")";
-            matches ++;
-        }
-
-        if (matches > 1) {
-            filter = "(&" + filter + ")";
-        }
-
-        return filter;
-    }
-
-    public void auditRetrieveKey(String status, RequestId requestID, KeyId keyID, String reason) {
-        String msg = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_SECURITY_DATA_RETRIEVE_KEY,
-                servletRequest.getUserPrincipal().getName(),
-                status,
-                requestID != null ? requestID.toString(): "null",
-                keyID != null ? keyID.toString(): "null",
-                reason);
-        auditor.log(msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java b/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java
deleted file mode 100644
index 7b961c0b2..000000000
--- a/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java
+++ /dev/null
@@ -1,534 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.key;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.security.Credential;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-import com.netscape.cmsutil.util.Cert;
-
-/**
- * A class representing a recoverBySerial servlet.
- *
- * @version $Revision$, $Date$
- */
-public class RecoverBySerial extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -4544485601409309840L;
-    private final static String INFO = "recoverBySerial";
-    private final static String TPL_FILE = "recoverBySerial.template";
-
-    private final static String IN_SERIALNO = "serialNumber";
-    private final static String IN_UID = "uid";
-    private final static String IN_PWD = "pwd";
-    private final static String IN_PASSWORD = "p12Password";
-    private final static String IN_PASSWORD_AGAIN = "p12PasswordAgain";
-    private final static String IN_DELIVERY = "p12Delivery";
-    private final static String IN_CERT = "cert";
-    private final static String IN_NICKNAME = "nickname";
-
-    private final static String OUT_OP = "op";
-    private final static String OUT_SERIALNO = IN_SERIALNO;
-    private final static String OUT_SERIALNO_IN_HEX = "serialNumberInHex";
-    private final static String OUT_SERVICE_URL = "serviceURL";
-    private final static String OUT_ERROR = "errorDetails";
-
-    private final static String SCHEME = "scheme";
-    private final static String HOST = "host";
-    private final static String PORT = "port";
-
-    private com.netscape.certsrv.kra.IKeyService mService = null;
-    private String mFormPath = null;
-
-    /**
-     * Constructs EA servlet.
-     */
-    public RecoverBySerial() {
-        super();
-    }
-
-    /**
-     * Initializes the servlet.
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-        mService = (com.netscape.certsrv.kra.IKeyService) mAuthority;
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Serves HTTP request. The format of this request is as follows:
-     * recoverBySerial?
-     * [serialNumber=<number>]
-     * [uid#=<uid>]
-     * [pwd#=<password>]
-     * [localAgents=yes|null]
-     * [recoveryID=recoveryID]
-     * [pkcs12Password=<password of pkcs12>]
-     * [pkcs12PasswordAgain=<password of pkcs12>]
-     * [pkcs12Delivery=<delivery mechanism for pkcs12>]
-     * [cert=<encryption certificate>]
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "recover");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        // set host name and port.
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        String host = httpReq.getServerName();
-        int port = httpReq.getServerPort();
-        String scheme = httpReq.getScheme();
-
-        fixed.set(HOST, host);
-        fixed.set(PORT, Integer.valueOf(port));
-        fixed.set(SCHEME, scheme);
-
-        SessionContext ctx = null;
-
-        try {
-            String initAsyncRecovery = req.getParameter("initAsyncRecovery");
-
-            // this information is needed within the server for
-            // various signed audit log messages to report
-            ctx = SessionContext.getContext();
-
-            /*
-               When Recovery is first initiated, if it is in asynch mode,
-               no pkcs#12 password is needed.
-               The initiating agent uid will be recorded in the recovery
-               request.
-               Later, as approving agents submit their approvals, they will
-               also be listed in the request.
-             */
-            if ((initAsyncRecovery != null) &&
-                    initAsyncRecovery.equalsIgnoreCase("ON")) {
-                process(form, argSet, header,
-                        req.getParameter(IN_SERIALNO),
-                        req.getParameter(IN_CERT),
-                        req, resp, locale[0]);
-
-                int requiredNumber = mService.getNoOfRequiredAgents();
-                header.addIntegerValue("noOfRequiredAgents", requiredNumber);
-            } else {
-                String recoveryID = req.getParameter("recoveryID");
-
-                if (recoveryID != null && !recoveryID.equals("")) {
-                    ctx.put(SessionContext.RECOVERY_ID,
-                            req.getParameter("recoveryID"));
-                }
-                byte pkcs12[] = process(form, argSet, header,
-                        req.getParameter(IN_SERIALNO),
-                        req.getParameter("localAgents"),
-                        req.getParameter(IN_PASSWORD),
-                        req.getParameter(IN_PASSWORD_AGAIN),
-                        req.getParameter(IN_CERT),
-                        req.getParameter(IN_DELIVERY),
-                        req.getParameter(IN_NICKNAME),
-                        req, resp, locale[0]);
-
-                if (pkcs12 != null) {
-                    //resp.setStatus(HttpServletResponse.SC_OK);
-                    resp.setContentType("application/x-pkcs12");
-                    //resp.setContentLength(pkcs12.length);
-                    resp.getOutputStream().write(pkcs12);
-                    mRenderResult = false;
-                    return;
-                }
-            }
-        } catch (NumberFormatException e) {
-            header.addStringValue(OUT_ERROR,
-                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
-        } catch (IOException e) {
-            header.addStringValue(OUT_ERROR,
-                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
-        } finally {
-            SessionContext.releaseContext();
-        }
-
-        // return status page
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            resp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-    }
-
-    /**
-     * Async Key Recovery - request initiation
-     */
-    private void process(CMSTemplate form, CMSTemplateParams argSet,
-            IArgBlock header, String seq, String cert,
-            HttpServletRequest req, HttpServletResponse resp,
-            Locale locale) {
-
-        // seq is the key id
-        if (seq == null) {
-            header.addStringValue(OUT_ERROR, "sequence number not found");
-            return;
-        }
-        X509CertImpl x509cert = null;
-
-        if (cert == null || cert.trim().length() == 0) {
-            header.addStringValue(OUT_ERROR, "certificate not found");
-            return;
-        } else {
-            try {
-                x509cert = Cert.mapCert(cert);
-            } catch (IOException e) {
-                header.addStringValue(OUT_ERROR, e.toString());
-            }
-        }
-        if (x509cert == null) {
-            header.addStringValue(OUT_ERROR, "invalid X.509 certificate");
-            return;
-        }
-
-        SessionContext sContext = SessionContext.getContext();
-
-        try {
-            String reqID = mService.initAsyncKeyRecovery(
-                    new BigInteger(seq), x509cert,
-                      (String) sContext.get(SessionContext.USER_ID));
-            header.addStringValue(OUT_SERIALNO, req.getParameter(IN_SERIALNO));
-            header.addStringValue(OUT_SERIALNO_IN_HEX,
-                    new BigInteger(req.getParameter(IN_SERIALNO)).toString(16));
-            header.addStringValue("requestID", reqID);
-        } catch (EBaseException e) {
-            String error =
-                    "Failed to recover key for key id " +
-                            seq + ".\nException: " + e.toString();
-
-            CMS.getLogger().log(ILogger.EV_SYSTEM,
-                    ILogger.S_KRA, ILogger.LL_FAILURE, error);
-            try {
-                ((IKeyRecoveryAuthority) mService).createError(seq, error);
-            } catch (EBaseException eb) {
-                CMS.getLogger().log(ILogger.EV_SYSTEM,
-                        ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
-            }
-        }
-        return;
-    }
-
-    /**
-     * Recovers a key. The p12 will be protected by the password
-     * provided by the administrator.
-     */
-    private byte[] process(CMSTemplate form, CMSTemplateParams argSet,
-            IArgBlock header, String seq, String localAgents,
-            String password, String passwordAgain,
-            String cert, String delivery, String nickname,
-            HttpServletRequest req, HttpServletResponse resp,
-            Locale locale) {
-        if (seq == null) {
-            header.addStringValue(OUT_ERROR, "sequence number not found");
-            return null;
-        }
-        if (password == null || password.equals("")) {
-            header.addStringValue(OUT_ERROR, "PKCS12 password not found");
-            return null;
-        }
-        if (passwordAgain == null || !passwordAgain.equals(password)) {
-            header.addStringValue(OUT_ERROR, "PKCS12 password not matched");
-            return null;
-        }
-        X509CertImpl x509cert = null;
-
-        if (cert == null || cert.trim().length() == 0) {
-            // perform recovery
-            header.addStringValue(OUT_ERROR, "certificate not found");
-            return null;
-        } else {
-            try {
-                x509cert = Cert.mapCert(cert);
-            } catch (IOException e) {
-                header.addStringValue(OUT_ERROR, e.toString());
-            }
-        }
-        if (x509cert == null) {
-            header.addStringValue(OUT_ERROR, "invalid X.509 certificate");
-            return null;
-        }
-        try {
-            Credential creds[] = null;
-
-            SessionContext sContext = SessionContext.getContext();
-            String agent = null;
-
-            if (sContext != null) {
-                agent = (String) sContext.get(SessionContext.USER_ID);
-            }
-            if (CMS.getConfigStore().getBoolean("kra.keySplitting")) {
-                if (localAgents == null) {
-                    String recoveryID = req.getParameter("recoveryID");
-
-                    if (recoveryID == null || recoveryID.equals("")) {
-                        header.addStringValue(OUT_ERROR, "No recovery ID specified");
-                        return null;
-                    }
-                    Hashtable<String, Object> params = mService.createRecoveryParams(recoveryID);
-
-                    params.put("keyID", req.getParameter(IN_SERIALNO));
-
-                    header.addStringValue("recoveryID", recoveryID);
-
-                    params.put("agent", agent);
-
-                    // new thread to wait for pk12
-                    Thread waitThread = new WaitApprovalThread(recoveryID,
-                            seq, password, x509cert, delivery, nickname,
-                            SessionContext.getContext());
-
-                    waitThread.start();
-                    return null;
-                } else {
-                    Vector<Credential> v = new Vector<Credential>();
-
-                    for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) {
-                        String uid = req.getParameter(IN_UID + i);
-                        String pwd = req.getParameter(IN_PWD + i);
-
-                        if (uid != null && pwd != null && !uid.equals("") &&
-                                !pwd.equals("")) {
-                            v.addElement(new Credential(uid, pwd));
-                        } else {
-                            header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided");
-                            return null;
-                        }
-                    }
-                    if (v.size() != mService.getNoOfRequiredAgents()) {
-                        header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided");
-                        return null;
-                    }
-                    creds = new Credential[v.size()];
-                    v.copyInto(creds);
-                }
-
-                header.addStringValue(OUT_OP,
-                        req.getParameter(OUT_OP));
-                header.addBigIntegerValue(OUT_SERIALNO,
-                        new BigInteger(seq), 10);
-                header.addBigIntegerValue(OUT_SERIALNO_IN_HEX,
-                        new BigInteger(seq), 16);
-                header.addStringValue(OUT_SERVICE_URL,
-                        req.getRequestURI());
-                byte pkcs12[] = mService.doKeyRecovery(
-                        new BigInteger(seq),
-                        creds, password, x509cert,
-                        delivery, nickname, agent);
-
-                return pkcs12;
-            } else {
-                String recoveryID = req.getParameter("recoveryID");
-
-                if (recoveryID == null || recoveryID.equals("")) {
-                    header.addStringValue(OUT_ERROR, "No recovery ID specified");
-                    return null;
-                }
-                Hashtable<String, Object> params = mService.createRecoveryParams(recoveryID);
-
-                params.put("keyID", req.getParameter(IN_SERIALNO));
-
-                header.addStringValue("recoveryID", recoveryID);
-
-                params.put("agent", agent);
-
-                // new thread to wait for pk12
-                Thread waitThread = new WaitApprovalThread(recoveryID,
-                        seq, password, x509cert, delivery, nickname,
-                        SessionContext.getContext());
-
-                waitThread.start();
-                return null;
-            }
-        } catch (EBaseException e) {
-            header.addStringValue(OUT_ERROR, e.toString(locale));
-        } catch (Exception e) {
-            header.addStringValue(OUT_ERROR, e.toString());
-        }
-        return null;
-    }
-
-    /**
-     * Wait approval thread. Wait for recovery agents' approval
-     * exit when required number of approval received
-     */
-    final class WaitApprovalThread extends Thread {
-        String theRecoveryID = null;
-        String theSeq = null;
-        String thePassword = null;
-        X509CertImpl theCert = null;
-        String theDelivery = null;
-        String theNickname = null;
-        SessionContext theSc = null;
-
-        /**
-         * Wait approval thread constructor including thread name
-         */
-        public WaitApprovalThread(String recoveryID, String seq,
-                String password, X509CertImpl cert,
-                String delivery, String nickname, SessionContext sc) {
-            super();
-            super.setName("waitApproval." + recoveryID + "-" +
-                    (Thread.activeCount() + 1));
-            theRecoveryID = recoveryID;
-            theSeq = seq;
-            thePassword = password;
-            theCert = cert;
-            theDelivery = delivery;
-            theNickname = nickname;
-            theSc = sc;
-        }
-
-        public void run() {
-            SessionContext.setContext(theSc);
-            Credential creds[] = null;
-
-            try {
-                creds = mService.getDistributedCredentials(theRecoveryID);
-            } catch (EBaseException e) {
-                String error =
-                        "Failed to get required approvals for recovery id " +
-                                theRecoveryID + ".\nException: " + e.toString();
-
-                CMS.getLogger().log(ILogger.EV_SYSTEM,
-                        ILogger.S_KRA, ILogger.LL_FAILURE, error);
-                try {
-                    ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error);
-                } catch (EBaseException eb) {
-                    CMS.getLogger().log(ILogger.EV_SYSTEM,
-                            ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
-                }
-                return;
-            }
-
-            SessionContext sContext = SessionContext.getContext();
-
-            try {
-                byte pkcs12[] = mService.doKeyRecovery(
-                        new BigInteger(theSeq),
-                        creds, thePassword, theCert,
-                        theDelivery, theNickname,
-                        (String) sContext.get(SessionContext.USER_ID));
-
-                ((IKeyRecoveryAuthority) mService).createPk12(theRecoveryID, pkcs12);
-            } catch (EBaseException e) {
-                String error =
-                        "Failed to recover key for recovery id " +
-                                theRecoveryID + ".\nException: " + e.toString();
-
-                CMS.getLogger().log(ILogger.EV_SYSTEM,
-                        ILogger.S_KRA, ILogger.LL_FAILURE, error);
-                try {
-                    ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error);
-                } catch (EBaseException eb) {
-                    CMS.getLogger().log(ILogger.EV_SYSTEM,
-                            ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
-                }
-            }
-            return;
-        }
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/key/SrchKey.java b/base/common/src/com/netscape/cms/servlet/key/SrchKey.java
deleted file mode 100644
index 5bedf1f58..000000000
--- a/base/common/src/com/netscape/cms/servlet/key/SrchKey.java
+++ /dev/null
@@ -1,298 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.key;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.X500Name;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.keydb.IKeyRecord;
-import com.netscape.certsrv.dbs.keydb.IKeyRepository;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Retrieve archived keys matching search criteria
- *
- * @version $Revision$, $Date$
- */
-public class SrchKey extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -6404955402865756665L;
-    private final static String TPL_FILE = "srchKey.template";
-    private final static String INFO = "srchKey";
-    private final static String PROP_MAX_SEARCH_RETURNS = "maxSearchReturns";
-
-    // input parameters
-    private final static String IN_MAXCOUNT = "maxCount";
-    private final static String IN_FILTER = "queryFilter";
-    private final static String IN_SENTINEL = "querySentinel";
-
-    // output parameters
-    private final static String OUT_FILTER = IN_FILTER;
-    private final static String OUT_MAXCOUNT = IN_MAXCOUNT;
-    private final static String OUT_SENTINEL = IN_SENTINEL;
-    private final static String OUT_OP = "op";
-    private final static String OUT_ERROR = "errorDetails";
-    private final static String OUT_ARCHIVER = "archiverName";
-    private final static String OUT_SERVICE_URL = "serviceURL";
-    private final static String OUT_TOTAL_COUNT = "totalRecordCount";
-    private final static String OUT_TEMPLATE = "templateName";
-
-    private IKeyRepository mKeyDB = null;
-    private X500Name mAuthName = null;
-    private String mFormPath = null;
-    private int mMaxReturns = 100;
-    private int mTimeLimits = 30; /* in seconds */
-
-    /**
-     * Constructs query key servlet.
-     */
-    public SrchKey() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * "srchKey.template" to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-
-        /* maxReturns doesn't seem to do anything useful in this
-           servlet!!! */
-        try {
-            String tmp =
-                    sc.getInitParameter(PROP_MAX_SEARCH_RETURNS);
-
-            if (tmp == null)
-                mMaxReturns = 100;
-            else
-                mMaxReturns = Integer.parseInt(tmp);
-        } catch (Exception e) {
-            // do nothing
-        }
-
-        mKeyDB = ((IKeyRecoveryAuthority) mAuthority).getKeyRepository();
-        mAuthName = ((IKeyRecoveryAuthority) mAuthority).getX500Name();
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-
-        /* Server-Side time limit */
-        try {
-            mTimeLimits = Integer.parseInt(sc.getInitParameter("timeLimits"));
-        } catch (Exception e) {
-            /* do nothing, just use the default if integer parsing failed */
-        }
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param maxCount maximum number of matches to show in result
-     * <li>http.param maxResults maximum number of matches to run in ldapsearch
-     * <li>http.param queryFilter ldap-style filter to search with
-     * <li>http.param querySentinel ID of first request to show
-     * <li>http.param timeLimit number of seconds to limit ldap search to
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "list");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        // process query if authentication is successful
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock ctx = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-
-        int maxCount = -1;
-        int sentinel = 0;
-        int maxResults = -1;
-        int timeLimit = -1;
-
-        try {
-            if (req.getParameter(IN_MAXCOUNT) != null) {
-                maxCount = Integer.parseInt(
-                            req.getParameter(IN_MAXCOUNT));
-            }
-            if (req.getParameter(IN_SENTINEL) != null) {
-                sentinel = Integer.parseInt(
-                            req.getParameter(IN_SENTINEL));
-            }
-            String maxResultsStr = req.getParameter("maxResults");
-
-            if (maxResultsStr != null && maxResultsStr.length() > 0)
-                maxResults = Integer.parseInt(maxResultsStr);
-            String timeLimitStr = req.getParameter("timeLimit");
-
-            if (timeLimitStr != null && timeLimitStr.length() > 0)
-                timeLimit = Integer.parseInt(timeLimitStr);
-            process(argSet, header, ctx, maxCount, maxResults,
-                    timeLimit, sentinel,
-                    req.getParameter(IN_FILTER), req, resp, locale[0]);
-        } catch (NumberFormatException e) {
-            header.addStringValue(OUT_ERROR,
-                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            resp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-    }
-
-    /**
-     * Process the key search.
-     */
-    private void process(CMSTemplateParams argSet,
-            IArgBlock header, IArgBlock ctx,
-            int maxCount, int maxResults, int timeLimit, int sentinel, String filter,
-            HttpServletRequest req, HttpServletResponse resp, Locale locale) {
-
-        try {
-            // Fill header
-            header.addStringValue(OUT_OP,
-                    req.getParameter(OUT_OP));
-            header.addStringValue(OUT_ARCHIVER,
-                    mAuthName.toString());
-            // STRANGE: IE does not like the following:
-            //      header.addStringValue(OUT_SERVICE_URL,
-            //	req.getRequestURI());
-            // XXX
-            header.addStringValue(OUT_SERVICE_URL,
-                    "/kra?");
-            header.addStringValue(OUT_TEMPLATE,
-                    TPL_FILE);
-            header.addStringValue(OUT_FILTER,
-                    filter);
-
-            if (timeLimit == -1 || timeLimit > mTimeLimits) {
-                CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits);
-                timeLimit = mTimeLimits;
-            }
-            CMS.debug("Start searching ... timelimit=" + timeLimit);
-            Enumeration<IKeyRecord> e = mKeyDB.searchKeys(filter,
-                    maxResults, timeLimit);
-            int count = 0;
-
-            if (e == null) {
-                header.addStringValue(OUT_SENTINEL,
-                        null);
-            } else {
-                while (e.hasMoreElements()) {
-                    IKeyRecord rec = e.nextElement();
-                    // rec is null when we specify maxResults
-                    // DS will return an err=4, which triggers
-                    // a LDAPException.SIZE_LIMIT_ExCEEDED
-                    // in DSSearchResults.java
-                    if (rec != null) {
-                        IArgBlock rarg = CMS.createArgBlock();
-
-                        KeyRecordParser.fillRecordIntoArg(rec, rarg);
-                        argSet.addRepeatRecord(rarg);
-                        count++;
-                    }
-                }
-            }
-
-            header.addIntegerValue("maxSize", mMaxReturns);
-            header.addIntegerValue(OUT_TOTAL_COUNT, count);
-            ctx.addIntegerValue(OUT_MAXCOUNT, maxCount);
-        } catch (EBaseException e) {
-            header.addStringValue(OUT_ERROR, e.toString(locale));
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java b/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java
deleted file mode 100644
index 897acfc76..000000000
--- a/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java
+++ /dev/null
@@ -1,318 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.key;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.X500Name;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.keydb.IKeyRecord;
-import com.netscape.certsrv.dbs.keydb.IKeyRepository;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Retrieve archived keys matching given public key material
- *
- *
- * @version $Revision$, $Date$
- */
-public class SrchKeyForRecovery extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 5426987963811540460L;
-    private final static String TPL_FILE = "srchKeyForRecovery.template";
-    private final static String INFO = "srchKey";
-    private final static String PROP_MAX_SEARCH_RETURNS = "maxSearchReturns";
-
-    // input parameters
-    private final static String IN_MAXCOUNT = "maxCount";
-    private final static String IN_FILTER = "queryFilter";
-    private final static String IN_SENTINEL = "querySentinel";
-
-    // output parameters
-    private final static String OUT_FILTER = IN_FILTER;
-    private final static String OUT_MAXCOUNT = IN_MAXCOUNT;
-    private final static String OUT_SENTINEL = IN_SENTINEL;
-    private final static String OUT_OP = "op";
-    private final static String OUT_ARCHIVER = "archiverName";
-    private final static String OUT_SERVICE_URL = "serviceURL";
-    private final static String OUT_TOTAL_COUNT = "totalRecordCount";
-    private final static String OUT_TEMPLATE = "templateName";
-
-    private IKeyRepository mKeyDB = null;
-    private X500Name mAuthName = null;
-    private String mFormPath = null;
-    private int mMaxReturns = 100;
-    private int mTimeLimits = 30; /* in seconds */
-
-    /**
-     * Constructs query key servlet.
-     */
-    public SrchKeyForRecovery() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * "srchKeyForRecovery.template" to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-
-        try {
-            String tmp =
-                    sc.getInitParameter(PROP_MAX_SEARCH_RETURNS);
-
-            if (tmp == null)
-                mMaxReturns = 100;
-            else
-                mMaxReturns = Integer.parseInt(tmp);
-        } catch (Exception e) {
-            // do nothing
-        }
-
-        mKeyDB = ((IKeyRecoveryAuthority) mAuthority).getKeyRepository();
-        mAuthName = ((IKeyRecoveryAuthority) mAuthority).getX500Name();
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-
-        /* Server-Side time limit */
-        try {
-            mTimeLimits = Integer.parseInt(sc.getInitParameter("timeLimits"));
-        } catch (Exception e) {
-            /* do nothing, just use the default if integer parsing failed */
-        }
-    }
-
-    /**
-     * Returns serlvet information.
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param maxCount maximum number of matches to show in result
-     * <li>http.param maxResults maximum number of matches to run in ldapsearch
-     * <li>http.param publicKeyData public key data to search on
-     * <li>http.param querySentinel ID of first request to show
-     * <li>http.param timeLimit number of seconds to limit ldap search to
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-
-    public void process(CMSRequest cmsReq) throws EBaseException {
-
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "list");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        // process query if authentication is successful
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock ctx = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-        EBaseException error = null;
-
-        int maxCount = -1;
-        int sentinel = 0;
-        int maxResults = -1;
-        int timeLimit = -1;
-
-        try {
-            if (req.getParameter(IN_MAXCOUNT) != null) {
-                maxCount = Integer.parseInt(
-                            req.getParameter(IN_MAXCOUNT));
-            }
-            if (req.getParameter(IN_SENTINEL) != null) {
-                sentinel = Integer.parseInt(
-                            req.getParameter(IN_SENTINEL));
-            }
-            String maxResultsStr = req.getParameter("maxResults");
-
-            if (maxResultsStr != null && maxResultsStr.length() > 0)
-                maxResults = Integer.parseInt(maxResultsStr);
-            String timeLimitStr = req.getParameter("timeLimit");
-
-            if (timeLimitStr != null && timeLimitStr.length() > 0)
-                timeLimit = Integer.parseInt(timeLimitStr);
-            process(argSet, header, ctx, maxCount, maxResults, timeLimit, sentinel,
-                    req.getParameter("publicKeyData"), req.getParameter(IN_FILTER), req, resp, locale[0]);
-        } catch (NumberFormatException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
-            error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
-        }
-
-        /*
-         catch (Exception e) {
-         error = new EBaseException(BaseResources.INTERNAL_ERROR_1, e);
-         }
-         */
-
-        try {
-            if (error == null) {
-                String xmlOutput = req.getParameter("xml");
-                if (xmlOutput != null && xmlOutput.equals("true")) {
-                    outputXML(resp, argSet);
-                } else {
-                    ServletOutputStream out = resp.getOutputStream();
-                    resp.setContentType("text/html");
-                    form.renderOutput(out, argSet);
-                    cmsReq.setStatus(ICMSRequest.SUCCESS);
-                }
-            } else {
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                cmsReq.setError(error);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-    }
-
-    /**
-     * Process the key search.
-     */
-    private void process(CMSTemplateParams argSet,
-            IArgBlock header, IArgBlock ctx,
-            int maxCount, int maxResults, int timeLimit, int sentinel, String publicKeyData,
-            String filter,
-            HttpServletRequest req, HttpServletResponse resp, Locale locale)
-            throws EBaseException {
-
-        try {
-            // Fill header
-            header.addStringValue(OUT_OP,
-                    req.getParameter(OUT_OP));
-            header.addStringValue(OUT_ARCHIVER,
-                    mAuthName.toString());
-            // STRANGE: IE does not like the following:
-            //      header.addStringValue(OUT_SERVICE_URL,
-            //	req.getRequestURI());
-            // XXX
-            header.addStringValue(OUT_SERVICE_URL,
-                    "/kra?");
-            header.addStringValue(OUT_TEMPLATE,
-                    TPL_FILE);
-            header.addStringValue(OUT_FILTER,
-                    filter);
-            if (publicKeyData != null) {
-                header.addStringValue("publicKeyData",
-                        publicKeyData);
-            }
-
-            if (timeLimit == -1 || timeLimit > mTimeLimits) {
-                CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits);
-                timeLimit = mTimeLimits;
-            }
-            CMS.debug("Start searching ... timelimit=" + timeLimit);
-            Enumeration<IKeyRecord> e = mKeyDB.searchKeys(filter, maxResults, timeLimit);
-            int count = 0;
-
-            if (e == null) {
-                header.addStringValue(OUT_SENTINEL,
-                        null);
-            } else {
-                while (e.hasMoreElements()) {
-                    IKeyRecord rec = e.nextElement();
-                    // rec is null when we specify maxResults
-                    // DS will return an err=4, which triggers
-                    // a LDAPException.SIZE_LIMIT_ExCEEDED
-                    // in DSSearchResults.java
-                    if (rec != null) {
-                        IArgBlock rarg = CMS.createArgBlock();
-
-                        KeyRecordParser.fillRecordIntoArg(rec, rarg);
-                        argSet.addRepeatRecord(rarg);
-                        count++;
-                    }
-                }
-            }
-
-            header.addIntegerValue("maxSize", mMaxReturns);
-            header.addIntegerValue(OUT_TOTAL_COUNT, count);
-            ctx.addIntegerValue(OUT_MAXCOUNT, maxCount);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, "Error " + e);
-            throw e;
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java b/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
deleted file mode 100644
index f19a9d646..000000000
--- a/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
+++ /dev/null
@@ -1,311 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.ocsp;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.X509Certificate;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.ocsp.IDefStore;
-import com.netscape.certsrv.ocsp.IOCSPAuthority;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-import com.netscape.cmsutil.util.Cert;
-
-/**
- * Configure the CA to respond to OCSP requests for a CA
- *
- * @version $Revision$ $Date$
- */
-public class AddCAServlet extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 1065151608542115340L;
-    public static final String BEGIN_HEADER =
-            "-----BEGIN CERTIFICATE-----";
-    public static final String END_HEADER =
-            "-----END CERTIFICATE-----";
-
-    public static final BigInteger BIG_ZERO = new BigInteger("0");
-    public static final Long MINUS_ONE = Long.valueOf(-1);
-
-    private final static String TPL_FILE = "addCA.template";
-    private String mFormPath = null;
-    private IOCSPAuthority mOCSPAuthority = null;
-
-    private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST =
-            "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3";
-    private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED =
-            "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3";
-
-    public AddCAServlet() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * "addCA.template" to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        // override success to display own output.
-
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        mOCSPAuthority = (IOCSPAuthority) mAuthority;
-
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param cert ca certificate. The format is base-64, DER encoded, wrapped with -----BEGIN CERTIFICATE-----,
-     * -----END CERTIFICATE----- strings
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when a CA is attempted to be added to the OCSP
-     * responder
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED used when an add CA request to the OCSP
-     * Responder is processed
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq)
-            throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditCA = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        String auditCASubjectDN = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "add");
-        } catch (Exception e) {
-            // do nothing for now
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
-                auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
-            String uid = authToken.getInString(IAuthToken.USER_ID);
-            if (uid != null) {
-                CMS.debug("AddCAServlet: auditSubjectID set to " + uid);
-                auditSubjectID = uid;
-            }
-        }
-        String b64 = cmsReq.getHttpReq().getParameter("cert");
-
-        if (b64 == null) {
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    ILogger.SIGNED_AUDIT_EMPTY_VALUE);
-
-            audit(auditMessage);
-
-            throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_CERT"));
-        }
-
-        auditCA = Cert.normalizeCertStr(Cert.stripCertBrackets(b64.trim()));
-        // record the fact that a request to add CA is made
-        auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST,
-                auditSubjectID,
-                ILogger.SUCCESS,
-                auditCA);
-
-        audit(auditMessage);
-
-        if (b64.indexOf(BEGIN_HEADER) == -1) {
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCASubjectDN);
-
-            audit(auditMessage);
-
-            throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_HEADER"));
-        }
-        if (b64.indexOf(END_HEADER) == -1) {
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCASubjectDN);
-
-            audit(auditMessage);
-
-            throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_FOOTER"));
-        }
-
-        IDefStore defStore = mOCSPAuthority.getDefaultStore();
-
-        X509Certificate leafCert = null;
-        X509Certificate certs[] = null;
-
-        try {
-            X509Certificate cert = Cert.mapCert(b64);
-
-            if (cert == null) {
-                CMS.debug("AddCAServlet::process() - cert is null!");
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditCASubjectDN);
-
-                audit(auditMessage);
-
-                throw new EBaseException("cert is null");
-            } else {
-                certs = new X509Certificate[1];
-            }
-
-            certs[0] = cert;
-            leafCert = cert;
-            auditCASubjectDN = leafCert.getSubjectDN().getName();
-        } catch (Exception e) {
-        }
-        if (certs == null) {
-            try {
-                // this could be a chain
-                certs = Cert.mapCertFromPKCS7(b64);
-                if (certs[0].getSubjectDN().getName().equals(certs[0].getIssuerDN().getName())) {
-                    leafCert = certs[certs.length - 1];
-                } else {
-                    leafCert = certs[0];
-                }
-                auditCASubjectDN = leafCert.getSubjectDN().getName();
-            } catch (Exception e) {
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditCASubjectDN);
-
-                audit(auditMessage);
-
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
-            }
-        }
-        if (certs != null && certs.length > 0) {
-            // (1) need to normalize (sort) the chain
-
-            // (2) store certificate (and certificate chain) into
-            // database
-            ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord(
-                    leafCert.getSubjectDN().getName(),
-                    BIG_ZERO,
-                    MINUS_ONE, null, null);
-
-            try {
-                rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded());
-            } catch (Exception e) {
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditCASubjectDN);
-
-                audit(auditMessage);
-
-                // error
-            }
-            defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec);
-            log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + leafCert.getSubjectDN().getName());
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
-                    auditSubjectID,
-                    ILogger.SUCCESS,
-                    auditCASubjectDN);
-
-            audit(auditMessage);
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            String xmlOutput = req.getParameter("xml");
-            if (xmlOutput != null && xmlOutput.equals("true")) {
-                outputXML(resp, argSet);
-            } else {
-                resp.setContentType("text/html");
-                form.renderOutput(out, argSet);
-                cmsReq.setStatus(ICMSRequest.SUCCESS);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java b/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
deleted file mode 100644
index ac1aad373..000000000
--- a/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
+++ /dev/null
@@ -1,614 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.ocsp;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.CRLException;
-import java.security.cert.X509CRL;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.X509CRLImpl;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509ExtensionException;
-
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.CryptoToken;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
-import com.netscape.certsrv.dbs.repository.IRepositoryRecord;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.ocsp.IDefStore;
-import com.netscape.certsrv.ocsp.IOCSPAuthority;
-import com.netscape.certsrv.util.IStatsSubsystem;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-import com.netscape.cmsutil.util.Cert;
-
-/**
- * Update the OCSP responder with a new CRL
- *
- * @version $Revision$ $Date$
- */
-public class AddCRLServlet extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 1476080474638590902L;
-    public static final String BEGIN_HEADER =
-            "-----BEGIN CERTIFICATE REVOCATION LIST-----";
-    public static final String END_HEADER =
-            "-----END CERTIFICATE REVOCATION LIST-----";
-
-    private final static String TPL_FILE = "addCRL.template";
-    private String mFormPath = null;
-    private IOCSPAuthority mOCSPAuthority = null;
-
-    private final static String LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL =
-            "LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL_3";
-    private final static String LOGGING_SIGNED_AUDIT_CRL_VALIDATION =
-            "LOGGING_SIGNED_AUDIT_CRL_VALIDATION_2";
-
-    public AddCRLServlet() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * "addCRL.template" to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        // override success to display own output.
-
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        mOCSPAuthority = (IOCSPAuthority) mAuthority;
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <P>
-     *
-     * <ul>
-     * <li>http.param crl certificate revocation list, base-64, DER encoded wrapped in -----BEGIN CERTIFICATE REVOCATION
-     * LIST-----, -----END CERTIFICATE REVOCATION LIST----- strings
-     * <li>http.param noui if true, use minimal hardcoded text response
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL used when CRLs are retrieved by the OCSP Responder ("agent"
-     * or "EE")
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_VALIDATION used when CRL is retrieved and validation process occurs
-     * ("agent" or "EE")
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     * @exception EBaseException an error has occurred
-     */
-    protected synchronized void process(CMSRequest cmsReq)
-            throws EBaseException {
-        boolean CRLFetched = false;
-        boolean CRLValidated = false;
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditCRLNum = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-
-        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
-        if (statsSub != null) {
-            statsSub.startTiming("add_crl", true /* main action */);
-        }
-
-        try {
-            HttpServletRequest req = cmsReq.getHttpReq();
-            HttpServletResponse resp = cmsReq.getHttpResp();
-
-            IAuthToken authToken = authenticate(cmsReq);
-
-            AuthzToken authzToken = null;
-
-            try {
-                authzToken = authorize(mAclMethod, authToken,
-                            mAuthzResourceName, "add");
-            } catch (Exception e) {
-                // do nothing for now
-            }
-
-            if (authzToken == null) {
-                cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditCRLNum);
-
-                audit(auditMessage);
-
-                return;
-            }
-
-            if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
-                    auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
-                if (authToken != null) {
-                    String uid = authToken.getInString(IAuthToken.USER_ID);
-                    if (uid != null) {
-                        CMS.debug("AddCAServlet: auditSubjectID set to " + uid);
-                        auditSubjectID = uid;
-                    }
-                }
-            }
-            log(ILogger.LL_INFO, "AddCRLServlet");
-            String b64 = cmsReq.getHttpReq().getParameter("crl");
-            if (CMS.debugOn())
-                CMS.debug("AddCRLServlet: b64=" + b64);
-
-            if (b64 == null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditCRLNum);
-
-                audit(auditMessage);
-
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_MISSING_CRL"));
-            }
-
-            String nouiParm = cmsReq.getHttpReq().getParameter("noui");
-            boolean noUI = false;
-
-            if (nouiParm != null && nouiParm.equals("true")) {
-                noUI = true;
-                CMS.debug("AddCRLServlet: noUI=true");
-            } else {
-                CMS.debug("AddCRLServlet: noUI=false");
-            }
-
-            CMSTemplate form = null;
-            Locale[] locale = new Locale[1];
-
-            try {
-                if (!noUI) {
-                    form = getTemplate(mFormPath, req, locale);
-                }
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
-                                      e.toString()));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditCRLNum);
-
-                audit(auditMessage);
-
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-            }
-
-            IArgBlock header = CMS.createArgBlock();
-            IArgBlock fixed = CMS.createArgBlock();
-            CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-            if (b64.indexOf(BEGIN_HEADER) == -1) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_MISSING_CRL_HEADER"));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditCRLNum);
-
-                audit(auditMessage);
-
-                throw new ECMSGWException(CMS.getUserMessage(getLocale(req),
-                                          "CMS_GW_MISSING_CRL_HEADER"));
-            }
-            if (b64.indexOf(END_HEADER) == -1) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_MISSING_CRL_FOOTER"));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditCRLNum);
-
-                audit(auditMessage);
-
-                throw new ECMSGWException(CMS.getUserMessage(getLocale(req),
-                                          "CMS_GW_MISSING_CRL_FOOTER"));
-            }
-
-            IDefStore defStore = mOCSPAuthority.getDefaultStore();
-
-            X509CRLImpl crl = null;
-
-            try {
-                long startTime = CMS.getCurrentDate().getTime();
-                CMS.debug("AddCRLServlet: mapCRL start startTime=" + startTime);
-                if (statsSub != null) {
-                    statsSub.startTiming("decode_crl");
-                }
-                crl = mapCRL1(b64);
-                if (statsSub != null) {
-                    statsSub.endTiming("decode_crl");
-                }
-                long endTime = CMS.getCurrentDate().getTime();
-                CMS.debug("AddCRLServlet: mapCRL done endTime=" + endTime +
-                        " diff=" + (endTime - startTime));
-
-                // Retrieve the actual CRL number
-                BigInteger crlNum = crl.getCRLNumber();
-                if (crlNum != null) {
-                    auditCRLNum = crlNum.toString();
-                }
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditCRLNum);
-
-                audit(auditMessage);
-
-                // acknowledge that the CRL has been retrieved
-                CRLFetched = true;
-            } catch (Exception e) {
-                // error
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditCRLNum);
-
-                audit(auditMessage);
-
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
-            }
-            log(ILogger.LL_INFO, "AddCRLServlet: CRL Issuer DN " +
-                    crl.getIssuerDN().getName());
-
-            ICRLIssuingPointRecord pt = null;
-
-            try {
-                pt = defStore.readCRLIssuingPoint(
-                            crl.getIssuerDN().getName());
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND",
-                                crl.getIssuerDN().getName()));
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
-                        auditSubjectID,
-                        ILogger.FAILURE);
-
-                audit(auditMessage);
-
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
-            }
-            log(ILogger.LL_INFO, "AddCRLServlet: IssuingPoint " +
-                    pt.getThisUpdate());
-
-            // verify CRL
-            CryptoManager cmanager = null;
-            boolean tokenSwitched = false;
-            CryptoToken verToken = null;
-            CryptoToken savedToken = null;
-            byte caCertData[] = pt.getCACert();
-            if (caCertData != null) {
-                try {
-                    cmanager = CryptoManager.getInstance();
-                    X509CertImpl caCert = new X509CertImpl(caCertData);
-                    CMS.debug("AddCRLServlet: start verify");
-
-                    String tokenName =
-                        CMS.getConfigStore().getString("ocsp.crlVerify.token", "internal");
-                    savedToken = cmanager.getThreadToken();
-                    if (tokenName.equals("internal")) {
-                        verToken = cmanager.getInternalCryptoToken();
-                    } else {
-                        verToken = cmanager.getTokenByName(tokenName);
-                    }
-                    if (!savedToken.getName().equals(verToken.getName())) {
-                        cmanager.setThreadToken(verToken);
-                        tokenSwitched = true;
-                    }
-
-                    org.mozilla.jss.crypto.X509Certificate jssCert = null;
-                    try {
-                        jssCert = cmanager.importCACertPackage(
-                                caCert.getEncoded());
-                    } catch (Exception e2) {
-                        CMS.debug("AddCRLServlet: importCACertPackage " +
-                                e2.toString());
-                        throw new EBaseException(e2.toString());
-                    }
-
-                    if (statsSub != null) {
-                        statsSub.startTiming("verify_crl");
-                    }
-                    crl.verify(jssCert.getPublicKey(), "Mozilla-JSS");
-                    if (statsSub != null) {
-                        statsSub.endTiming("verify_crl");
-                    }
-                    CMS.debug("AddCRLServlet: done verify");
-
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
-                            auditSubjectID,
-                            ILogger.SUCCESS);
-
-                    audit(auditMessage);
-
-                    // acknowledge that the CRL has been validated
-                    CRLValidated = true;
-                } catch (Exception e) {
-                    CMS.debug("AddCRLServlet: failed to verify CRL " + e.toString());
-                    CMS.debug(e);
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND",
-                                    crl.getIssuerDN().getName()));
-
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
-                            auditSubjectID,
-                            ILogger.FAILURE);
-
-                    audit(auditMessage);
-
-                    throw new ECMSGWException(
-                            CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
-                } finally {
-                    if (tokenSwitched == true){
-                        cmanager.setThreadToken(savedToken);
-                    }
-                }
-            }
-
-            if ((pt.getThisUpdate() != null) &&
-                    (pt.getThisUpdate().getTime() >=
-                    crl.getThisUpdate().getTime())) {
-                // error, the uploaded CRL is older than the current
-                CMS.debug("AddCRLServlet: no update, CRL is older");
-                log(ILogger.LL_INFO,
-                        "AddCRLServlet: no update, received CRL is older " +
-                                "than current CRL");
-                if (noUI) {
-                    try {
-                        resp.setContentType("application/text");
-                        resp.getOutputStream().write("status=1\n".getBytes());
-                        resp.getOutputStream().write(
-                                "error=Sent CRL is older than the current CRL\n".getBytes());
-                        resp.getOutputStream().flush();
-                        cmsReq.setStatus(ICMSRequest.SUCCESS);
-
-                        // NOTE:  The signed audit events
-                        //        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and
-                        //        LOGGING_SIGNED_AUDIT_CRL_VALIDATION have
-                        //        already been logged at this point!
-
-                        return;
-                    } catch (Exception e) {
-                    }
-                } else {
-                    CMS.debug("AddCRLServlet: CRL is older");
-
-                    // NOTE:  The signed audit events
-                    //        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and
-                    //        LOGGING_SIGNED_AUDIT_CRL_VALIDATION have
-                    //        already been logged at this point!
-
-                    throw new ECMSGWException(CMS.getUserMessage(
-                            "CMS_GW_OLD_CRL_ERROR"));
-                }
-            }
-
-            if (crl.isDeltaCRL()) {
-                CMS.debug("AddCRLServlet: no update, Delta CRLs are not supported.");
-                log(ILogger.LL_INFO, "AddCRLServlet: no update, " +
-                        CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED"));
-                if (noUI) {
-                    try {
-                        resp.setContentType("application/text");
-                        resp.getOutputStream().write("status=1\n".getBytes());
-                        resp.getOutputStream().write(
-                                "error=Delta CRLs are not supported.\n".getBytes());
-                        resp.getOutputStream().flush();
-                        cmsReq.setStatus(ICMSRequest.SUCCESS);
-
-                        return;
-                    } catch (Exception e) {
-                    }
-                } else {
-                    throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED"));
-                }
-            }
-
-            CMS.debug("AddCRLServlet: strt committing CRL");
-            log(ILogger.LL_INFO, "AddCRLServlet: Start Committing CRL");
-
-            // *****************************************************
-            // The commit transaction may take long time and
-            // there may have a system crash during the transaction
-            // *****************************************************
-
-            IRepositoryRecord repRec = defStore.createRepositoryRecord();
-
-            repRec.set(IRepositoryRecord.ATTR_SERIALNO,
-                    new BigInteger(Long.toString(crl.getThisUpdate().getTime())));
-            try {
-                defStore.addRepository(
-                        crl.getIssuerDN().getName(),
-                        Long.toString(crl.getThisUpdate().getTime()),
-                        repRec);
-                log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CRL Updated " +
-                        Long.toString(crl.getThisUpdate().getTime()));
-            } catch (Exception e) {
-                CMS.debug("AddCRLServlet: add repository e=" + e.toString());
-            }
-            log(ILogger.LL_INFO, "AddCRLServlet: Created CRL Repository " +
-                    Long.toString(crl.getThisUpdate().getTime()));
-
-            if (defStore.waitOnCRLUpdate()) {
-                defStore.updateCRL(crl);
-            } else {
-                // when the CRL large, the thread is terminiated by the
-                // servlet framework before it can finish its work
-                UpdateCRLThread uct = new UpdateCRLThread(defStore, crl);
-
-                uct.start();
-            }
-
-            try {
-                ServletOutputStream out = resp.getOutputStream();
-
-                if (noUI) {
-                    CMS.debug("AddCRLServlet: return result noUI=true");
-                    resp.setContentType("application/text");
-                    resp.getOutputStream().write("status=0".getBytes());
-                    resp.getOutputStream().flush();
-                    cmsReq.setStatus(ICMSRequest.SUCCESS);
-                } else {
-                    CMS.debug("AddCRLServlet: return result noUI=false");
-                    String xmlOutput = req.getParameter("xml");
-                    if (xmlOutput != null && xmlOutput.equals("true")) {
-                        outputXML(resp, argSet);
-                    } else {
-                        resp.setContentType("text/html");
-                        form.renderOutput(out, argSet);
-                        cmsReq.setStatus(ICMSRequest.SUCCESS);
-                    }
-                }
-            } catch (IOException e) {
-                CMS.debug("AddCRLServlet: return result error=" + e.toString());
-                mOCSPAuthority.log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
-                                e.toString()));
-
-                // NOTE:  The signed audit events
-                //        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and
-                //        LOGGING_SIGNED_AUDIT_CRL_VALIDATION have
-                //        already been logged at this point!
-
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-            }
-        } catch (EBaseException eAudit1) {
-            if (!CRLFetched) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditCRLNum);
-
-                audit(auditMessage);
-            } else {
-                if (!CRLValidated) {
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
-                            auditSubjectID,
-                            ILogger.FAILURE);
-
-                    audit(auditMessage);
-                }
-            }
-            throw eAudit1;
-        }
-        if (statsSub != null) {
-            statsSub.endTiming("add_crl");
-        }
-    }
-
-    public X509CRLImpl mapCRL1(String mime64)
-            throws IOException {
-        mime64 = Cert.stripCRLBrackets(mime64.trim());
-
-        byte rawPub[] = CMS.AtoB(mime64);
-        X509CRLImpl crl = null;
-
-        try {
-            crl = new X509CRLImpl(rawPub, false);
-        } catch (Exception e) {
-            throw new IOException(e.toString());
-        }
-        return crl;
-    }
-}
-
-class UpdateCRLThread extends Thread {
-    private IDefStore mDefStore = null;
-    private X509CRL mCRL = null;
-
-    public UpdateCRLThread(
-            IDefStore defStore, X509CRL crl) {
-        mDefStore = defStore;
-        mCRL = crl;
-    }
-
-    public void run() {
-        try {
-            if (!((X509CRLImpl) mCRL).areEntriesIncluded())
-                mCRL = new X509CRLImpl(((X509CRLImpl) mCRL).getEncoded());
-            mDefStore.updateCRL(mCRL);
-        } catch (CRLException e) {
-        } catch (X509ExtensionException e) {
-        } catch (EBaseException e) {
-            // ignore
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java b/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java
deleted file mode 100644
index 8f44bf739..000000000
--- a/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java
+++ /dev/null
@@ -1,217 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.ocsp;
-
-import java.io.IOException;
-import java.security.cert.X509CRLEntry;
-import java.security.cert.X509Certificate;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.X509CRLImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.ocsp.IDefStore;
-import com.netscape.certsrv.ocsp.IOCSPAuthority;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-import com.netscape.cmsutil.util.Cert;
-
-/**
- * Check the status of a specific certificate
- *
- * @version $Revision$ $Date$
- */
-public class CheckCertServlet extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 7782198059640825050L;
-    public static final String BEGIN_HEADER =
-            "-----BEGIN CERTIFICATE-----";
-    public static final String END_HEADER =
-            "-----END CERTIFICATE-----";
-
-    public static final String ATTR_STATUS = "status";
-    public static final String ATTR_ISSUERDN = "issuerDN";
-    public static final String ATTR_SUBJECTDN = "subjectDN";
-    public static final String ATTR_SERIALNO = "serialno";
-
-    public static final String STATUS_GOOD = "good";
-    public static final String STATUS_REVOKED = "revoked";
-    public static final String STATUS_UNKNOWN = "unknown";
-
-    private final static String TPL_FILE = "checkCert.template";
-    private String mFormPath = null;
-    private IOCSPAuthority mOCSPAuthority = null;
-
-    public CheckCertServlet() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * "checkCert.template" to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        // override success to display own output.
-
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        mOCSPAuthority = (IOCSPAuthority) mAuthority;
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param cert certificate to check. Base64, DER encoded, wrapped in -----BEGIN CERTIFICATE-----, -----END
-     * CERTIFICATE----- strings
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq)
-            throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "validate");
-        } catch (Exception e) {
-            // do nothing for now
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        IDefStore defStore = mOCSPAuthority.getDefaultStore();
-
-        String b64 = cmsReq.getHttpReq().getParameter("cert");
-
-        if (b64.indexOf(BEGIN_HEADER) == -1) {
-            // error
-            throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_HEADER"));
-
-        }
-        if (b64.indexOf(END_HEADER) == -1) {
-            // error
-            throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_FOOTER"));
-        }
-
-        X509Certificate cert = null;
-
-        try {
-            cert = Cert.mapCert(b64);
-        } catch (Exception e) {
-            throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DECODING_CERT_ERROR"));
-        }
-        if (cert == null) {
-            throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DECODING_CERT_ERROR"));
-        }
-
-        ICRLIssuingPointRecord pt = defStore.readCRLIssuingPoint(
-                cert.getIssuerDN().getName());
-
-        header.addStringValue(ATTR_ISSUERDN, cert.getIssuerDN().getName());
-        header.addStringValue(ATTR_SUBJECTDN, cert.getSubjectDN().getName());
-        header.addStringValue(ATTR_SERIALNO, "0x" + cert.getSerialNumber().toString(16));
-        try {
-            X509CRLImpl crl = null;
-
-            crl = new X509CRLImpl(pt.getCRL());
-            X509CRLEntry crlentry = crl.getRevokedCertificate(cert.getSerialNumber());
-
-            if (crlentry == null) {
-                if (defStore.isNotFoundGood()) {
-                    header.addStringValue(ATTR_STATUS, STATUS_GOOD);
-                } else {
-                    header.addStringValue(ATTR_STATUS, STATUS_UNKNOWN);
-                }
-            } else {
-                header.addStringValue(ATTR_STATUS, STATUS_REVOKED);
-            }
-        } catch (Exception e) {
-            header.addStringValue(ATTR_STATUS, STATUS_UNKNOWN);
-        }
-        log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Checked Certificate Status "
-                + cert.getIssuerDN().getName() + " " + cert.getSerialNumber().toString());
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            String xmlOutput = req.getParameter("xml");
-            if (xmlOutput != null && xmlOutput.equals("true")) {
-                outputXML(resp, argSet);
-            } else {
-                resp.setContentType("text/html");
-                form.renderOutput(out, argSet);
-                cmsReq.setStatus(ICMSRequest.SUCCESS);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java b/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java
deleted file mode 100644
index 593f2de88..000000000
--- a/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java
+++ /dev/null
@@ -1,165 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.ocsp;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.ocsp.IOCSPService;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Retrieve information about the number of OCSP requests the OCSP
- * has serviced
- *
- * @version $Revision$, $Date$
- */
-public class GetOCSPInfo extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = -3633557968127876119L;
-    private final static String TPL_FILE = "getOCSPInfo.template";
-    private String mFormPath = null;
-
-    public GetOCSPInfo() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template
-     * file "getOCSPInfo.template" to render the result page.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        // override success to display own output.
-
-        // coming from agent
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-
-    }
-
-    /**
-     * Process the HTTP request.
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq)
-            throws EBaseException {
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "read");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        if (!(mAuthority instanceof IOCSPService)) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, httpReq, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-            return;
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        IOCSPService ca = (IOCSPService) mAuthority;
-
-        header.addLongValue("numReq", ca.getNumOCSPRequest());
-        header.addLongValue("totalSec", ca.getOCSPRequestTotalTime());
-        header.addLongValue("totalSignSec", ca.getOCSPTotalSignTime());
-        header.addLongValue("totalLookupSec", ca.getOCSPTotalLookupTime());
-        header.addLongValue("totalData", ca.getOCSPTotalData());
-        long secs = 0;
-        if (ca.getOCSPRequestTotalTime() != 0) {
-            secs = (ca.getNumOCSPRequest() * 1000) / ca.getOCSPRequestTotalTime();
-        }
-        header.addLongValue("ReqSec", secs);
-        try {
-            ServletOutputStream out = httpResp.getOutputStream();
-
-            httpResp.setContentType("text/html");
-            form.renderOutput(out, argSet);
-            cmsReq.setStatus(ICMSRequest.SUCCESS);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
-            cmsReq.setStatus(ICMSRequest.ERROR);
-        }
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-        return;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java b/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java
deleted file mode 100644
index 4894c574a..000000000
--- a/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java
+++ /dev/null
@@ -1,199 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.ocsp;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.ocsp.IDefStore;
-import com.netscape.certsrv.ocsp.IOCSPAuthority;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Show the list of CA's that the OCSP responder can service
- *
- * @version $Revision$ $Date$
- */
-public class ListCAServlet extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 3764395161795483452L;
-    public static final String BEGIN_HEADER =
-            "-----BEGIN CERTIFICATE-----";
-    public static final String END_HEADER =
-            "-----END CERTIFICATE-----";
-
-    private final static String TPL_FILE = "listCAs.template";
-    private String mFormPath = null;
-    private IOCSPAuthority mOCSPAuthority = null;
-
-    public ListCAServlet() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * "listCAs.template" to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        // override success to display own output.
-
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        mOCSPAuthority = (IOCSPAuthority) mAuthority;
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-    }
-
-    /**
-     * Process the HTTP request.
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq)
-            throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "list");
-        } catch (Exception e) {
-            // do nothing for now
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        IDefStore defStore = mOCSPAuthority.getDefaultStore();
-        Enumeration<ICRLIssuingPointRecord> recs = defStore.searchAllCRLIssuingPointRecord(100);
-
-        // show the current CRL number if present
-        header.addStringValue("stateCount",
-                Integer.toString(defStore.getStateCount()));
-
-        while (recs.hasMoreElements()) {
-            ICRLIssuingPointRecord rec = recs.nextElement();
-            IArgBlock rarg = CMS.createArgBlock();
-            String thisId = rec.getId();
-
-            rarg.addStringValue("Id", thisId);
-            Date thisUpdate = rec.getThisUpdate();
-
-            if (thisUpdate == null) {
-                rarg.addStringValue("ThisUpdate", "UNKNOWN");
-            } else {
-                rarg.addStringValue("ThisUpdate", thisUpdate.toString());
-            }
-            Date nextUpdate = rec.getNextUpdate();
-
-            if (nextUpdate == null) {
-                rarg.addStringValue("NextUpdate", "UNKNOWN");
-            } else {
-                rarg.addStringValue("NextUpdate", nextUpdate.toString());
-            }
-            Long rc = rec.getCRLSize();
-
-            if (rc == null) {
-                rarg.addLongValue("NumRevoked", 0);
-            } else {
-                if (rc.longValue() == -1) {
-                    rarg.addStringValue("NumRevoked", "UNKNOWN");
-                } else {
-                    rarg.addLongValue("NumRevoked", rc.longValue());
-                }
-            }
-
-            BigInteger crlNumber = rec.getCRLNumber();
-            if (crlNumber == null || crlNumber.equals(new BigInteger("-1"))) {
-                rarg.addStringValue("CRLNumber", "UNKNOWN");
-            } else {
-                rarg.addStringValue("CRLNumber", crlNumber.toString());
-            }
-
-            rarg.addLongValue("ReqCount", defStore.getReqCount(thisId));
-            argSet.addRepeatRecord(rarg);
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            String xmlOutput = req.getParameter("xml");
-            if (xmlOutput != null && xmlOutput.equals("true")) {
-                outputXML(resp, argSet);
-            } else {
-                resp.setContentType("text/html");
-                form.renderOutput(out, argSet);
-                cmsReq.setStatus(ICMSRequest.SUCCESS);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java b/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java
deleted file mode 100644
index 940bf657c..000000000
--- a/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java
+++ /dev/null
@@ -1,277 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.ocsp;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.UnsupportedEncodingException;
-import java.net.URLDecoder;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.mozilla.jss.asn1.ASN1Util;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.ocsp.IOCSPService;
-import com.netscape.certsrv.util.IStatsSubsystem;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cmsutil.ocsp.BasicOCSPResponse;
-import com.netscape.cmsutil.ocsp.OCSPRequest;
-import com.netscape.cmsutil.ocsp.OCSPResponse;
-import com.netscape.cmsutil.ocsp.ResponseBytes;
-import com.netscape.cmsutil.ocsp.ResponseData;
-import com.netscape.cmsutil.ocsp.SingleResponse;
-import com.netscape.cmsutil.ocsp.TBSRequest;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * Process OCSP messages, According to RFC 2560
- * See http://www.ietf.org/rfc/rfc2560.txt
- *
- * @version $Revision$ $Date$
- */
-public class OCSPServlet extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 120903601883352030L;
-    public final static String PROP_AUTHORITY = "authority";
-    public final static String PROP_CLIENTAUTH = "GetClientCert";
-    public final static String PROP_MAX_REQUEST_SIZE = "MaxRequestSize";
-    public final static String PROP_ID = "ID";
-
-    private int m_maxRequestSize = 5000;
-
-    public OCSPServlet() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * "ImportCert.template" to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        String s = sc.getInitParameter(PROP_MAX_REQUEST_SIZE);
-        if (s != null) {
-            try {
-                m_maxRequestSize = Integer.parseInt(s);
-            } catch (Exception e) {
-            }
-        }
-
-    }
-
-    /**
-     * Process the HTTP request.
-     * This method is invoked when the OCSP service receives a OCSP
-     * request. Based on RFC 2560, the request should have the OCSP
-     * request in the HTTP body as binary blob.
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest httpReq = cmsReq.getHttpReq();
-        HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
-        if (statsSub != null) {
-            statsSub.startTiming("ocsp", true /* main action */);
-        }
-
-        IAuthToken authToken = authenticate(cmsReq);
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "submit");
-        } catch (Exception e) {
-            // do nothing for now
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        CMS.debug("Servlet Path=" + httpReq.getServletPath());
-        CMS.debug("RequestURI=" + httpReq.getRequestURI());
-        String pathInfo = httpReq.getPathInfo();
-        if (pathInfo != null && pathInfo.indexOf('%') != -1) {
-            try {
-                pathInfo = URLDecoder.decode(pathInfo, "UTF-8");
-            } catch (UnsupportedEncodingException e) {
-                e.printStackTrace();
-                throw new EBaseException("OCSPServlet: Unsupported encoding" + e);
-            }
-        }
-        CMS.debug("PathInfo=" + pathInfo);
-
-        OCSPRequest ocspReq = null;
-
-        try {
-            InputStream is = httpReq.getInputStream();
-            byte reqbuf[] = null;
-            String method = httpReq.getMethod();
-            CMS.debug("Method=" + method);
-            if (method != null && method.equals("POST")) {
-                int reqlen = httpReq.getContentLength();
-
-                if (reqlen == -1) {
-                    throw new Exception("OCSPServlet: Content-Length not supplied");
-                }
-                if (reqlen == 0) {
-                    throw new Exception("OCSPServlet: Invalid Content-Length");
-                }
-                if (reqlen > m_maxRequestSize) {
-                    throw new Exception("OCSPServlet: Client sending too much OCSP request data (" + reqlen + ")");
-                }
-
-                // for debugging
-                reqbuf = new byte[reqlen];
-                int bytesread = 0;
-                boolean partial = false;
-
-                while (bytesread < reqlen) {
-                    int r = is.read(reqbuf, bytesread, reqlen - bytesread);
-                    if (r == -1) {
-                        throw new Exception("OCSPServlet: Client did not supply enough OCSP data");
-                    }
-                    bytesread += r;
-                    if (partial == false) {
-                        if (bytesread < reqlen) {
-                            partial = true;
-                        }
-                    }
-                }
-                is = new ByteArrayInputStream(reqbuf);
-            } else {
-                // GET method
-                if ((pathInfo == null) ||
-                        (pathInfo.equals("")) ||
-                        (pathInfo.substring(1) == null) ||
-                        (pathInfo.substring(1).equals(""))) {
-                    throw new Exception("OCSPServlet: OCSP request not provided in GET method");
-                }
-                is = new ByteArrayInputStream(
-                        Utils.base64decode(pathInfo.substring(1)));
-            }
-
-            // (1) retrieve OCSP request
-            // (2) decode request
-            OCSPResponse response = null;
-
-            try {
-                OCSPRequest.Template reqTemplate =
-                        new OCSPRequest.Template();
-
-                if ((is == null) ||
-                        (is.toString().equals(""))) {
-                    throw new Exception("OCSPServlet: OCSP request is "
-                                       + "empty or malformed");
-                }
-                ocspReq = (OCSPRequest) reqTemplate.decode(is);
-                if ((ocspReq == null) ||
-                        (ocspReq.toString().equals(""))) {
-                    throw new Exception("OCSPServlet: Decoded OCSP request "
-                                       + "is empty or malformed");
-                }
-                response = ((IOCSPService) mAuthority).validate(ocspReq);
-            } catch (Exception e) {
-                ;
-                CMS.debug("OCSPServlet: " + e.toString());
-            }
-
-            if (response != null) {
-                ByteArrayOutputStream fos1 = new ByteArrayOutputStream();
-
-                response.encode(fos1);
-                fos1.close();
-
-                byte[] respbytes;
-
-                respbytes = fos1.toByteArray();
-
-                // print out OCSP response in debug mode so that
-                // we can validate the response
-                if (CMS.debugOn()) {
-                    CMS.debug("OCSPServlet: OCSP Request:");
-                    CMS.debug("OCSPServlet: " + CMS.BtoA(ASN1Util.encode(ocspReq)));
-                    TBSRequest tbsReq = ocspReq.getTBSRequest();
-                    for (int i = 0; i < tbsReq.getRequestCount(); i++) {
-                        com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i);
-                        CMS.debug("Serial Number: " + req.getCertID().getSerialNumber());
-                    }
-                    CMS.debug("OCSPServlet: OCSP Response Size:");
-                    CMS.debug("OCSPServlet: " + Integer.toString(respbytes.length));
-                    CMS.debug("OCSPServlet: OCSP Response Data:");
-                    CMS.debug("OCSPServlet: " + CMS.BtoA(respbytes));
-                    ResponseBytes rbytes = response.getResponseBytes();
-                    if (rbytes == null) {
-                        CMS.debug("Response bytes is null");
-                    } else if (rbytes.getObjectIdentifier().equals(
-                               ResponseBytes.OCSP_BASIC)) {
-                        BasicOCSPResponse basicRes = (BasicOCSPResponse)
-                                BasicOCSPResponse.getTemplate().decode(
-                                        new ByteArrayInputStream(rbytes.getResponse().toByteArray()));
-                        if (basicRes == null) {
-                            CMS.debug("Basic Res is null");
-                        } else {
-                            ResponseData data = basicRes.getResponseData();
-                            for (int i = 0; i < data.getResponseCount(); i++) {
-                                SingleResponse res = data.getResponseAt(i);
-                                CMS.debug("Serial Number: " +
-                                          res.getCertID().getSerialNumber() +
-                                          " Status: " +
-                                          res.getCertStatus().getClass().getName());
-                            }
-                        }
-                    }
-                }
-
-                httpResp.setContentType("application/ocsp-response");
-
-                httpResp.setContentLength(respbytes.length);
-                OutputStream ooss = httpResp.getOutputStream();
-
-                ooss.write(respbytes);
-                ooss.flush();
-                if (statsSub != null) {
-                    statsSub.endTiming("ocsp");
-                }
-
-                mRenderResult = false;
-            }
-        } catch (Exception e) {
-            CMS.debug("OCSPServlet: " + e.toString());
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java b/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java
deleted file mode 100644
index 55f688a0b..000000000
--- a/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java
+++ /dev/null
@@ -1,215 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.ocsp;
-
-import java.io.IOException;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.ocsp.IDefStore;
-import com.netscape.certsrv.ocsp.IOCSPAuthority;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Configure the CA to no longer respond to OCSP requests for a CA
- *
- * @version $Revision: 1274 $ $Date: 2010-09-07 22:14:41 -0700 (Tue, 07 Sep 2010) $
- */
-public class RemoveCAServlet extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -4519898238552366358L;
-    private final static String TPL_FILE = "removeCA.template";
-    private String mFormPath = null;
-    private IOCSPAuthority mOCSPAuthority = null;
-
-    private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST =
-            "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_3";
-    private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS =
-            "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS_3";
-
-    private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE =
-            "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE_3";
-
-    public RemoveCAServlet() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * "addCA.template" to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        // override success to display own output.
-
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        mOCSPAuthority = (IOCSPAuthority) mAuthority;
-
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param ca id. The format is string.
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when a CA is attempted to be removed from the
-     * OCSP responder
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS and
-     * LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used when a remove CA request to the OCSP
-     * Responder is processed successfully or not.
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    protected void process(CMSRequest cmsReq)
-            throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "add");
-        } catch (Exception e) {
-            // do nothing for now
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
-                auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
-            String uid = authToken.getInString(IAuthToken.USER_ID);
-            if (uid != null) {
-                CMS.debug("RemoveCAServlet: auditSubjectID set to " + uid);
-                auditSubjectID = uid;
-            }
-        }
-
-        String caID = cmsReq.getHttpReq().getParameter("caID");
-
-        if (caID == null) {
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    ILogger.SIGNED_AUDIT_EMPTY_VALUE);
-
-            throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_ID"));
-        }
-
-        auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST,
-                auditSubjectID,
-                ILogger.SUCCESS,
-                caID);
-
-        audit(auditMessage);
-
-        IDefStore defStore = mOCSPAuthority.getDefaultStore();
-
-        try {
-            defStore.deleteCRLIssuingPointRecord(caID);
-
-        } catch (EBaseException e) {
-
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    caID);
-            audit(auditMessage);
-
-            CMS.debug("RemoveCAServlet::process: Error deleting CRL IssuingPoint: " + caID);
-            throw new EBaseException(e.toString());
-        }
-
-        CMS.debug("RemoveCAServlet::process: CRL IssuingPoint for CA successfully removed: " + caID);
-
-        auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,
-                auditSubjectID,
-                ILogger.SUCCESS,
-                caID);
-        audit(auditMessage);
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            String xmlOutput = req.getParameter("xml");
-            if (xmlOutput != null && xmlOutput.equals("true")) {
-                outputXML(resp, argSet);
-            } else {
-                resp.setContentType("text/html");
-                form.renderOutput(out, argSet);
-                cmsReq.setStatus(ICMSRequest.SUCCESS);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java b/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java
deleted file mode 100644
index 3c5c4080b..000000000
--- a/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java
+++ /dev/null
@@ -1,407 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.processors;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.security.MessageDigest;
-import java.security.PublicKey;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.Hashtable;
-
-import netscape.security.pkcs.PKCS10;
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-
-import org.mozilla.jss.asn1.ANY;
-import org.mozilla.jss.asn1.ASN1Util;
-import org.mozilla.jss.asn1.INTEGER;
-import org.mozilla.jss.asn1.InvalidBERException;
-import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
-import org.mozilla.jss.asn1.OCTET_STRING;
-import org.mozilla.jss.asn1.SEQUENCE;
-import org.mozilla.jss.asn1.SET;
-import org.mozilla.jss.crypto.DigestAlgorithm;
-import org.mozilla.jss.pkcs10.CertificationRequest;
-import org.mozilla.jss.pkcs11.PK11PubKey;
-import org.mozilla.jss.pkix.cert.Certificate;
-import org.mozilla.jss.pkix.cert.CertificateInfo;
-import org.mozilla.jss.pkix.cmc.PKIData;
-import org.mozilla.jss.pkix.cmc.TaggedAttribute;
-import org.mozilla.jss.pkix.cmc.TaggedCertificationRequest;
-import org.mozilla.jss.pkix.cmc.TaggedRequest;
-import org.mozilla.jss.pkix.cms.EncapsulatedContentInfo;
-import org.mozilla.jss.pkix.cms.IssuerAndSerialNumber;
-import org.mozilla.jss.pkix.cms.SignedData;
-import org.mozilla.jss.pkix.cms.SignerIdentifier;
-import org.mozilla.jss.pkix.crmf.CertReqMsg;
-import org.mozilla.jss.pkix.crmf.CertRequest;
-import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier;
-import org.mozilla.jss.pkix.primitive.Name;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Process CMC messages according to RFC 2797
- * See http://www.ietf.org/rfc/rfc2797.txt
- *
- * @version $Revision$, $Date$
- */
-public class CMCProcessor extends PKIProcessor {
-
-    private boolean enforcePop = false;
-
-    public CMCProcessor() {
-        super();
-    }
-
-    public CMCProcessor(ICMSRequest cmsReq, CMSServlet servlet, boolean doEnforcePop) {
-
-        super(cmsReq, servlet);
-        enforcePop = doEnforcePop;
-
-    }
-
-    public void process(ICMSRequest cmsReq)
-            throws EBaseException {
-    }
-
-    public void fillCertInfo(
-            String protocolString, X509CertInfo certInfo,
-            IAuthToken authToken, IArgBlock httpParams)
-            throws EBaseException {
-    }
-
-    public X509CertInfo[] fillCertInfoArray(
-            String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
-            throws EBaseException {
-
-        CMS.debug("CMCProcessor: In CMCProcessor.fillCertInfoArray!");
-        String cmc = protocolString;
-
-        try {
-            byte[] cmcBlob = CMS.AtoB(cmc);
-            ByteArrayInputStream cmcBlobIn =
-                    new ByteArrayInputStream(cmcBlob);
-
-            org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo)
-                    org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
-
-            if (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA)
-                    || !cmcReq.hasContent())
-                throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT"));
-
-            SignedData cmcFullReq = (SignedData)
-                    cmcReq.getInterpretedContent();
-
-            EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
-
-            OBJECT_IDENTIFIER id = ci.getContentType();
-
-            if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || !ci.hasContent()) {
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_NO_PKIDATA"));
-            }
-            OCTET_STRING content = ci.getContent();
-
-            ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray());
-            PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s);
-
-            SEQUENCE reqSequence = pkiData.getReqSequence();
-
-            int numReqs = reqSequence.size();
-            X509CertInfo[] certInfoArray = new X509CertInfo[numReqs];
-            String[] reqIdArray = new String[numReqs];
-
-            for (int i = 0; i < numReqs; i++) {
-                // decode message.
-                TaggedRequest taggedRequest = (TaggedRequest) reqSequence.elementAt(i);
-
-                TaggedRequest.Type type = taggedRequest.getType();
-
-                if (type.equals(TaggedRequest.PKCS10)) {
-                    TaggedCertificationRequest tcr = taggedRequest.getTcr();
-                    int p10Id = tcr.getBodyPartID().intValue();
-
-                    reqIdArray[i] = String.valueOf(p10Id);
-
-                    CertificationRequest p10 =
-                            tcr.getCertificationRequest();
-
-                    // transfer to sun class
-                    ByteArrayOutputStream ostream = new ByteArrayOutputStream();
-
-                    p10.encode(ostream);
-
-                    PKCS10Processor pkcs10Processor = new PKCS10Processor(mRequest, mServlet);
-
-                    try {
-                        PKCS10 pkcs10 = new PKCS10(ostream.toByteArray());
-                        //xxx do we need to do anything else?
-                        X509CertInfo certInfo = CMS.getDefaultX509CertInfo();
-
-                        pkcs10Processor.fillCertInfo(pkcs10, certInfo, authToken, httpParams);
-
-                        /*    fillPKCS10(pkcs10,certInfo,
-                         authToken, httpParams);
-                         */
-
-                        certInfoArray[i] = certInfo;
-                    } catch (Exception e) {
-                        throw new ECMSGWException(
-                                CMS.getUserMessage("CMS_GW_PKCS10_ERROR", e.toString()));
-                    }
-                } else if (type.equals(TaggedRequest.CRMF)) {
-
-                    CRMFProcessor crmfProc = new CRMFProcessor(mRequest, mServlet, enforcePop);
-
-                    CertReqMsg crm = taggedRequest.getCrm();
-                    CertRequest certReq = crm.getCertReq();
-
-                    INTEGER certReqId = certReq.getCertReqId();
-                    int srcId = certReqId.intValue();
-
-                    reqIdArray[i] = String.valueOf(srcId);
-
-                    certInfoArray[i] = crmfProc.processIndividualRequest(crm, authToken, httpParams);
-
-                } else {
-                    throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT"));
-                }
-            }
-
-            // verify the signerInfo
-            SET dais = cmcFullReq.getDigestAlgorithmIdentifiers();
-            int numDig = dais.size();
-            Hashtable<String, byte[]> digs = new Hashtable<String, byte[]>();
-
-            for (int i = 0; i < numDig; i++) {
-                AlgorithmIdentifier dai =
-                        (AlgorithmIdentifier) dais.elementAt(i);
-                String name =
-                        DigestAlgorithm.fromOID(dai.getOID()).toString();
-
-                MessageDigest md =
-                        MessageDigest.getInstance(name);
-
-                byte[] digest = md.digest(content.toByteArray());
-
-                digs.put(name, digest);
-            }
-
-            SET sis = cmcFullReq.getSignerInfos();
-            int numSis = sis.size();
-
-            for (int i = 0; i < numSis; i++) {
-                org.mozilla.jss.pkix.cms.SignerInfo si =
-                        (org.mozilla.jss.pkix.cms.SignerInfo)
-                        sis.elementAt(i);
-
-                String name = si.getDigestAlgorithm().toString();
-                byte[] digest = digs.get(name);
-
-                if (digest == null) {
-                    MessageDigest md = MessageDigest.getInstance(name);
-                    ByteArrayOutputStream ostream = new ByteArrayOutputStream();
-
-                    pkiData.encode(ostream);
-                    digest = md.digest(ostream.toByteArray());
-
-                }
-
-                SignerIdentifier sid = si.getSignerIdentifier();
-
-                if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
-                    IssuerAndSerialNumber issuerAndSerialNumber = sid.getIssuerAndSerialNumber();
-                    // find from the certs in the signedData
-                    X509Certificate cert = null;
-
-                    if (cmcFullReq.hasCertificates()) {
-                        SET certs = cmcFullReq.getCertificates();
-                        int numCerts = certs.size();
-
-                        for (int j = 0; j < numCerts; j++) {
-                            Certificate certJss =
-                                    (Certificate) certs.elementAt(j);
-                            CertificateInfo certI =
-                                    certJss.getInfo();
-                            Name issuer = certI.getIssuer();
-                            byte[] issuerB = ASN1Util.encode(issuer);
-
-                            INTEGER sn = certI.getSerialNumber();
-
-                            if (new String(issuerB).equals(new
-                                    String(ASN1Util.encode(issuerAndSerialNumber.getIssuer())))
-                                    && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) {
-                                ByteArrayOutputStream os = new
-                                        ByteArrayOutputStream();
-
-                                certJss.encode(os);
-                                cert = new X509CertImpl(os.toByteArray());
-                                // xxx validate the cert length
-
-                            }
-                        }
-
-                    }
-                    // find from internaldb if it's ca. (ra does not have that.)
-                    // find from internaldb usrgrp info
-
-                    if (cert == null) {
-                        // find from certDB
-                        si.verify(digest, id);
-                    } else {
-                        PublicKey signKey = cert.getPublicKey();
-                        PK11PubKey pubK = PK11PubKey.fromSPKI(((X509Key) signKey).getKey());
-                        si.verify(digest, id, pubK);
-                    }
-
-                } else {
-                    OCTET_STRING ski = sid.getSubjectKeyIdentifier();
-                    // find the publicKey using ski
-                    int j = 0;
-                    PublicKey signKey = null;
-
-                    while (signKey == null && j < numReqs) {
-                        X509Key subjectKeyInfo =
-                                (X509Key) ((CertificateX509Key) certInfoArray[j].get(X509CertInfo.KEY))
-                                        .get(CertificateX509Key.KEY);
-                        MessageDigest md = MessageDigest.getInstance("SHA-1");
-
-                        md.update(subjectKeyInfo.getEncoded());
-                        byte[] skib = md.digest();
-
-                        if (new String(skib).equals(new String(ski.toByteArray()))) {
-                            signKey = subjectKeyInfo;
-                        }
-                        j++;
-                    }
-                    if (signKey == null) {
-                        throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR",
-                                "SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request."));
-                    } else {
-                        PK11PubKey pubK = PK11PubKey.fromSPKI(((X509Key) signKey).getKey());
-                        si.verify(digest, id, pubK);
-                    }
-                }
-            }
-            // end verify signerInfo
-
-            // Get control sequence
-            // verisign has transactionId, senderNonce, regInfo
-            // identification, identityproof
-            SEQUENCE controls = pkiData.getControlSequence();
-            int numControls = controls.size();
-
-            for (int i = 0; i < numControls; i++) {
-                TaggedAttribute control =
-                        (TaggedAttribute) controls.elementAt(i);
-                OBJECT_IDENTIFIER type = control.getType();
-                SET values = control.getValues();
-                int numVals = values.size();
-
-                if (type.equals(OBJECT_IDENTIFIER.id_cmc_transactionId)) {
-                    String[] vals = null;
-
-                    if (numVals > 0)
-                        vals = new String[numVals];
-                    for (int j = 0; j < numVals; j++) {
-                        ANY val = (ANY)
-                                values.elementAt(j);
-                        INTEGER transId = (INTEGER) val.decodeWith(
-                                INTEGER.getTemplate());
-
-                        if (transId != null) {
-                            vals[j] = transId.toString();
-                        }
-                    }
-                    if (vals != null)
-                        req.setExtData(IRequest.CMC_TRANSID, vals);
-                } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
-                    String[] vals = null;
-
-                    if (numVals > 0)
-                        vals = new String[numVals];
-                    for (int j = 0; j < numVals; j++) {
-                        ANY val = (ANY)
-                                values.elementAt(j);
-                        OCTET_STRING nonce = (OCTET_STRING)
-                                val.decodeWith(OCTET_STRING.getTemplate());
-
-                        if (nonce != null) {
-                            vals[j] = new String(nonce.toByteArray());
-                        }
-                    }
-                    if (vals != null)
-                        req.setExtData(IRequest.CMC_SENDERNONCE, vals);
-
-                } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_regInfo)) {
-                    // what can we do here
-                    // for verisign, we just debug.print()
-                } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_identification)) {
-                    // what can we do here
-                    // for verisign, we just debug.print()
-                } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_identityProof)) {
-                    // what can we do here
-                    // for verisign, we just debug.print()
-                }
-            }
-
-            req.setExtData(IRequest.CMC_REQIDS, reqIdArray);
-            return certInfoArray;
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
-        } catch (InvalidBERException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
-        } catch (InvalidKeyException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
-        } catch (Exception e) {
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CMC_ERROR", e.toString()));
-        }
-
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java b/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
deleted file mode 100644
index 1da0cf3c4..000000000
--- a/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
+++ /dev/null
@@ -1,373 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.processors;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.security.cert.CertificateException;
-
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.Extension;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-
-import org.mozilla.jss.asn1.INTEGER;
-import org.mozilla.jss.asn1.InvalidBERException;
-import org.mozilla.jss.asn1.SEQUENCE;
-import org.mozilla.jss.pkix.crmf.CertReqMsg;
-import org.mozilla.jss.pkix.crmf.CertRequest;
-import org.mozilla.jss.pkix.crmf.CertTemplate;
-import org.mozilla.jss.pkix.crmf.ProofOfPossession;
-import org.mozilla.jss.pkix.primitive.Name;
-import org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Process CRMF requests, according to RFC 2511
- * See http://www.ietf.org/rfc/rfc2511.txt
- *
- * @version $Revision$, $Date$
- */
-public class CRMFProcessor extends PKIProcessor {
-
-    @SuppressWarnings("unused")
-    private ICMSRequest mRequest;
-
-    private boolean enforcePop = false;
-
-    private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION =
-            "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
-
-    public CRMFProcessor() {
-        super();
-    }
-
-    public CRMFProcessor(ICMSRequest cmsReq, CMSServlet servlet, boolean doEnforcePop) {
-        super(cmsReq, servlet);
-
-        enforcePop = doEnforcePop;
-        mRequest = cmsReq;
-    }
-
-    public void process(ICMSRequest cmsReq)
-            throws EBaseException {
-    }
-
-    /**
-     * Verify Proof of Possession (POP)
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION used when proof of possession is checked during
-     * certificate enrollment
-     * </ul>
-     *
-     * @param certReqMsg the certificate request message
-     * @exception EBaseException an error has occurred
-     */
-    private void verifyPOP(CertReqMsg certReqMsg)
-            throws EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-
-        try {
-            CMS.debug("CRMFProcessor: verifyPOP");
-
-            if (certReqMsg.hasPop()) {
-                ProofOfPossession pop = certReqMsg.getPop();
-
-                ProofOfPossession.Type popType = pop.getType();
-
-                if (popType == ProofOfPossession.SIGNATURE) {
-                    CMS.debug("CRMFProcessor: Request has pop.");
-                    try {
-                        certReqMsg.verify();
-
-                        // store a message in the signed audit log file
-                        auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-                                auditSubjectID,
-                                ILogger.SUCCESS);
-
-                        audit(auditMessage);
-                    } catch (Exception e) {
-                        CMS.debug("CRMFProcessor: Failed POP verify!");
-
-                        log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
-
-                        // store a message in the signed audit log file
-                        auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-                                auditSubjectID,
-                                ILogger.FAILURE);
-
-                        audit(auditMessage);
-
-                        throw new ECMSGWException(
-                                CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
-                    }
-                }
-            } else {
-                if (enforcePop == true) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
-
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-                            auditSubjectID,
-                            ILogger.FAILURE);
-
-                    audit(auditMessage);
-
-                    throw new ECMSGWException(
-                            CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
-                }
-            }
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-                    auditSubjectID,
-                    ILogger.FAILURE);
-
-            audit(auditMessage);
-        }
-    }
-
-    public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, IAuthToken authToken, IArgBlock httpParams)
-            throws EBaseException {
-        CMS.debug("CRMFProcessor::processIndividualRequest!");
-
-        try {
-
-            verifyPOP(certReqMsg);
-
-            CertRequest certReq = certReqMsg.getCertReq();
-
-            CertTemplate certTemplate = certReq.getCertTemplate();
-            X509CertInfo certInfo = CMS.getDefaultX509CertInfo();
-
-            // get key
-            SubjectPublicKeyInfo spki = certTemplate.getPublicKey();
-            ByteArrayOutputStream keyout = new ByteArrayOutputStream();
-
-            spki.encode(keyout);
-            byte[] keybytes = keyout.toByteArray();
-            X509Key key = new X509Key();
-
-            key.decode(keybytes);
-            certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
-
-            // field suggested notBefore and notAfter in CRMF
-            // Tech Support #383184
-            if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) {
-                CertificateValidity certValidity =
-                        new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter());
-
-                certInfo.set(X509CertInfo.VALIDITY, certValidity);
-            }
-
-            if (certTemplate.hasSubject()) {
-                Name subjectdn = certTemplate.getSubject();
-                ByteArrayOutputStream subjectEncStream =
-                        new ByteArrayOutputStream();
-
-                subjectdn.encode(subjectEncStream);
-                byte[] subjectEnc = subjectEncStream.toByteArray();
-                X500Name subject = new X500Name(subjectEnc);
-
-                certInfo.set(X509CertInfo.SUBJECT,
-                        new CertificateSubjectName(subject));
-            } else if (authToken == null ||
-                    authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
-                // No subject name - error!
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
-            }
-
-            // get extensions
-            CertificateExtensions extensions = null;
-
-            try {
-                extensions = (CertificateExtensions)
-                        certInfo.get(X509CertInfo.EXTENSIONS);
-            } catch (CertificateException e) {
-                extensions = null;
-            } catch (IOException e) {
-                extensions = null;
-            }
-            if (certTemplate.hasExtensions()) {
-                // put each extension from CRMF into CertInfo.
-                // index by extension name, consistent with
-                // CertificateExtensions.parseExtension() method.
-                if (extensions == null)
-                    extensions = new CertificateExtensions();
-                int numexts = certTemplate.numExtensions();
-
-                for (int j = 0; j < numexts; j++) {
-                    org.mozilla.jss.pkix.cert.Extension jssext =
-                            certTemplate.extensionAt(j);
-                    boolean isCritical = jssext.getCritical();
-                    org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid =
-                            jssext.getExtnId();
-                    long[] numbers = jssoid.getNumbers();
-                    int[] oidNumbers = new int[numbers.length];
-
-                    for (int k = numbers.length - 1; k >= 0; k--) {
-                        oidNumbers[k] = (int) numbers[k];
-                    }
-                    ObjectIdentifier oid =
-                            new ObjectIdentifier(oidNumbers);
-                    org.mozilla.jss.asn1.OCTET_STRING jssvalue =
-                            jssext.getExtnValue();
-                    ByteArrayOutputStream jssvalueout =
-                            new ByteArrayOutputStream();
-
-                    jssvalue.encode(jssvalueout);
-                    byte[] extValue = jssvalueout.toByteArray();
-
-                    Extension ext =
-                            new Extension(oid, isCritical, extValue);
-
-                    extensions.parseExtension(ext);
-                }
-
-                certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
-                certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-
-            }
-
-            // Added a new configuration parameter
-            // eeGateway.Enrollment.authTokenOverride=[true|false]
-            // By default, it is set to true. In most
-            // of the case, administrator would want
-            // to have the control of the subject name
-            // formulation.
-            // -- CRMFfillCert
-            if (authToken != null &&
-                    authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
-                // if authenticated override subect name, validity and
-                // extensions if any from authtoken.
-                fillCertInfoFromAuthToken(certInfo, authToken);
-            }
-
-            // SPECIAL CASE:
-            // if it is adminEnroll servlet, get the validity
-            // from the http parameters.
-            if (mServletId.equals(PKIProcessor.ADMIN_ENROLL_SERVLET_ID)) {
-                fillValidityFromForm(certInfo, httpParams);
-            }
-
-            return certInfo;
-
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
-        } /* catch (InvalidBERException e) {
-          log(ILogger.LL_FAILURE,
-          CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString()));
-          throw new ECMSGWException(
-          CMSGWResources.ERROR_CRMF_TO_CERTINFO);
-          } */catch (InvalidKeyException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
-        }
-
-    }
-
-    public X509CertInfo[] fillCertInfoArray(
-            String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
-            throws EBaseException {
-
-        CMS.debug("CRMFProcessor.fillCertInfoArray!");
-
-        String crmf = protocolString;
-
-        try {
-            byte[] crmfBlob = CMS.AtoB(crmf);
-            ByteArrayInputStream crmfBlobIn =
-                    new ByteArrayInputStream(crmfBlob);
-
-            SEQUENCE crmfMsgs = (SEQUENCE)
-                    new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn);
-
-            int nummsgs = crmfMsgs.size();
-            X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs];
-
-            for (int i = 0; i < nummsgs; i++) {
-                // decode message.
-                CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i);
-
-                CertRequest certReq = certReqMsg.getCertReq();
-                INTEGER certReqId = certReq.getCertReqId();
-                int srcId = certReqId.intValue();
-
-                req.setExtData(IRequest.CRMF_REQID, String.valueOf(srcId));
-
-                certInfoArray[i] = processIndividualRequest(certReqMsg, authToken, httpParams);
-
-            }
-
-            //do_testbed_hack(nummsgs, certInfoArray, httpParams);
-
-            return certInfoArray;
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
-        } catch (InvalidBERException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java b/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java
deleted file mode 100644
index 3fd42db08..000000000
--- a/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java
+++ /dev/null
@@ -1,33 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.processors;
-
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.common.ICMSRequest;
-
-/**
- * This represents the request parser.
- *
- * @version $Revision$, $Date$
- */
-public interface IPKIProcessor {
-
-    public void process(ICMSRequest cmsReq)
-            throws EBaseException;
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java b/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java
deleted file mode 100644
index d3f8ba655..000000000
--- a/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java
+++ /dev/null
@@ -1,120 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.processors;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.KeyGenInfo;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * KeyGenProcess parses Certificate request matching the
- * KEYGEN tag format used by Netscape Communicator 4.x
- *
- * @version $Revision$, $Date$
- */
-public class KeyGenProcessor extends PKIProcessor {
-
-    public KeyGenProcessor() {
-        super();
-    }
-
-    public KeyGenProcessor(ICMSRequest cmsReq, CMSServlet servlet) {
-        super(cmsReq, servlet);
-
-    }
-
-    public void process(ICMSRequest cmsReq)
-            throws EBaseException {
-    }
-
-    public void fillCertInfo(
-            String protocolString, X509CertInfo certInfo,
-            IAuthToken authToken, IArgBlock httpParams)
-            throws EBaseException {
-
-        CMS.debug("KeyGenProcessor: fillCertInfo");
-
-        if (mServlet == null) {
-            return;
-        }
-
-        KeyGenInfo keyGenInfo = httpParams.getValueAsKeyGenInfo(
-                PKIProcessor.SUBJECT_KEYGEN_INFO, null);
-
-        // fill key
-        X509Key key = null;
-
-        key = keyGenInfo.getSPKI();
-        if (key == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_KEYGENINFO"));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO"));
-        }
-        try {
-            certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE,
-                    "Could not set key into certInfo from keygen. Error " + e);
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
-        }
-
-        String authMgr = mServlet.getAuthMgr();
-
-        // if not authenticated, fill subject name, validity & extensions
-        // from authtoken.
-        if (authToken == null) {
-            fillCertInfoFromForm(certInfo, httpParams);
-        } else {
-            if (authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
-                // allow special case for agent gateway in admin enroll
-                // and bulk issuance.
-                if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) &&
-                        !authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
-                    throw new ECMSGWException(
-                            CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
-                }
-                fillCertInfoFromForm(certInfo, httpParams);
-            } else {
-                fillCertInfoFromAuthToken(certInfo, authToken);
-            }
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java b/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
deleted file mode 100644
index 184216972..000000000
--- a/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
+++ /dev/null
@@ -1,285 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.processors;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-
-import netscape.security.pkcs.PKCS10;
-import netscape.security.pkcs.PKCS10Attribute;
-import netscape.security.pkcs.PKCS10Attributes;
-import netscape.security.pkcs.PKCS9Attribute;
-import netscape.security.util.DerInputStream;
-import netscape.security.util.DerOutputStream;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.Extensions;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * PKCS10Processor process Certificate Requests in
- * PKCS10 format, as defined here:
- * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html
- *
- * @version $Revision$, $Date$
- */
-public class PKCS10Processor extends PKIProcessor {
-
-    private PKCS10 mPkcs10 = null;
-
-    private final String USE_INTERNAL_PKCS10 = "internal";
-
-    public PKCS10Processor() {
-
-        super();
-    }
-
-    public PKCS10Processor(ICMSRequest cmsReq, CMSServlet servlet) {
-        super(cmsReq, servlet);
-
-    }
-
-    public void process(ICMSRequest cmsReq)
-            throws EBaseException {
-    }
-
-    public void fillCertInfo(
-            PKCS10 pkcs10, X509CertInfo certInfo,
-            IAuthToken authToken, IArgBlock httpParams)
-            throws EBaseException {
-
-        mPkcs10 = pkcs10;
-
-        fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams);
-
-    }
-
-    public void fillCertInfo(
-            String protocolString, X509CertInfo certInfo,
-            IAuthToken authToken, IArgBlock httpParams)
-            throws EBaseException {
-
-        PKCS10 p10 = null;
-
-        CMS.debug("PKCS10Processor:fillCertInfo");
-
-        if (protocolString == null) {
-            p10 = getPKCS10(httpParams);
-        } else if (protocolString.equals(USE_INTERNAL_PKCS10)) {
-            p10 = mPkcs10;
-        } else {
-            CMS.debug("PKCS10Processor::fillCertInfo() - p10 is null!");
-            throw new EBaseException("p10 is null");
-        }
-
-        if (mServlet == null) {
-            EBaseException ex = new ECMSGWException("Servlet property of PKCS10Processor is null.");
-
-            throw ex;
-
-        }
-
-        // fill key
-        X509Key key = p10.getSubjectPublicKeyInfo();
-
-        if (key == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_P10"));
-            throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_P10"));
-        }
-        CertificateX509Key certKey = new CertificateX509Key(key);
-
-        try {
-            certInfo.set(X509CertInfo.KEY, certKey);
-        } catch (CertificateException e) {
-            EBaseException ex = new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
-
-            log(ILogger.LL_FAILURE, ex.toString());
-            throw ex;
-        } catch (IOException e) {
-            EBaseException ex = new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
-
-            log(ILogger.LL_FAILURE, ex.toString());
-            throw ex;
-        }
-
-        X500Name subject = p10.getSubjectName();
-
-        if (subject != null) {
-            try {
-                certInfo.set(X509CertInfo.SUBJECT,
-                        new CertificateSubjectName(subject));
-                log(ILogger.LL_INFO,
-                        "Setting subject name " + subject + " from p10.");
-            } catch (CertificateException e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
-            } catch (IOException e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
-            } catch (Exception e) {
-                // if anything bad happens in X500 name parsing,
-                // this will catch it.
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
-            }
-        } else if (authToken == null ||
-                authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10"));
-            throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10"));
-        }
-
-        // fill extensions from pkcs 10 attributes if any.
-        // other pkcs10 attributes are not recognized.
-        // ExtensionReq ::= SEQUENCE OF Extension
-        // ExtensionReq {pkcs-9 14}.
-        try {
-            PKCS10Attributes p10Attrs = p10.getAttributes();
-
-            if (p10Attrs != null) {
-                PKCS10Attribute p10Attr = p10Attrs.getAttribute(CertificateExtensions.NAME);
-
-                if (p10Attr != null && p10Attr.getAttributeId().equals(
-                        PKCS9Attribute.EXTENSION_REQUEST_OID)) {
-                    Extensions exts0 = (Extensions) p10Attr.getAttributeValue();
-                    DerOutputStream extOut = new DerOutputStream();
-
-                    exts0.encode(extOut);
-                    byte[] extB = extOut.toByteArray();
-                    DerInputStream extIn = new DerInputStream(extB);
-                    CertificateExtensions exts = new CertificateExtensions(extIn);
-
-                    if (exts != null) {
-                        certInfo.set(X509CertInfo.EXTENSIONS, exts);
-                    }
-                }
-            }
-            CMS.debug(
-                    "PKCS10Processor: Seted cert extensions from pkcs10. ");
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
-
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
-        } catch (Exception e) {
-            // if anything bad happens in extensions parsing,
-            // this will catch it.
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
-        }
-
-        // override pkcs10 attributes with authtoken attributes
-        // like subject name, validity and extensions if any.
-        // adminEnroll is an exception
-        String authMgr = mServlet.getAuthMgr();
-
-        if (authToken != null &&
-                authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null &&
-                !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) {
-            fillCertInfoFromAuthToken(certInfo, authToken);
-        }
-
-        // SPECIAL CASE:
-        // if it is adminEnroll servlet, get the validity
-        // from the http parameters.
-        if (mServletId.equals(PKIProcessor.ADMIN_ENROLL_SERVLET_ID)) {
-            fillValidityFromForm(certInfo, httpParams);
-        }
-
-    }
-
-    private PKCS10 getPKCS10(IArgBlock httpParams)
-            throws EBaseException {
-
-        PKCS10 pkcs10 = null;
-
-        String certType = null;
-
-        // support Enterprise 3.5.1 server where CERT_TYPE=csrCertType
-        // instead of certType
-        certType = httpParams.getValueAsString(PKIProcessor.OLD_CERT_TYPE, null);
-        if (certType == null) {
-            certType = httpParams.getValueAsString(PKIProcessor.CERT_TYPE, "client");
-        } else {
-            // some policies may rely on the fact that
-            // CERT_TYPE is set. So for 3.5.1 or eariler
-            // we need to set CERT_TYPE  but not here.
-        }
-        if (certType.equals("client")) {
-            // coming from MSIE
-            String p10b64 = httpParams.getValueAsString(PKIProcessor.PKCS10_REQUEST, null);
-
-            if (p10b64 != null) {
-                try {
-                    byte[] bytes = CMS.AtoB(p10b64);
-
-                    pkcs10 = new PKCS10(bytes);
-                } catch (Exception e) {
-                    // ok, if the above fails, it could
-                    // be a PKCS10 with header
-                    pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null);
-                    // e.printStackTrace();
-                }
-            }
-
-            //pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null);
-
-        } else {
-            try {
-                // coming from server cut & paste blob.
-                pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null);
-            } catch (Exception ex) {
-                ex.printStackTrace();
-            }
-        }
-
-        return pkcs10;
-
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java b/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
deleted file mode 100644
index bea899368..000000000
--- a/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
+++ /dev/null
@@ -1,355 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.processors;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Date;
-
-import javax.servlet.http.HttpServletRequest;
-
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Process Certificate Requests
- *
- * @version $Revision$, $Date$
- */
-public class PKIProcessor implements IPKIProcessor {
-
-    public final static String ADMIN_ENROLL_SERVLET_ID = "caadminEnroll";
-    public static final String SUBJECT_NAME = "subject";
-    public static final String OLD_CERT_TYPE = "csrCertType";
-    public static final String CERT_TYPE = "certType";
-    public static final String PKCS10_REQUEST = "pkcs10Request";
-    public static final String SUBJECT_KEYGEN_INFO = "subjectKeyGenInfo";
-
-    protected ICMSRequest mRequest = null;
-
-    protected HttpServletRequest httpReq = null;
-    protected String mServletId = null;
-    protected CMSServlet mServlet = null;
-
-    protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
-
-    public PKIProcessor() {
-    }
-
-    public PKIProcessor(ICMSRequest cmsReq, CMSServlet servlet) {
-        mRequest = cmsReq;
-
-        mServlet = servlet;
-
-        if (mServlet == null || mRequest == null) {
-            return;
-        }
-
-        mServletId = servlet.getId();
-
-    }
-
-    public void process(ICMSRequest cmsReq)
-            throws EBaseException {
-    }
-
-    protected void fillCertInfo(
-            String protocolString, X509CertInfo certInfo,
-            IAuthToken authToken, IArgBlock httpParams)
-            throws EBaseException {
-    }
-
-    protected X509CertInfo[] fillCertInfoArray(
-            String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
-            throws EBaseException {
-        return null;
-    }
-
-    /**
-     * fill subject name, validity, extensions from authoken if any,
-     * overriding what was in pkcs10.
-     * fill subject name, extensions from http input if not authenticated.
-     * requests not authenticated will need to be approved by an agent.
-     */
-    public static void fillCertInfoFromAuthToken(
-            X509CertInfo certInfo, IAuthToken authToken)
-            throws EBaseException {
-        // override subject, validity and extensions from auth token
-        // CA determines algorithm, version and issuer.
-        // take key from keygen, cmc, pkcs10 or crmf.
-
-        CMS.debug("PKIProcessor: fillCertInfoFromAuthToken");
-        // subject name.
-        try {
-            String subjectname =
-                    authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT);
-
-            if (subjectname != null) {
-                CertificateSubjectName certSubject = new CertificateSubjectName(new X500Name(subjectname));
-
-                certInfo.set(X509CertInfo.SUBJECT, certSubject);
-                log(ILogger.LL_INFO,
-                        "cert subject set to " + certSubject + " from authtoken");
-            }
-        } catch (CertificateException e) {
-            log(ILogger.LL_WARN,
-                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
-                            e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
-        } catch (IOException e) {
-            log(ILogger.LL_WARN,
-                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME",
-                            e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
-        }
-
-        // validity
-        try {
-            CertificateValidity validity = null;
-            Date notBefore =
-                    authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
-            Date notAfter =
-                    authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
-
-            if (notBefore != null && notAfter != null) {
-                validity = new CertificateValidity(notBefore, notAfter);
-                certInfo.set(X509CertInfo.VALIDITY, validity);
-                log(ILogger.LL_INFO,
-                        "cert validity set to " + validity + " from authtoken");
-            }
-        } catch (CertificateException e) {
-            log(ILogger.LL_WARN,
-                    CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
-        } catch (IOException e) {
-            log(ILogger.LL_WARN,
-                    CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
-        }
-
-        // extensions
-        try {
-            CertificateExtensions extensions =
-                    authToken.getInCertExts(X509CertInfo.EXTENSIONS);
-
-            if (extensions != null) {
-                certInfo.set(X509CertInfo.EXTENSIONS, extensions);
-                log(ILogger.LL_INFO, "cert extensions set from authtoken");
-            }
-        } catch (CertificateException e) {
-            log(ILogger.LL_WARN,
-                    CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
-        } catch (IOException e) {
-            log(ILogger.LL_WARN,
-                    CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
-        }
-    }
-
-    /**
-     * fill subject name, extension from form.
-     * this is done for unauthenticated requests.
-     * unauthenticated requests must be approved by agents so these will
-     * all be seen by and agent.
-     */
-    public static void fillCertInfoFromForm(
-            X509CertInfo certInfo, IArgBlock httpParams)
-            throws EBaseException {
-
-        CMS.debug("PKIProcessor: fillCertInfoFromForm");
-        // subject name.
-        try {
-            String subject = httpParams.getValueAsString(PKIProcessor.SUBJECT_NAME, null);
-
-            if (subject == null) {
-                throw new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM"));
-            }
-
-            X500Name x500name = new X500Name(subject);
-
-            certInfo.set(
-                    X509CertInfo.SUBJECT, new CertificateSubjectName(x500name));
-
-            fillValidityFromForm(certInfo, httpParams);
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
-        } catch (IllegalArgumentException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS"));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR"));
-        }
-
-        // requested extensions.
-        // let polcies form extensions from http input.
-    }
-
-    public static void fillValidityFromForm(
-            X509CertInfo certInfo, IArgBlock httpParams)
-            throws EBaseException {
-        CMS.debug("PKIProcessor: fillValidityFromForm!");
-        try {
-            String notValidBeforeStr = httpParams.getValueAsString("notValidBefore", null);
-            String notValidAfterStr = httpParams.getValueAsString("notValidAfter", null);
-
-            if (notValidBeforeStr != null && notValidAfterStr != null) {
-                long notValidBefore = 0;
-                long notValidAfter = 0;
-
-                try {
-                    notValidBefore = Long.parseLong(notValidBeforeStr);
-                } catch (NumberFormatException e) {
-                }
-                try {
-                    notValidAfter = Long.parseLong(notValidAfterStr);
-                } catch (NumberFormatException e) {
-                }
-
-                if (notValidBefore > 0 && notValidAfter > 0) {
-                    CertificateValidity validity = null;
-                    Date notBefore = new Date(notValidBefore);
-                    Date notAfter = new Date(notValidAfter);
-
-                    if (notBefore != null && notAfter != null) {
-                        validity = new CertificateValidity(notBefore, notAfter);
-                        certInfo.set(X509CertInfo.VALIDITY, validity);
-                        log(ILogger.LL_INFO,
-                                "cert validity set to " + validity + " from authtoken");
-                    }
-                }
-            }
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
-        }
-    }
-
-    /**
-     * log according to authority category.
-     */
-    public static void log(int event, int level, String msg) {
-        CMS.getLogger().log(event, ILogger.S_OTHER, level,
-                "PKIProcessor " + ": " + msg);
-    }
-
-    public static void log(int level, String msg) {
-        CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level,
-                "PKIProcessor " + ": " + msg);
-    }
-
-    /**
-     * Signed Audit Log
-     *
-     * This method is inherited by all extended "CMSServlet"s,
-     * and is called to store messages to the signed audit log.
-     * <P>
-     *
-     * @param msg signed audit log message
-     */
-    protected void audit(String msg) {
-        // in this case, do NOT strip preceding/trailing whitespace
-        // from passed-in String parameters
-
-        if (mSignedAuditLogger == null) {
-            return;
-        }
-
-        mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-                null,
-                ILogger.S_SIGNED_AUDIT,
-                ILogger.LL_SECURITY,
-                msg);
-    }
-
-    /**
-     * Signed Audit Log Subject ID
-     *
-     * This method is inherited by all extended "CMSServlet"s,
-     * and is called to obtain the "SubjectID" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @return id string containing the signed audit log message SubjectID
-     */
-    protected String auditSubjectID() {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        String subjectID = null;
-
-        // Initialize subjectID
-        SessionContext auditContext = SessionContext.getExistingContext();
-
-        if (auditContext != null) {
-            subjectID = (String)
-                    auditContext.get(SessionContext.USER_ID);
-
-            if (subjectID != null) {
-                subjectID = subjectID.trim();
-            } else {
-                subjectID = ILogger.NONROLEUSER;
-            }
-        } else {
-            subjectID = ILogger.UNIDENTIFIED;
-        }
-
-        return subjectID;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/processors/Processor.java b/base/common/src/com/netscape/cms/servlet/processors/Processor.java
deleted file mode 100644
index 5a3b27063..000000000
--- a/base/common/src/com/netscape/cms/servlet/processors/Processor.java
+++ /dev/null
@@ -1,1312 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-
-package com.netscape.cms.servlet.processors;
-
-import java.lang.reflect.Method;
-import java.math.BigInteger;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Hashtable;
-import java.util.Iterator;
-import java.util.LinkedHashSet;
-import java.util.Locale;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.StringTokenizer;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.FormParam;
-
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.IAuthzSubsystem;
-import com.netscape.certsrv.base.BadRequestException;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.EPropertyNotFound;
-import com.netscape.certsrv.base.ForbiddenException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.MetaInfo;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.dbs.certdb.ICertRecord;
-import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.logging.IAuditor;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileAuthenticator;
-import com.netscape.certsrv.profile.IProfileSubsystem;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.usrgrp.ICertUserLocator;
-import com.netscape.certsrv.usrgrp.IGroup;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.certsrv.util.IStatsSubsystem;
-import com.netscape.cms.servlet.common.AuthCredentials;
-import com.netscape.cms.servlet.common.CMSGateway;
-import com.netscape.cms.servlet.common.ServletUtils;
-import com.netscape.cmsutil.util.Utils;
-
-public class Processor {
-
-    public final static String ARG_AUTH_TOKEN = "auth_token";
-    public final static String ARG_REQUEST_OWNER = "requestOwner";
-    public final static String HDR_LANG = "accept-language";
-    public final static String ARG_PROFILE = "profile";
-    public final static String ARG_REQUEST_NOTES = "requestNotes";
-    public final static String ARG_PROFILE_ID = "profileId";
-    public final static String ARG_RENEWAL_PROFILE_ID = "rprofileId";
-    public final static String ARG_PROFILE_IS_ENABLED = "profileIsEnable";
-    public final static String ARG_PROFILE_IS_VISIBLE = "profileIsVisible";
-    public final static String ARG_PROFILE_ENABLED_BY = "profileEnableBy";
-    public final static String ARG_PROFILE_APPROVED_BY = "profileApprovedBy";
-    public final static String ARG_PROFILE_NAME = "profileName";
-    public final static String ARG_PROFILE_DESC = "profileDesc";
-    public final static String ARG_PROFILE_REMOTE_HOST = "profileRemoteHost";
-    public final static String ARG_PROFILE_REMOTE_ADDR = "profileRemoteAddr";
-    public final static String ARG_PROFILE_SET_ID = "profileSetId";
-    public final static String ARG_OUTPUT_LIST = "outputList";
-    public final static String ARG_OUTPUT_ID = "outputId";
-    public final static String ARG_OUTPUT_SYNTAX = "outputSyntax";
-    public final static String ARG_OUTPUT_CONSTRAINT = "outputConstraint";
-    public final static String ARG_OUTPUT_NAME = "outputName";
-    public final static String ARG_OUTPUT_VAL = "outputVal";
-    public final static String ARG_REQUEST_LIST = "requestList";
-    public final static String ARG_REQUEST_ID = "requestId";
-    public final static String ARG_REQUEST_TYPE = "requestType";
-    public final static String ARG_REQUEST_STATUS = "requestStatus";
-    public final static String ARG_REQUEST_CREATION_TIME = "requestCreationTime";
-    public final static String ARG_REQUEST_MODIFICATION_TIME = "requestModificationTime";
-    public final static String ARG_REQUEST_NONCE = "nonce";
-    public final static String ARG_OP = "op";
-    public final static String ARG_REQUESTS = "requests";
-    public final static String ARG_ERROR_CODE = "errorCode";
-    public final static String ARG_ERROR_REASON = "errorReason";
-    public final static String CERT_ATTR = "javax.servlet.request.X509Certificate";
-
-    // servlet config constants
-    public static final String PROFILE_ID = "profileId";
-    public static final String AUTH_ID = "authId";
-    public static final String ACL_METHOD = "aclMethod";
-    public static final String AUTHZ_RESOURCE_NAME = "authzResourceName";
-    public static final String AUTH_MGR = "authMgr";
-    public static final String AUTHZ_MGR = "authzMgr";
-    public static final String GET_CLIENT_CERT = "getClientCert";
-    public static final String ACL_INFO = "ACLinfo";
-    public static final String AUTHORITY_ID = "authorityId";
-    public static final String PROFILE_SUB_ID = "profileSubId";
-
-    public final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
-            "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
-    public final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
-            "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
-    public final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
-            "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
-    public final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL =
-            "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4";
-    public final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS =
-            "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4";
-    public final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME =
-            "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
-    public final static String SIGNED_AUDIT_CERT_REQUEST_REASON =
-            "requestNotes";
-
-    protected String profileID;
-    protected String profileSubId;
-    protected String aclMethod;
-    protected String authzResourceName;
-    protected String authMgr;
-    protected String getClientCert = "false";
-    protected Locale locale;
-
-    // subsystems
-    protected ICertificateAuthority authority = (ICertificateAuthority) CMS.getSubsystem("ca");
-    protected IAuthzSubsystem authz = (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ);
-    protected IUGSubsystem ug = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
-    protected ICertUserLocator ul = ug.getCertUserLocator();
-    protected IRequestQueue queue;
-    protected IProfileSubsystem ps;
-    protected ICertificateRepository certdb;
-
-    //logging and stats
-
-    protected ILogger logger = CMS.getLogger();
-    protected IAuditor auditor = CMS.getAuditor();
-    protected ILogger signedAuditLogger = CMS.getSignedAuditLogger();
-    protected LinkedHashSet<String> statEvents = new LinkedHashSet<String>();
-
-    public Processor(String id, Locale locale) throws EPropertyNotFound, EBaseException {
-        IConfigStore cs = CMS.getConfigStore().getSubStore("processor." + id);
-        this.locale = locale;
-        this.profileID = cs.getString(PROFILE_ID, "").isEmpty() ? null : cs.getString(PROFILE_ID);
-        this.authzResourceName = cs.getString(AUTHZ_RESOURCE_NAME, "").isEmpty() ? null :
-            cs.getString(AUTHZ_RESOURCE_NAME);
-        this.authMgr = cs.getString(AUTH_MGR, "").isEmpty() ? null : cs.getString(AUTH_MGR);
-        this.getClientCert = cs.getString(GET_CLIENT_CERT, "").isEmpty() ? "false" : cs.getString(GET_CLIENT_CERT);
-        this.profileSubId = cs.getString(PROFILE_SUB_ID, "").isEmpty() ? IProfileSubsystem.ID :
-            cs.getString(PROFILE_SUB_ID);
-
-        String aclInfo = cs.getString(ACL_INFO, "").isEmpty() ? null : cs.getString(ACL_INFO);
-        String authzMgr = cs.getString(AUTHZ_MGR, "").isEmpty() ? null : cs.getString(AUTHZ_MGR);
-        this.aclMethod = ServletUtils.getACLMethod(aclInfo, authzMgr, id);
-
-        // currently unused but in servlet config
-        // authId = cs.getString(AUTH_ID, "").isEmpty() ? null : cs.getString(AUTH_ID);
-
-        if (authority == null) {
-            throw new EBaseException("CertProcessor: authority is null");
-        }
-
-        queue = authority.getRequestQueue();
-        if (queue == null) {
-            throw new EBaseException("CertProcessor: cannot get request queue");
-        }
-
-        if (profileSubId == null || profileSubId.equals("")) {
-            profileSubId = IProfileSubsystem.ID;
-        }
-
-        ps = (IProfileSubsystem) CMS.getSubsystem(profileSubId);
-        if (ps == null) {
-            throw new EBaseException("CertProcessor: Profile Subsystem not found");
-        }
-
-        certdb = authority.getCertificateRepository();
-        if (certdb == null) {
-            throw new EBaseException("CertProcessor: Certificate repository not found");
-        }
-    }
-
-    /******************************************
-     * Stats - to be moved to Stats module
-     ******************************************/
-
-    public void startTiming(String event) {
-        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
-        if (statsSub != null) {
-            statsSub.startTiming(event, true);
-        }
-        statEvents.add(event);
-    }
-
-    public void endTiming(String event) {
-        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
-        if (statsSub != null) {
-            statsSub.endTiming(event);
-        }
-        statEvents.remove(event);
-    }
-
-    public void endAllEvents() {
-        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
-        if (statsSub != null) {
-            Iterator<String> iter = statEvents.iterator();
-            while (iter.hasNext()) {
-                String event = iter.next();
-                statsSub.endTiming(event);
-                iter.remove();
-            }
-        }
-    }
-
-    /******************************************
-     * Utility Functions
-     ******************************************/
-
-    public IRequest getRequest(String rid) throws EBaseException {
-        IRequest request = queue.findRequest(new RequestId(rid));
-        return request;
-    }
-
-    protected IRequest getOriginalRequest(BigInteger certSerial, ICertRecord rec) throws EBaseException {
-        MetaInfo metaInfo = (MetaInfo) rec.get(ICertRecord.ATTR_META_INFO);
-        if (metaInfo == null) {
-            CMS.debug("getOriginalRequest: cert record locating MetaInfo failed for serial number "
-                    + certSerial.toString());
-            return null;
-        }
-
-        String rid = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
-        if (rid == null) {
-            CMS.debug("getOriginalRequest: cert record locating request id in MetaInfo failed " +
-                    "for serial number " + certSerial.toString());
-            return null;
-        }
-
-        IRequest request = queue.findRequest(new RequestId(rid));
-        return request;
-    }
-
-    protected void printParameterValues(HashMap<String, String> data) {
-        CMS.debug("Start of CertProcessor Input Parameters");
-
-        for (Entry<String, String> entry : data.entrySet()) {
-            String paramName = entry.getKey();
-            // added this facility so that password can be hidden,
-            // all sensitive parameters should be prefixed with
-            // __ (double underscores); however, in the event that
-            // a security parameter slips through, we perform multiple
-            // additional checks to insure that it is NOT displayed
-            if (paramName.startsWith("__") ||
-                    paramName.endsWith("password") ||
-                    paramName.endsWith("passwd") ||
-                    paramName.endsWith("pwd") ||
-                    paramName.equalsIgnoreCase("admin_password_again") ||
-                    paramName.equalsIgnoreCase("directoryManagerPwd") ||
-                    paramName.equalsIgnoreCase("bindpassword") ||
-                    paramName.equalsIgnoreCase("bindpwd") ||
-                    paramName.equalsIgnoreCase("passwd") ||
-                    paramName.equalsIgnoreCase("password") ||
-                    paramName.equalsIgnoreCase("pin") ||
-                    paramName.equalsIgnoreCase("pwd") ||
-                    paramName.equalsIgnoreCase("pwdagain") ||
-                    paramName.equalsIgnoreCase("uPasswd")) {
-                CMS.debug("CertProcessor Input Parameter " + paramName + "='(sensitive)'");
-            } else {
-                CMS.debug("CertProcessor Input Parameter " + paramName + "='" + entry.getValue() + "'");
-            }
-        }
-
-        CMS.debug("End of CertProcessor Input Parameters");
-    }
-
-    /**
-     * get ssl client authenticated certificate
-     */
-    public static X509Certificate getSSLClientCertificate(HttpServletRequest httpReq)
-            throws EBaseException {
-        X509Certificate cert = null;
-
-        CMS.debug(CMS.getLogMessage("CMSGW_GETTING_SSL_CLIENT_CERT"));
-
-        // iws60 support Java Servlet Spec V2.2, attribute
-        // javax.servlet.request.X509Certificate now contains array
-        // of X509Certificates instead of one X509Certificate object
-        X509Certificate[] allCerts = (X509Certificate[]) httpReq.getAttribute(CERT_ATTR);
-
-        if (allCerts == null || allCerts.length == 0) {
-            throw new EBaseException("You did not provide a valid certificate for this operation");
-        }
-
-        cert = allCerts[0];
-
-        if (cert == null) {
-            // just don't have a cert.
-
-            CMS.debug(CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL"));
-            return null;
-        }
-
-        // convert to sun's x509 cert interface.
-        try {
-            byte[] certEncoded = cert.getEncoded();
-            cert = new X509CertImpl(certEncoded);
-        } catch (CertificateEncodingException e) {
-            CMS.debug(CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_ENCODE", e.getMessage()));
-            return null;
-
-        } catch (CertificateException e) {
-            CMS.debug(CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_DECODE", e.getMessage()));
-            return null;
-        }
-        return cert;
-    }
-
-    public void log(int source, int level, String message) {
-
-        if (logger == null) return;
-
-        logger.log(ILogger.EV_SYSTEM,
-                null,
-                source,
-                level,
-                getClass().getSimpleName() + ": " + message);
-    }
-
-    protected static Hashtable<String, String> toHashtable(HttpServletRequest req) {
-        Hashtable<String, String> httpReqHash = new Hashtable<String, String>();
-        Enumeration<?> names = req.getParameterNames();
-
-        while (names.hasMoreElements()) {
-            String name = (String) names.nextElement();
-
-            httpReqHash.put(name, req.getParameter(name));
-        }
-        return httpReqHash;
-    }
-
-    /******************************************
-     * AUTHENTICATION FUNCTIONS (move to Realm?)
-     ******************************************/
-
-    /*
-     *   authenticate for renewal - more to add necessary params/values
-     *   to the session context
-     */
-    public IAuthToken authenticate(IProfileAuthenticator authenticator,
-            HttpServletRequest request, IRequest origReq, SessionContext context) throws EBaseException
-    {
-        IAuthToken authToken = authenticate(authenticator, request);
-        // For renewal, fill in necessary params
-        if (authToken != null) {
-            String ouid = origReq.getExtDataInString("auth_token.uid");
-            // if the orig cert was manually approved, then there was
-            // no auth token uid.  Try to get the uid from the cert dn
-            // itself, if possible
-            if (ouid == null) {
-                String sdn = (String) context.get("origSubjectDN");
-                if (sdn != null) {
-                    ouid = getUidFromDN(sdn);
-                    if (ouid != null)
-                        CMS.debug("CertProcessor: renewal: authToken original uid not found");
-                }
-            } else {
-                CMS.debug("CertProcessor: renewal: authToken original uid found in orig request auth_token");
-            }
-            String auid = authToken.getInString("uid");
-            if (auid != null) { // not through ssl client auth
-                CMS.debug("CertProcessor: renewal: authToken uid found:" + auid);
-                // authenticated with uid
-                // put "orig_req.auth_token.uid" so that authz with
-                // UserOrigReqAccessEvaluator will work
-                if (ouid != null) {
-                    context.put("orig_req.auth_token.uid", ouid);
-                    CMS.debug("CertProcessor: renewal: authToken original uid found:" + ouid);
-                } else {
-                    CMS.debug("CertProcessor: renewal: authToken original uid not found");
-                }
-            } else { // through ssl client auth?
-                CMS.debug("CertProcessor: renewal: authToken uid not found:");
-                // put in orig_req's uid
-                if (ouid != null) {
-                    CMS.debug("CertProcessor: renewal: origReq uid not null:" + ouid + ". Setting authtoken");
-                    authToken.set("uid", ouid);
-                    context.put(SessionContext.USER_ID, ouid);
-                } else {
-                    CMS.debug("CertProcessor: renewal: origReq uid not found");
-                    //                      throw new EBaseException("origReq uid not found");
-                }
-            }
-
-            String userdn = origReq.getExtDataInString("auth_token.userdn");
-            if (userdn != null) {
-                CMS.debug("CertProcessor: renewal: origReq userdn not null:" + userdn + ". Setting authtoken");
-                authToken.set("userdn", userdn);
-            } else {
-                CMS.debug("CertProcessor: renewal: origReq userdn not found");
-                //                      throw new EBaseException("origReq userdn not found");
-            }
-        } else {
-            CMS.debug("CertProcessor: renewal: authToken null");
-        }
-        return authToken;
-    }
-
-    public IAuthToken authenticate(IProfileAuthenticator authenticator,
-            HttpServletRequest request) throws EBaseException {
-        AuthCredentials credentials = new AuthCredentials();
-
-        // build credential
-        Enumeration<String> authNames = authenticator.getValueNames();
-
-        if (authNames != null) {
-            while (authNames.hasMoreElements()) {
-                String authName = authNames.nextElement();
-
-                credentials.set(authName, request.getParameter(authName));
-            }
-        }
-
-        credentials.set("clientHost", request.getRemoteHost());
-        IAuthToken authToken = authenticator.authenticate(credentials);
-
-        SessionContext sc = SessionContext.getContext();
-        if (sc != null) {
-            sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
-            String userid = authToken.getInString(IAuthToken.USER_ID);
-            if (userid != null) {
-                sc.put(SessionContext.USER_ID, userid);
-            }
-        }
-
-        return authToken;
-    }
-
-    public IAuthToken authenticate(HttpServletRequest request, IRequest origReq, IProfileAuthenticator authenticator,
-            SessionContext context, boolean isRenewal) throws EBaseException {
-        startTiming("profile_authentication");
-
-        IAuthToken authToken = null;
-        if (authenticator != null) {
-            CMS.debug("authenticate: authentication required.");
-            String uid_cred = "Unidentified";
-            String uid_attempted_cred = "Unidentified";
-            Enumeration<String> authIds = authenticator.getValueNames();
-            //Attempt to possibly fetch attempted uid, may not always be available.
-            if (authIds != null) {
-                while (authIds.hasMoreElements()) {
-                    String authName = authIds.nextElement();
-                    String value = request.getParameter(authName);
-                    if (value != null) {
-                        if (authName.equals("uid")) {
-                            uid_attempted_cred = value;
-                        }
-                    }
-                }
-            }
-
-            String authSubjectID = auditSubjectID();
-            String authMgrID = authenticator.getName();
-            String auditMessage = null;
-            try {
-                if (isRenewal) {
-                    authToken = authenticate(authenticator, request, origReq, context);
-                } else {
-                    authToken = authenticate(authenticator, request);
-                }
-            } catch (EBaseException e) {
-                CMS.debug("CertProcessor: authentication error " + e.toString());
-
-                authSubjectID += " : " + uid_cred;
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_AUTH_FAIL,
-                        authSubjectID,
-                        ILogger.FAILURE,
-                        authMgrID,
-                        uid_attempted_cred);
-                audit(auditMessage);
-
-                throw e;
-            }
-
-            //Log successful authentication
-            //Attempt to get uid from authToken, most tokens respond to the "uid" cred.
-            uid_cred = authToken.getInString("uid");
-
-            if (uid_cred == null || uid_cred.length() == 0) {
-                uid_cred = "Unidentified";
-            }
-
-            authSubjectID = authSubjectID + " : " + uid_cred;
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_AUTH_SUCCESS,
-                    authSubjectID,
-                    ILogger.SUCCESS,
-                    authMgrID);
-
-            audit(auditMessage);
-        }
-        endTiming("profile_authentication");
-        return authToken;
-    }
-
-    public IAuthToken authenticate(HttpServletRequest httpReq)
-            throws EBaseException {
-        return authenticate(httpReq, authMgr);
-    }
-
-    public static void saveAuthToken(IAuthToken token, IRequest req) {
-        if (token != null && req != null)
-            req.setExtData(IRequest.AUTH_TOKEN, token);
-
-        // # 56230 - expose auth token parameters to the policy predicate
-        if (token != null && req != null) {
-            Enumeration<String> e = token.getElements();
-            while (e.hasMoreElements()) {
-                String n = e.nextElement();
-                String[] x1 = token.getInStringArray(n);
-                if (x1 != null) {
-                    for (int i = 0; i < x1.length; i++) {
-                        CMS.debug("Setting " + IRequest.AUTH_TOKEN + "-" + n +
-                                "(" + i + ")=" + x1[i]);
-                        req.setExtData(IRequest.AUTH_TOKEN + "-" + n + "(" + i + ")",
-                                x1[i]);
-                    }
-                } else {
-                    String x = token.getInString(n);
-                    if (x != null) {
-                        CMS.debug("Setting " + IRequest.AUTH_TOKEN + "-" + n + "=" + x);
-                        req.setExtData(IRequest.AUTH_TOKEN + "-" + n, x);
-                    }
-                }
-            } // while
-        } // if
-    }
-
-    public IAuthToken authenticate(HttpServletRequest httpReq, String authMgrName)
-            throws EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = ILogger.UNIDENTIFIED;
-        String auditAuthMgrID = ILogger.UNIDENTIFIED;
-        String auditUID = ILogger.UNIDENTIFIED;
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            IArgBlock httpArgs = CMS.createArgBlock(toHashtable(httpReq));
-            SessionContext ctx = SessionContext.getContext();
-            String ip = httpReq.getRemoteAddr();
-            CMS.debug("IP: " + ip);
-
-            if (ip != null) {
-                ctx.put(SessionContext.IPADDRESS, ip);
-            }
-            if (authMgrName != null) {
-                CMS.debug("AuthMgrName: " + authMgrName);
-                ctx.put(SessionContext.AUTH_MANAGER_ID, authMgrName);
-            }
-            // put locale into session context
-            ctx.put(SessionContext.LOCALE, locale);
-
-            //
-            // check ssl client authentication if specified.
-            //
-            X509Certificate clientCert = null;
-
-            if (getClientCert != null && getClientCert.equals("true")) {
-                CMS.debug("CMSServlet: retrieving SSL certificate");
-                clientCert = getSSLClientCertificate(httpReq);
-            }
-
-            //
-            // check authentication by auth manager if any.
-            //
-            if (authMgrName == null) {
-
-                // Fixed Blackflag Bug #613900:  Since this code block does
-                // NOT actually constitute an authentication failure, but
-                // rather the case in which a given servlet has been correctly
-                // configured to NOT require an authentication manager, the
-                // audit message called LOGGING_SIGNED_AUDIT_AUTH_FAIL has
-                // been removed.
-
-                CMS.debug("CMSServlet: no authMgrName");
-                return null;
-            } else {
-                // save the "Subject DN" of this certificate in case it
-                // must be audited as an authentication failure
-                if (clientCert == null) {
-                    CMS.debug("CMSServlet: no client certificate found");
-                } else {
-                    String certUID = clientCert.getSubjectDN().getName();
-                    CMS.debug("CMSServlet: certUID=" + certUID);
-
-                    if (certUID != null) {
-                        certUID = certUID.trim();
-
-                        if (!(certUID.equals(""))) {
-                            // reset the "auditUID"
-                            auditUID = certUID;
-                        }
-                    }
-                }
-
-                // reset the "auditAuthMgrID"
-                auditAuthMgrID = authMgrName;
-            }
-            AuthToken authToken = CMSGateway.checkAuthManager(httpReq,
-                    httpArgs,
-                    clientCert,
-                    authMgrName);
-            if (authToken == null) {
-                return null;
-            }
-            String userid = authToken.getInString(IAuthToken.USER_ID);
-
-            CMS.debug("CMSServlet: userid=" + userid);
-
-            if (userid != null) {
-                ctx.put(SessionContext.USER_ID, userid);
-            }
-
-            // reset the "auditSubjectID"
-            auditSubjectID = auditSubjectID();
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_AUTH_SUCCESS,
-                    auditSubjectID,
-                    ILogger.SUCCESS,
-                    auditAuthMgrID);
-
-            audit(auditMessage);
-
-            return authToken;
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_AUTH_FAIL,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditAuthMgrID,
-                    auditUID);
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-        }
-    }
-
-    String getUidFromDN(String userdn) {
-        StringTokenizer st = new StringTokenizer(userdn, ",");
-        while (st.hasMoreTokens()) {
-            String t = st.nextToken();
-            int i = t.indexOf("=");
-
-            if (i == -1) {
-                continue;
-            }
-            String n = t.substring(0, i);
-            if (n.equalsIgnoreCase("uid")) {
-                String v = t.substring(i + 1);
-                CMS.debug("CertProcessor:: getUidFromDN(): uid found:" + v);
-                return v;
-            } else {
-                continue;
-            }
-        }
-        return null;
-    }
-
-    /******************************************
-     * AUTHZ FNCTIONS (to be moved to Realm?)
-     *****************************************/
-
-    public AuthzToken authorize(String authzMgrName, String resource, IAuthToken authToken,
-            String exp) throws EBaseException {
-        AuthzToken authzToken = null;
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditGroupID = auditGroupID();
-        String auditACLResource = resource;
-        String auditOperation = "enroll";
-
-        try {
-            authzToken = authz.authorize(authzMgrName, authToken, exp);
-            if (authzToken != null) {
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditACLResource,
-                        auditOperation);
-
-                audit(auditMessage);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditGroupID);
-
-                audit(auditMessage);
-            } else {
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditACLResource,
-                        auditOperation);
-
-                audit(auditMessage);
-
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditGroupID);
-
-                audit(auditMessage);
-            }
-            return authzToken;
-        } catch (EBaseException e) {
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditACLResource,
-                    auditOperation);
-
-            audit(auditMessage);
-
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditGroupID);
-
-            audit(auditMessage);
-            throw e;
-        }
-    }
-
-    /**
-     * Authorize must occur after Authenticate
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization has failed
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization is successful
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a role (in current CS that's when one
-     * accesses a role port)
-     * </ul>
-     *
-     * @param authzMgrName string representing the name of the authorization
-     *            manager
-     * @param authToken the authentication token
-     * @param resource a string representing the ACL resource id as defined in
-     *            the ACL resource list
-     * @param operation a string representing one of the operations as defined
-     *            within the ACL statement (e. g. - "read" for an ACL statement containing
-     *            "(read,write)")
-     * @exception EBaseException an error has occurred
-     * @return the authorization token
-     */
-    public AuthzToken authorize(String authzMgrName, IAuthToken authToken,
-            String resource, String operation) {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditGroupID = auditGroupID();
-        String auditID = auditSubjectID;
-        String auditACLResource = resource;
-        String auditOperation = operation;
-
-        SessionContext auditContext = SessionContext.getExistingContext();
-        String authManagerId = null;
-
-        if (auditContext != null) {
-            authManagerId = (String) auditContext.get(SessionContext.AUTH_MANAGER_ID);
-
-            if (authManagerId != null && authManagerId.equals("TokenAuth")) {
-                if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
-                        auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
-                    CMS.debug("CMSServlet: in authorize... TokenAuth auditSubjectID unavailable, changing to auditGroupID");
-                    auditID = auditGroupID;
-                }
-            }
-        }
-
-        // "normalize" the "auditACLResource" value
-        if (auditACLResource != null) {
-            auditACLResource = auditACLResource.trim();
-        }
-
-        // "normalize" the "auditOperation" value
-        if (auditOperation != null) {
-            auditOperation = auditOperation.trim();
-        }
-
-        if (authzMgrName == null) {
-            // Fixed Blackflag Bug #613900:  Since this code block does
-            // NOT actually constitute an authorization failure, but
-            // rather the case in which a given servlet has been correctly
-            // configured to NOT require an authorization manager, the
-            // audit message called LOGGING_SIGNED_AUDIT_AUTHZ_FAIL and
-            // the audit message called LOGGING_SIGNED_AUDIT_ROLE_ASSUME
-            // (marked as a failure) have been removed.
-
-            return null;
-        }
-
-        try {
-            AuthzToken authzTok = authz.authorize(authzMgrName,
-                    authToken,
-                    resource,
-                    operation);
-
-            if (authzTok != null) {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditACLResource,
-                        auditOperation);
-
-                audit(auditMessage);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
-                        auditID,
-                        ILogger.SUCCESS,
-                        auditGroups(auditSubjectID));
-
-                audit(auditMessage);
-            } else {
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditACLResource,
-                        auditOperation);
-
-                audit(auditMessage);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
-                        auditID,
-                        ILogger.FAILURE,
-                        auditGroups(auditSubjectID));
-
-                audit(auditMessage);
-            }
-
-            return authzTok;
-        } catch (Exception eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditACLResource,
-                    auditOperation);
-
-            audit(auditMessage);
-
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
-                    auditID,
-                    ILogger.FAILURE,
-                    auditGroups(auditSubjectID));
-
-            audit(auditMessage);
-
-            return null;
-        }
-    }
-
-    public void authorize(String profileId, IProfile profile, IAuthToken authToken) throws EBaseException {
-        if (authToken != null) {
-            CMS.debug("CertProcessor authToken not null");
-
-            String acl = profile.getAuthzAcl();
-            CMS.debug("CertProcessor: authz using acl: " + acl);
-            if (acl != null && acl.length() > 0) {
-                String resource = profileId + ".authz.acl";
-                authorize(aclMethod, resource, authToken, acl);
-            }
-        }
-    }
-
-    /******************************************
-     * AUDIT FUNCTIONS (to be moved to Auditor?)
-     ******************************************/
-    protected void audit(String msg) {
-        // in this case, do NOT strip preceding/trailing whitespace
-        // from passed-in String parameters
-
-        if (signedAuditLogger == null) {
-            return;
-        }
-
-        signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-                null,
-                ILogger.S_SIGNED_AUDIT,
-                ILogger.LL_SECURITY,
-                msg);
-    }
-
-    /**
-     * Signed Audit Log Requester ID
-     *
-     * This method is called to obtain the "RequesterID" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @param request the actual request
-     * @return id string containing the signed audit log message RequesterID
-     */
-    protected String auditRequesterID(IRequest request) {
-        // if no signed audit object exists, bail
-        if (signedAuditLogger == null) {
-            return null;
-        }
-
-        String requesterID = ILogger.UNIDENTIFIED;
-
-        if (request != null) {
-            // overwrite "requesterID" if and only if "id" != null
-            String id = request.getRequestId().toString();
-
-            if (id != null) {
-                requesterID = id.trim();
-            }
-        }
-
-        return requesterID;
-    }
-
-    /**
-     * Signed Audit Log Info Certificate Value
-     *
-     * This method is called to obtain the certificate from the passed in
-     * "X509CertImpl" for a signed audit log message.
-     * <P>
-     *
-     * @param request request containing an X509CertImpl
-     * @return cert string containing the certificate
-     */
-    protected String auditInfoCertValue(IRequest request) {
-        // if no signed audit object exists, bail
-        if (signedAuditLogger == null) {
-            return null;
-        }
-
-        X509CertImpl x509cert = request.getExtDataInCert(
-                IEnrollProfile.REQUEST_ISSUED_CERT);
-
-        if (x509cert == null) {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        byte rawData[] = null;
-
-        try {
-            rawData = x509cert.getEncoded();
-        } catch (CertificateEncodingException e) {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        String cert = null;
-
-        // convert "rawData" into "base64Data"
-        if (rawData != null) {
-            String base64Data = null;
-
-            base64Data = Utils.base64encode(rawData).trim();
-
-            // extract all line separators from the "base64Data"
-            StringBuffer sb = new StringBuffer();
-            for (int i = 0; i < base64Data.length(); i++) {
-                if (!Character.isWhitespace(base64Data.charAt(i))) {
-                    sb.append(base64Data.charAt(i));
-
-                }
-            }
-            cert = sb.toString();
-        }
-
-        if (cert != null) {
-            cert = cert.trim();
-
-            if (cert.equals("")) {
-                return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-            } else {
-                return cert;
-            }
-        } else {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-    }
-
-    protected String auditSubjectID() {
-        // if no signed audit object exists, bail
-        if (signedAuditLogger == null) {
-            return null;
-        }
-
-        CMS.debug("CMSServlet: in auditSubjectID");
-        String subjectID = null;
-
-        // Initialize subjectID
-        SessionContext auditContext = SessionContext.getExistingContext();
-
-        CMS.debug("CMSServlet: auditSubjectID auditContext " + auditContext);
-        if (auditContext != null) {
-            subjectID = (String)
-                    auditContext.get(SessionContext.USER_ID);
-
-            CMS.debug("CMSServlet auditSubjectID: subjectID: " + subjectID);
-            if (subjectID != null) {
-                subjectID = subjectID.trim();
-            } else {
-                subjectID = ILogger.NONROLEUSER;
-            }
-        } else {
-            subjectID = ILogger.UNIDENTIFIED;
-        }
-
-        return subjectID;
-    }
-
-    protected String auditGroupID() {
-        // if no signed audit object exists, bail
-        if (signedAuditLogger == null) {
-            return null;
-        }
-
-        CMS.debug("CMSServlet: in auditGroupID");
-        String groupID = null;
-
-        // Initialize groupID
-        SessionContext auditContext = SessionContext.getExistingContext();
-
-        CMS.debug("CMSServlet: auditGroupID auditContext " + auditContext);
-        if (auditContext != null) {
-            groupID = (String)
-                    auditContext.get(SessionContext.GROUP_ID);
-
-            CMS.debug("CMSServlet auditGroupID: groupID: " + groupID);
-            if (groupID != null) {
-                groupID = groupID.trim();
-            } else {
-                groupID = ILogger.NONROLEUSER;
-            }
-        } else {
-            groupID = ILogger.UNIDENTIFIED;
-        }
-
-        return groupID;
-    }
-
-    /**
-     * Signed Audit Log Info Value
-     *
-     * This method is called to obtain the "reason" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @param request the actual request
-     * @return reason string containing the signed audit log message reason
-     */
-    protected String auditInfoValue(IRequest request) {
-        // if no signed audit object exists, bail
-        if (signedAuditLogger == null) {
-            return null;
-        }
-
-        String reason = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-
-        if (request != null) {
-            // overwrite "reason" if and only if "info" != null
-            String info =
-                    request.getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON);
-
-            if (info != null) {
-                reason = info.trim();
-
-                // overwrite "reason" if and only if "reason" is empty
-                if (reason.equals("")) {
-                    reason = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-                }
-            }
-        }
-
-        return reason;
-    }
-
-    /**
-     * Signed Audit Log Info Certificate Value
-     *
-     * This method is called to obtain the certificate from the passed in
-     * "X509CertImpl" for a signed audit log message.
-     * <P>
-     *
-     * @param x509cert an X509CertImpl
-     * @return cert string containing the certificate
-     */
-    protected String auditInfoCertValue(X509CertImpl x509cert) {
-        // if no signed audit object exists, bail
-        if (signedAuditLogger == null) {
-            return null;
-        }
-
-        if (x509cert == null) {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        byte rawData[] = null;
-
-        try {
-            rawData = x509cert.getEncoded();
-        } catch (CertificateEncodingException e) {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        String cert = null;
-
-        // convert "rawData" into "base64Data"
-        if (rawData != null) {
-            String base64Data = null;
-
-            base64Data = Utils.base64encode(rawData).trim();
-
-            // extract all line separators from the "base64Data"
-            StringBuffer sb = new StringBuffer();
-            for (int i = 0; i < base64Data.length(); i++) {
-                if (!Character.isWhitespace(base64Data.charAt(i))) {
-                    sb.append(base64Data.charAt(i));
-                }
-            }
-            cert = sb.toString();
-        }
-
-        if (cert != null) {
-            cert = cert.trim();
-
-            if (cert.equals("")) {
-                return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-            } else {
-                return cert;
-            }
-        } else {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-    }
-
-    /**
-     * Signed Audit Groups
-     *
-     * This method is called to extract all "groups" associated
-     * with the "auditSubjectID()".
-     * <P>
-     *
-     * @param SubjectID string containing the signed audit log message SubjectID
-     * @return a delimited string of groups associated
-     *         with the "auditSubjectID()"
-     */
-    protected String auditGroups(String SubjectID) {
-        // if no signed audit object exists, bail
-        if (signedAuditLogger == null) {
-            return null;
-        }
-
-        if ((SubjectID == null) ||
-                (SubjectID.equals(ILogger.UNIDENTIFIED))) {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        Enumeration<IGroup> groups = null;
-
-        try {
-            groups = ug.findGroups("*");
-        } catch (Exception e) {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        StringBuffer membersString = new StringBuffer();
-
-        while (groups.hasMoreElements()) {
-            IGroup group = groups.nextElement();
-
-            if (group.isMember(SubjectID) == true) {
-                if (membersString.length() != 0) {
-                    membersString.append(", ");
-                }
-
-                membersString.append(group.getGroupID());
-            }
-        }
-
-        if (membersString.length() != 0) {
-            return membersString.toString();
-        } else {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-    }
-
-    public void validateNonce(
-            HttpServletRequest servletRequest,
-            String name,
-            Object id,
-            Long nonce) throws EBaseException {
-
-        if (nonce == null) {
-            throw new BadRequestException("Missing nonce.");
-        }
-
-        Map<Object, Long> nonces = authority.getNonces(servletRequest, name);
-
-        Long storedNonce = nonces.get(id);
-        if (storedNonce == null) {
-            throw new BadRequestException("Nonce for "+name+" "+id+" does not exist.");
-        }
-
-        if (!nonce.equals(storedNonce)) {
-            throw new ForbiddenException("Invalid nonce");
-        }
-
-        nonces.remove(id);
-
-        CMS.debug("Processor: Nonce verified");
-    }
-
-    public String getUserMessage(String messageId, String... params) {
-        return CMS.getUserMessage(locale, messageId, params);
-    }
-
-    public void audit(String message, String scope, String type, String id, Map<String, String> params, String status) {
-
-        if (auditor == null) return;
-
-        String auditMessage = CMS.getLogMessage(
-                message,
-                auditor.getSubjectID(),
-                status,
-                auditor.getParamString(scope, type, id, params));
-
-        auditor.log(auditMessage);
-    }
-
-    /**
-     * Get the values of the fields annotated with @FormParam.
-     */
-    public Map<String, String> getParams(Object object) {
-
-        Map<String, String> map = new HashMap<String, String>();
-
-        // for each fields in the object
-        for (Method method : object.getClass().getMethods()) {
-            FormParam element = method.getAnnotation(FormParam.class);
-            if (element == null) continue;
-
-            String name = element.value();
-
-            try {
-                // get the value from the object
-                Object value = method.invoke(object);
-
-                // put the value in the map
-                map.put(name, value == null ? null : value.toString());
-
-            } catch (Exception e) {
-                // ignore inaccessible fields
-                e.printStackTrace();
-            }
-        }
-
-        return map;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/profile/PolicyConstraintFactory.java b/base/common/src/com/netscape/cms/servlet/profile/PolicyConstraintFactory.java
deleted file mode 100644
index 648e8bc57..000000000
--- a/base/common/src/com/netscape/cms/servlet/profile/PolicyConstraintFactory.java
+++ /dev/null
@@ -1,47 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile;
-
-import java.util.Enumeration;
-import java.util.Locale;
-
-import com.netscape.certsrv.profile.IPolicyConstraint;
-import com.netscape.certsrv.profile.PolicyConstraint;
-import com.netscape.certsrv.profile.PolicyConstraintValue;
-import com.netscape.certsrv.property.Descriptor;
-
-public class PolicyConstraintFactory {
-
-    public static PolicyConstraint create(Locale locale, IPolicyConstraint cons, String classId) {
-        PolicyConstraint ret = new PolicyConstraint();
-        ret.setName(cons.getName(locale));
-        ret.setText(cons.getText(locale));
-        ret.setClassId(classId);
-
-        Enumeration<String> conNames = cons.getConfigNames();
-        while (conNames.hasMoreElements()) {
-            String conName = conNames.nextElement();
-            PolicyConstraintValue dataVal =
-                    new PolicyConstraintValue(conName, (Descriptor) cons.getConfigDescriptor(locale, conName),
-                            cons.getConfig(conName));
-            ret.addConstraint(dataVal);
-        }
-
-        return ret;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/profile/PolicyDefaultFactory.java b/base/common/src/com/netscape/cms/servlet/profile/PolicyDefaultFactory.java
deleted file mode 100644
index 0d6ab0495..000000000
--- a/base/common/src/com/netscape/cms/servlet/profile/PolicyDefaultFactory.java
+++ /dev/null
@@ -1,97 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile;
-
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.List;
-import java.util.Locale;
-
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.PolicyDefault;
-import com.netscape.certsrv.profile.ProfileAttribute;
-import com.netscape.certsrv.profile.ProfileParameter;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.request.IRequest;
-
-public class PolicyDefaultFactory {
-
-    public static PolicyDefault create(IRequest request, Locale locale, IPolicyDefault def) throws EPropertyException {
-        PolicyDefault ret = new PolicyDefault();
-        ret.setName(def.getName(locale));
-        ret.setText(def.getText(locale));
-
-        Enumeration<String> defNames  = def.getValueNames();
-        while (defNames.hasMoreElements()) {
-            String defName = defNames.nextElement();
-            ProfileAttribute attr = new ProfileAttribute(
-                    defName,
-                    def.getValue(defName, locale, request),
-                    (Descriptor) def.getValueDescriptor(locale, defName));
-            ret.addAttribute(attr);
-        }
-        return ret;
-    }
-
-    public static PolicyDefault create(IArgBlock params, Locale locale, IPolicyDefault def) throws EPropertyException {
-        PolicyDefault ret = new PolicyDefault();
-        ret.setName(def.getName(locale));
-        ret.setText(def.getText(locale));
-
-        Enumeration<String> defNames  = def.getValueNames();
-        while (defNames.hasMoreElements()) {
-            String defName = defNames.nextElement();
-            ProfileAttribute attr = new ProfileAttribute(
-                    defName,
-                    params.getValueAsString(defName, ""),
-                    (Descriptor) def.getValueDescriptor(locale, defName));
-            ret.addAttribute(attr);
-        }
-        return ret;
-    }
-
-    public static PolicyDefault create(Locale locale, IPolicyDefault def, String classId) throws EPropertyException {
-        PolicyDefault ret = new PolicyDefault();
-        ret.setName(def.getName(locale));
-        ret.setText(def.getText(locale));
-        ret.setClassId(classId);
-
-        Enumeration<String> defNames  = def.getValueNames();
-        while (defNames.hasMoreElements()) {
-            String defName = defNames.nextElement();
-            ProfileAttribute attr = new ProfileAttribute();
-            attr.setName(defName);
-            attr.setDescriptor((Descriptor) def.getValueDescriptor(locale, defName));
-            ret.addAttribute(attr);
-        }
-
-        List<ProfileParameter> pList = new ArrayList<ProfileParameter>();
-        Enumeration<String> paramNames  = def.getConfigNames();
-        while (paramNames.hasMoreElements()) {
-            String paramName = paramNames.nextElement();
-            ProfileParameter p = new ProfileParameter(paramName, def.getConfig(paramName));
-            pList.add(p);
-        }
-        ret.setParams(pList);
-
-        return ret;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
deleted file mode 100644
index 7b5343000..000000000
--- a/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
+++ /dev/null
@@ -1,532 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile;
-
-import java.util.Enumeration;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IPolicyConstraint;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfilePolicy;
-import com.netscape.certsrv.profile.IProfileSubsystem;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.template.ArgList;
-import com.netscape.certsrv.template.ArgSet;
-import com.netscape.cms.servlet.common.CMSRequest;
-
-/**
- * Toggle the approval state of a profile
- *
- * @version $Revision$, $Date$
- */
-public class ProfileApproveServlet extends ProfileServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 3956879326742839550L;
-    private static final String PROP_AUTHORITY_ID = "authorityId";
-    private String mAuthorityId = null;
-
-    private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL =
-            "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4";
-    private final static String OP_APPROVE = "approve";
-    private final static String OP_DISAPPROVE = "disapprove";
-
-    public ProfileApproveServlet() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * "ImportCert.template" to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mAuthorityId = sc.getInitParameter(PROP_AUTHORITY_ID);
-    }
-
-    /**
-     * Process the HTTP request.
-     * <P>
-     *
-     * <ul>
-     * <li>http.param profileId the id of the profile to change
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL used when an agent approves/disapproves a cert
-     * profile set by the administrator for automatic approval
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     * @exception EBaseException an error has occurred
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest request = cmsReq.getHttpReq();
-        HttpServletResponse response = cmsReq.getHttpResp();
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditProfileID = auditProfileID(request);
-        String auditProfileOp = auditProfileOp(request);
-
-        String userid = null;
-        IAuthToken authToken = null;
-        ArgSet args = new ArgSet();
-
-        Locale locale = getLocale(request);
-
-        IProfile profile = null;
-
-        String profileId = null;
-
-        IProfileSubsystem ps = null;
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            try {
-                authToken = authenticate(cmsReq);
-                auditSubjectID = auditSubjectID();
-                CMS.debug("uid=" + authToken.getInString("userid"));
-                userid = authToken.getInString("userid");
-            } catch (Exception e) {
-                auditSubjectID = auditSubjectID();
-                CMS.debug(e.toString());
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
-                                e.toString()));
-                args.set(ARG_ERROR_CODE, "1");
-                args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                        "CMS_AUTHENTICATION_ERROR"));
-                outputTemplate(request, response, args);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditProfileID,
-                            auditProfileOp);
-
-                audit(auditMessage);
-
-                return;
-            }
-
-            AuthzToken authzToken = null;
-
-            try {
-                authzToken = authorize(mAclMethod, authToken,
-                            mAuthzResourceName, "approve");
-            } catch (EAuthzAccessDenied e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
-                                e.toString()));
-            } catch (Exception e) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
-                                e.toString()));
-            }
-
-            if (authzToken == null) {
-                args.set(ARG_ERROR_CODE, "1");
-                args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                        "CMS_AUTHORIZATION_ERROR"));
-                outputTemplate(request, response, args);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditProfileID,
-                            auditProfileOp);
-
-                audit(auditMessage);
-
-                return;
-            }
-
-            CMS.debug("ProfileApproveServlet: start serving");
-            // (1) Read request from the database
-
-            // (2) Get profile id from the request
-            if (mProfileSubId == null || mProfileSubId.equals("")) {
-                mProfileSubId = IProfileSubsystem.ID;
-            }
-            CMS.debug("ProfileApproveServlet: SubId=" + mProfileSubId);
-            ps = (IProfileSubsystem) CMS.getSubsystem(mProfileSubId);
-
-            if (ps == null) {
-                CMS.debug("ProfileApproveServlet: ProfileSubsystem not found");
-                args.set(ARG_ERROR_CODE, "1");
-                args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                        "CMS_INTERNAL_ERROR"));
-                outputTemplate(request, response, args);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditProfileID,
-                            auditProfileOp);
-
-                audit(auditMessage);
-
-                return;
-            }
-
-            // retrieve request
-            IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId);
-
-            if (authority == null) {
-                CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId +
-                        " not found");
-                args.set(ARG_ERROR_CODE, "1");
-                args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                        "CMS_INTERNAL_ERROR"));
-                outputTemplate(request, response, args);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditProfileID,
-                            auditProfileOp);
-
-                audit(auditMessage);
-
-                return;
-            }
-            IRequestQueue queue = authority.getRequestQueue();
-
-            if (queue == null) {
-                CMS.debug("ProfileApproveServlet: Request Queue of " +
-                        mAuthorityId + " not found");
-                args.set(ARG_ERROR_CODE, "1");
-                args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                        "CMS_INTERNAL_ERROR"));
-                outputTemplate(request, response, args);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditProfileID,
-                            auditProfileOp);
-
-                audit(auditMessage);
-
-                return;
-            }
-
-            profileId = request.getParameter("profileId");
-
-            CMS.debug("ProfileApproveServlet: profileId=" + profileId);
-
-            args.set(ARG_ERROR_CODE, "0");
-            args.set(ARG_ERROR_REASON, "");
-
-            try {
-                if (ps.isProfileEnable(profileId)) {
-                    if (ps.checkOwner()) {
-                        if (ps.getProfileEnableBy(profileId).equals(userid)) {
-                            ps.disableProfile(profileId);
-                        } else {
-                            // only enableBy can disable profile
-                            args.set(ARG_ERROR_CODE, "1");
-                            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                                    "CMS_PROFILE_NOT_OWNER"));
-                            outputTemplate(request, response, args);
-
-                            // store a message in the signed audit log file
-                            auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditProfileID,
-                                    auditProfileOp);
-
-                            audit(auditMessage);
-
-                            return;
-                        }
-                    } else {
-                        ps.disableProfile(profileId);
-                    }
-                } else {
-                    ps.enableProfile(profileId, userid);
-                }
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditProfileID,
-                            auditProfileOp);
-
-                audit(auditMessage);
-            } catch (EProfileException e) {
-                // profile not enabled
-                CMS.debug("ProfileApproveServlet: profile not error " +
-                        e.toString());
-                args.set(ARG_ERROR_CODE, "1");
-                args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                        "CMS_INTERNAL_ERROR"));
-                outputTemplate(request, response, args);
-
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditProfileID,
-                            auditProfileOp);
-
-                audit(auditMessage);
-
-                return;
-            }
-        } catch (EBaseException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditProfileID,
-                        auditProfileOp);
-
-            audit(auditMessage);
-
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
-            // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditProfileID,
-            //                        auditProfileOp );
-            //
-            //     audit( auditMessage );
-            //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
-        }
-
-        try {
-            profile = ps.getProfile(profileId);
-        } catch (EProfileException e) {
-            // profile not found
-            CMS.debug("ProfileApproveServlet: profile not found " +
-                    e.toString());
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, e.toString());
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_PROFILE_NOT_FOUND", profileId));
-            outputTemplate(request, response, args);
-            return;
-        }
-        if (profile == null) {
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_PROFILE_NOT_FOUND", profileId));
-            outputTemplate(request, response, args);
-            return;
-        }
-
-        Enumeration<String> policySetIds = profile.getProfilePolicySetIds();
-
-        ArgList setlist = new ArgList();
-
-        while (policySetIds.hasMoreElements()) {
-            String setId = policySetIds.nextElement();
-
-            Enumeration<String> policyIds = profile.getProfilePolicyIds(setId);
-            ArgList list = new ArgList();
-
-            while (policyIds.hasMoreElements()) {
-                String id = policyIds.nextElement();
-                IProfilePolicy policy = profile.getProfilePolicy(setId, id);
-
-                // (3) query all the profile policies
-                // (4) default plugins convert request parameters
-                //     into string http parameters
-                handlePolicy(list, response, locale,
-                        id, policy);
-            }
-            ArgSet setArg = new ArgSet();
-
-            setArg.set(ARG_POLICY_SET_ID, setId);
-            setArg.set(ARG_POLICY, list);
-            setlist.add(setArg);
-        }
-        args.set(ARG_POLICY_SET_LIST, setlist);
-
-        args.set(ARG_PROFILE_ID, profileId);
-        args.set(ARG_PROFILE_IS_ENABLED,
-                Boolean.toString(ps.isProfileEnable(profileId)));
-        args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId));
-        args.set(ARG_PROFILE_NAME, profile.getName(locale));
-        args.set(ARG_PROFILE_DESC, profile.getDescription(locale));
-
-        // (5) return info as template
-        outputTemplate(request, response, args);
-    }
-
-    private void handlePolicy(ArgList list, ServletResponse response,
-            Locale locale, String id, IProfilePolicy policy) {
-        ArgSet set = new ArgSet();
-
-        set.set(ARG_POLICY_ID, id);
-
-        // handle default policy
-        IPolicyDefault def = policy.getDefault();
-        String dDesc = def.getText(locale);
-
-        set.set(ARG_DEF_DESC, dDesc);
-
-        ArgList deflist = new ArgList();
-        Enumeration<String> defNames = def.getValueNames();
-
-        if (defNames != null) {
-            while (defNames.hasMoreElements()) {
-                ArgSet defset = new ArgSet();
-                String defName = defNames.nextElement();
-                IDescriptor defDesc = def.getValueDescriptor(locale, defName);
-                if (defDesc == null) {
-                    CMS.debug("defName=" + defName);
-                } else {
-                    String defSyntax = defDesc.getSyntax();
-                    String defConstraint = defDesc.getConstraint();
-                    String defValueName = defDesc.getDescription(locale);
-                    String defValue = null;
-
-                    defset.set(ARG_DEF_ID, defName);
-                    defset.set(ARG_DEF_SYNTAX, defSyntax);
-                    defset.set(ARG_DEF_CONSTRAINT, defConstraint);
-                    defset.set(ARG_DEF_NAME, defValueName);
-                    defset.set(ARG_DEF_VAL, defValue);
-                    deflist.add(defset);
-                }
-            }
-        }
-        set.set(ARG_DEF_LIST, deflist);
-
-        // handle constraint policy
-        IPolicyConstraint con = policy.getConstraint();
-        String conDesc = con.getText(locale);
-
-        set.set(ARG_CON_DESC, conDesc);
-
-        list.add(set);
-    }
-
-    /**
-     * Signed Audit Log Profile ID
-     *
-     * This method is called to obtain the "ProfileID" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @param req HTTP request
-     * @return id string containing the signed audit log message ProfileID
-     */
-    private String auditProfileID(HttpServletRequest req) {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        String profileID = null;
-
-        // Obtain the profileID
-        profileID = req.getParameter("profileId");
-
-        if (profileID != null) {
-            profileID = profileID.trim();
-        } else {
-            profileID = ILogger.UNIDENTIFIED;
-        }
-
-        return profileID;
-    }
-
-    /**
-     * Signed Audit Log Profile Operation
-     *
-     * This method is called to obtain the "Profile Operation" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @param req HTTP request
-     * @return operation string containing either OP_APPROVE, OP_DISAPPROVE,
-     *         or SIGNED_AUDIT_EMPTY_VALUE
-     */
-    private String auditProfileOp(HttpServletRequest req) {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        if (mProfileSubId == null ||
-                mProfileSubId.equals("")) {
-            mProfileSubId = IProfileSubsystem.ID;
-        }
-
-        IProfileSubsystem ps = (IProfileSubsystem)
-                CMS.getSubsystem(mProfileSubId);
-
-        if (ps == null) {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        String profileID = auditProfileID(req);
-
-        if (profileID == ILogger.UNIDENTIFIED) {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        if (ps.isProfileEnable(profileID)) {
-            return OP_DISAPPROVE;
-        } else {
-            return OP_APPROVE;
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileInputFactory.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileInputFactory.java
deleted file mode 100644
index f89d8224e..000000000
--- a/base/common/src/com/netscape/cms/servlet/profile/ProfileInputFactory.java
+++ /dev/null
@@ -1,44 +0,0 @@
-package com.netscape.cms.servlet.profile;
-
-import java.util.Enumeration;
-import java.util.Locale;
-
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.profile.ProfileAttribute;
-import com.netscape.certsrv.profile.ProfileInput;
-import com.netscape.certsrv.request.IRequest;
-
-public class ProfileInputFactory {
-
-    public static ProfileInput create(IProfileInput input, IRequest request, Locale locale) throws EProfileException  {
-        ProfileInput ret = new ProfileInput();
-        ret.setName(input.getName(locale));
-        ret.setClassId(input.getClass().getSimpleName());
-        Enumeration<String> names = input.getValueNames();
-        while (names.hasMoreElements()) {
-            String name = names.nextElement();
-            String value = input.getValue(name, locale, request);
-            if (value != null) {
-                ret.addAttribute(new ProfileAttribute(name, value, null));
-            }
-        }
-        return ret;
-    }
-
-    public static ProfileInput create(IProfileInput input, IArgBlock params, Locale locale) throws EProfileException {
-        ProfileInput ret = new ProfileInput();
-        ret.setName(input.getName(locale));
-        ret.setClassId(input.getClass().getSimpleName());
-        Enumeration<String> names = input.getValueNames();
-        while (names.hasMoreElements()) {
-            String name = names.nextElement();
-            String value = params.getValueAsString(name, null);
-            if (value != null) {
-                ret.addAttribute(new ProfileAttribute(name, value, null));
-            }
-        }
-        return ret;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java
deleted file mode 100644
index 6acc1634c..000000000
--- a/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java
+++ /dev/null
@@ -1,171 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile;
-
-import java.util.Enumeration;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileSubsystem;
-import com.netscape.certsrv.template.ArgList;
-import com.netscape.certsrv.template.ArgSet;
-import com.netscape.cms.servlet.common.CMSRequest;
-
-/**
- * List all enabled profiles.
- *
- * @version $Revision$, $Date$
- */
-public class ProfileListServlet extends ProfileServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -5118812083812548395L;
-
-    public ProfileListServlet() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * "ImportCert.template" to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-    }
-
-    /**
-     * Process the HTTP request.
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest request = cmsReq.getHttpReq();
-        HttpServletResponse response = cmsReq.getHttpResp();
-
-        CMS.debug("ProfileListServlet: start serving");
-
-        Locale locale = getLocale(request);
-
-        ArgSet args = new ArgSet();
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "list");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_AUTHORIZATION_ERROR"));
-            outputTemplate(request, response, args);
-            return;
-        }
-
-        // (1) Read request from the database
-
-        // (2) Get profile id from the request
-        if (mProfileSubId == null || mProfileSubId.equals("")) {
-            mProfileSubId = IProfileSubsystem.ID;
-        }
-        CMS.debug("ProfileListServlet: SubId=" + mProfileSubId);
-        IProfileSubsystem ps = (IProfileSubsystem)
-                CMS.getSubsystem(mProfileSubId);
-
-        if (ps == null) {
-            CMS.debug("ProfileListServlet: ProfileSubsystem " +
-                    mProfileSubId + " not found");
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_INTERNAL_ERROR"));
-            outputTemplate(request, response, args);
-            return;
-        }
-
-        ArgList list = new ArgList();
-        Enumeration<String> e = ps.getProfileIds();
-
-        if (e != null) {
-            while (e.hasMoreElements()) {
-                String id = e.nextElement();
-                IProfile profile = null;
-
-                try {
-                    profile = ps.getProfile(id);
-                } catch (EBaseException e1) {
-                    // skip bad profile
-                    CMS.debug("ProfileListServlet: profile " + id +
-                            " not found (skipped) " + e1.toString());
-                    continue;
-                }
-                if (profile == null) {
-                    CMS.debug("ProfileListServlet: profile " + id +
-                            " not found (skipped)");
-                    continue;
-                }
-
-                String name = profile.getName(locale);
-                String desc = profile.getDescription(locale);
-
-                ArgSet profileArgs = new ArgSet();
-
-                profileArgs.set(ARG_PROFILE_IS_ENABLED,
-                        Boolean.toString(ps.isProfileEnable(id)));
-                profileArgs.set(ARG_PROFILE_ENABLED_BY,
-                        ps.getProfileEnableBy(id));
-                profileArgs.set(ARG_PROFILE_ID, id);
-                profileArgs.set(ARG_PROFILE_IS_VISIBLE,
-                        Boolean.toString(profile.isVisible()));
-                profileArgs.set(ARG_PROFILE_NAME, name);
-                profileArgs.set(ARG_PROFILE_DESC, desc);
-                list.add(profileArgs);
-
-            }
-        }
-        args.set(ARG_RECORD, list);
-        args.set(ARG_ERROR_CODE, "0");
-        args.set(ARG_ERROR_REASON, "");
-
-        // (5) return info as template
-        outputTemplate(request, response, args);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileOutputFactory.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileOutputFactory.java
deleted file mode 100644
index 278acf488..000000000
--- a/base/common/src/com/netscape/cms/servlet/profile/ProfileOutputFactory.java
+++ /dev/null
@@ -1,49 +0,0 @@
-//--- BEGIN COPYRIGHT BLOCK ---
-//This program is free software; you can redistribute it and/or modify
-//it under the terms of the GNU General Public License as published by
-//the Free Software Foundation; version 2 of the License.
-//
-//This program is distributed in the hope that it will be useful,
-//but WITHOUT ANY WARRANTY; without even the implied warranty of
-//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-//GNU General Public License for more details.
-//
-//You should have received a copy of the GNU General Public License along
-//with this program; if not, write to the Free Software Foundation, Inc.,
-//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-//(C) 2012 Red Hat, Inc.
-//All rights reserved.
-//--- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile;
-
-import java.util.Enumeration;
-import java.util.Locale;
-
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfileOutput;
-import com.netscape.certsrv.profile.ProfileAttribute;
-import com.netscape.certsrv.profile.ProfileOutput;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.request.IRequest;
-
-public class ProfileOutputFactory {
-
-    public static ProfileOutput create(IProfileOutput output, IRequest request, Locale locale) throws EProfileException {
-        ProfileOutput ret = new ProfileOutput();
-        ret.setName(output.getName(locale));
-        ret.setText(output.getText(locale));
-
-        Enumeration<String> attrNames  = output.getValueNames();
-        while (attrNames.hasMoreElements()) {
-            String attrName = attrNames.nextElement();
-            ProfileAttribute attr = new ProfileAttribute(
-                    attrName,
-                    output.getValue(attrName, locale, request),
-                    (Descriptor) output.getValueDescriptor(locale, attrName));
-            ret.addAttribute(attr);
-        }
-        return ret;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
deleted file mode 100644
index 82b168e6f..000000000
--- a/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
+++ /dev/null
@@ -1,181 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile;
-
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.EAuthException;
-import com.netscape.certsrv.authorization.EAuthzException;
-import com.netscape.certsrv.base.BadRequestDataException;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.ForbiddenException;
-import com.netscape.certsrv.cert.CertReviewResponse;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.EDeferException;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.ProfileAttribute;
-import com.netscape.certsrv.profile.ProfileOutput;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.template.ArgList;
-import com.netscape.certsrv.template.ArgSet;
-import com.netscape.certsrv.template.ArgString;
-import com.netscape.cms.servlet.cert.RequestProcessor;
-import com.netscape.cms.servlet.common.CMSRequest;
-
-/**
- * This servlet approves profile-based request.
- *
- * @version $Revision$, $Date$
- */
-public class ProfileProcessServlet extends ProfileServlet {
-
-    private static final long serialVersionUID = 5244627530516577838L;
-
-    public ProfileProcessServlet() {
-    }
-
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-    }
-
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest request = cmsReq.getHttpReq();
-        HttpServletResponse response = cmsReq.getHttpResp();
-
-        Locale locale = getLocale(request);
-        ArgSet args = new ArgSet();
-        args.set(ARG_ERROR_CODE, "0");
-        args.set(ARG_ERROR_REASON, "");
-
-        RequestProcessor processor = new RequestProcessor("caProfileProcess", locale);
-
-        String op = request.getParameter("op");
-        if (op == null) {
-            CMS.debug("ProfileProcessServlet: No op found");
-            setError(args, CMS.getUserMessage(locale, "CMS_OP_NOT_FOUND"), request, response);
-            return;
-        }
-
-        String requestId = request.getParameter("requestId");
-        if (requestId == null || requestId.equals("")) {
-            CMS.debug("ProfileProcessServlet: Request Id not found");
-            setError(args, CMS.getUserMessage(locale, "CMS_REQUEST_ID_NOT_FOUND"), request, response);
-            return;
-        }
-
-        IRequest req = processor.getRequest(requestId);
-        if (req == null) {
-            setError(args, CMS.getUserMessage(locale, "CMS_REQUEST_NOT_FOUND", requestId), request, response);
-            return;
-        }
-
-        String profileId = req.getExtDataInString("profileId");
-        if (profileId == null || profileId.equals("")) {
-            CMS.debug("ProfileProcessServlet: Profile Id not found");
-            setError(args, CMS.getUserMessage(locale, "CMS_PROFILE_ID_NOT_FOUND"), request, response);
-            return;
-        }
-        CMS.debug("ProfileProcessServlet: profileId=" + profileId);
-
-        // set request in cmsReq for later retrieval
-        cmsReq.setIRequest(req);
-
-        CertReviewResponse data = null;
-        try {
-            data = processor.processRequest(cmsReq, req, op);
-
-        } catch (ForbiddenException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            setError(args, e.getMessage(), request, response);
-            return;
-        } catch (EAuthException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            setError(args, e.getMessage(), request, response);
-            return;
-        } catch (EAuthzException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-            setError(args, e.getMessage(), request, response);
-            return;
-        } catch (BadRequestDataException e) {
-            setError(args, e.getMessage(), request, response);
-            return;
-        } catch (ERejectException e) {
-            CMS.debug("ProfileProcessServlet: execution rejected " + e.toString());
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_REJECTED", e.toString()));
-        } catch (EDeferException e) {
-            CMS.debug("ProfileProcessServlet: execution defered " + e.toString());
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DEFERRED", e.toString()));
-        } catch (EPropertyException e) {
-            CMS.debug("ProfileProcessServlet: execution error " + e.toString());
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_PROPERTY_ERROR", e.toString()));
-        } catch (EProfileException e) {
-            CMS.debug("ProfileProcessServlet: execution error " + e.toString());
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
-        } catch (EBaseException e) {
-            setError(args, e.getMessage(), request, response);
-            return;
-        }
-
-        args.set(ARG_OP, op);
-        args.set(ARG_REQUEST_ID, req.getRequestId().toString());
-        args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString());
-        args.set(ARG_REQUEST_TYPE, req.getRequestType());
-        args.set(ARG_PROFILE_ID, profileId);
-
-        String errorCode = ((ArgString) args.get(ARG_ERROR_CODE)).getValue();
-
-        if (op.equals("approve") && errorCode.equals("0") && (data != null)) {
-            ArgList outputlist = new ArgList();
-            for (ProfileOutput output: data.getOutputs()) {
-                for (ProfileAttribute attr: output.getAttrs()){
-                    ArgSet outputset = new ArgSet();
-                    IDescriptor desc = attr.getDescriptor();
-                    outputset.set(ARG_OUTPUT_ID, attr.getName());
-                    outputset.set(ARG_OUTPUT_SYNTAX, desc.getSyntax());
-                    outputset.set(ARG_OUTPUT_CONSTRAINT, desc.getConstraint());
-                    outputset.set(ARG_OUTPUT_NAME, desc.getDescription(locale));
-                    outputset.set(ARG_OUTPUT_VAL, attr.getValue());
-                    outputlist.add(outputset);
-                }
-            }
-            args.set(ARG_OUTPUT_LIST, outputlist);
-        }
-
-        outputTemplate(request, response, args);
-    }
-
-    private void setError(ArgSet args, String reason, HttpServletRequest request, HttpServletResponse response)
-            throws EBaseException {
-        args.set(ARG_ERROR_CODE, "1");
-        args.set(ARG_ERROR_REASON, reason);
-        outputTemplate(request, response, args);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java
deleted file mode 100644
index 2b3ef83bb..000000000
--- a/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java
+++ /dev/null
@@ -1,450 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile;
-
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Map;
-import java.util.Random;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IPolicyConstraint;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.profile.IProfileOutput;
-import com.netscape.certsrv.profile.IProfilePolicy;
-import com.netscape.certsrv.profile.IProfileSubsystem;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.template.ArgList;
-import com.netscape.certsrv.template.ArgSet;
-import com.netscape.cms.servlet.common.CMSRequest;
-
-/**
- * This servlet allows reviewing of profile-based request.
- *
- * @version $Revision$, $Date$
- */
-public class ProfileReviewServlet extends ProfileServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -6559751428547928511L;
-
-    private static final String PROP_AUTHORITY_ID = "authorityId";
-
-    private String mAuthorityId = null;
-    ICertificateAuthority authority = null;
-    private Random mRandom = null;
-
-    public ProfileReviewServlet() {
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * "ImportCert.template" to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mAuthorityId = sc.getInitParameter(PROP_AUTHORITY_ID);
-
-        if (mAuthorityId != null)
-            authority = (ICertificateAuthority) CMS.getSubsystem(mAuthorityId);
-
-        if (authority != null && authority.noncesEnabled()) {
-            mRandom = new Random();
-        }
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param requestId the ID of the profile to review
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest request = cmsReq.getHttpReq();
-        HttpServletResponse response = cmsReq.getHttpResp();
-
-        CMS.debug("ProfileReviewServlet: start serving");
-
-        Locale locale = getLocale(request);
-        ArgSet args = new ArgSet();
-        IAuthToken authToken = null;
-
-        if (mAuthMgr != null) {
-            try {
-                authToken = authenticate(request);
-            } catch (EBaseException e) {
-                CMS.debug("ReviewReqServlet: " + e.toString());
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-                args.set(ARG_ERROR_CODE, "1");
-                args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                        "CMS_AUTHENTICATION_ERROR"));
-                outputTemplate(request, response, args);
-                return;
-            }
-        }
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "read");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_AUTHORIZATION_ERROR"));
-            outputTemplate(request, response, args);
-            return;
-        }
-
-        // (1) Read request from the database
-
-        // (2) Get profile id from the request
-        if (mProfileSubId == null || mProfileSubId.equals("")) {
-            mProfileSubId = IProfileSubsystem.ID;
-        }
-        CMS.debug("ProfileReviewServlet: SubId=" + mProfileSubId);
-        IProfileSubsystem ps = (IProfileSubsystem)
-                CMS.getSubsystem(mProfileSubId);
-
-        if (ps == null) {
-            CMS.debug("ProfileReviewServlet: ProfileSubsystem not found");
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_INTERNAL_ERROR"));
-            outputTemplate(request, response, args);
-            return;
-        }
-
-        // retrieve request
-
-        if (authority == null) {
-            CMS.debug("ProfileReviewServlet: Authority " + mAuthorityId +
-                    " not found");
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_INTERNAL_ERROR"));
-            outputTemplate(request, response, args);
-            return;
-        }
-        IRequestQueue queue = authority.getRequestQueue();
-
-        if (queue == null) {
-            CMS.debug("ProfileReviewServlet: Request Queue of " +
-                    mAuthorityId + " not found");
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_INTERNAL_ERROR"));
-            outputTemplate(request, response, args);
-            return;
-        }
-
-        String requestId = request.getParameter("requestId");
-        IRequest req = null;
-
-        CMS.debug("ProfileReviewServlet: requestId=" + requestId);
-        try {
-            req = queue.findRequest(new RequestId(requestId));
-        } catch (EBaseException e) {
-            // request not found
-            CMS.debug("ProfileReviewServlet: request not found requestId=" +
-                    requestId + " " + e.toString());
-        }
-        if (req == null) {
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_REQUEST_NOT_FOUND", requestId));
-            outputTemplate(request, response, args);
-            return;
-        }
-
-        String profileId = req.getExtDataInString("profileId");
-
-        CMS.debug("ProfileReviewServlet: requestId=" +
-                requestId + " profileId=" + profileId);
-        IProfile profile = null;
-
-        try {
-            profile = ps.getProfile(profileId);
-        } catch (EProfileException e) {
-            // profile not found
-            CMS.debug("ProfileReviewServlet: profile not found requestId=" +
-                    requestId + " profileId=" + profileId + " " + e.toString());
-        }
-        if (profile == null) {
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_PROFILE_NOT_FOUND", profileId));
-            outputTemplate(request, response, args);
-            return;
-        }
-
-        String profileSetId = req.getExtDataInString("profileSetId");
-
-        CMS.debug("ProfileReviewServlet: profileSetId=" + profileSetId);
-        Enumeration<String> policyIds = (profileSetId != null && profileSetId.length() > 0) ?
-                                 profile.getProfilePolicyIds(profileSetId) : null;
-        ArgList list = new ArgList();
-
-        if (policyIds != null) {
-            while (policyIds.hasMoreElements()) {
-                String id = policyIds.nextElement();
-                IProfilePolicy policy =
-                        profile.getProfilePolicy(req.getExtDataInString("profileSetId"),
-                                id);
-
-                // (3) query all the profile policies
-                // (4) default plugins convert request parameters into string
-                //     http parameters
-                handlePolicy(list, response, locale,
-                        id, policy, req);
-            }
-        }
-
-        if (authority != null && authority.noncesEnabled()) {
-            long n = mRandom.nextLong();
-            Map<Object, Long> nonces = authority.getNonces(request, "cert-request");
-            nonces.put(req.getRequestId().toBigInteger(), n);
-            args.set(ARG_REQUEST_NONCE, Long.toString(n));
-        }
-
-        args.set(ARG_REQUEST_ID, req.getRequestId().toString());
-        args.set(ARG_REQUEST_TYPE, req.getRequestType());
-        args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString());
-        if (req.getRequestOwner() == null) {
-            args.set(ARG_REQUEST_OWNER, "");
-        } else {
-            args.set(ARG_REQUEST_OWNER, req.getRequestOwner());
-        }
-        args.set(ARG_REQUEST_CREATION_TIME, req.getCreationTime().toString());
-        args.set(ARG_REQUEST_MODIFICATION_TIME,
-                req.getModificationTime().toString());
-
-        args.set(ARG_PROFILE_ID, profileId);
-        args.set(ARG_PROFILE_APPROVED_BY,
-                req.getExtDataInString("profileApprovedBy"));
-        args.set(ARG_PROFILE_SET_ID, req.getExtDataInString("profileSetId"));
-        if (profile.isVisible()) {
-            args.set(ARG_PROFILE_IS_VISIBLE, "true");
-        } else {
-            args.set(ARG_PROFILE_IS_VISIBLE, "false");
-        }
-        args.set(ARG_PROFILE_NAME, profile.getName(locale));
-        args.set(ARG_PROFILE_DESC, profile.getDescription(locale));
-        args.set(ARG_PROFILE_REMOTE_HOST,
-                req.getExtDataInString("profileRemoteHost"));
-        args.set(ARG_PROFILE_REMOTE_ADDR,
-                req.getExtDataInString("profileRemoteAddr"));
-        if (req.getExtDataInString("requestNotes") == null) {
-            args.set(ARG_REQUEST_NOTES, "");
-        } else {
-            args.set(ARG_REQUEST_NOTES,
-                    req.getExtDataInString("requestNotes"));
-        }
-
-        args.set(ARG_RECORD, list);
-        args.set(ARG_ERROR_CODE, "0");
-        args.set(ARG_ERROR_REASON, "");
-
-        ArgList inputlist = new ArgList();
-
-        // populate authentication parameters
-
-        // populate input parameters
-        Enumeration<String> inputIds = profile.getProfileInputIds();
-
-        if (inputIds != null) {
-            while (inputIds.hasMoreElements()) {
-                String inputId = inputIds.nextElement();
-                IProfileInput profileInput = profile.getProfileInput(inputId);
-
-                Enumeration<String> inputNames = profileInput.getValueNames();
-
-                if (inputNames != null) {
-                    while (inputNames.hasMoreElements()) {
-                        ArgSet inputset = new ArgSet();
-                        String inputName = inputNames.nextElement();
-
-                        IDescriptor inputDesc = profileInput.getValueDescriptor(locale, inputName);
-
-                        if (inputDesc == null)
-                            continue;
-                        String inputSyntax = inputDesc.getSyntax();
-                        String inputConstraint = inputDesc.getConstraint();
-                        String inputValueName = inputDesc.getDescription(locale);
-                        String inputValue = null;
-
-                        try {
-                            inputValue = profileInput.getValue(inputName, locale, req);
-                        } catch (EBaseException e) {
-                            CMS.debug("ProfileReviewServlet: " + e.toString());
-                        }
-
-                        inputset.set(ARG_INPUT_ID, inputName);
-                        inputset.set(ARG_INPUT_SYNTAX, inputSyntax);
-                        inputset.set(ARG_INPUT_CONSTRAINT, inputConstraint);
-                        inputset.set(ARG_INPUT_NAME, inputValueName);
-                        inputset.set(ARG_INPUT_VAL, inputValue);
-                        inputlist.add(inputset);
-                    }
-                }
-            }
-        }
-        args.set(ARG_INPUT_LIST, inputlist);
-
-        // if request in complete state
-
-        ArgList outputlist = new ArgList();
-        Enumeration<String> outputIds = profile.getProfileOutputIds();
-
-        if (outputIds != null) {
-            while (outputIds.hasMoreElements()) {
-                String outputId = outputIds.nextElement();
-                IProfileOutput profileOutput = profile.getProfileOutput(outputId
-                        );
-
-                Enumeration<String> outputNames = profileOutput.getValueNames();
-
-                if (outputNames != null) {
-                    while (outputNames.hasMoreElements()) {
-                        ArgSet outputset = new ArgSet();
-                        String outputName = outputNames.nextElement
-                                ();
-                        IDescriptor outputDesc =
-                                profileOutput.getValueDescriptor(locale, outputName);
-
-                        if (outputDesc == null)
-                            continue;
-                        String outputSyntax = outputDesc.getSyntax();
-                        String outputConstraint = outputDesc.getConstraint();
-                        String outputValueName = outputDesc.getDescription(locale);
-                        String outputValue = null;
-
-                        try {
-                            outputValue = profileOutput.getValue(outputName,
-                                        locale, req);
-                        } catch (EProfileException e) {
-                            CMS.debug("ProfileSubmitServlet: " + e.toString(
-                                    ));
-                        }
-
-                        outputset.set(ARG_OUTPUT_ID, outputName);
-                        outputset.set(ARG_OUTPUT_SYNTAX, outputSyntax);
-                        outputset.set(ARG_OUTPUT_CONSTRAINT, outputConstraint);
-                        outputset.set(ARG_OUTPUT_NAME, outputValueName);
-                        outputset.set(ARG_OUTPUT_VAL, outputValue);
-                        outputlist.add(outputset);
-                    }
-                }
-            }
-        }
-        args.set(ARG_OUTPUT_LIST, outputlist);
-
-        // (5) return info as template
-        outputTemplate(request, response, args);
-    }
-
-    private void handlePolicy(ArgList list, ServletResponse response,
-            Locale locale, String id, IProfilePolicy policy,
-            IRequest req) {
-        ArgSet set = new ArgSet();
-
-        set.set(ARG_POLICY_ID, id);
-
-        // handle default policy
-        IPolicyDefault def = policy.getDefault();
-        String dDesc = def.getText(locale);
-
-        set.set(ARG_DEF_DESC, dDesc);
-        ArgList deflist = new ArgList();
-        Enumeration<String> defNames = def.getValueNames();
-
-        if (defNames != null) {
-            while (defNames.hasMoreElements()) {
-                ArgSet defset = new ArgSet();
-                String defName = defNames.nextElement();
-                IDescriptor defDesc = def.getValueDescriptor(locale, defName);
-
-                if (defDesc == null)
-                    continue;
-                String defSyntax = defDesc.getSyntax();
-                String defConstraint = defDesc.getConstraint();
-                String defValueName = defDesc.getDescription(locale);
-                String defValue = null;
-
-                try {
-                    defValue = def.getValue(defName, locale, req);
-                } catch (EPropertyException ee) {
-                    CMS.debug("ProfileReviewServlet: " + ee.toString());
-                }
-
-                defset.set(ARG_DEF_ID, defName);
-                defset.set(ARG_DEF_SYNTAX, defSyntax);
-                defset.set(ARG_DEF_CONSTRAINT, defConstraint);
-                defset.set(ARG_DEF_NAME, defValueName);
-                defset.set(ARG_DEF_VAL, defValue);
-                deflist.add(defset);
-            }
-        }
-        set.set(ARG_DEF_LIST, deflist);
-
-        // handle constraint policy
-        IPolicyConstraint con = policy.getConstraint();
-
-        if (con != null) {
-            String conDesc = con.getText(locale);
-
-            set.set(ARG_CON_DESC, conDesc);
-        }
-
-        list.add(set);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java
deleted file mode 100644
index 10013c88c..000000000
--- a/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java
+++ /dev/null
@@ -1,410 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile;
-
-import java.util.Enumeration;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IPolicyConstraint;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileAuthenticator;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.profile.IProfilePolicy;
-import com.netscape.certsrv.profile.IProfileSubsystem;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.template.ArgList;
-import com.netscape.certsrv.template.ArgSet;
-import com.netscape.cms.servlet.common.CMSRequest;
-
-/**
- * Retrieve detailed information of a particular profile.
- *
- * @version $Revision$, $Date$
- */
-public class ProfileSelectServlet extends ProfileServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -3765390650830903602L;
-    private static final String PROP_AUTHORITY_ID = "authorityId";
-    private String mAuthorityId = null;
-
-    public ProfileSelectServlet() {
-    }
-
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mAuthorityId = sc.getInitParameter(PROP_AUTHORITY_ID);
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param profileId the id of the profile to select
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest request = cmsReq.getHttpReq();
-        HttpServletResponse response = cmsReq.getHttpResp();
-
-        CMS.debug("ProfileSelectServlet: start serving");
-
-        Locale locale = getLocale(request);
-
-        IAuthToken authToken = null;
-        ArgSet args = new ArgSet();
-
-        if (mAuthMgr != null) {
-            try {
-                authToken = authenticate(request);
-            } catch (EBaseException e) {
-                CMS.debug("ProcessReqServlet: " + e.toString());
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-                args.set(ARG_ERROR_CODE, "1");
-                args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                        "CMS_AUTHENTICATION_ERROR"));
-                outputTemplate(request, response, args);
-                return;
-            }
-        }
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "read");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_AUTHORIZATION_ERROR"));
-            outputTemplate(request, response, args);
-            return;
-        }
-
-        // (1) Read request from the database
-
-        // (2) Get profile id from the request
-        if (mProfileSubId == null || mProfileSubId.equals("")) {
-            mProfileSubId = IProfileSubsystem.ID;
-        }
-        CMS.debug("ProfileSelectServlet: SubId=" + mProfileSubId);
-        IProfileSubsystem ps = (IProfileSubsystem)
-                CMS.getSubsystem(mProfileSubId);
-
-        if (ps == null) {
-            CMS.debug("ProfileSelectServlet: ProfileSubsystem not found");
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_INTERNAL_ERROR"));
-            outputTemplate(request, response, args);
-            return;
-        }
-
-        // retrieve request
-        IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId);
-
-        if (authority == null) {
-            CMS.debug("ProfileSelectServlet: Authority " + mAuthorityId +
-                    " not found");
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_INTERNAL_ERROR"));
-            outputTemplate(request, response, args);
-            return;
-        }
-        IRequestQueue queue = authority.getRequestQueue();
-
-        if (queue == null) {
-            CMS.debug("ProfileSelectServlet: Request Queue of " +
-                    mAuthorityId + " not found");
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_INTERNAL_ERROR"));
-            outputTemplate(request, response, args);
-            return;
-        }
-
-        IProfile profile = null;
-
-        String profileId = request.getParameter("profileId");
-
-        CMS.debug("ProfileSelectServlet: profileId=" + profileId);
-
-        try {
-            profile = ps.getProfile(profileId);
-        } catch (EProfileException e) {
-            // profile not found
-            CMS.debug("ProfileSelectServlet: profile not found profileId=" +
-                    profileId + " " + e.toString());
-        }
-        if (profile == null) {
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_PROFILE_NOT_FOUND", profileId));
-            outputTemplate(request, response, args);
-            return;
-        }
-
-        ArgList setlist = new ArgList();
-        Enumeration<String> policySetIds = profile.getProfilePolicySetIds();
-
-        if (policySetIds != null) {
-            while (policySetIds.hasMoreElements()) {
-                String setId = policySetIds.nextElement();
-
-                ArgList list = new ArgList();
-                Enumeration<String> policyIds = profile.getProfilePolicyIds(setId);
-
-                if (policyIds != null) {
-                    while (policyIds.hasMoreElements()) {
-                        String id = policyIds.nextElement();
-                        IProfilePolicy policy = profile.getProfilePolicy(setId, id);
-
-                        // (3) query all the profile policies
-                        // (4) default plugins convert request parameters into string
-                        //     http parameters
-                        handlePolicy(list, response, locale,
-                                id, policy);
-                    }
-                }
-                ArgSet setArg = new ArgSet();
-
-                setArg.set(ARG_POLICY_SET_ID, setId);
-                setArg.set(ARG_POLICY, list);
-                setlist.add(setArg);
-            }
-        }
-        args.set(ARG_POLICY_SET_LIST, setlist);
-
-        args.set(ARG_PROFILE_ID, profileId);
-        args.set(ARG_PROFILE_IS_ENABLED,
-                Boolean.toString(ps.isProfileEnable(profileId)));
-        args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId));
-        args.set(ARG_PROFILE_NAME, profile.getName(locale));
-        args.set(ARG_PROFILE_DESC, profile.getDescription(locale));
-        args.set(ARG_PROFILE_IS_VISIBLE,
-                Boolean.toString(profile.isVisible()));
-        args.set(ARG_ERROR_CODE, "0");
-        args.set(ARG_ERROR_REASON, "");
-
-        try {
-            boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean("ca.connector.KRA.enable", false);
-            if (keyArchivalEnabled == true) {
-                CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true");
-
-                // output transport certificate if present
-                args.set("transportCert",
-                        CMS.getConfigStore().getString("ca.connector.KRA.transportCert", ""));
-            } else {
-                CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false");
-                args.set("transportCert", "");
-            }
-        } catch (EBaseException e) {
-            CMS.debug("ProfileSelectServlet: exception caught:" + e.toString());
-        }
-
-        // build authentication
-        ArgList authlist = new ArgList();
-        IProfileAuthenticator authenticator = null;
-
-        try {
-            authenticator = profile.getAuthenticator();
-        } catch (EProfileException e) {
-            // authenticator not installed correctly
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_AUTHENTICATION_MANAGER_NOT_FOUND",
-                    profile.getAuthenticatorId()));
-            outputTemplate(request, response, args);
-            return;
-        }
-
-        if (authenticator != null) {
-            Enumeration<String> authNames = authenticator.getValueNames();
-
-            if (authNames != null) {
-                while (authNames.hasMoreElements()) {
-                    ArgSet authset = new ArgSet();
-                    String authName = authNames.nextElement();
-                    IDescriptor authDesc =
-                            authenticator.getValueDescriptor(locale, authName);
-
-                    if (authDesc == null)
-                        continue;
-                    String authSyntax = authDesc.getSyntax();
-                    String authConstraint = authDesc.getConstraint();
-                    String authValueName = authDesc.getDescription(locale);
-
-                    authset.set(ARG_AUTH_ID, authName);
-                    authset.set(ARG_AUTH_SYNTAX, authSyntax);
-                    authset.set(ARG_AUTH_CONSTRAINT, authConstraint);
-                    authset.set(ARG_AUTH_NAME, authValueName);
-                    authlist.add(authset);
-                }
-            }
-            args.set(ARG_AUTH_LIST, authlist);
-            args.set(ARG_AUTH_NAME, authenticator.getName(locale));
-            args.set(ARG_AUTH_DESC, authenticator.getText(locale));
-            args.set(ARG_AUTH_IS_SSL,
-                    Boolean.toString(authenticator.isSSLClientRequired()));
-        }
-
-        // build input list
-        ArgList inputlist = new ArgList();
-        ArgList inputPluginlist = new ArgList();
-        Enumeration<String> inputIds = profile.getProfileInputIds();
-
-        if (inputIds != null) {
-            while (inputIds.hasMoreElements()) {
-                String inputId = inputIds.nextElement();
-                IProfileInput profileInput = profile.getProfileInput(inputId);
-
-                if (profileInput != null) {
-
-                    ArgSet inputpluginset = new ArgSet();
-                    inputpluginset.set(ARG_INPUT_PLUGIN_ID, inputId);
-                    inputpluginset.set(ARG_INPUT_PLUGIN_NAME,
-                            profileInput.getName(locale));
-                    inputpluginset.set(ARG_INPUT_PLUGIN_DESC,
-                            profileInput.getText(locale));
-                    inputPluginlist.add(inputpluginset);
-
-                    Enumeration<String> inputNames = profileInput.getValueNames();
-
-                    if (inputNames != null) {
-                        while (inputNames.hasMoreElements()) {
-                            ArgSet inputset = new ArgSet();
-                            String inputName = inputNames.nextElement();
-                            IDescriptor inputDesc = profileInput.getValueDescriptor(
-                                    locale, inputName);
-
-                            if (inputDesc == null)
-                                continue;
-                            String inputSyntax = inputDesc.getSyntax();
-                            String inputConstraint = inputDesc.getConstraint();
-                            String inputValueName = inputDesc.getDescription(locale);
-                            String inputValue = null;
-
-                            inputset.set(ARG_INPUT_PLUGIN_ID, inputId);
-                            inputset.set(ARG_INPUT_ID, inputName);
-                            inputset.set(ARG_INPUT_SYNTAX, inputSyntax);
-                            inputset.set(ARG_INPUT_CONSTRAINT, inputConstraint);
-                            inputset.set(ARG_INPUT_NAME, inputValueName);
-                            inputset.set(ARG_INPUT_VAL, inputValue);
-                            inputlist.add(inputset);
-                        }
-                    }
-                }
-            }
-        }
-        args.set(ARG_INPUT_LIST, inputlist);
-        args.set(ARG_INPUT_PLUGIN_LIST, inputPluginlist);
-        args.set(ARG_IS_RENEWAL, profile.isRenewal());
-        args.set(ARG_XML_OUTPUT, profile.isXmlOutput());
-
-        // (5) return info as template
-        outputTemplate(request, response, args);
-    }
-
-    private void handlePolicy(ArgList list, ServletResponse response,
-            Locale locale, String id, IProfilePolicy policy) {
-        ArgSet set = new ArgSet();
-
-        set.set(ARG_POLICY_ID, id);
-
-        // handle default policy
-        IPolicyDefault def = policy.getDefault();
-        String dDesc = def.getText(locale);
-
-        set.set(ARG_DEF_DESC, dDesc);
-        ArgList deflist = new ArgList();
-        Enumeration<String> defNames = def.getValueNames();
-
-        if (defNames != null) {
-            while (defNames.hasMoreElements()) {
-                ArgSet defset = new ArgSet();
-                String defName = defNames.nextElement();
-                IDescriptor defDesc = def.getValueDescriptor(locale, defName);
-
-                if (defDesc == null)
-                    continue;
-                String defSyntax = defDesc.getSyntax();
-                String defConstraint = defDesc.getConstraint();
-                String defValueName = defDesc.getDescription(locale);
-                String defValue = null;
-
-                defset.set(ARG_DEF_ID, defName);
-                defset.set(ARG_DEF_SYNTAX, defSyntax);
-                defset.set(ARG_DEF_CONSTRAINT, defConstraint);
-                defset.set(ARG_DEF_NAME, defValueName);
-                defset.set(ARG_DEF_VAL, defValue);
-                deflist.add(defset);
-            }
-        }
-        set.set(ARG_DEF_LIST, deflist);
-
-        // handle constraint policy
-        IPolicyConstraint con = policy.getConstraint();
-        String conDesc = con.getText(locale);
-
-        set.set(ARG_CON_DESC, conDesc);
-        ArgList conlist = new ArgList();
-        Enumeration<String> conNames = con.getConfigNames();
-        if (conNames != null) {
-            while (conNames.hasMoreElements()) {
-                ArgSet conset = new ArgSet();
-                String conName = conNames.nextElement();
-                conset.set(ARG_CON_NAME, conName);
-                conset.set(ARG_CON_VALUE, con.getConfig(conName));
-                conlist.add(conset);
-            }
-        }
-        set.set(ARG_CON_LIST, conlist);
-
-        list.add(set);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileService.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileService.java
deleted file mode 100644
index edb8b2248..000000000
--- a/base/common/src/com/netscape/cms/servlet/profile/ProfileService.java
+++ /dev/null
@@ -1,952 +0,0 @@
-//--- BEGIN COPYRIGHT BLOCK ---
-//This program is free software; you can redistribute it and/or modify
-//it under the terms of the GNU General Public License as published by
-//the Free Software Foundation; version 2 of the License.
-//
-//This program is distributed in the hope that it will be useful,
-//but WITHOUT ANY WARRANTY; without even the implied warranty of
-//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-//GNU General Public License for more details.
-//
-//You should have received a copy of the GNU General Public License along
-//with this program; if not, write to the Free Software Foundation, Inc.,
-//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-//(C) 2011 Red Hat, Inc.
-//All rights reserved.
-//--- END COPYRIGHT BLOCK ---
-
-package com.netscape.cms.servlet.profile;
-
-import java.io.File;
-import java.io.IOException;
-import java.net.URI;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-import java.util.Vector;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.Request;
-import javax.ws.rs.core.UriBuilder;
-import javax.ws.rs.core.UriInfo;
-
-import org.apache.commons.lang.StringUtils;
-import org.jboss.resteasy.plugins.providers.atom.Link;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.BadRequestException;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.base.UnauthorizedException;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.common.OpDef;
-import com.netscape.certsrv.common.ScopeDef;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileEx;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.profile.IProfileOutput;
-import com.netscape.certsrv.profile.IProfilePolicy;
-import com.netscape.certsrv.profile.IProfileSubsystem;
-import com.netscape.certsrv.profile.PolicyConstraint;
-import com.netscape.certsrv.profile.PolicyConstraintValue;
-import com.netscape.certsrv.profile.PolicyDefault;
-import com.netscape.certsrv.profile.ProfileData;
-import com.netscape.certsrv.profile.ProfileDataInfo;
-import com.netscape.certsrv.profile.ProfileDataInfos;
-import com.netscape.certsrv.profile.ProfileInput;
-import com.netscape.certsrv.profile.ProfileNotFoundException;
-import com.netscape.certsrv.profile.ProfileOutput;
-import com.netscape.certsrv.profile.ProfileParameter;
-import com.netscape.certsrv.profile.ProfilePolicy;
-import com.netscape.certsrv.profile.ProfileResource;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.registry.IPluginInfo;
-import com.netscape.certsrv.registry.IPluginRegistry;
-import com.netscape.cms.realm.PKIPrincipal;
-import com.netscape.cms.servlet.base.PKIService;
-
-/**
- * @author alee
- *
- */
-public class ProfileService extends PKIService implements ProfileResource {
-
-    @Context
-    private UriInfo uriInfo;
-
-    @Context
-    private HttpHeaders headers;
-
-    @Context
-    private Request request;
-
-    @Context
-    private HttpServletRequest servletRequest;
-
-    private IProfileSubsystem ps = (IProfileSubsystem) CMS.getSubsystem(IProfileSubsystem.ID);
-    private IPluginRegistry registry = (IPluginRegistry) CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY);
-    private IConfigStore cs = CMS.getConfigStore().getSubStore("profile");
-
-    private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL =
-            "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4";
-    private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE =
-            "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3";
-
-    public ProfileDataInfos listProfiles() {
-        List<ProfileDataInfo> list = new ArrayList<ProfileDataInfo>();
-        ProfileDataInfos infos = new ProfileDataInfos();
-        boolean visibleOnly = true;
-
-        if (ps == null) {
-            return null;
-        }
-
-        PKIPrincipal principal = (PKIPrincipal) servletRequest.getUserPrincipal();
-        if ((principal != null) &&
-                (principal.hasRole("Certificate Manager Agents") ||
-                principal.hasRole("Certificate Manager Administrators"))) {
-            visibleOnly = false;
-        }
-        Enumeration<String> profileIds = ps.getProfileIds();
-        if (profileIds != null) {
-            while (profileIds.hasMoreElements()) {
-                String id = profileIds.nextElement();
-                ProfileDataInfo info = null;
-                try {
-                    info = createProfileDataInfo(id, visibleOnly, uriInfo, getLocale(headers));
-                } catch (EBaseException e) {
-                    continue;
-                }
-
-                if (info != null) {
-                    list.add(info);
-                }
-            }
-        }
-
-        infos.setProfileInfos(list);
-        return infos;
-    }
-
-    public ProfileData retrieveProfile(String profileId) throws ProfileNotFoundException {
-        ProfileData data = null;
-        boolean visibleOnly = true;
-
-        if (ps == null) {
-            return null;
-        }
-
-        PKIPrincipal principal = (PKIPrincipal) servletRequest.getUserPrincipal();
-        if ((principal != null) &&
-                (principal.hasRole("Certificate Manager Agents") ||
-                principal.hasRole("Certificate Manager Administrators"))) {
-            visibleOnly = false;
-        }
-
-        Enumeration<String> profileIds = ps.getProfileIds();
-
-        IProfile profile = null;
-        if (profileIds != null) {
-            while (profileIds.hasMoreElements()) {
-                String id = profileIds.nextElement();
-
-                if (id.equals(profileId)) {
-
-                    try {
-                        profile = ps.getProfile(profileId);
-                    } catch (EProfileException e) {
-                        e.printStackTrace();
-                        throw new ProfileNotFoundException(profileId);
-                    }
-                    break;
-                }
-            }
-        }
-
-        if (profile == null) {
-            throw new ProfileNotFoundException(profileId);
-        }
-
-        if (visibleOnly && !profile.isVisible()) {
-            throw new ProfileNotFoundException(profileId);
-        }
-
-        try {
-            data = createProfileData(profileId);
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            throw new ProfileNotFoundException(profileId);
-        }
-
-        UriBuilder profileBuilder = uriInfo.getBaseUriBuilder();
-        URI uri = profileBuilder.path(ProfileResource.class).path("{id}").
-                build(profileId);
-        data.setLink(new Link("self", uri));
-
-        return data;
-    }
-
-    public ProfileData createProfileData(String profileId) throws EBaseException {
-
-        IProfile profile;
-
-        try {
-            profile = ps.getProfile(profileId);
-        } catch (EProfileException e) {
-            e.printStackTrace();
-            throw new ProfileNotFoundException(profileId);
-        }
-
-        ProfileData data = new ProfileData();
-
-        data.setAuthenticatorId(profile.getAuthenticatorId());
-        data.setAuthzAcl(profile.getAuthzAcl());
-        data.setClassId(cs.getString(profileId + ".class_id"));
-        data.setDescription(profile.getDescription(getLocale(headers)));
-        data.setEnabled(ps.isProfileEnable(profileId));
-        data.setEnabledBy(ps.getProfileEnableBy(profileId));
-        data.setId(profileId);
-        data.setName(profile.getName(getLocale(headers)));
-        data.setRenewal(Boolean.getBoolean(profile.isRenewal()));
-        data.setVisible(profile.isVisible());
-        data.setXMLOutput(Boolean.getBoolean(profile.isXmlOutput()));
-
-        Enumeration<String> inputIds = profile.getProfileInputIds();
-        if (inputIds != null) {
-            while (inputIds.hasMoreElements()) {
-                ProfileInput input = createProfileInput(profile, inputIds.nextElement(), getLocale(headers));
-                if (input == null)
-                    continue;
-                data.addProfileInput(input);
-            }
-        }
-
-        // profile outputs
-        Enumeration<String> outputIds = profile.getProfileOutputIds();
-        if (outputIds != null) {
-            while (outputIds.hasMoreElements()) {
-                ProfileOutput output = createProfileOutput(profile, outputIds.nextElement(), getLocale(headers));
-                if (output == null)
-                    continue;
-                data.addProfileOutput(output);
-            }
-        }
-
-        // profile policies
-        Enumeration<String> policySetIds = profile.getProfilePolicySetIds();
-        if (policySetIds != null) {
-            while (policySetIds.hasMoreElements()) {
-                Vector<ProfilePolicy> pset = new Vector<ProfilePolicy>();
-                String policySetId = policySetIds.nextElement();
-                Enumeration<String> policyIds = profile.getProfilePolicyIds(policySetId);
-                while (policyIds.hasMoreElements()) {
-                    String policyId = policyIds.nextElement();
-                    pset.add(createProfilePolicy(profile, policySetId, policyId));
-                }
-
-                if (!pset.isEmpty()) {
-                    data.addProfilePolicySet(policySetId, pset);
-                }
-            }
-        }
-
-        UriBuilder profileBuilder = uriInfo.getBaseUriBuilder();
-        URI uri = profileBuilder.path(ProfileResource.class).path("{id}").
-                build(profileId);
-        data.setLink(new Link("self", uri));
-
-        return data;
-    }
-
-    public ProfilePolicy createProfilePolicy(IProfile profile, String setId, String policyId) throws EBaseException {
-        IProfilePolicy policy = profile.getProfilePolicy(setId, policyId);
-        IConfigStore policyStore = profile.getConfigStore().getSubStore(
-                "policyset." + setId + "." + policy.getId());
-
-        ProfilePolicy p = new ProfilePolicy();
-        String constraintClassId = policyStore.getString("constraint.class_id");
-        p.setConstraint(PolicyConstraintFactory.create(getLocale(headers), policy.getConstraint(), constraintClassId));
-        String defaultClassId = policyStore.getString("default.class_id");
-        p.setDef(PolicyDefaultFactory.create(getLocale(headers), policy.getDefault(), defaultClassId));
-        p.setId(policy.getId());
-        return p;
-    }
-
-    public static ProfileInput createProfileInput(IProfile profile, String inputId, Locale locale) throws EBaseException {
-        IProfileInput profileInput = profile.getProfileInput(inputId);
-        if (profileInput == null)
-            return null;
-
-        IConfigStore inputStore = profile.getConfigStore().getSubStore("input");
-        String classId = inputStore.getString(inputId + ".class_id");
-
-        return new ProfileInput(profileInput, inputId, classId, locale);
-    }
-
-    public static ProfileOutput createProfileOutput(IProfile profile, String outputId, Locale locale) throws EBaseException {
-        IProfileOutput profileOutput = profile.getProfileOutput(outputId);
-        if (profileOutput == null)
-            return null;
-
-        IConfigStore outputStore = profile.getConfigStore().getSubStore("output");
-        String classId = outputStore.getString(outputId + ".class_id");
-
-        return new ProfileOutput(profileOutput, outputId, classId, locale);
-    }
-
-    public static ProfileDataInfo createProfileDataInfo(String profileId, boolean visibleOnly, UriInfo uriInfo,
-            Locale locale) throws EBaseException {
-
-        IProfileSubsystem ps = (IProfileSubsystem) CMS.getSubsystem(IProfileSubsystem.ID);
-        if (profileId == null) {
-            throw new EBaseException("Error creating ProfileDataInfo.");
-        }
-        ProfileDataInfo ret = null;
-
-        IProfile profile = null;
-
-        profile = ps.getProfile(profileId);
-        if (profile == null) {
-            return null;
-        }
-
-        if (visibleOnly && !profile.isVisible()) {
-            return null;
-        }
-
-        ret = new ProfileDataInfo();
-
-        ret.setProfileId(profileId);
-        ret.setProfileName(profile.getName(locale));
-        ret.setProfileDescription(profile.getDescription(locale));
-
-        UriBuilder profileBuilder = uriInfo.getBaseUriBuilder();
-        URI uri = profileBuilder.path(ProfileResource.class).path("{id}").
-                build(profileId);
-
-        ret.setProfileURL(uri.toString());
-
-        return ret;
-    }
-
-    public void modifyProfileState(String profileId, String action) {
-        if (ps == null) {
-            CMS.debug("modifyProfileState: ps is null");
-            throw new PKIException("Error modifying profile state.  Profile Service not available");
-        }
-
-        if (profileId == null) {
-            CMS.debug("modifyProfileState: invalid request. profileId is null");
-            throw new BadRequestException("Invalid ProfileId");
-        }
-
-        Principal principal = servletRequest.getUserPrincipal();
-
-        switch (action) {
-        case "enable":
-            if (ps.isProfileEnable(profileId)) {
-                throw new BadRequestException("Profile already enabled");
-            }
-            try {
-                ps.enableProfile(profileId, principal.getName());
-                auditProfileChangeState(profileId, "approve", ILogger.SUCCESS);
-            } catch (EProfileException e) {
-                CMS.debug("modifyProfileState: error enabling profile. " + e);
-                e.printStackTrace();
-                auditProfileChangeState(profileId, "approve", ILogger.FAILURE);
-                throw new PKIException("Error enabling profile");
-            }
-            break;
-        case "disable":
-            if (!ps.isProfileEnable(profileId)) {
-                throw new BadRequestException("Profile already disabled");
-            }
-            String userid = principal.getName();
-            try {
-                if (ps.checkOwner()) {
-                    if (ps.getProfileEnableBy(profileId).equals(userid)) {
-                        ps.disableProfile(profileId);
-                        auditProfileChangeState(profileId, "disapprove", ILogger.SUCCESS);
-                    } else {
-                        auditProfileChangeState(profileId, "disapprove", ILogger.FAILURE);
-                        throw new UnauthorizedException(
-                                "Profile can only be disabled by the agent that enabled it");
-                    }
-                } else {
-                    ps.disableProfile(profileId);
-                    auditProfileChangeState(profileId, "disapprove", ILogger.SUCCESS);
-                }
-            } catch (EProfileException e) {
-                CMS.debug("modifyProfileState: Error disabling profile: " + e);
-                e.printStackTrace();
-                auditProfileChangeState(profileId, "disapprove", ILogger.FAILURE);
-                throw new PKIException("Error disabling profile");
-            }
-            break;
-        default:
-            auditProfileChangeState(profileId, "invalid", ILogger.FAILURE);
-            throw new BadRequestException("Invalid operation");
-        }
-    }
-
-    public void createProfile(ProfileData data) {
-        if (ps == null) {
-            CMS.debug("createProfile: ps is null");
-            throw new PKIException("Error creating profile.  Profile Service not available");
-        }
-
-        IProfile profile = null;
-        String profileId = data.getId();
-        Map<String, String> auditParams = new LinkedHashMap<String, String>();
-        try {
-            profile = ps.getProfile(profileId);
-            if (profile != null) {
-                throw new BadRequestException("Profile already exists");
-            }
-
-            auditParams.put("class_id", data.getClassId());
-            auditParams.put("name", data.getName());
-            auditParams.put("description", data.getDescription());
-            auditParams.put("visible", Boolean.toString(data.isVisible()));
-
-            String config = CMS.getConfigStore().getString("instanceRoot") + "/ca/profiles/ca/" +
-                    profileId + ".cfg";
-            File configFile = new File(config);
-            configFile.createNewFile();
-            IPluginInfo info = registry.getPluginInfo("profile", data.getClassId());
-
-            profile = ps.createProfile(profileId, data.getClassId(), info.getClassName(), config);
-            profile.setName(getLocale(headers), data.getName());
-            profile.setDescription(getLocale(headers), data.getDescription());
-            profile.setVisible(data.isVisible());
-            profile.getConfigStore().commit(false);
-            ps.createProfileConfig(profileId, data.getClassId(), config);
-
-            if (profile instanceof IProfileEx) {
-                // populates profile specific plugins such as
-                // policies, inputs and outputs with defaults
-                ((IProfileEx) profile).populate();
-            }
-
-            auditProfileChange(
-                    ScopeDef.SC_PROFILE_RULES,
-                    OpDef.OP_ADD,
-                    profileId,
-                    ILogger.SUCCESS,
-                    auditParams);
-        } catch (EBaseException | IOException e) {
-            CMS.debug("createProfile: error in creating profile: " + e);
-            e.printStackTrace();
-
-            auditProfileChange(
-                    ScopeDef.SC_PROFILE_RULES,
-                    OpDef.OP_ADD,
-                    profileId,
-                    ILogger.FAILURE,
-                    auditParams);
-
-            throw new PKIException("Error in creating profile");
-        }
-
-        changeProfileData(data, profile);
-    }
-
-    public void modifyProfile(String profileId, ProfileData data) {
-        if (ps == null) {
-            CMS.debug("modifyProfile: ps is null");
-            throw new PKIException("Error modifying profile.  Profile Service not available");
-        }
-
-        IProfile profile = null;
-        try {
-            profile = ps.getProfile(profileId);
-            if (profile == null) {
-                throw new ProfileNotFoundException("Cannot modify profile `" + profileId +
-                        "`.  Profile not found");
-            }
-        } catch (EBaseException e) {
-            CMS.debug("modifyProfile: error obtaining profile `" + profileId + "`: " + e);
-            e.printStackTrace();
-            throw new PKIException("Error modifying profile.  Cannot obtain profile.");
-        }
-
-        changeProfileData(data, profile);
-    }
-
-    private void changeProfileData(ProfileData data, IProfile profile) {
-        String profileId = data.getId();
-        if (profile == null) {
-            CMS.debug("changeProfileData - profile is null");
-            throw new PKIException("Error changing profile data. Profile not available.");
-        }
-        if (ps.isProfileEnable(profileId)) {
-            throw new BadRequestException("Cannot change profile data.  Profile must be disabled");
-        }
-
-        Map<String, String> auditParams = new LinkedHashMap<String, String>();
-
-        if (differs(profile.getAuthenticatorId(), data.getAuthenticatorId())) {
-            profile.setAuthenticatorId(data.getAuthenticatorId());
-            auditParams.put("authenticatorId", data.getAuthenticatorId());
-        }
-
-        if (differs(profile.getAuthzAcl(), data.getAuthzAcl())) {
-            profile.setAuthzAcl(data.getAuthzAcl());
-            auditParams.put("authzAcl", data.getAuthzAcl());
-        }
-
-        if (differs(profile.getDescription(getLocale(headers)), data.getDescription())) {
-            profile.setDescription(getLocale(headers), data.getDescription());
-            auditParams.put("description", data.getDescription());
-        }
-
-        if (differs(profile.getId(), data.getId())) {
-            profile.setId(data.getId());
-            auditParams.put("id", data.getId());
-        }
-
-        if (differs(profile.getName(getLocale(headers)), data.getName())) {
-            profile.setName(getLocale(headers), data.getName());
-            auditParams.put("name", data.getName());
-        }
-
-        // TODO renewal is a string in Profile, should be changed
-        if (differs(profile.isRenewal(), Boolean.toString(data.isRenewal()))) {
-            profile.setRenewal(data.isRenewal());
-            auditParams.put("renewal", Boolean.toString(data.isRenewal()));
-        }
-
-        if (!profile.isVisible() == data.isVisible()) {
-            profile.setVisible(data.isVisible());
-            auditParams.put("visible", Boolean.toString(data.isVisible()));
-        }
-
-        // TODO xmloutput is a string in Profile, should be changed
-        if (differs(profile.isXmlOutput(), Boolean.toString(data.isXMLOutput()))) {
-            profile.setXMLOutput(data.isXMLOutput());
-            auditParams.put("xmloutput", Boolean.toString(data.isXMLOutput()));
-        }
-
-        if (!auditParams.isEmpty()) {
-            auditProfileChange(
-                    ScopeDef.SC_PROFILE_RULES,
-                    OpDef.OP_MODIFY,
-                    profileId,
-                    ILogger.SUCCESS,
-                    auditParams);
-        }
-
-        try {
-            populateProfileInputs(data, profile);
-            populateProfileOutputs(data, profile);
-            populateProfilePolicies(data, profile);
-            profile.getConfigStore().commit(false);
-        } catch (EBaseException e) {
-            CMS.debug("changeProfileData: Error changing profile inputs/outputs/policies: " + e);
-            e.printStackTrace();
-            throw new PKIException("Error changing profile data");
-        }
-    }
-
-    private boolean differs(String v1, String v2) {
-        if (v1 != null) {
-            if (!v1.equals(v2)) {
-                return true;
-            }
-        } else {
-            if (v2 != null) {
-                return true;
-            }
-        }
-        return false;
-    }
-
-    private void populateProfilePolicies(ProfileData data, IProfile profile) throws EBaseException {
-        // get list of changes for auditing
-        List<String> auditAdd = new ArrayList<String>();
-        List<String> auditModify = new ArrayList<String>();
-
-        Enumeration<String> existingSetIds = profile.getProfilePolicySetIds();
-        Map<String, ProfilePolicy> existingPolicies = new LinkedHashMap<String, ProfilePolicy>();
-        while (existingSetIds.hasMoreElements()) {
-            String setId = existingSetIds.nextElement();
-            Enumeration<String> policyIds = profile.getProfilePolicyIds(setId);
-            while (policyIds.hasMoreElements()) {
-                String policyId = policyIds.nextElement();
-                existingPolicies.put(
-                        setId + ":" + policyId,
-                        createProfilePolicy(profile, setId, policyId));
-            }
-        }
-
-        for (Map.Entry<String, List<ProfilePolicy>> policySet : data.getPolicySets().entrySet()) {
-            String setId = policySet.getKey();
-            for (ProfilePolicy policy : policySet.getValue()) {
-                String id = setId + ":" + policy.getId();
-                if (!existingPolicies.containsKey(id)) {
-                    auditAdd.add(id);
-                } else {
-                    if (!policy.equals(existingPolicies.get(id))) {
-                        auditModify.add(id);
-                    }
-                }
-                existingPolicies.remove(id);
-            }
-        }
-
-        List<String> auditDelete = new ArrayList<String>(existingPolicies.keySet());
-
-        //perform actions
-        try {
-            profile.deleteAllProfilePolicies();
-            for (Map.Entry<String, List<ProfilePolicy>> policySet : data.getPolicySets().entrySet()) {
-                String setId = policySet.getKey();
-                for (ProfilePolicy policy : policySet.getValue()) {
-                    PolicyDefault def = policy.getDef();
-                    PolicyConstraint con = policy.getConstraint();
-
-                    // create policy using defaults for PolicyDefault and PolicyConstraint
-                    IProfilePolicy p = profile.createProfilePolicy(setId, policy.getId(),
-                            def.getClassId(), con.getClassId());
-
-                    // change specific elements to match incoming data for PolicyDefault
-                    IConfigStore pstore = profile.getConfigStore().getSubStore(
-                            "policyset." + setId + "." + policy.getId());
-                    if (!def.getName().isEmpty()) {
-                        pstore.putString("default.name", def.getName());
-                    }
-                    /*if (!def.getText().isEmpty()) {
-                        pstore.putString("default.description", def.getText());
-                    }*/
-                    for (ProfileParameter param : def.getParams()) {
-                        if (!param.getValue().isEmpty()) {
-                            p.getDefault().setConfig(param.getName(), param.getValue());
-                        }
-                    }
-
-                    // change specific elements to match incoming data for PolicyConstraint
-                    if (!con.getName().isEmpty()) {
-                        pstore.putString("constraint.name", con.getName());
-                    }
-                    /*if (!con.getText().isEmpty()) {
-                        pstore.putString("constraint.description", con.getText());
-                    }*/
-                    for (PolicyConstraintValue pcv : con.getConstraints()) {
-                        if (!pcv.getValue().isEmpty()) {
-                            p.getConstraint().setConfig(pcv.getName(), pcv.getValue());
-                        }
-                    }
-                }
-            }
-
-            if (!auditDelete.isEmpty()) {
-                Map<String, String> auditParams = new LinkedHashMap<String, String>();
-                auditParams.put("inputs", StringUtils.join(auditDelete, ","));
-                auditProfileChange(
-                        ScopeDef.SC_PROFILE_POLICIES,
-                        OpDef.OP_DELETE,
-                        profile.getId(),
-                        ILogger.SUCCESS,
-                        auditParams);
-            }
-
-            if (!auditAdd.isEmpty()) {
-                Map<String, String> auditParams = new LinkedHashMap<String, String>();
-                auditParams.put("inputs", StringUtils.join(auditAdd, ","));
-                auditProfileChange(
-                        ScopeDef.SC_PROFILE_POLICIES,
-                        OpDef.OP_ADD,
-                        profile.getId(),
-                        ILogger.SUCCESS,
-                        auditParams);
-            }
-
-            if (!auditModify.isEmpty()) {
-                Map<String, String> auditParams = new LinkedHashMap<String, String>();
-                auditParams.put("inputs", StringUtils.join(auditModify, ","));
-                auditProfileChange(
-                        ScopeDef.SC_PROFILE_POLICIES,
-                        OpDef.OP_MODIFY,
-                        profile.getId(),
-                        ILogger.SUCCESS,
-                        auditParams);
-            }
-        } catch (EProfileException | EPropertyException e) {
-            Map<String, String> auditParams = new LinkedHashMap<String, String>();
-            auditParams.put("added", StringUtils.join(auditAdd, ","));
-            auditParams.put("deleted", StringUtils.join(auditDelete, ","));
-            auditParams.put("modified", StringUtils.join(auditModify, ","));
-            auditProfileChange(
-                    ScopeDef.SC_PROFILE_POLICIES,
-                    OpDef.OP_MODIFY,
-                    profile.getId(),
-                    ILogger.FAILURE,
-                    auditParams);
-            throw e;
-        }
-    }
-
-    private void populateProfileOutputs(ProfileData data, IProfile profile) throws EBaseException {
-        // get list of changes for auditing
-        List<String> auditAdd = new ArrayList<String>();
-        List<String> auditModify = new ArrayList<String>();
-
-        Enumeration<String> existingIds = profile.getProfileOutputIds();
-        Map<String, ProfileOutput> existingOutputs = new LinkedHashMap<String, ProfileOutput>();
-        while (existingIds.hasMoreElements()) {
-            String id = existingIds.nextElement();
-            ProfileOutput output = createProfileOutput(profile, id, getLocale(headers));
-            if (output == null)
-                continue;
-            existingOutputs.put(id, output);
-        }
-
-        List<ProfileOutput> outputs = data.getOutputs();
-        for (ProfileOutput output : outputs) {
-            String id = output.getId();
-            if (!existingOutputs.containsKey(id)) {
-                auditAdd.add(id);
-            } else {
-                if (!output.equals(existingOutputs.get(id))) {
-                    auditModify.add(id);
-                }
-                existingOutputs.remove(id);
-            }
-        }
-        List<String> auditDelete = new ArrayList<String>(existingOutputs.keySet());
-
-        // perform operations
-
-        try {
-            profile.deleteAllProfileOutputs();
-            for (ProfileOutput output : outputs) {
-                String id = output.getId();
-                String classId = output.getClassId();
-
-                NameValuePairs nvp = new NameValuePairs();
-                // TODO - add a field for params in ProfileOuput
-                // No current examples
-                profile.createProfileOutput(id, classId, nvp);
-            }
-
-            if (!auditDelete.isEmpty()) {
-                Map<String, String> auditParams = new LinkedHashMap<String, String>();
-                auditParams.put("outputs", StringUtils.join(auditDelete, ","));
-                auditProfileChange(
-                        ScopeDef.SC_PROFILE_OUTPUT,
-                        OpDef.OP_DELETE,
-                        profile.getId(),
-                        ILogger.SUCCESS,
-                        auditParams);
-            }
-
-            if (!auditAdd.isEmpty()) {
-                Map<String, String> auditParams = new LinkedHashMap<String, String>();
-                auditParams.put("outputs", StringUtils.join(auditAdd, ","));
-                auditProfileChange(
-                        ScopeDef.SC_PROFILE_OUTPUT,
-                        OpDef.OP_ADD,
-                        profile.getId(),
-                        ILogger.SUCCESS,
-                        auditParams);
-            }
-
-            if (!auditModify.isEmpty()) {
-                Map<String, String> auditParams = new LinkedHashMap<String, String>();
-                auditParams.put("outputs", StringUtils.join(auditModify, ","));
-                auditProfileChange(
-                        ScopeDef.SC_PROFILE_OUTPUT,
-                        OpDef.OP_MODIFY,
-                        profile.getId(),
-                        ILogger.SUCCESS,
-                        auditParams);
-            }
-        } catch (EProfileException e) {
-            Map<String, String> auditParams = new LinkedHashMap<String, String>();
-
-            auditParams.put("added", StringUtils.join(auditAdd, ","));
-            auditParams.put("deleted", StringUtils.join(auditDelete, ","));
-            auditParams.put("modified", StringUtils.join(auditModify, ","));
-            auditProfileChange(
-                    ScopeDef.SC_PROFILE_OUTPUT,
-                    OpDef.OP_MODIFY,
-                    profile.getId(),
-                    ILogger.FAILURE,
-                    auditParams);
-            throw e;
-        }
-    }
-
-    private void populateProfileInputs(ProfileData data, IProfile profile) throws EBaseException {
-        // get list of changes for auditing
-        List<String> auditAdd = new ArrayList<String>();
-        List<String> auditModify = new ArrayList<String>();
-        Enumeration<String> existingIds = profile.getProfileInputIds();
-        Map<String, ProfileInput> existingInputs = new LinkedHashMap<String, ProfileInput>();
-
-        while (existingIds.hasMoreElements()) {
-            String id = existingIds.nextElement();
-            ProfileInput input = createProfileInput(profile, id, getLocale(headers));
-            if (input == null)
-                continue;
-            existingInputs.put(id, input);
-        }
-
-        List<ProfileInput> inputs = data.getInputs();
-        for (ProfileInput input : inputs) {
-            String id = input.getId();
-            if (!existingInputs.containsKey(id)) {
-                auditAdd.add(id);
-            } else {
-                if (!input.equals(existingInputs.get(id))) {
-                    auditModify.add(id);
-                }
-                existingInputs.remove(id);
-            }
-        }
-        List<String> auditDelete = new ArrayList<String>(existingInputs.keySet());
-
-        try {
-            // perform the operations
-            profile.deleteAllProfileInputs();
-
-            for (ProfileInput input : inputs) {
-                String id = input.getId();
-                String classId = input.getClassId();
-
-                NameValuePairs nvp = new NameValuePairs();
-                // TODO - add a field for params in ProfileInput.
-                // an example of this is DomainController.cfg
-                profile.createProfileInput(id, classId, nvp);
-            }
-
-            if (!auditDelete.isEmpty()) {
-                Map<String, String> auditParams = new LinkedHashMap<String, String>();
-                auditParams.put("inputs", StringUtils.join(auditDelete, ","));
-                auditProfileChange(
-                        ScopeDef.SC_PROFILE_INPUT,
-                        OpDef.OP_DELETE,
-                        profile.getId(),
-                        ILogger.SUCCESS,
-                        auditParams);
-            }
-
-            if (!auditAdd.isEmpty()) {
-                Map<String, String> auditParams = new LinkedHashMap<String, String>();
-                auditParams.put("inputs", StringUtils.join(auditAdd, ","));
-                auditProfileChange(
-                        ScopeDef.SC_PROFILE_INPUT,
-                        OpDef.OP_ADD,
-                        profile.getId(),
-                        ILogger.SUCCESS,
-                        auditParams);
-            }
-
-            if (!auditModify.isEmpty()) {
-                Map<String, String> auditParams = new LinkedHashMap<String, String>();
-                auditParams.put("inputs", StringUtils.join(auditModify, ","));
-                auditProfileChange(
-                        ScopeDef.SC_PROFILE_INPUT,
-                        OpDef.OP_MODIFY,
-                        profile.getId(),
-                        ILogger.SUCCESS,
-                        auditParams);
-            }
-        } catch (EProfileException e) {
-            Map<String, String> auditParams = new LinkedHashMap<String, String>();
-
-            auditParams.put("added", StringUtils.join(auditAdd, ","));
-            auditParams.put("deleted", StringUtils.join(auditDelete, ","));
-            auditParams.put("modified", StringUtils.join(auditModify, ","));
-            auditProfileChange(
-                    ScopeDef.SC_PROFILE_INPUT,
-                    OpDef.OP_MODIFY,
-                    profile.getId(),
-                    ILogger.FAILURE,
-                    auditParams);
-            throw e;
-        }
-    }
-
-    public void deleteProfile(@PathParam("id") String profileId) {
-        if (ps == null) {
-            CMS.debug("deleteProfile: ps is null");
-            throw new PKIException("Error deleting profile.  Profile Service not available");
-        }
-
-        try {
-            IProfile profile = ps.getProfile(profileId);
-            if (profile == null) {
-                CMS.debug("Trying to delete profile: " + profileId + ".  Profile already deleted.");
-                return;
-            }
-
-            if (ps.isProfileEnable(profileId)) {
-                CMS.debug("Delete profile not permitted.  Profile must be disabled first.");
-                auditProfileChange(
-                        ScopeDef.SC_PROFILE_RULES,
-                        OpDef.OP_DELETE,
-                        profileId,
-                        ILogger.FAILURE,
-                        null);
-
-                throw new BadRequestException("Cannot delete profile `" + profileId +
-                        "`.  Profile must be disabled first.");
-            }
-
-            String configFile = CMS.getConfigStore().getString("profile." + profileId + ".config");
-
-            ps.deleteProfile(profileId, configFile);
-
-            auditProfileChange(
-                    ScopeDef.SC_PROFILE_RULES,
-                    OpDef.OP_DELETE,
-                    profileId,
-                    ILogger.FAILURE,
-                    null);
-        } catch (EBaseException e) {
-            CMS.debug("deleteProfile: error in deleting profile `" + profileId + "`: " + e);
-            e.printStackTrace();
-
-            auditProfileChange(
-                    ScopeDef.SC_PROFILE_RULES,
-                    OpDef.OP_DELETE,
-                    profileId,
-                    ILogger.FAILURE,
-                    null);
-
-            throw new PKIException("Error deleting profile.");
-        }
-    }
-
-    public void auditProfileChangeState(String profileId, String op, String status) {
-        String msg = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
-                auditor.getSubjectID(),
-                status,
-                profileId,
-                op);
-        auditor.log(msg);
-    }
-
-    public void auditProfileChange(String scope, String type, String id, String status, Map<String, String> params) {
-        String msg = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-                auditor.getSubjectID(),
-                status,
-                auditor.getParamString(scope, type, id, params));
-        auditor.log(msg);
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java
deleted file mode 100644
index be331d6ef..000000000
--- a/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java
+++ /dev/null
@@ -1,578 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile;
-
-import java.io.BufferedReader;
-import java.io.ByteArrayOutputStream;
-import java.io.FileReader;
-import java.io.IOException;
-import java.io.PrintStream;
-import java.io.PrintWriter;
-import java.util.Enumeration;
-import java.util.LinkedHashSet;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authorization.IAuthzSubsystem;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.template.ArgList;
-import com.netscape.certsrv.template.ArgSet;
-import com.netscape.certsrv.template.ArgString;
-import com.netscape.certsrv.template.IArgValue;
-import com.netscape.certsrv.util.IStatsSubsystem;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.base.UserInfo;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.ServletUtils;
-
-/**
- * This servlet is the base class of all profile servlets.
- *
- * @version $Revision$, $Date$
- */
-public class ProfileServlet extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -7011378748671762375L;
-    public final static String ARG_ERROR_CODE = "errorCode";
-    public final static String ARG_ERROR_REASON = "errorReason";
-    public final static String ARG_RECORD = "record";
-    public final static String ARG_OP = "op";
-
-    public final static String ARG_REQUEST_LIST = "requestList";
-    public final static String ARG_REQUEST_ID = "requestId";
-    public final static String ARG_REQUEST_TYPE = "requestType";
-    public final static String ARG_REQUEST_STATUS = "requestStatus";
-    public final static String ARG_REQUEST_OWNER =
-            "requestOwner";
-    public final static String ARG_REQUEST_CREATION_TIME =
-            "requestCreationTime";
-    public final static String ARG_REQUEST_MODIFICATION_TIME =
-            "requestModificationTime";
-    public final static String ARG_REQUEST_NONCE = "nonce";
-
-    public final static String ARG_AUTH_ID = "authId";
-    public final static String ARG_AUTH_SYNTAX = "authSyntax";
-    public final static String ARG_AUTH_CONSTRAINT = "authConstraint";
-    public final static String ARG_AUTH_NAME = "authName";
-    public final static String ARG_AUTH_LIST = "authList";
-    public final static String ARG_AUTH_DESC = "authDesc";
-    public final static String ARG_AUTH_IS_SSL = "authIsSSLClientRequired";
-    public final static String ARG_PROFILE = "profile";
-    public final static String ARG_REQUEST_NOTES = "requestNotes";
-    public final static String ARG_PROFILE_ID = "profileId";
-    public final static String ARG_RENEWAL_PROFILE_ID = "rprofileId";
-    public final static String ARG_PROFILE_IS_ENABLED = "profileIsEnable";
-    public final static String ARG_PROFILE_IS_VISIBLE = "profileIsVisible";
-    public final static String ARG_PROFILE_ENABLED_BY = "profileEnableBy";
-    public final static String ARG_PROFILE_APPROVED_BY = "profileApprovedBy";
-    public final static String ARG_PROFILE_NAME = "profileName";
-    public final static String ARG_PROFILE_DESC = "profileDesc";
-    public final static String ARG_PROFILE_REMOTE_HOST = "profileRemoteHost";
-    public final static String ARG_PROFILE_REMOTE_ADDR = "profileRemoteAddr";
-    public final static String ARG_DEF_ID = "defId";
-    public final static String ARG_DEF_SYNTAX = "defSyntax";
-    public final static String ARG_DEF_CONSTRAINT = "defConstraint";
-    public final static String ARG_DEF_NAME = "defName";
-    public final static String ARG_DEF_VAL = "defVal";
-    public final static String ARG_DEF_DESC = "defDesc";
-    public final static String ARG_DEF_LIST = "defList";
-    public final static String ARG_CON_DESC = "conDesc";
-    public final static String ARG_CON_LIST = "constraint";
-    public final static String ARG_CON_NAME = "name";
-    public final static String ARG_CON_VALUE = "value";
-    public final static String ARG_PROFILE_SET_ID = "profileSetId";
-    public final static String ARG_POLICY_SET_ID = "setId";
-    public final static String ARG_POLICY = "policy";
-    public final static String ARG_POLICY_ID = "policyId";
-    public final static String ARG_POLICY_SET_LIST = "policySetList";
-    public final static String ARG_INPUT_PLUGIN_LIST = "inputPluginList";
-    public final static String ARG_INPUT_PLUGIN_ID = "inputPluginId";
-    public final static String ARG_INPUT_PLUGIN_NAME = "inputPluginName";
-    public final static String ARG_INPUT_PLUGIN_DESC = "inputPluginDesc";
-    public final static String ARG_INPUT_LIST = "inputList";
-    public final static String ARG_INPUT_ID = "inputId";
-    public final static String ARG_INPUT_SYNTAX = "inputSyntax";
-    public final static String ARG_INPUT_CONSTRAINT = "inputConstraint";
-    public final static String ARG_INPUT_NAME = "inputName";
-    public final static String ARG_INPUT_VAL = "inputVal";
-    public final static String ARG_IS_RENEWAL = "renewal";
-    public final static String ARG_XML_OUTPUT = "xmlOutput";
-    public final static String ARG_OUTPUT_LIST = "outputList";
-    public final static String ARG_OUTPUT_ID = "outputId";
-    public final static String ARG_OUTPUT_SYNTAX = "outputSyntax";
-    public final static String ARG_OUTPUT_CONSTRAINT = "outputConstraint";
-    public final static String ARG_OUTPUT_NAME = "outputName";
-    public final static String ARG_OUTPUT_VAL = "outputVal";
-
-    private static final String PROP_TEMPLATE = "templatePath";
-    private final static String PROP_AUTHMGR = "AuthMgr";
-    private final static String PROP_CLIENTAUTH = "GetClientCert";
-    private static final String PROP_PROFILE_SUB_ID = "profileSubId";
-    private static final String PROP_ID = "ID";
-    public final static String PROP_RESOURCEID = "resourceID";
-    public final static String AUTHZ_SRC_LDAP = "ldap";
-    public final static String AUTHZ_SRC_TYPE = "sourceType";
-    public final static String AUTHZ_CONFIG_STORE = "authz";
-    public final static String AUTHZ_SRC_XML = "web.xml";
-    public final static String PROP_AUTHZ_MGR = "AuthzMgr";
-    public final static String PROP_ACL = "ACLinfo";
-    public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz";
-    public final static String AUTHZ_MGR_LDAP = "DirAclAuthz";
-
-    private final static String HDR_LANG = "accept-language";
-
-    private String mTemplate = null;
-
-    protected String mId = null;
-    protected String mGetClientCert = "false";
-    protected String mAuthMgr = null;
-    protected IAuthzSubsystem mAuthz = null;
-    protected String mAclMethod = null;
-    protected String mAuthzResourceName = null;
-    protected ILogger mLogger = CMS.getLogger();
-    protected int mLogCategory = ILogger.S_OTHER;
-    protected String mProfileSubId = null;
-
-    protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
-
-    // stats
-    protected LinkedHashSet<String> statEvents = new LinkedHashSet<String>();
-
-    public ProfileServlet() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. Servlets implementing this method
-     * must specify the template to use as a parameter called
-     * "templatePath" in the servletConfig
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mTemplate = sc.getServletContext().getRealPath(
-                    sc.getInitParameter(PROP_TEMPLATE));
-        mGetClientCert = sc.getInitParameter(PROP_CLIENTAUTH);
-        mAuthMgr = sc.getInitParameter(PROP_AUTHMGR);
-        mAuthz = (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ);
-        mAuthzResourceName = sc.getInitParameter(PROP_RESOURCEID);
-        mProfileSubId = sc.getInitParameter(PROP_PROFILE_SUB_ID);
-        mId = sc.getInitParameter(PROP_ID);
-
-        try {
-            mAclMethod = ServletUtils.initializeAuthz(sc, mAuthz, mId);
-        } catch (ServletException e) {
-            log(ILogger.LL_FAILURE, e.toString());
-            throw e;
-        }
-    }
-
-    protected String escapeXML(String v) {
-        if (v == null) {
-            return "";
-        }
-        v = v.replaceAll("&", "&amp;");
-        return v;
-    }
-
-    protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v) {
-        ps.println("<" + name + ">");
-        if (v != null) {
-            if (v instanceof ArgList) {
-                ArgList list = (ArgList) v;
-                ps.println("<list>");
-                for (int i = 0; i < list.size(); i++) {
-                    outputArgValueAsXML(ps, name, list.get(i));
-                }
-                ps.println("</list>");
-            } else if (v instanceof ArgString) {
-                ArgString str = (ArgString) v;
-                ps.println(escapeXML(str.getValue()));
-            } else if (v instanceof ArgSet) {
-                ArgSet set = (ArgSet) v;
-                ps.println("<set>");
-                Enumeration<String> names = set.getNames();
-                while (names.hasMoreElements()) {
-                    String n = names.nextElement();
-                    outputArgValueAsXML(ps, n, set.get(n));
-                }
-                ps.println("</set>");
-            } else {
-                ps.println(v);
-            }
-        }
-        ps.println("</" + name + ">");
-    }
-
-    protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args) {
-        PrintStream ps = new PrintStream(bos);
-        ps.println("<xml>");
-        outputArgValueAsXML(ps, "output", args);
-        ps.println("</xml>");
-        ps.flush();
-    }
-
-    public void outputTemplate(HttpServletRequest request,
-                   HttpServletResponse response, ArgSet args)
-            throws EBaseException {
-
-        String xmlOutput = request.getParameter("xml");
-        if (xmlOutput != null && xmlOutput.equals("true")) {
-            response.setContentType("text/xml");
-            ByteArrayOutputStream bos = new ByteArrayOutputStream();
-            outputThisAsXML(bos, args);
-            try {
-                response.setContentLength(bos.size());
-                bos.writeTo(response.getOutputStream());
-            } catch (Exception e) {
-                CMS.debug("outputTemplate error " + e);
-            }
-            return;
-        }
-        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
-        if (statsSub != null) {
-            statsSub.startTiming("output_template");
-        }
-        BufferedReader reader = null;
-        try {
-            reader = new BufferedReader(
-                    new FileReader(mTemplate));
-
-            response.setContentType("text/html; charset=UTF-8");
-
-            PrintWriter writer = response.getWriter();
-
-            // output template
-            String line = null;
-
-            do {
-                line = reader.readLine();
-                if (line != null) {
-                    if (line.indexOf("<CMS_TEMPLATE>") == -1) {
-                        writer.println(line);
-                    } else {
-                        // output javascript parameters
-                        writer.println("<script type=\"text/javascript\">");
-                        outputData(writer, args);
-                        writer.println("</script>");
-                    }
-                }
-            } while (line != null);
-            reader.close();
-        } catch (IOException e) {
-            CMS.debug(e);
-            throw new EBaseException(e.toString());
-        } finally {
-            if (statsSub != null) {
-                statsSub.endTiming("output_template");
-            }
-        }
-    }
-
-    public void outputTemplate(boolean isXML, HttpServletResponse response, ArgSet args)
-            throws EBaseException {
-        if (isXML) {
-            response.setContentType("text/xml");
-            ByteArrayOutputStream bos = new ByteArrayOutputStream();
-            outputThisAsXML(bos, args);
-            try {
-                response.setContentLength(bos.size());
-                bos.writeTo(response.getOutputStream());
-            } catch (Exception e) {
-                CMS.debug("outputTemplate error " + e);
-            }
-            return;
-        }
-        startTiming("output_template");
-
-        BufferedReader reader = null;
-        try {
-            reader = new BufferedReader(new FileReader(mTemplate));
-
-            response.setContentType("text/html; charset=UTF-8");
-
-            PrintWriter writer = response.getWriter();
-
-            // output template
-            String line = null;
-
-            do {
-                line = reader.readLine();
-                if (line != null) {
-                    if (line.indexOf("<CMS_TEMPLATE>") == -1) {
-                        writer.println(line);
-                    } else {
-                        // output javascript parameters
-                        writer.println("<script type=\"text/javascript\">");
-                        outputData(writer, args);
-                        writer.println("</script>");
-                    }
-                }
-            } while (line != null);
-            reader.close();
-        } catch (IOException e) {
-            CMS.debug(e);
-            throw new EBaseException(e.toString());
-        } finally {
-            endTiming("output_template");
-        }
-    }
-
-    protected void outputArgList(PrintWriter writer, String name, ArgList list)
-            throws IOException {
-
-        String h_name = null;
-
-        if (name.indexOf('.') == -1) {
-            h_name = name;
-        } else {
-            h_name = name.substring(name.indexOf('.') + 1);
-        }
-        writer.println(name + "Set = new Array;");
-        //		writer.println(h_name + "Count = 0;");
-
-        for (int i = 0; i < list.size(); i++) {
-            writer.println(h_name + " = new Object;");
-            IArgValue val = list.get(i);
-
-            if (val instanceof ArgString) {
-                ArgString str = (ArgString) val;
-
-                outputArgString(writer, name, str);
-            } else if (val instanceof ArgSet) {
-                ArgSet set = (ArgSet) val;
-
-                outputArgSet(writer, h_name, set);
-                writer.println(name + "Set[" + i + "] = " + h_name + ";");
-            }
-        }
-    }
-
-    public void startTiming(String event) {
-        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
-        if (statsSub != null) {
-            statsSub.startTiming(event, true);
-        }
-        statEvents.add(event);
-    }
-
-    public void endTiming(String event) {
-        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
-        if (statsSub != null) {
-            statsSub.endTiming(event);
-        }
-        statEvents.remove(event);
-    }
-
-    protected String escapeJavaScriptString(String v) {
-        int l = v.length();
-        char in[] = new char[l];
-        char out[] = new char[l * 4];
-        int j = 0;
-
-        v.getChars(0, l, in, 0);
-
-        for (int i = 0; i < l; i++) {
-            char c = in[i];
-
-            /* presumably this gives better performance */
-            if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) {
-                out[j++] = c;
-                continue;
-            }
-
-            /* some inputs are coming in as '\' and 'n' */
-            /* see BZ 500736 for details */
-            if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' ||
-                    in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' ||
-                    in[i + 1] == '<' || in[i + 1] == '>' ||
-                    in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) {
-                if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' &&
-                        (in[i + 3] == 'c' || in[i + 3] == 'e')) {
-                    out[j++] = '\\';
-                    out[j++] = in[i + 1];
-                    out[j++] = in[i + 2];
-                    out[j++] = in[i + 3];
-                    i += 3;
-                } else {
-                    out[j++] = '\\';
-                    out[j++] = in[i + 1];
-                    i++;
-                }
-                continue;
-            }
-
-            switch (c) {
-            case '\n':
-                out[j++] = '\\';
-                out[j++] = 'n';
-                break;
-
-            case '\\':
-                out[j++] = '\\';
-                out[j++] = '\\';
-                break;
-
-            case '\"':
-                out[j++] = '\\';
-                out[j++] = '\"';
-                break;
-
-            case '\r':
-                out[j++] = '\\';
-                out[j++] = 'r';
-                break;
-
-            case '\f':
-                out[j++] = '\\';
-                out[j++] = 'f';
-                break;
-
-            case '\t':
-                out[j++] = '\\';
-                out[j++] = 't';
-                break;
-
-            case '<':
-                out[j++] = '\\';
-                out[j++] = 'x';
-                out[j++] = '3';
-                out[j++] = 'c';
-                break;
-
-            case '>':
-                out[j++] = '\\';
-                out[j++] = 'x';
-                out[j++] = '3';
-                out[j++] = 'e';
-                break;
-
-            default:
-                out[j++] = c;
-            }
-        }
-        return new String(out, 0, j);
-    }
-
-    protected void outputArgString(PrintWriter writer, String name, ArgString str)
-            throws IOException {
-        String s = str.getValue();
-
-        // sub \n with "\n"
-        if (s != null) {
-            s = escapeJavaScriptString(s);
-        }
-        writer.println(name + "=\"" + s + "\";");
-    }
-
-    protected void outputArgSet(PrintWriter writer, String name, ArgSet set)
-            throws IOException {
-        Enumeration<String> e = set.getNames();
-
-        while (e.hasMoreElements()) {
-            String n = e.nextElement();
-            IArgValue val = set.get(n);
-
-            if (val instanceof ArgSet) {
-                ArgSet set1 = (ArgSet) val;
-
-                outputArgSet(writer, name + "." + n, set1);
-            } else if (val instanceof ArgList) {
-                ArgList list = (ArgList) val;
-
-                outputArgList(writer, name + "." + n, list);
-            } else if (val instanceof ArgString) {
-                ArgString str = (ArgString) val;
-
-                outputArgString(writer, name + "." + n, str);
-            }
-        }
-    }
-
-    protected void outputData(PrintWriter writer, ArgSet set)
-            throws IOException {
-        if (set == null)
-            return;
-        Enumeration<String> e = set.getNames();
-
-        while (e.hasMoreElements()) {
-            String n = e.nextElement();
-            IArgValue val = set.get(n);
-
-            if (val instanceof ArgSet) {
-                ArgSet set1 = (ArgSet) val;
-
-                outputArgSet(writer, n, set1);
-            } else if (val instanceof ArgList) {
-                ArgList list = (ArgList) val;
-
-                outputArgList(writer, n, list);
-            } else if (val instanceof ArgString) {
-                ArgString str = (ArgString) val;
-
-                outputArgString(writer, n, str);
-            }
-        }
-    }
-
-    /**
-     * log according to authority category.
-     */
-    protected void log(int event, int level, String msg) {
-        mLogger.log(event, mLogCategory, level,
-                "Servlet " + mId + ": " + msg);
-    }
-
-    protected void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level,
-                "Servlet " + mId + ": " + msg);
-    }
-
-    /**
-     * Retrieves locale based on the request.
-     */
-    protected Locale getLocale(HttpServletRequest req) {
-        Locale locale = null;
-        String lang = req.getHeader(HDR_LANG);
-
-        if (lang == null) {
-            // use server locale
-            locale = Locale.getDefault();
-        } else {
-            locale = new Locale(UserInfo.getUserLanguage(lang),
-                        UserInfo.getUserCountry(lang));
-        }
-        return locale;
-    }
-
-    protected void renderResult(CMSRequest cmsReq)
-            throws IOException {
-        // do nothing
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
deleted file mode 100644
index 1ee527c97..000000000
--- a/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
+++ /dev/null
@@ -1,890 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile;
-
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.security.cert.CertificateEncodingException;
-import java.util.Enumeration;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.X509CertImpl;
-
-import org.mozilla.jss.asn1.ASN1Util;
-import org.mozilla.jss.asn1.INTEGER;
-import org.mozilla.jss.asn1.InvalidBERException;
-import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
-import org.mozilla.jss.asn1.SEQUENCE;
-import org.mozilla.jss.asn1.SET;
-import org.mozilla.jss.asn1.UTF8String;
-import org.mozilla.jss.pkix.cmc.LraPopWitness;
-import org.mozilla.jss.pkix.cmc.OtherInfo;
-import org.mozilla.jss.pkix.cmc.TaggedAttribute;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.EDeferException;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileAuthenticator;
-import com.netscape.certsrv.profile.IProfileContext;
-import com.netscape.certsrv.profile.IProfileInput;
-import com.netscape.certsrv.profile.IProfileSubsystem;
-import com.netscape.certsrv.request.INotify;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.common.AuthCredentials;
-import com.netscape.cms.servlet.common.CMCOutputTemplate;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * This servlet submits end-user request into the profile framework.
- *
- * @version $Revision$, $Date$
- */
-public class ProfileSubmitCMCServlet extends ProfileServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -8017841111435988197L;
-    private static final String ARG_AUTH_TOKEN = "auth_token";
-    private static final String PROP_PROFILE_ID = "profileId";
-
-    private String mProfileId = null;
-    private String mProfileSubId = null;
-    private String requestB64 = null;
-
-    private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
-            "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
-
-    public ProfileSubmitCMCServlet() {
-    }
-
-    /**
-     * initialize the servlet. And instance of this servlet can
-     * be set up to always issue certificates against a certain profile
-     * by setting the 'profileId' configuration in the servletConfig
-     * If not, the user must specify the profileID when submitting the request
-     *
-     * "ImportCert.template" to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mProfileId = sc.getInitParameter(PROP_PROFILE_ID);
-        mRenderResult = false;
-    }
-
-    private void setInputsIntoContext(HttpServletRequest request, IProfile profile, IProfileContext ctx) {
-
-        // passing inputs into context
-        Enumeration<String> inputIds = profile.getProfileInputIds();
-
-        if (inputIds != null) {
-            while (inputIds.hasMoreElements()) {
-                String inputId = inputIds.nextElement();
-                IProfileInput profileInput = profile.getProfileInput(inputId);
-                Enumeration<String> inputNames = profileInput.getValueNames();
-
-                while (inputNames.hasMoreElements()) {
-                    String inputName = inputNames.nextElement();
-
-                    if (request.getParameter(inputName) != null) {
-                        ctx.set(inputName, request.getParameter(inputName));
-                    }
-                }
-            }
-        }
-
-    }
-
-    private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator,
-            IProfileContext ctx) {
-        Enumeration<String> authIds = authenticator.getValueNames();
-
-        if (authIds != null) {
-            while (authIds.hasMoreElements()) {
-                String authName = authIds.nextElement();
-
-                if (request.getParameter(authName) != null) {
-                    ctx.set(authName, request.getParameter(authName));
-                }
-            }
-        }
-    }
-
-    public IAuthToken authenticate(IProfileAuthenticator authenticator,
-            HttpServletRequest request) throws EBaseException {
-        AuthCredentials credentials = new AuthCredentials();
-
-        // build credential
-        Enumeration<String> authNames = authenticator.getValueNames();
-
-        if (authNames != null) {
-            while (authNames.hasMoreElements()) {
-                String authName = authNames.nextElement();
-
-                if (authName.equals("cert_request"))
-                    credentials.set(authName, requestB64);
-                else
-                    credentials.set(authName, request.getParameter(authName));
-            }
-        }
-        IAuthToken authToken = authenticator.authenticate(credentials);
-
-        SessionContext sc = SessionContext.getContext();
-        if (sc != null) {
-            sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
-            String userid = authToken.getInString(IAuthToken.USER_ID);
-            if (userid != null) {
-                sc.put(SessionContext.USER_ID, userid);
-            }
-        }
-
-        return authToken;
-    }
-
-    private void setInputsIntoRequest(HttpServletRequest request, IProfile
-            profile, IRequest req) {
-        Enumeration<String> inputIds = profile.getProfileInputIds();
-
-        if (inputIds != null) {
-            while (inputIds.hasMoreElements()) {
-                String inputId = inputIds.nextElement();
-                IProfileInput profileInput = profile.getProfileInput(inputId);
-                Enumeration<String> inputNames = profileInput.getValueNames();
-
-                if (inputNames != null) {
-                    while (inputNames.hasMoreElements()) {
-                        String inputName = inputNames.nextElement();
-
-                        if (request.getParameter(inputName) != null) {
-                            req.setExtData(inputName, request.getParameter(inputName));
-                        }
-                    }
-                }
-            }
-        }
-    }
-
-    /**
-     * Process the HTTP request
-     * <P>
-     *
-     * (Certificate Request Processed - either an automated "EE" profile based cert acceptance, or an automated "EE"
-     * profile based cert rejection)
-     * <P>
-     *
-     * <ul>
-     * <li>http.param profileId ID of profile to use to process request
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been
-     * through the approval process
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     * @exception EBaseException an error has occurred
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest request = cmsReq.getHttpReq();
-        HttpServletResponse response = cmsReq.getHttpResp();
-
-        Locale locale = getLocale(request);
-        String cert_request_type =
-                mServletConfig.getInitParameter("cert_request_type");
-        String outputFormat = mServletConfig.getInitParameter("outputFormat");
-
-        int reqlen = request.getContentLength();
-        InputStream is = null;
-        try {
-            is = request.getInputStream();
-        } catch (Exception ee) {
-        }
-        byte reqbuf[] = new byte[reqlen];
-        int bytesread = 0;
-        boolean partial = false;
-
-        while (bytesread < reqlen) {
-            try {
-                bytesread += is.read(reqbuf, bytesread, reqlen - bytesread);
-            } catch (Exception ee) {
-            }
-
-            if (partial == false) {
-                if (bytesread < reqlen)
-                    partial = true;
-            }
-        }
-
-        requestB64 = Utils.base64encode(reqbuf);
-
-        if (CMS.debugOn()) {
-            CMS.debug("Start of ProfileSubmitCMCServlet Input Parameters");
-            Enumeration<String> paramNames = request.getParameterNames();
-
-            while (paramNames.hasMoreElements()) {
-                String paramName = paramNames.nextElement();
-                // added this facility so that password can be hidden,
-                // all sensitive parameters should be prefixed with
-                // __ (double underscores); however, in the event that
-                // a security parameter slips through, we perform multiple
-                // additional checks to insure that it is NOT displayed
-                if (paramName.startsWith("__") ||
-                        paramName.endsWith("password") ||
-                        paramName.endsWith("passwd") ||
-                        paramName.endsWith("pwd") ||
-                        paramName.equalsIgnoreCase("admin_password_again") ||
-                        paramName.equalsIgnoreCase("directoryManagerPwd") ||
-                        paramName.equalsIgnoreCase("bindpassword") ||
-                        paramName.equalsIgnoreCase("bindpwd") ||
-                        paramName.equalsIgnoreCase("passwd") ||
-                        paramName.equalsIgnoreCase("password") ||
-                        paramName.equalsIgnoreCase("pin") ||
-                        paramName.equalsIgnoreCase("pwd") ||
-                        paramName.equalsIgnoreCase("pwdagain") ||
-                        paramName.equalsIgnoreCase("uPasswd")) {
-                    CMS.debug("ProfileSubmitCMCServlet Input Parameter " +
-                              paramName + "='(sensitive)'");
-                } else {
-                    CMS.debug("ProfileSubmitCMCServlet Input Parameter " +
-                              paramName + "='" +
-                              request.getParameter(paramName) + "'");
-                }
-            }
-            CMS.debug("End of ProfileSubmitCMCServlet Input Parameters");
-        }
-
-        CMS.debug("ProfileSubmitCMCServlet: start serving");
-
-        if (mProfileSubId == null || mProfileSubId.equals("")) {
-            mProfileSubId = IProfileSubsystem.ID;
-        }
-        CMS.debug("ProfileSubmitCMCServlet: SubId=" + mProfileSubId);
-        IProfileSubsystem ps = (IProfileSubsystem)
-                CMS.getSubsystem(mProfileSubId);
-
-        if (ps == null) {
-            CMS.debug("ProfileSubmitCMCServlet: ProfileSubsystem not found");
-            CMCOutputTemplate template = new CMCOutputTemplate();
-            SEQUENCE seq = new SEQUENCE();
-            seq.addElement(new INTEGER(0));
-            UTF8String s = null;
-            try {
-                s = new UTF8String(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
-            } catch (Exception ee) {
-            }
-            template.createFullResponseWithFailedStatus(response, seq,
-                    OtherInfo.INTERNAL_CA_ERROR, s);
-            return;
-        }
-
-        // if we did not configure profileId in xml file,
-        // then accept the user-provided one
-        String profileId = null;
-
-        if (mProfileId == null) {
-            profileId = request.getParameter("profileId");
-        } else {
-            profileId = mProfileId;
-        }
-
-        IProfile profile = null;
-
-        try {
-            CMS.debug("ProfileSubmitCMCServlet: profileId " + profileId);
-            profile = ps.getProfile(profileId);
-        } catch (EProfileException e) {
-            CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " +
-                    profileId + " " + e.toString());
-        }
-        if (profile == null) {
-            CMCOutputTemplate template = new CMCOutputTemplate();
-            SEQUENCE seq = new SEQUENCE();
-            seq.addElement(new INTEGER(0));
-            UTF8String s = null;
-            try {
-                s = new UTF8String(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
-            } catch (Exception ee) {
-            }
-            template.createFullResponseWithFailedStatus(response, seq,
-                    OtherInfo.INTERNAL_CA_ERROR, s);
-            return;
-        }
-
-        if (!ps.isProfileEnable(profileId)) {
-            CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId +
-                    " not enabled");
-            CMCOutputTemplate template = new CMCOutputTemplate();
-            SEQUENCE seq = new SEQUENCE();
-            seq.addElement(new INTEGER(0));
-            UTF8String s = null;
-            try {
-                s = new UTF8String(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
-            } catch (Exception ee) {
-            }
-            template.createFullResponseWithFailedStatus(response, seq,
-                    OtherInfo.INTERNAL_CA_ERROR, s);
-            return;
-        }
-
-        IProfileContext ctx = profile.createContext();
-        if (requestB64 != null) {
-            ctx.set("cert_request_type", cert_request_type);
-            ctx.set("cert_request", requestB64);
-        }
-        // passing auths into context
-        IProfileAuthenticator authenticator = null;
-
-        try {
-            authenticator = profile.getAuthenticator();
-        } catch (EProfileException e) {
-            // authenticator not installed correctly
-        }
-        if (authenticator == null) {
-            CMS.debug("ProfileSubmitCMCServlet: authenticator not found");
-        } else {
-            CMS.debug("ProfileSubmitCMCServlet: authenticator " +
-                    authenticator.getName() + " found");
-            setCredentialsIntoContext(request, authenticator, ctx);
-        }
-
-        setInputsIntoContext(request, profile, ctx);
-        CMS.debug("ProfileSubmistServlet: set Inputs into Context");
-
-        // before creating the request, authenticate the request
-
-        IAuthToken authToken = null;
-
-        // for ssl authentication; pass in servlet for retrieving
-        // ssl client certificates
-        SessionContext context = SessionContext.getContext();
-
-        // insert profile context so that input parameter can be retrieved
-        context.put("profileContext", ctx);
-        context.put("sslClientCertProvider",
-                new SSLClientCertProvider(request));
-        CMS.debug("ProfileSubmitCMCServlet: set sslClientCertProvider");
-        if (authenticator != null) {
-            try {
-                authToken = authenticate(authenticator, request);
-                // authentication success
-            } catch (EBaseException e) {
-                CMCOutputTemplate template = new CMCOutputTemplate();
-                SEQUENCE seq = new SEQUENCE();
-                seq.addElement(new INTEGER(0));
-                UTF8String s = null;
-                try {
-                    s = new UTF8String(e.toString());
-                } catch (Exception ee) {
-                }
-                template.createFullResponseWithFailedStatus(response, seq,
-                        OtherInfo.BAD_REQUEST, s);
-                CMS.debug("ProfileSubmitCMCServlet: authentication error " +
-                        e.toString());
-                return;
-            }
-
-            //authorization only makes sense when request is authenticated
-            AuthzToken authzToken = null;
-            if (authToken != null) {
-                CMS.debug("ProfileSubmitCMCServlet authToken not null");
-                try {
-                    authzToken = authorize(mAclMethod, authToken,
-                            mAuthzResourceName, "submit");
-                } catch (Exception e) {
-                    CMS.debug("ProfileSubmitCMCServlet authorization failure: " + e.toString());
-                }
-            }
-
-            if (authzToken == null) {
-                CMS.debug("ProfileSubmitCMCServlet authorization failure: authzToken is null");
-                CMCOutputTemplate template = new CMCOutputTemplate();
-                SEQUENCE seq = new SEQUENCE();
-                seq.addElement(new INTEGER(0));
-                UTF8String s = null;
-                try {
-                    s = new UTF8String("ProfileSubmitCMCServlet authorization failure");
-                } catch (Exception ee) {
-                }
-                template.createFullResponseWithFailedStatus(response, seq,
-                        OtherInfo.BAD_REQUEST, s);
-                return;
-            }
-        }
-
-        IRequest reqs[] = null;
-
-        ///////////////////////////////////////////////
-        // create request
-        ///////////////////////////////////////////////
-        try {
-            reqs = profile.createRequests(ctx, locale);
-        } catch (EProfileException e) {
-            CMS.debug("ProfileSubmitCMCServlet: createRequests " + e.toString());
-            CMCOutputTemplate template = new CMCOutputTemplate();
-            SEQUENCE seq = new SEQUENCE();
-            seq.addElement(new INTEGER(0));
-            UTF8String s = null;
-            try {
-                s = new UTF8String(e.toString());
-            } catch (Exception ee) {
-            }
-            template.createFullResponseWithFailedStatus(response, seq,
-                    OtherInfo.INTERNAL_CA_ERROR, s);
-            return;
-        } catch (Throwable e) {
-            CMS.debug("ProfileSubmitCMCServlet: createRequests " + e.toString());
-            CMCOutputTemplate template = new CMCOutputTemplate();
-            SEQUENCE seq = new SEQUENCE();
-            seq.addElement(new INTEGER(0));
-            UTF8String s = null;
-            try {
-                s = new UTF8String(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
-            } catch (Exception ee) {
-            }
-            template.createFullResponseWithFailedStatus(response, seq,
-                    OtherInfo.INTERNAL_CA_ERROR, s);
-            return;
-        }
-
-        TaggedAttribute attr =
-                (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness));
-        if (attr != null) {
-            boolean verifyAllow = true;
-            try {
-                verifyAllow = CMS.getConfigStore().getBoolean(
-                        "cmc.lraPopWitness.verify.allow", true);
-            } catch (EBaseException ee) {
-            }
-
-            if (!verifyAllow) {
-                LraPopWitness lraPop = null;
-                SET vals = attr.getValues();
-                if (vals.size() > 0) {
-                    try {
-                        lraPop = (LraPopWitness) (ASN1Util.decode(LraPopWitness.getTemplate(),
-                                ASN1Util.encode(vals.elementAt(0))));
-                    } catch (InvalidBERException e) {
-                        CMS.debug(
-                                CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR"));
-                    }
-
-                    SEQUENCE bodyIds = lraPop.getBodyIds();
-
-                    CMCOutputTemplate template = new CMCOutputTemplate();
-                    template.createFullResponseWithFailedStatus(response, bodyIds,
-                            OtherInfo.POP_FAILED, null);
-                    return;
-                }
-            }
-        }
-
-        // for CMC, requests may be zero. Then check if controls exist.
-        if (reqs == null) {
-            Integer nums = (Integer) (context.get("numOfControls"));
-            CMCOutputTemplate template = new CMCOutputTemplate();
-            // if there is only one control GetCert, then simple response
-            // must be returned.
-            if (nums != null && nums.intValue() == 1) {
-                TaggedAttribute attr1 = (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
-                if (attr1 != null) {
-                    template.createSimpleResponse(response, reqs);
-                } else
-                    template.createFullResponse(response, reqs,
-                            cert_request_type, null);
-            } else
-                template.createFullResponse(response, reqs,
-                        cert_request_type, null);
-            return;
-        }
-
-        String errorCode = null;
-        String errorReason = null;
-
-        ///////////////////////////////////////////////
-        // populate request
-        ///////////////////////////////////////////////
-        for (int k = 0; k < reqs.length; k++) {
-            // adding parameters to request
-            setInputsIntoRequest(request, profile, reqs[k]);
-
-            // serial auth token into request
-            if (authToken != null) {
-                Enumeration<String> tokenNames = authToken.getElements();
-                while (tokenNames.hasMoreElements()) {
-                    String tokenName = tokenNames.nextElement();
-                    String[] vals = authToken.getInStringArray(tokenName);
-                    if (vals != null) {
-                        for (int i = 0; i < vals.length; i++) {
-                            reqs[k].setExtData(ARG_AUTH_TOKEN + "." +
-                                    tokenName + "[" + i + "]", vals[i]);
-                        }
-                    } else {
-                        String val = authToken.getInString(tokenName);
-                        if (val != null) {
-                            reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName,
-                                    val);
-                        }
-                    }
-                }
-            }
-
-            // put profile framework parameters into the request
-            reqs[k].setExtData(ARG_PROFILE, "true");
-            reqs[k].setExtData(ARG_PROFILE_ID, profileId);
-            reqs[k].setExtData(ARG_PROFILE_APPROVED_BY, profile.getApprovedBy());
-            String setId = profile.getPolicySetId(reqs[k]);
-
-            if (setId == null) {
-                // no profile set found
-                CMCOutputTemplate template = new CMCOutputTemplate();
-                SEQUENCE seq = new SEQUENCE();
-                seq.addElement(new INTEGER(0));
-                UTF8String s = null;
-                try {
-                    s = new UTF8String(CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"));
-                } catch (Exception ee) {
-                }
-                template.createFullResponseWithFailedStatus(response, seq,
-                        OtherInfo.INTERNAL_CA_ERROR, s);
-                return;
-            }
-
-            CMS.debug("ProfileSubmitCMCServlet profileSetid=" + setId);
-            reqs[k].setExtData(ARG_PROFILE_SET_ID, setId);
-            reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost());
-            reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr());
-
-            CMS.debug("ProfileSubmitCMCServlet: request " +
-                    reqs[k].getRequestId().toString());
-
-            try {
-                CMS.debug("ProfileSubmitCMCServlet: populating request inputs");
-                // give authenticator a chance to populate the request
-                if (authenticator != null) {
-                    authenticator.populate(authToken, reqs[k]);
-                }
-                profile.populateInput(ctx, reqs[k]);
-                profile.populate(reqs[k]);
-            } catch (EProfileException e) {
-                CMS.debug("ProfileSubmitCMCServlet: populate " + e.toString());
-                CMCOutputTemplate template = new CMCOutputTemplate();
-                SEQUENCE seq = new SEQUENCE();
-                seq.addElement(new INTEGER(0));
-                UTF8String s = null;
-                try {
-                    s = new UTF8String(e.toString());
-                } catch (Exception ee) {
-                }
-                template.createFullResponseWithFailedStatus(response, seq,
-                        OtherInfo.BAD_REQUEST, s);
-                return;
-            } catch (Throwable e) {
-                CMS.debug("ProfileSubmitCMCServlet: populate " + e.toString());
-                //  throw new IOException("Profile " + profileId +
-                //          " cannot populate");
-                CMCOutputTemplate template = new CMCOutputTemplate();
-                SEQUENCE seq = new SEQUENCE();
-                seq.addElement(new INTEGER(0));
-                UTF8String s = null;
-                try {
-                    s = new UTF8String(e.toString());
-                } catch (Exception ee) {
-                }
-                template.createFullResponseWithFailedStatus(response, seq,
-                        OtherInfo.INTERNAL_CA_ERROR, s);
-                return;
-            }
-        }
-
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditRequesterID = ILogger.UNIDENTIFIED;
-        String auditInfoCertValue = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-
-        try {
-            ///////////////////////////////////////////////
-            // submit request
-            ///////////////////////////////////////////////
-            int error_codes[] = null;
-            if (reqs != null && reqs.length > 0)
-                error_codes = new int[reqs.length];
-            for (int k = 0; k < reqs.length; k++) {
-                try {
-                    // reset the "auditRequesterID"
-                    auditRequesterID = auditRequesterID(reqs[k]);
-
-                    // print request debug
-                    if (reqs[k] != null) {
-                        Enumeration<String> reqKeys = reqs[k].getExtDataKeys();
-                        while (reqKeys.hasMoreElements()) {
-                            String reqKey = reqKeys.nextElement();
-                            String reqVal = reqs[k].getExtDataInString(reqKey);
-                            if (reqVal != null) {
-                                CMS.debug("ProfileSubmitCMCServlet: key=$request." + reqKey + "$ value=" + reqVal);
-                            }
-                        }
-                    }
-
-                    profile.submit(authToken, reqs[k]);
-                    reqs[k].setRequestStatus(RequestStatus.COMPLETE);
-
-                    // reset the "auditInfoCertValue"
-                    auditInfoCertValue = auditInfoCertValue(reqs[k]);
-
-                    if (auditInfoCertValue != null) {
-                        if (!(auditInfoCertValue.equals(
-                                    ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
-                            // store a message in the signed audit log file
-                            auditMessage = CMS.getLogMessage(
-                                        LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                        auditSubjectID,
-                                        ILogger.SUCCESS,
-                                        auditRequesterID,
-                                        ILogger.SIGNED_AUDIT_ACCEPTANCE,
-                                        auditInfoCertValue);
-
-                            audit(auditMessage);
-                        }
-                    }
-                } catch (EDeferException e) {
-                    // return defer message to the user
-                    reqs[k].setRequestStatus(RequestStatus.PENDING);
-                    // need to notify
-                    INotify notify = profile.getRequestQueue().getPendingNotify();
-                    if (notify != null) {
-                        notify.notify(reqs[k]);
-                    }
-
-                    CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString());
-                    errorCode = "2";
-                    errorReason = CMS.getUserMessage(locale,
-                                "CMS_PROFILE_DEFERRED",
-                                e.toString());
-                } catch (ERejectException e) {
-                    // return error to the user
-                    reqs[k].setRequestStatus(RequestStatus.REJECTED);
-                    CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString());
-                    errorCode = "3";
-                    errorReason = CMS.getUserMessage(locale,
-                                "CMS_PROFILE_REJECTED",
-                                e.toString());
-                } catch (Throwable e) {
-                    // return error to the user
-                    CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString());
-                    errorCode = "1";
-                    errorReason = CMS.getUserMessage(locale,
-                                "CMS_INTERNAL_ERROR");
-                }
-
-                try {
-                    if (errorCode == null) {
-                        profile.getRequestQueue().markAsServiced(reqs[k]);
-                    } else {
-                        profile.getRequestQueue().updateRequest(reqs[k]);
-                    }
-                } catch (EBaseException e) {
-                    CMS.debug("ProfileSubmitCMCServlet: updateRequest " +
-                            e.toString());
-                }
-
-                if (errorCode != null) {
-                    if (errorCode.equals("1")) {
-                        // store a message in the signed audit log file
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditRequesterID,
-                                    ILogger.SIGNED_AUDIT_REJECTION,
-                                    errorReason);
-
-                        audit(auditMessage);
-                    } else if (errorCode.equals("2")) {
-                        // do NOT store a message in the signed audit log file
-                        // as this errorCode indicates that a process has been
-                        // deferred for manual acceptance/cancellation/rejection
-                    } else if (errorCode.equals("3")) {
-                        // store a message in the signed audit log file
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditRequesterID,
-                                    ILogger.SIGNED_AUDIT_REJECTION,
-                                    errorReason);
-
-                        audit(auditMessage);
-                    }
-                    error_codes[k] = Integer.parseInt(errorCode);
-                } else
-                    error_codes[k] = 0;
-            }
-
-            if (errorCode != null) {
-                // create the CMC full enrollment response
-                CMCOutputTemplate template = new CMCOutputTemplate();
-                template.createFullResponse(response, reqs, cert_request_type, error_codes);
-
-                return;
-            }
-
-            ///////////////////////////////////////////////
-            // output output list
-            ///////////////////////////////////////////////
-
-            CMS.debug("ProfileSubmitCMCServlet: done serving");
-            CMCOutputTemplate template = new CMCOutputTemplate();
-            if (cert_request_type.equals("pkcs10") || cert_request_type.equals("crmf")) {
-
-                if (outputFormat != null && outputFormat.equals("pkcs7")) {
-                    byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]);
-                    response.setContentType("application/pkcs7-mime");
-                    response.setContentLength(pkcs7.length);
-                    try {
-                        OutputStream os = response.getOutputStream();
-                        os.write(pkcs7);
-                        os.flush();
-                    } catch (Exception ee) {
-                    }
-                    return;
-                }
-                template.createSimpleResponse(response, reqs);
-            } else if (cert_request_type.equals("cmc")) {
-                Integer nums = (Integer) (context.get("numOfControls"));
-                if (nums != null && nums.intValue() == 1) {
-                    TaggedAttribute attr1 =
-                            (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
-                    if (attr1 != null) {
-                        template.createSimpleResponse(response, reqs);
-                        return;
-                    }
-                }
-                template.createFullResponse(response, reqs, cert_request_type,
-                        error_codes);
-            }
-        } finally {
-            SessionContext.releaseContext();
-        }
-    }
-
-    /**
-     * Signed Audit Log Requester ID
-     *
-     * This method is called to obtain the "RequesterID" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @param request the actual request
-     * @return id string containing the signed audit log message RequesterID
-     */
-    private String auditRequesterID(IRequest request) {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        String requesterID = ILogger.UNIDENTIFIED;
-
-        if (request != null) {
-            // overwrite "requesterID" if and only if "id" != null
-            String id = request.getRequestId().toString();
-
-            if (id != null) {
-                requesterID = id.trim();
-            }
-        }
-
-        return requesterID;
-    }
-
-    /**
-     * Signed Audit Log Info Certificate Value
-     *
-     * This method is called to obtain the certificate from the passed in
-     * "X509CertImpl" for a signed audit log message.
-     * <P>
-     *
-     * @param request request containing an X509CertImpl
-     * @return cert string containing the certificate
-     */
-    private String auditInfoCertValue(IRequest request) {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        X509CertImpl x509cert = request.getExtDataInCert(
-                IEnrollProfile.REQUEST_ISSUED_CERT);
-
-        if (x509cert == null) {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        byte rawData[] = null;
-
-        try {
-            rawData = x509cert.getEncoded();
-        } catch (CertificateEncodingException e) {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        String cert = null;
-
-        // convert "rawData" into "base64Data"
-        if (rawData != null) {
-            String base64Data = null;
-
-            base64Data = Utils.base64encode(rawData).trim();
-
-            // extract all line separators from the "base64Data"
-            StringBuffer sb = new StringBuffer();
-            for (int i = 0; i < base64Data.length(); i++) {
-                if (!Character.isWhitespace(base64Data.charAt(i))) {
-                    sb.append(base64Data.charAt(i));
-                }
-            }
-            cert = sb.toString();
-        }
-
-        if (cert != null) {
-            cert = cert.trim();
-
-            if (cert.equals("")) {
-                return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-            } else {
-                return cert;
-            }
-        } else {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
deleted file mode 100644
index 7b0813d71..000000000
--- a/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
+++ /dev/null
@@ -1,347 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile;
-
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import org.w3c.dom.Node;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.EAuthException;
-import com.netscape.certsrv.authorization.EAuthzException;
-import com.netscape.certsrv.base.BadRequestDataException;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileOutput;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.template.ArgList;
-import com.netscape.certsrv.template.ArgSet;
-import com.netscape.cms.servlet.cert.EnrollmentProcessor;
-import com.netscape.cms.servlet.cert.RenewalProcessor;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.processors.Processor;
-import com.netscape.cmsutil.util.Cert;
-import com.netscape.cmsutil.xml.XMLObject;
-
-/**
- * This servlet submits end-user request into the profile framework.
- *
- * @author Christina Fu (renewal support)
- * @version $Revision$, $Date$
- */
-public class ProfileSubmitServlet extends ProfileServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 7557922703180866442L;
-    private final static String SUCCESS = "0";
-    private final static String FAILED = "1";
-
-    public ProfileSubmitServlet() {
-    }
-
-    /**
-     * initialize the servlet. And instance of this servlet can
-     * be set up to always issue certificates against a certain profile
-     * by setting the 'profileId' configuration in the servletConfig
-     * If not, the user must specify the profileID when submitting the request
-     *
-     * "ImportCert.template" to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-    }
-
-    /**
-     * Process the HTTP request
-     * <P>
-     *
-     * (Certificate Request Processed - either an automated "EE" profile based cert acceptance, or an automated "EE"
-     * profile based cert rejection)
-     * <P>
-     *
-     * <ul>
-     * <li>http.param profileId ID of profile to use to process request
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been
-     * through the approval process
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     * @exception EBaseException an error has occurred
-     */
-
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest request = cmsReq.getHttpReq();
-        HttpServletResponse response = cmsReq.getHttpResp();
-        boolean xmlOutput = getXMLOutput(request);
-
-        Locale locale = getLocale(request);
-
-        HashMap<String, Object> results = null;
-        String renewal = request.getParameter("renewal");
-
-        try {
-            if ((renewal != null) && (renewal.equalsIgnoreCase("true"))) {
-                CMS.debug("ProfileSubmitServlet: isRenewal true");
-                RenewalProcessor processor = new RenewalProcessor("caProfileSubmit", locale);
-                results = processor.processRenewal(cmsReq);
-            } else {
-                CMS.debug("ProfileSubmitServlet: isRenewal false");
-                EnrollmentProcessor processor = new EnrollmentProcessor("caProfileSubmit", locale);
-                results = processor.processEnrollment(cmsReq);
-            }
-        } catch (BadRequestDataException e) {
-            CMS.debug("ProfileSubmitServlet: bad data provided in processing request: " + e.toString());
-            errorExit(response, xmlOutput, e.getMessage(), null);
-            return;
-        } catch (EAuthzException e) {
-            CMS.debug("ProfileSubmitServlet: authorization error in processing request: " + e.toString());
-            errorExit(response, xmlOutput, e.getMessage(), null);
-            return;
-        } catch (EAuthException e) {
-            CMS.debug("ProfileSubmitServlet: authentication error in processing request: " + e.toString());
-            errorExit(response, xmlOutput, e.getMessage(), null);
-            return;
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            CMS.debug("ProfileSubmitServlet: error in processing request: " + e.toString());
-            errorExit(response, xmlOutput, e.getMessage(), null);
-            return;
-        }
-
-        IRequest[] reqs = (IRequest []) results.get(Processor.ARG_REQUESTS);
-        String errorCode = (String) results.get(Processor.ARG_ERROR_CODE);
-        String errorReason = (String) results.get(Processor.ARG_ERROR_REASON);
-        IProfile profile = (IProfile) results.get(Processor.ARG_PROFILE);
-        ArgSet args = new ArgSet();
-
-        if (errorCode != null) {
-            if (xmlOutput) {
-                String requestIds = "";
-                for (IRequest req : reqs) {
-                    requestIds += "  " + req.getRequestId().toString();
-                }
-
-                outputError(response, errorCode, errorReason, requestIds);
-            } else {
-                ArgList requestlist = new ArgList();
-
-                for (IRequest req : reqs) {
-                    ArgSet requestset = new ArgSet();
-                    requestset.set(ARG_REQUEST_ID, req.getRequestId().toString());
-                    requestlist.add(requestset);
-                }
-                args.set(ARG_REQUEST_LIST, requestlist);
-                args.set(ARG_ERROR_CODE, errorCode);
-                args.set(ARG_ERROR_REASON, errorReason);
-                outputTemplate(request, response, args);
-            }
-            return;
-        }
-
-        if (xmlOutput) {
-            xmlOutput(response, profile, locale, reqs);
-        } else {
-            ArgList outputlist = new ArgList();
-            for (int k = 0; k < reqs.length; k++) {
-
-                setOutputIntoArgs(profile, outputlist, locale, reqs[k]);
-                args.set(ARG_OUTPUT_LIST, outputlist);
-            }
-
-            CMS.debug("ProfileSubmitServlet: done serving");
-
-            ArgList requestlist = new ArgList();
-
-            for (int k = 0; k < reqs.length; k++) {
-                ArgSet requestset = new ArgSet();
-
-                requestset.set(ARG_REQUEST_ID,
-                        reqs[k].getRequestId().toString());
-                requestlist.add(requestset);
-            }
-            args.set(ARG_REQUEST_LIST, requestlist);
-            args.set(ARG_ERROR_CODE, "0");
-            args.set(ARG_ERROR_REASON, "");
-
-            outputTemplate(request, response, args);
-        }
-    }
-
-    private void setOutputIntoArgs(IProfile profile, ArgList outputlist, Locale locale, IRequest req) {
-        Enumeration<String> outputIds = profile.getProfileOutputIds();
-
-        if (outputIds != null) {
-            while (outputIds.hasMoreElements()) {
-                String outputId = outputIds.nextElement();
-                IProfileOutput profileOutput = profile.getProfileOutput(outputId);
-
-                Enumeration<String> outputNames = profileOutput.getValueNames();
-
-                if (outputNames != null) {
-                    while (outputNames.hasMoreElements()) {
-                        ArgSet outputset = new ArgSet();
-                        String outputName = outputNames.nextElement();
-                        IDescriptor outputDesc =
-                                profileOutput.getValueDescriptor(locale, outputName);
-
-                        if (outputDesc == null)
-                            continue;
-                        String outputSyntax = outputDesc.getSyntax();
-                        String outputConstraint = outputDesc.getConstraint();
-                        String outputValueName = outputDesc.getDescription(locale);
-                        String outputValue = null;
-
-                        try {
-                            outputValue = profileOutput.getValue(outputName,
-                                    locale, req);
-                        } catch (EProfileException e) {
-                            CMS.debug("ProfileSubmitServlet: " + e.toString());
-                        }
-
-                        outputset.set(ARG_OUTPUT_ID, outputName);
-                        outputset.set(ARG_OUTPUT_SYNTAX, outputSyntax);
-                        outputset.set(ARG_OUTPUT_CONSTRAINT, outputConstraint);
-                        outputset.set(ARG_OUTPUT_NAME, outputValueName);
-                        outputset.set(ARG_OUTPUT_VAL, outputValue);
-                        outputlist.add(outputset);
-                    }
-                }
-            }
-        }
-    }
-
-    private void errorExit(HttpServletResponse response, boolean xmlOutput, String message, String requestId)
-            throws EBaseException {
-        if (xmlOutput) {
-            outputError(response, FAILED, message, requestId);
-        } else {
-            ArgSet args = new ArgSet();
-            args.set(ARG_ERROR_CODE, "1");
-            args.set(ARG_ERROR_REASON, message);
-            outputTemplate(xmlOutput, response, args);
-        }
-
-        for (String event : statEvents) {
-            endTiming(event);
-        }
-    }
-
-    private boolean getXMLOutput(HttpServletRequest request) {
-        boolean xmlOutput = false;
-
-        String v = request.getParameter("xml");
-        if ((v != null) && (v.equalsIgnoreCase("true"))) {
-            xmlOutput = true;
-        }
-        v = request.getParameter("xmlOutput");
-        if ((v != null) && (v.equalsIgnoreCase("true"))) {
-            xmlOutput = true;
-        }
-        if (xmlOutput) {
-            CMS.debug("xmlOutput true");
-        } else {
-            CMS.debug("xmlOutput false");
-        }
-        return xmlOutput;
-    }
-
-    private void xmlOutput(HttpServletResponse httpResp, IProfile profile, Locale locale, IRequest[] reqs) {
-        try {
-            XMLObject xmlObj = null;
-            xmlObj = new XMLObject();
-
-            Node root = xmlObj.createRoot("XMLResponse");
-            xmlObj.addItemToContainer(root, "Status", SUCCESS);
-            Node n = xmlObj.createContainer(root, "Requests");
-            CMS.debug("ProfileSubmitServlet xmlOutput: req len = " + reqs.length);
-
-            for (int i = 0; i < reqs.length; i++) {
-                Node subnode = xmlObj.createContainer(n, "Request");
-                xmlObj.addItemToContainer(subnode, "Id", reqs[i].getRequestId().toString());
-                X509CertInfo certInfo =
-                        reqs[i].getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
-                if (certInfo != null) {
-                    String subject = "";
-                    subject = certInfo.get(X509CertInfo.SUBJECT).toString();
-                    xmlObj.addItemToContainer(subnode, "SubjectDN", subject);
-                } else {
-                    CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request");
-                }
-                Enumeration<String> outputIds = profile.getProfileOutputIds();
-                if (outputIds != null) {
-                    while (outputIds.hasMoreElements()) {
-                        String outputId = outputIds.nextElement();
-                        IProfileOutput profileOutput = profile.getProfileOutput(outputId);
-                        Enumeration<String> outputNames = profileOutput.getValueNames();
-                        if (outputNames != null) {
-                            while (outputNames.hasMoreElements()) {
-                                String outputName = outputNames.nextElement();
-                                if (!outputName.equals("b64_cert") && !outputName.equals("pkcs7"))
-                                    continue;
-                                try {
-                                    String outputValue = profileOutput.getValue(outputName, locale, reqs[i]);
-                                    if (outputName.equals("b64_cert")) {
-                                        String ss = Cert.normalizeCertStrAndReq(outputValue);
-                                        outputValue = Cert.stripBrackets(ss);
-                                        byte[] bcode = CMS.AtoB(outputValue);
-                                        X509CertImpl impl = new X509CertImpl(bcode);
-                                        xmlObj.addItemToContainer(subnode,
-                                                "serialno", impl.getSerialNumber().toString(16));
-                                        xmlObj.addItemToContainer(subnode, "b64", outputValue);
-                                    }// if b64_cert
-                                    else if (outputName.equals("pkcs7")) {
-                                        String ss = Cert.normalizeCertStrAndReq(outputValue);
-                                        xmlObj.addItemToContainer(subnode, "pkcs7", ss);
-                                    }
-
-                                } catch (EProfileException e) {
-                                    CMS.debug("ProfileSubmitServlet xmlOutput: " + e.toString());
-                                } catch (Exception e) {
-                                    CMS.debug("ProfileSubmitServlet xmlOutput: " + e.toString());
-                                }
-                            }
-                        }
-                    }
-                }
-            }
-
-            byte[] cb = xmlObj.toByteArray();
-            outputResult(httpResp, "application/xml", cb);
-        } catch (Exception e) {
-            CMS.debug("Failed to send the XML output");
-        }
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java b/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java
deleted file mode 100644
index 0114f6323..000000000
--- a/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java
+++ /dev/null
@@ -1,39 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.profile;
-
-import java.security.cert.X509Certificate;
-
-import javax.servlet.http.HttpServletRequest;
-
-import com.netscape.certsrv.authentication.ISSLClientCertProvider;
-
-public class SSLClientCertProvider implements ISSLClientCertProvider {
-    private HttpServletRequest mRequest = null;
-
-    public SSLClientCertProvider(HttpServletRequest request) {
-        mRequest = request;
-    }
-
-    public X509Certificate[] getClientCertificateChain() {
-        X509Certificate[] allCerts = (X509Certificate[])
-                mRequest.getAttribute("javax.servlet.request.X509Certificate");
-
-        return allCerts;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/request/CMSRequestDAO.java b/base/common/src/com/netscape/cms/servlet/request/CMSRequestDAO.java
deleted file mode 100644
index e54f8a4c6..000000000
--- a/base/common/src/com/netscape/cms/servlet/request/CMSRequestDAO.java
+++ /dev/null
@@ -1,163 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2011 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request;
-
-import java.net.URI;
-
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.UriBuilder;
-import javax.ws.rs.core.UriInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.Link;
-import com.netscape.certsrv.request.CMSRequestInfo;
-import com.netscape.certsrv.request.CMSRequestInfos;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestList;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.IRequestVirtualList;
-import com.netscape.certsrv.request.RequestId;
-
-/**
- * @author alee
- *
- */
-
-public abstract class CMSRequestDAO {
-    protected IRequestQueue queue;
-    protected IAuthority authority;
-
-    private String[] vlvFilters = {
-            "(requeststate=*)", "(requesttype=enrollment)",
-            "(requesttype=recovery)", "(requeststate=canceled)",
-            "(&(requeststate=canceled)(requesttype=enrollment))",
-            "(&(requeststate=canceled)(requesttype=recovery))",
-            "(requeststate=rejected)",
-            "(&(requeststate=rejected)(requesttype=enrollment))",
-            "(&(requeststate=rejected)(requesttype=recovery))",
-            "(requeststate=complete)",
-            "(&(requeststate=complete)(requesttype=enrollment))",
-            "(&(requeststate=complete)(requesttype=recovery))"
-    };
-
-    public static final String ATTR_SERIALNO = "serialNumber";
-
-    public CMSRequestDAO(String authorityName) {
-        authority = (IAuthority) CMS.getSubsystem(authorityName);
-        queue = authority.getRequestQueue();
-    }
-
-    /**
-     * Finds list of requests matching the specified search filter.
-     *
-     * If the filter corresponds to a VLV search, then that search is executed and the pageSize
-     * and start parameters are used. Otherwise, the maxResults and maxTime parameters are
-     * used in the regularly indexed search.
-     *
-     * @param filter - ldap search filter
-     * @param start - start position for VLV search
-     * @param pageSize - page size for VLV search
-     * @param maxResults - max results to be returned in normal search
-     * @param maxTime - max time for normal search
-     * @param uriInfo - uri context of request
-     * @return collection of key request info
-     * @throws EBaseException
-     */
-    public CMSRequestInfos listCMSRequests(String filter, RequestId start, int pageSize, int maxResults, int maxTime,
-            UriInfo uriInfo) throws EBaseException {
-
-        CMSRequestInfos ret = new CMSRequestInfos();
-        int totalSize = 0;
-        int current = 0;
-
-        if (isVLVSearch(filter)) {
-            IRequestVirtualList vlvlist = queue.getPagedRequestsByFilter(start, false, filter,
-                    pageSize + 1, "requestId");
-            totalSize = vlvlist.getSize();
-            current = vlvlist.getCurrentIndex();
-
-            int numRecords = (totalSize > (current + pageSize)) ? pageSize :
-                    totalSize - current;
-
-            for (int i = 0; i < numRecords; i++) {
-                IRequest request = vlvlist.getElementAt(i);
-                ret.addRequest(createCMSRequestInfo(request, uriInfo));
-            }
-        } else {
-            // The non-vlv requests are indexed, but are not paginated.
-            // We should think about whether they should be, or if we need to
-            // limit the number of results returned.
-            IRequestList requests = queue.listRequestsByFilter(filter, maxResults, maxTime);
-
-            if (requests == null) {
-                return ret;
-            }
-            while (requests.hasMoreElements()) {
-                RequestId rid = requests.nextElement();
-                IRequest request = queue.findRequest(rid);
-                if (request != null) {
-                    ret.addRequest(createCMSRequestInfo(request, uriInfo));
-                }
-            }
-        }
-
-        // builder for vlv links
-        MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
-        UriBuilder builder = uriInfo.getAbsolutePathBuilder();
-        if (params.containsKey("requestState")) {
-            builder.queryParam("requestState", params.getFirst("requestState"));
-        }
-        if (params.containsKey("requestType")) {
-            builder.queryParam("requestType", params.getFirst("requestType"));
-        }
-        builder.queryParam("start", "{start}");
-        builder.queryParam("pageSize", "{pageSize}");
-
-        // next link
-        if (totalSize > current + pageSize) {
-            int next = current + pageSize + 1;
-            URI nextUri = builder.clone().build(next, pageSize);
-            Link nextLink = new Link("next", nextUri.toString(), "application/xml");
-            ret.addLink(nextLink);
-        }
-
-        // previous link
-        if (current > 0) {
-            int previous = current - pageSize;
-            URI previousUri = builder.clone().build(previous, pageSize);
-            Link previousLink = new Link("previous", previousUri.toString(), "application/xml");
-            ret.addLink(previousLink);
-        }
-
-        return ret;
-    }
-
-    private boolean isVLVSearch(String filter) {
-        for (int i = 0; i < vlvFilters.length; i++) {
-            if (vlvFilters[i].equalsIgnoreCase(filter)) {
-                return true;
-            }
-        }
-        return false;
-    }
-
-    protected abstract CMSRequestInfo createCMSRequestInfo(IRequest request, UriInfo uriInfo);
-}
-
diff --git a/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java b/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java
deleted file mode 100644
index fd4589437..000000000
--- a/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java
+++ /dev/null
@@ -1,918 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.lang.reflect.Array;
-import java.math.BigInteger;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.Vector;
-
-import netscape.security.extensions.NSCertTypeExtension;
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.BasicConstraintsExtension;
-import netscape.security.x509.CRLExtensions;
-import netscape.security.x509.CRLReasonExtension;
-import netscape.security.x509.CertificateAlgorithmId;
-import netscape.security.x509.CertificateChain;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.Extension;
-import netscape.security.x509.RevocationReason;
-import netscape.security.x509.RevokedCertImpl;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IPrettyPrintFormat;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.RawJS;
-
-/**
- * Output a 'pretty print' of a certificate request
- *
- * @version $Revision$, $Date$
- */
-public class CertReqParser extends ReqParser {
-
-    public static final CertReqParser DETAIL_PARSER = new CertReqParser(true);
-    public static final CertReqParser NODETAIL_PARSER = new CertReqParser(false);
-
-    private boolean mDetails = true;
-    private IPrettyPrintFormat pp = null;
-
-    /**
-     * Constructs a certificate request parser.
-     */
-    public CertReqParser() {
-        pp = CMS.getPrettyPrintFormat(":");
-    }
-
-    /**
-     * Constructs a certificate request parser.
-     *
-     * @param details return detailed information (this can be time consuming)
-     */
-    public CertReqParser(boolean details) {
-        mDetails = details;
-        pp = CMS.getPrettyPrintFormat(":");
-    }
-
-    private static final String EXT_PRETTYPRINT = "ext_prettyprint";
-
-    private static final String LB = "[";
-    private static final String RB = "]";
-    private static final String EQ = " = ";
-
-    /**
-     * Fills in certificate specific request attributes.
-     */
-    public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
-            throws EBaseException {
-        if (req.getExtDataInCertInfoArray(IRequest.CERT_INFO) != null) {
-            fillX509RequestIntoArg(l, req, argSet, arg);
-        } else if (req.getExtDataInRevokedCertArray(IRequest.CERT_INFO) != null) {
-            fillRevokeRequestIntoArg(l, req, argSet, arg);
-        } else {
-            //o = req.get(IRequest.OLD_CERTS);
-            //if (o != null)
-            fillRevokeRequestIntoArg(l, req, argSet, arg);
-        }
-    }
-
-    private void fillX509RequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
-            throws EBaseException {
-
-        // fill in the standard attributes
-        super.fillRequestIntoArg(l, req, argSet, arg);
-
-        arg.addStringValue("certExtsEnabled", "yes");
-
-        int saCounter = 0;
-        Enumeration<String> enum1 = req.getExtDataKeys();
-
-        // gross hack
-        String prefix = "record.";
-
-        if (argSet.getHeader() == arg)
-            prefix = "header.";
-
-        while (enum1.hasMoreElements()) {
-            String name = enum1.nextElement();
-
-            if (mDetails) {
-                // show all http parameters stored in request.
-                if (name.equalsIgnoreCase(IRequest.HTTP_PARAMS)) {
-                    Hashtable<String, String> http_params = req.getExtDataInHashtable(name);
-                    // show certType specially
-                    String certType = http_params.get(IRequest.CERT_TYPE);
-
-                    if (certType != null) {
-                        arg.addStringValue(IRequest.CERT_TYPE, certType);
-                    }
-                    String presenceServerExt = http_params.get("PresenceServerExtension");
-
-                    if (presenceServerExt != null) {
-                        arg.addStringValue("PresenceServerExtension", presenceServerExt);
-                    }
-                    // show all http parameters in request
-                    int counter = 0;
-                    Enumeration<String> elms = http_params.keys();
-
-                    while (elms.hasMoreElements()) {
-                        String parami =
-                                IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB;
-                        // hack
-                        String n = elms.nextElement();
-                        String rawJS = "new Object;\n\r" +
-                                prefix + parami + ".name=\"" +
-                                CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
-                                prefix + parami + ".value=\"" +
-                                CMSTemplate.escapeJavaScriptStringHTML(
-                                        http_params.get(n).toString()) + "\"";
-
-                        arg.set(parami, new RawJS(rawJS));
-                    }
-                } // show all http headers stored in request.
-                else if (name.equalsIgnoreCase(IRequest.HTTP_HEADERS)) {
-                    Hashtable<String, String> http_hdrs = req.getExtDataInHashtable(name);
-                    Enumeration<String> elms = http_hdrs.keys();
-                    int counter = 0;
-
-                    while (elms.hasMoreElements()) {
-                        String parami =
-                                IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB;
-                        // hack
-                        String n = elms.nextElement();
-                        String rawJS = "new Object;\n\r" +
-                                prefix + parami + ".name=\"" +
-                                CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
-                                prefix + parami + ".value=\"" +
-                                CMSTemplate.escapeJavaScriptStringHTML(
-                                        http_hdrs.get(n).toString()) + "\"";
-
-                        arg.set(parami, new RawJS(rawJS));
-                    }
-                } // show all auth token stored in request.
-                else if (name.equalsIgnoreCase(IRequest.AUTH_TOKEN)) {
-                    IAuthToken auth_token = req.getExtDataInAuthToken(name);
-                    Enumeration<String> elms = auth_token.getElements();
-                    int counter = 0;
-
-                    while (elms.hasMoreElements()) {
-                        String parami =
-                                IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB;
-                        // hack
-                        String n = elms.nextElement();
-                        Object authTokenValue = auth_token.getInStringArray(n);
-                        if (authTokenValue == null) {
-                            authTokenValue = auth_token.getInString(n);
-                        }
-                        String v = expandValue(prefix + parami + ".value",
-                                authTokenValue);
-                        String rawJS = "new Object;\n\r" +
-                                prefix + parami + ".name=\"" +
-                                CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v;
-
-                        arg.set(parami, new RawJS(rawJS));
-                    }
-                } // all others are request attrs from policy or internal modules.
-                else {
-                    Object val;
-                    if (req.isSimpleExtDataValue(name)) {
-                        val = req.getExtDataInString(name);
-                    } else {
-                        val = req.getExtDataInStringArray(name);
-                        if (val == null) {
-                            val = req.getExtDataInHashtable(name);
-                        }
-                    }
-                    String valstr = "";
-                    // hack
-                    String parami =
-                            IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB;
-
-                    if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails &&
-                            (req.getRequestStatus() == RequestStatus.COMPLETE ||
-                            req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) {
-                        X509CertImpl issuedCert[] =
-                                req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
-                        if (issuedCert != null && issuedCert[0] != null) {
-                            val = "<pre>" + CMS.getCertPrettyPrint(issuedCert[0]).toString(l) + "</pre>";
-                        }
-                    } else if (name.equalsIgnoreCase(IRequest.CERT_INFO) && mDetails) {
-                        X509CertInfo[] certInfo =
-                                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-                        if (certInfo != null && certInfo[0] != null) {
-                            val = "<pre>" + certInfo[0].toString() + "</pre>";
-                        }
-                    }
-
-                    valstr = expandValue(prefix + parami + ".value", val);
-                    String rawJS = "new Object;\n\r" +
-                            prefix + parami + ".name=\"" +
-                            CMSTemplate.escapeJavaScriptString(name) + "\";\n" +
-                            valstr; // java string already escaped in expandValue.
-
-                    arg.set(parami, new RawJS(rawJS));
-                }
-            }
-
-            if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE)
-                    || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL)
-                    || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS)
-                    || name.equalsIgnoreCase(IRequest.RESULT)
-                    || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) {
-                arg.addStringValue(name, req.getExtDataInString(name));
-            }
-
-            if (name.equalsIgnoreCase(IRequest.REQUESTOR_NAME)) {
-                String requestorName = req.getExtDataInString(name);
-
-                requestorName = requestorName.trim();
-                if (requestorName.length() > 0) {
-                    arg.addStringValue(name, requestorName);
-                }
-            }
-
-            if (name.equalsIgnoreCase(IRequest.ERRORS)) {
-                Vector<String> errorStrings = req.getExtDataInStringVector(name);
-                if (errorStrings != null) {
-                    StringBuffer errInfo = new StringBuffer();
-
-                    for (int i = 0; i < errorStrings.size(); i++) {
-                        errInfo.append(errorStrings.elementAt(i));
-                        errInfo.append("\n");
-                    }
-                    arg.addStringValue(IRequest.ERRORS, errInfo.toString());
-                }
-            }
-            if (name.equalsIgnoreCase(IRequest.ERROR)) {
-                arg.addStringValue(IRequest.ERRORS, req.getExtDataInString(name));
-            }
-
-            if (name.equalsIgnoreCase(IRequest.CERT_INFO)) {
-                // Get the certificate info from the request
-                X509CertInfo[] certInfo =
-                        req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-                if (certInfo != null && certInfo[0] != null) {
-                    // Get the subject name if any set.
-                    CertificateSubjectName subjectName = null;
-                    String signatureAlgorithm = null;
-                    String signatureAlgorithmName = null;
-
-                    try {
-                        subjectName = (CertificateSubjectName) certInfo[0].get(X509CertInfo.SUBJECT);
-                    } catch (IOException e) {
-                        // XXX raise exception
-                    } catch (CertificateException e) {
-                        // XXX raise exception
-                    }
-                    if (subjectName != null) {
-                        String sn;
-
-                        try {
-                            sn = subjectName.toString();
-                        } catch (java.lang.IllegalArgumentException e) {
-                            sn = "* * Malformed Subject Name * *";
-                        }
-                        String subjectnamevalue = sn;
-
-                        arg.addStringValue("subject", subjectnamevalue);
-                    }
-
-                    if (mDetails) {
-                        try {
-                            CertificateAlgorithmId certAlgId = (CertificateAlgorithmId)
-                                    certInfo[0].get(X509CertInfo.ALGORITHM_ID);
-                            AlgorithmId algId = (AlgorithmId)
-                                    certAlgId.get(CertificateAlgorithmId.ALGORITHM);
-
-                            signatureAlgorithm = (algId.getOID()).toString();
-                            signatureAlgorithmName = algId.getName();
-                        } catch (Exception e) {
-                            // XXX raise exception
-                        }
-                        if (signatureAlgorithm != null) {
-                            arg.addStringValue("signatureAlgorithm", signatureAlgorithm);
-                        }
-                        if (signatureAlgorithmName != null) {
-                            arg.addStringValue("signatureAlgorithmName", signatureAlgorithmName);
-                        }
-
-                        CertificateExtensions extensions = null;
-
-                        try {
-                            extensions = (CertificateExtensions) certInfo[0].get(X509CertInfo.EXTENSIONS);
-                        } catch (Exception e) {
-                        }
-                        if (extensions != null) {
-                            Enumeration<Extension> exts = extensions.getAttributes();
-
-                            while (exts.hasMoreElements()) {
-                                Extension ext = exts.nextElement();
-
-                                // only know about ns cert type
-                                if (ext instanceof NSCertTypeExtension) {
-                                    NSCertTypeExtension nsExtensions =
-                                            (NSCertTypeExtension) ext;
-
-                                    try {
-                                        arg.addStringValue("ext_" + NSCertTypeExtension.SSL_SERVER,
-                                                nsExtensions.get(NSCertTypeExtension.SSL_SERVER).toString());
-
-                                        arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CLIENT,
-                                                nsExtensions.get(NSCertTypeExtension.SSL_CLIENT).toString());
-
-                                        arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL,
-                                                nsExtensions.get(NSCertTypeExtension.EMAIL).toString());
-
-                                        arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING,
-                                                nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING).toString());
-
-                                        arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CA,
-                                                nsExtensions.get(NSCertTypeExtension.SSL_CA).toString());
-
-                                        arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL_CA,
-                                                nsExtensions.get(NSCertTypeExtension.EMAIL_CA).toString());
-
-                                        arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING_CA,
-                                                nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING_CA).toString());
-
-                                    } catch (Exception e) {
-                                    }
-                                } else if (ext instanceof BasicConstraintsExtension) {
-                                    BasicConstraintsExtension bcExt =
-                                            (BasicConstraintsExtension) ext;
-                                    Integer pathLength = null;
-                                    Boolean isCA = null;
-
-                                    try {
-                                        pathLength = (Integer) bcExt.get(BasicConstraintsExtension.PATH_LEN);
-                                        isCA = (Boolean) bcExt.get(BasicConstraintsExtension.IS_CA);
-                                    } catch (IOException e) {
-                                    }
-                                    if (pathLength != null)
-                                        arg.addIntegerValue("pathLenBasicConstraints", pathLength.intValue());
-                                    if (isCA != null)
-                                        arg.addBooleanValue("isCABasicConstraints", isCA.booleanValue());
-                                } // pretty print all others.
-                                else {
-                                    if (argSet != null) {
-                                        IArgBlock rr = CMS.createArgBlock();
-
-                                        rr.addStringValue(
-                                                EXT_PRETTYPRINT,
-                                                CMS.getExtPrettyPrint(ext, 0).toString());
-                                        argSet.addRepeatRecord(rr);
-                                    }
-                                }
-                            }
-
-                        }
-
-                        // Get the public key
-                        CertificateX509Key certKey = null;
-
-                        try {
-                            certKey = (CertificateX509Key) certInfo[0].get(X509CertInfo.KEY);
-                        } catch (IOException e) {
-                            // XXX raise exception
-                        } catch (CertificateException e) {
-                            // XXX raise exception
-                        }
-
-                        X509Key key = null;
-
-                        try {
-                            key = (X509Key) certKey.get(CertificateX509Key.KEY);
-                        } catch (IOException e) {
-                            // XXX raise exception
-                        }
-
-                        if (key != null) {
-                            arg.addStringValue("subjectPublicKeyInfo",
-                                    key.getAlgorithm() + " - " + key.getAlgorithmId().getOID().toString());
-                            arg.addStringValue("subjectPublicKey",
-                                    pp.toHexString(key.getKey(), 0, 16));
-                        }
-
-                        // Get the validity period
-                        CertificateValidity validity = null;
-
-                        try {
-                            validity =
-                                    (CertificateValidity)
-                                    certInfo[0].get(X509CertInfo.VALIDITY);
-                            if (validity != null) {
-                                long validityLength = (((Date) validity.get(CertificateValidity.NOT_AFTER)).getTime() -
-                                        ((Date) validity.get(CertificateValidity.NOT_BEFORE)).getTime()) / 1000;
-                                arg.addLongValue("validityLength", validityLength);
-                            }
-                        } catch (IOException e) {
-                            // XXX raise exception
-                        } catch (CertificateException e) {
-                            // XXX raise exception
-                        }
-                    }
-                }
-            }
-
-            if (name.equalsIgnoreCase(IRequest.OLD_SERIALS) && mDetails) {
-                BigInteger oldSerialNo[] = req.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
-
-                if (oldSerialNo != null) {
-                    if (argSet != null) {
-                        for (int i = 0; i < oldSerialNo.length; i++) {
-                            IArgBlock rarg = CMS.createArgBlock();
-
-                            rarg.addBigIntegerValue("serialNumber",
-                                    oldSerialNo[i], 16);
-                            argSet.addRepeatRecord(rarg);
-                        }
-                    }
-                }
-            }
-
-            if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails &&
-                    (req.getRequestStatus() == RequestStatus.COMPLETE ||
-                    req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) {
-                X509CertImpl issuedCert[] =
-                        req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
-
-                arg.addBigIntegerValue("serialNumber", issuedCert[0].getSerialNumber(), 16);
-                // Set Serial No for 2nd certificate
-                if (issuedCert.length == 2)
-                    arg.addBigIntegerValue("serialNumber2", issuedCert[1].getSerialNumber(), 16);
-            }
-            if (name.equalsIgnoreCase(IRequest.OLD_CERTS) && mDetails) {
-                X509CertImpl oldCert[] =
-                        req.getExtDataInCertArray(IRequest.OLD_CERTS);
-
-                if (oldCert != null && oldCert.length > 0) {
-                    arg.addBigIntegerValue("serialNumber", oldCert[0].getSerialNumber(), 16);
-                    arg.addStringValue("subject", oldCert[0].getSubjectDN().toString());
-                    if (req.getRequestType().equals(IRequest.GETCERTS_REQUEST)) {
-                        for (int i = 0; i < oldCert.length; i++) {
-                            IArgBlock rarg = CMS.createArgBlock();
-
-                            rarg.addBigIntegerValue("serialNumber",
-                                    oldCert[i].getSerialNumber(), 16);
-                            argSet.addRepeatRecord(rarg);
-                        }
-                    }
-                }
-            }
-
-            if (name.equalsIgnoreCase(IRequest.CACERTCHAIN) && mDetails) {
-                byte[] certChainData = req.getExtDataInByteArray(
-                        IRequest.CACERTCHAIN);
-                if (certChainData != null) {
-                    CertificateChain certChain = new CertificateChain();
-                    try {
-                        certChain.decode(new ByteArrayInputStream(certChainData));
-
-                        X509Certificate cert[] = certChain.getChain();
-
-                        for (int i = 0; i < cert.length; i++) {
-                            IArgBlock rarg = CMS.createArgBlock();
-
-                            rarg.addBigIntegerValue("serialNumber",
-                                    cert[i].getSerialNumber(), 16);
-                            argSet.addRepeatRecord(rarg);
-                        }
-                    } catch (IOException e) {
-                        // XXX
-                    }
-                }
-            }
-            if (name.equalsIgnoreCase(IRequest.FINGERPRINTS) && mDetails) {
-                Hashtable<String, String> fingerprints =
-                        req.getExtDataInHashtable(IRequest.FINGERPRINTS);
-
-                if (fingerprints != null) {
-                    String namesAndHashes = null;
-                    Enumeration<String> enumFingerprints = fingerprints.keys();
-
-                    while (enumFingerprints.hasMoreElements()) {
-                        String hashname = enumFingerprints.nextElement();
-                        String hashvalue = fingerprints.get(hashname);
-                        byte[] fingerprint = CMS.AtoB(hashvalue);
-                        String ppFingerprint = pp.toHexString(fingerprint, 0);
-
-                        if (hashname != null && ppFingerprint != null) {
-                            if (namesAndHashes != null) {
-                                namesAndHashes += "+" + hashname + "+" + ppFingerprint;
-                            } else {
-                                namesAndHashes = hashname + "+" + ppFingerprint;
-                            }
-                        }
-                    }
-                    if (namesAndHashes != null) {
-                        arg.addStringValue("fingerprints", namesAndHashes);
-                    }
-                }
-            }
-        }
-    }
-
-    /**
-     * print value out nicely in request attributes.
-     */
-    protected String expandValue(String valuename, Object v) {
-        try {
-            String valstr = "";
-
-            // if it's a vector
-            if (v instanceof Vector) {
-                valstr = valuename + "= new Array";
-                int j = 0;
-
-                StringBuffer sb = new StringBuffer();
-                for (@SuppressWarnings("unchecked")
-                Enumeration<String> n = ((Vector<String>) v).elements(); n.hasMoreElements(); j++) {
-                    sb.append(";\n");
-                    sb.append(valuename);
-                    sb.append(LB);
-                    sb.append(j);
-                    sb.append(RB);
-                    sb.append(EQ);
-                    sb.append("\"");
-                    sb.append(
-                            CMSTemplate.escapeJavaScriptStringHTML(
-                                    n.nextElement().toString()));
-                    sb.append("\";\n");
-                }
-                sb.append("\n");
-                valstr = sb.toString();
-                return valstr;
-            }
-
-            // if an array.
-            int len = -1;
-
-            try {
-                len = Array.getLength(v);
-            } catch (IllegalArgumentException e) {
-            }
-            if (len >= 0) { // is an array; access each object in array.
-                valstr = valuename + "= new Array";
-                int i;
-
-                for (i = 0; i < len; i++) {
-                    if (Array.get(v, i) != null)
-                        valstr += ";\n" + valuename + LB + i + RB + EQ + "\"" +
-                                CMSTemplate.escapeJavaScriptStringHTML(
-                                        Array.get(v, i).toString()) + "\";\n";
-                }
-                return valstr;
-            }
-        } catch (Throwable e) {
-        }
-
-        // if string or unrecognized type, just call its toString method.
-        return valuename + "=\"" +
-                CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\"";
-    }
-
-    public String getRequestorDN(IRequest request) {
-        try {
-            X509CertInfo info = request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
-            // retrieve the subject name
-            CertificateSubjectName sn = (CertificateSubjectName)
-                    info.get(X509CertInfo.SUBJECT);
-
-            return sn.toString();
-        } catch (Exception e) {
-            CMS.debug("CertReqParser: getRequestorDN " + e.toString());
-        }
-        return null;
-    }
-
-    public String getKeyID(IRequest request) {
-        try {
-            String kid = null;
-
-            String cid = request.getExtDataInString(IRequest.NETKEY_ATTR_CUID);
-            if (cid == null) {
-                cid = "";
-            }
-            String uid = request.getExtDataInString(IRequest.NETKEY_ATTR_USERID);
-            if (uid == null) {
-                uid = "";
-            }
-            kid = cid + ":" + uid;
-            if (kid.equals(":")) {
-                kid = "";
-            }
-
-            return kid;
-        } catch (Exception e) {
-            CMS.debug("CertReqParser: getKeyID " + e.toString());
-        }
-        return null;
-    }
-
-    private void fillRevokeRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
-            throws EBaseException {
-        // fill in the standard attributes
-        super.fillRequestIntoArg(l, req, argSet, arg);
-
-        arg.addStringValue("certExtsEnabled", "yes");
-        String profile = req.getExtDataInString("profile");
-
-        //CMS.debug("CertReqParser: profile=" + profile);
-        if (profile != null) {
-            arg.addStringValue("profile", profile);
-            String requestorDN = getRequestorDN(req);
-
-            if (requestorDN != null) {
-                arg.addStringValue("subject", requestorDN);
-            }
-        } else {
-            arg.addStringValue("profile", "false");
-            String keyID = getKeyID(req);
-
-            if (keyID != null) {
-                arg.addStringValue("subject", keyID);
-            }
-        }
-
-        int saCounter = 0;
-        Enumeration<String> enum1 = req.getExtDataKeys();
-
-        // gross hack
-        String prefix = "record.";
-
-        if (argSet.getHeader() == arg)
-            prefix = "header.";
-
-        while (enum1.hasMoreElements()) {
-            String name = enum1.nextElement();
-
-            if (mDetails) {
-                // show all http parameters stored in request.
-                if (name.equalsIgnoreCase(IRequest.HTTP_PARAMS)) {
-                    Hashtable<String, String> http_params = req.getExtDataInHashtable(name);
-                    // show certType specially
-                    String certType = http_params.get(IRequest.CERT_TYPE);
-
-                    if (certType != null) {
-                        arg.addStringValue(IRequest.CERT_TYPE, certType);
-                    }
-                    // show all http parameters in request
-                    int counter = 0;
-                    Enumeration<String> elms = http_params.keys();
-
-                    while (elms.hasMoreElements()) {
-                        String parami =
-                                IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB;
-                        // hack
-                        String n = elms.nextElement();
-                        String rawJS = "new Object;\n\r" +
-                                prefix + parami + ".name=\"" +
-                                CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
-                                prefix + parami + ".value=\"" +
-                                CMSTemplate.escapeJavaScriptStringHTML(
-                                        http_params.get(n).toString()) + "\"";
-
-                        arg.set(parami, new RawJS(rawJS));
-                    }
-                } // show all http headers stored in request.
-                else if (name.equalsIgnoreCase(IRequest.HTTP_HEADERS)) {
-                    Hashtable<String, String> http_hdrs = req.getExtDataInHashtable(name);
-                    Enumeration<String> elms = http_hdrs.keys();
-                    int counter = 0;
-
-                    while (elms.hasMoreElements()) {
-                        String parami =
-                                IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB;
-                        // hack
-                        String n = elms.nextElement();
-                        String rawJS = "new Object;\n\r" +
-                                prefix + parami + ".name=\"" +
-                                CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
-                                prefix + parami + ".value=\"" +
-                                CMSTemplate.escapeJavaScriptStringHTML(
-                                        http_hdrs.get(n).toString()) + "\"";
-
-                        arg.set(parami, new RawJS(rawJS));
-                    }
-                } // show all auth token stored in request.
-                else if (name.equalsIgnoreCase(IRequest.AUTH_TOKEN)) {
-                    IAuthToken auth_token = req.getExtDataInAuthToken(name);
-                    Enumeration<String> elms = auth_token.getElements();
-                    int counter = 0;
-
-                    while (elms.hasMoreElements()) {
-                        String parami =
-                                IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB;
-                        // hack
-                        String n = elms.nextElement();
-                        String v =
-                                expandValue(prefix + parami + ".value",
-                                        auth_token.getInString(n));
-                        String rawJS = "new Object;\n\r" +
-                                prefix + parami + ".name=\"" +
-                                CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v;
-
-                        arg.set(parami, new RawJS(rawJS));
-                    }
-                } // all others are request attrs from policy or internal modules.
-                else {
-                    Object val;
-                    if (req.isSimpleExtDataValue(name)) {
-                        val = req.getExtDataInString(name);
-                    } else {
-                        val = req.getExtDataInStringArray(name);
-                        if (val == null) {
-                            val = req.getExtDataInHashtable(name);
-                        }
-                    }
-                    String valstr = "";
-                    // hack
-                    String parami =
-                            IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB;
-
-                    valstr = expandValue(prefix + parami + ".value", val);
-                    String rawJS = "new Object;\n\r" +
-                            prefix + parami + ".name=\"" +
-                            CMSTemplate.escapeJavaScriptString(name) + "\";\n" +
-                            valstr; // java string already escaped in expandValue.
-
-                    arg.set(parami, new RawJS(rawJS));
-                }
-            }
-
-            if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE)
-                    || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL)
-                    || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS)
-                    || name.equalsIgnoreCase(IRequest.RESULT)
-                    || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) {
-                arg.addStringValue(name, req.getExtDataInString(name));
-            }
-
-            if (name.equalsIgnoreCase(IRequest.REQUESTOR_NAME)) {
-                String requestorName = req.getExtDataInString(name);
-
-                requestorName = requestorName.trim();
-                if (requestorName.length() > 0) {
-                    arg.addStringValue(name, requestorName);
-                }
-            }
-
-            if (name.equalsIgnoreCase(IRequest.ERRORS)) {
-                Vector<String> errorsVector = req.getExtDataInStringVector(name);
-                if (errorsVector != null) {
-                    StringBuffer errInfo = new StringBuffer();
-
-                    for (int i = 0; i < errorsVector.size(); i++) {
-                        errInfo.append(errorsVector.elementAt(i));
-                        errInfo.append("\n");
-                    }
-                    arg.addStringValue(IRequest.ERRORS, errInfo.toString());
-                }
-            }
-            if (name.equalsIgnoreCase(IRequest.ERROR)) {
-                arg.addStringValue(IRequest.ERRORS, req.getExtDataInString(name));
-            }
-
-            if (name.equalsIgnoreCase(IRequest.CERT_INFO)) {
-                // Get the certificate info from the request
-                RevokedCertImpl revokedCert[] = req.getExtDataInRevokedCertArray(IRequest.CERT_INFO);
-
-                if (mDetails && revokedCert != null) {
-                    if (argSet != null) {
-                        for (int i = 0; i < revokedCert.length; i++) {
-                            IArgBlock rarg = CMS.createArgBlock();
-
-                            rarg.addBigIntegerValue("serialNumber",
-                                    revokedCert[i].getSerialNumber(), 16);
-
-                            CRLExtensions crlExtensions = revokedCert[i].getExtensions();
-
-                            if (crlExtensions != null) {
-                                for (int k = 0; k < crlExtensions.size(); k++) {
-                                    Extension ext = crlExtensions.elementAt(k);
-
-                                    if (ext instanceof CRLReasonExtension) {
-                                        rarg.addStringValue("reason",
-                                                ((CRLReasonExtension) ext).getReason().toString());
-                                    }
-                                }
-                            } else {
-                                rarg.addStringValue("reason",
-                                        RevocationReason.UNSPECIFIED.toString());
-                            }
-
-                            argSet.addRepeatRecord(rarg);
-                        }
-                    } else {
-                        arg.addBigIntegerValue("serialNumber",
-                                revokedCert[0].getSerialNumber(), 16);
-                    }
-                }
-            }
-
-            if (name.equalsIgnoreCase(IRequest.OLD_SERIALS) && mDetails) {
-                BigInteger oldSerialNo[] = req.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
-
-                if (oldSerialNo != null) {
-                    if (argSet != null) {
-                        for (int i = 0; i < oldSerialNo.length; i++) {
-                            IArgBlock rarg = CMS.createArgBlock();
-
-                            rarg.addBigIntegerValue("serialNumber",
-                                    oldSerialNo[i], 16);
-                            argSet.addRepeatRecord(rarg);
-                        }
-                    }
-                }
-            }
-
-            if (name.equalsIgnoreCase(IRequest.OLD_CERTS) && mDetails) {
-                //X509CertImpl oldCert[] =
-                //	(X509CertImpl[])req.get(IRequest.OLD_CERTS);
-                Certificate oldCert[] =
-                        req.getExtDataInCertArray(IRequest.OLD_CERTS);
-
-                if (oldCert != null && oldCert.length > 0) {
-                    if (oldCert[0] instanceof X509CertImpl) {
-                        X509CertImpl xcert = (X509CertImpl) oldCert[0];
-
-                        arg.addBigIntegerValue("serialNumber", xcert.getSerialNumber(), 16);
-                        arg.addStringValue("subject", xcert.getSubjectDN().toString());
-                        if (req.getRequestType().equals(IRequest.GETCERTS_REQUEST)) {
-                            for (int i = 0; i < oldCert.length; i++) {
-                                IArgBlock rarg = CMS.createArgBlock();
-
-                                xcert = (X509CertImpl) oldCert[i];
-                                rarg.addBigIntegerValue("serialNumber",
-                                        xcert.getSerialNumber(), 16);
-                                argSet.addRepeatRecord(rarg);
-                            }
-                        }
-                    }
-                }
-            }
-
-            if (name.equalsIgnoreCase(IRequest.REVOKED_CERTS) && mDetails &&
-                    req.getRequestType().equals("getRevocationInfo")) {
-                RevokedCertImpl revokedCert[] =
-                        req.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS);
-
-                if (revokedCert != null && revokedCert[0] != null) {
-                    boolean reasonFound = false;
-                    CRLExtensions crlExtensions = revokedCert[0].getExtensions();
-
-                    for (int k = 0; k < crlExtensions.size(); k++) {
-                        Extension ext = crlExtensions.elementAt(k);
-
-                        if (ext instanceof CRLReasonExtension) {
-                            arg.addStringValue("reason",
-                                    ((CRLReasonExtension) ext).getReason().toString());
-                            reasonFound = true;
-                        }
-                    }
-                    if (reasonFound == false) {
-                        arg.addStringValue("reason", "unknown");
-                    }
-                }
-            }
-        }
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/request/CertRequestService.java b/base/common/src/com/netscape/cms/servlet/request/CertRequestService.java
deleted file mode 100644
index dd3065427..000000000
--- a/base/common/src/com/netscape/cms/servlet/request/CertRequestService.java
+++ /dev/null
@@ -1,368 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2011 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-
-package com.netscape.cms.servlet.request;
-
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Request;
-import javax.ws.rs.core.UriInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.EAuthException;
-import com.netscape.certsrv.authorization.EAuthzException;
-import com.netscape.certsrv.base.BadRequestDataException;
-import com.netscape.certsrv.base.BadRequestException;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.base.UnauthorizedException;
-import com.netscape.certsrv.cert.CertEnrollmentRequest;
-import com.netscape.certsrv.cert.CertRequestInfo;
-import com.netscape.certsrv.cert.CertRequestInfos;
-import com.netscape.certsrv.cert.CertRequestResource;
-import com.netscape.certsrv.cert.CertReviewResponse;
-import com.netscape.certsrv.profile.EDeferException;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ERejectException;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.profile.IProfileSubsystem;
-import com.netscape.certsrv.profile.ProfileAttribute;
-import com.netscape.certsrv.profile.ProfileDataInfo;
-import com.netscape.certsrv.profile.ProfileDataInfos;
-import com.netscape.certsrv.profile.ProfileInput;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestNotFoundException;
-import com.netscape.cms.servlet.base.PKIService;
-import com.netscape.cms.servlet.cert.CertRequestDAO;
-import com.netscape.cms.servlet.profile.ProfileService;
-import com.netscape.cmsutil.ldap.LDAPUtil;
-
-/**
- * @author alee
- *
- */
-public class CertRequestService extends PKIService implements CertRequestResource {
-
-    @Context
-    private UriInfo uriInfo;
-
-    @Context
-    private HttpHeaders headers;
-
-    @Context
-    private Request request;
-
-    @Context
-    private HttpServletRequest servletRequest;
-
-    public static final int DEFAULT_START = 0;
-    public static final int DEFAULT_PAGESIZE = 20;
-    public static final int DEFAULT_MAXRESULTS = 100;
-    public static final int DEFAULT_MAXTIME = 10;
-
-    /**
-     * Used to retrieve key request info for a specific request
-     */
-    public CertRequestInfo getRequestInfo(RequestId id) {
-        // auth and authz
-        CertRequestInfo info;
-
-        CertRequestDAO dao = new CertRequestDAO();
-        try {
-            info = dao.getRequest(id, uriInfo);
-        } catch (EBaseException e) {
-            // log error
-            e.printStackTrace();
-            throw new PKIException("Error getting Cert request info!");
-        }
-
-        if (info == null) {
-            // request does not exist
-            throw new RequestNotFoundException(id);
-        }
-
-        return info;
-    }
-
-    // Enrollment - used to test integration with a browser
-    public CertRequestInfos enrollCert(MultivaluedMap<String, String> form) {
-        CertEnrollmentRequest data = new CertEnrollmentRequest(form);
-        return enrollCert(data);
-    }
-
-    public CertRequestInfos enrollCert(CertEnrollmentRequest data) {
-        CertRequestInfos infos;
-        if (data == null) {
-            throw new BadRequestException("Bad data input into CertRequestResourceService.enrollCert!");
-        }
-        CertRequestDAO dao = new CertRequestDAO();
-
-        try {
-            infos = dao.submitRequest(data, servletRequest, uriInfo, getLocale(headers));
-        } catch (EAuthException e) {
-            CMS.debug("enrollCert: authentication failed: " + e);
-            throw new UnauthorizedException(e.toString());
-        } catch (EAuthzException e) {
-            CMS.debug("enrollCert: authorization failed: " + e);
-            throw new UnauthorizedException(e.toString());
-        } catch (BadRequestDataException e) {
-            CMS.debug("enrollCert: bad request data: " + e);
-            throw new BadRequestException(e.toString());
-        } catch (EBaseException e) {
-            throw new PKIException(e.toString());
-        }
-
-        return infos;
-    }
-
-    public void approveRequest(RequestId id, CertReviewResponse data) {
-        changeRequestState(id, data, "approve");
-    }
-
-    public void rejectRequest(RequestId id, CertReviewResponse data) {
-        changeRequestState(id, data, "reject");
-    }
-
-    public void cancelRequest(RequestId id, CertReviewResponse data) {
-        changeRequestState(id, data, "cancel");
-    }
-
-    public void updateRequest(RequestId id, CertReviewResponse data) {
-        changeRequestState(id, data, "update");
-    }
-
-    public void validateRequest(RequestId id, CertReviewResponse data) {
-        changeRequestState(id, data, "validate");
-    }
-
-    public void unassignRequest(RequestId id, CertReviewResponse data) {
-        changeRequestState(id, data, "unassign");
-    }
-
-    public void assignRequest(RequestId id, CertReviewResponse data) {
-        changeRequestState(id, data, "assign");
-    }
-
-    public void changeRequestState(RequestId id, CertReviewResponse data, String op) {
-        if (id == null) {
-            throw new BadRequestException("Bad data input in CertRequestResourceService. op:" + op);
-        }
-        CertRequestDAO dao = new CertRequestDAO();
-        try {
-            dao.changeRequestState(id, servletRequest, data, getLocale(headers), op);
-        } catch (ERejectException e) {
-            CMS.debug("changeRequestState: execution rejected " + e);
-            throw new BadRequestException(CMS.getUserMessage(getLocale(headers), "CMS_PROFILE_REJECTED", e.toString()));
-        } catch (EDeferException e) {
-            CMS.debug("changeRequestState: execution defered " + e);
-            // TODO do we throw an exception here?
-            throw new BadRequestException(CMS.getUserMessage(getLocale(headers), "CMS_PROFILE_DEFERRED", e.toString()));
-        } catch (BadRequestDataException e) {
-            CMS.debug("changeRequestState: bad request data: " + e);
-            throw new BadRequestException(e.toString());
-        } catch (EPropertyException e) {
-            CMS.debug("changeRequestState: execution error " + e);
-            throw new PKIException(CMS.getUserMessage(getLocale(headers),
-                    "CMS_PROFILE_PROPERTY_ERROR", e.toString()));
-        } catch (EProfileException e) {
-            CMS.debug("ProfileProcessServlet: execution error " + e);
-            throw new PKIException(CMS.getUserMessage(getLocale(headers), "CMS_INTERNAL_ERROR"));
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            throw new PKIException("Problem approving request in CertRequestResource.assignRequest! " + e);
-        } catch (RequestNotFoundException e) {
-            CMS.debug(e);
-            throw new BadRequestException(CMS.getUserMessage(getLocale(headers), "CMS_REQUEST_NOT_FOUND", id.toString()));
-        }
-    }
-
-    public CertReviewResponse reviewRequest(@PathParam("id") RequestId id) {
-     // auth and authz
-        CertReviewResponse info;
-
-        CertRequestDAO dao = new CertRequestDAO();
-        try {
-            info = dao.reviewRequest(servletRequest, id, uriInfo, getLocale(headers));
-        } catch (EBaseException e) {
-            // log error
-            e.printStackTrace();
-            throw new PKIException("Error getting Cert request info!");
-        }
-
-        if (info == null) {
-            // request does not exist
-            throw new RequestNotFoundException(id);
-        }
-
-        return info;
-    }
-
-    /**
-     * Used to generate list of cert requests based on the search parameters
-     */
-    public CertRequestInfos listRequests(String requestState, String requestType,
-            RequestId start, Integer pageSize, Integer maxResults, Integer maxTime) {
-        // auth and authz
-
-        // get ldap filter
-        String filter = createSearchFilter(requestState, requestType);
-        CMS.debug("listRequests: filter is " + filter);
-
-        start = start == null ? new RequestId(CertRequestService.DEFAULT_START) : start;
-        pageSize = pageSize == null ? DEFAULT_PAGESIZE : pageSize;
-        maxResults = maxResults == null ? DEFAULT_MAXRESULTS : maxResults;
-        maxTime = maxTime == null ? DEFAULT_MAXTIME : maxTime;
-
-        CertRequestDAO reqDAO = new CertRequestDAO();
-        CertRequestInfos requests;
-        try {
-            requests =  reqDAO.listRequests(filter, start, pageSize, maxResults, maxTime, uriInfo);
-        } catch (EBaseException e) {
-            CMS.debug("listRequests: error in obtaining request results" + e);
-            e.printStackTrace();
-            throw new PKIException("Error listing cert requests!");
-        }
-        return requests;
-    }
-
-    private String createSearchFilter(String requestState, String requestType) {
-        String filter = "";
-        int matches = 0;
-
-        if ((requestState == null) && (requestType == null)) {
-            filter = "(requeststate=*)";
-            return filter;
-        }
-
-        if (requestState != null) {
-            filter += "(requeststate=" + LDAPUtil.escapeFilter(requestState) + ")";
-            matches++;
-        }
-
-        if (requestType != null) {
-            filter += "(requesttype=" + LDAPUtil.escapeFilter(requestType) + ")";
-            matches++;
-        }
-
-        if (matches > 1) {
-            filter = "(&" + filter + ")";
-        }
-
-        return filter;
-    }
-
-    @Override
-    public CertEnrollmentRequest getEnrollmentTemplate(String profileId) {
-        IProfileSubsystem ps = (IProfileSubsystem) CMS.getSubsystem(IProfileSubsystem.ID);
-        if (ps == null) {
-            CMS.debug("getEnrollmentTemplate: ps is null");
-            throw new PKIException("Error modifying profile state.  Profile Service not available");
-        }
-
-        if (profileId == null) {
-            CMS.debug("getEnrollmenTemplate: invalid request. profileId is null");
-            throw new BadRequestException("Invalid ProfileId");
-        }
-
-        IProfile profile = null;
-        try {
-            profile = ps.getProfile(profileId);
-            if (profile == null) {
-                throw new BadRequestException("Cannot provide enrollment template for profile `" + profileId +
-                        "`.  Profile not found");
-            }
-        } catch (EBaseException e) {
-            CMS.debug("getEnrollmentTemplate(): error obtaining profile `" + profileId + "`: " + e);
-            e.printStackTrace();
-            throw new PKIException("Error generating enrollment template.  Cannot obtain profile.");
-        }
-
-        if (! profile.isVisible()) {
-            CMS.debug("getEnrollmentTemplate(): attempt to get enrollment template for non-visible profile");
-            throw new BadRequestException("Cannot provide enrollment template for profile `" + profileId +
-                        "`.  Profile not marked as visible");
-        }
-
-        CertEnrollmentRequest request = new CertEnrollmentRequest();
-        request.setProfileId(profileId);
-        request.setRenewal(Boolean.parseBoolean(profile.isRenewal()));
-        request.setRemoteAddr("");
-        request.setRemoteHost("");
-        request.setSerialNum("");
-
-        // populate inputs
-        Enumeration<String> inputIds = profile.getProfileInputIds();
-        while (inputIds.hasMoreElements()) {
-            String id = inputIds.nextElement();
-            try {
-                ProfileInput input = ProfileService.createProfileInput(profile, id, getLocale(headers));
-                for (ProfileAttribute attr: input.getAttrs()) {
-                    attr.setValue("");
-                }
-                request.addInput(input);
-            } catch (EBaseException e) {
-                CMS.debug("getEnrollmentTemplate(): Failed to add input " + id + " to request template: " + e);
-                e.printStackTrace();
-                throw new PKIException("Failed to add input" + id + "to request template");
-            }
-        }
-
-        return request;
-    }
-
-    @Override
-    public ProfileDataInfos listEnrollmentTemplates() {
-        IProfileSubsystem ps = (IProfileSubsystem) CMS.getSubsystem(IProfileSubsystem.ID);
-        List<ProfileDataInfo> list = new ArrayList<ProfileDataInfo>();
-        ProfileDataInfos infos = new ProfileDataInfos();
-        boolean visibleOnly = true;
-
-        if (ps == null) {
-            return null;
-        }
-
-        Enumeration<String> profileIds = ps.getProfileIds();
-        if (profileIds != null) {
-            while (profileIds.hasMoreElements()) {
-                String id = profileIds.nextElement();
-                ProfileDataInfo info = null;
-                try {
-                    info = ProfileService.createProfileDataInfo(id, visibleOnly, uriInfo, getLocale(headers));
-                } catch (EBaseException e) {
-                    continue;
-                }
-
-                if (info != null) {
-                    list.add(info);
-                }
-            }
-        }
-
-        infos.setProfileInfos(list);
-        return infos;
-    }
-
-}
diff --git a/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java b/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
deleted file mode 100644
index 246cefd8c..000000000
--- a/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
+++ /dev/null
@@ -1,618 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.X509Certificate;
-import java.util.Locale;
-import java.util.StringTokenizer;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.pkcs.PKCS7;
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertImpl;
-
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.asn1.ASN1Util;
-import org.mozilla.jss.asn1.INTEGER;
-import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
-import org.mozilla.jss.asn1.OCTET_STRING;
-import org.mozilla.jss.asn1.SEQUENCE;
-import org.mozilla.jss.asn1.SET;
-import org.mozilla.jss.crypto.DigestAlgorithm;
-import org.mozilla.jss.crypto.SignatureAlgorithm;
-import org.mozilla.jss.pkix.cmc.CMCStatusInfo;
-import org.mozilla.jss.pkix.cmc.PKIData;
-import org.mozilla.jss.pkix.cmc.ResponseBody;
-import org.mozilla.jss.pkix.cmc.TaggedAttribute;
-import org.mozilla.jss.pkix.cms.EncapsulatedContentInfo;
-import org.mozilla.jss.pkix.cms.IssuerAndSerialNumber;
-import org.mozilla.jss.pkix.cms.SignedData;
-import org.mozilla.jss.pkix.cms.SignerIdentifier;
-import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier;
-import org.mozilla.jss.pkix.primitive.Name;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Check the status of a certificate request
- *
- * @version $Revision$, $Date$
- */
-public class CheckRequest extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 2791195859767119636L;
-    // constants
-    public static String FULL_RESPONSE = "cmcFullEnrollmentResponse";
-    private final static String REQ_ID = "requestId";
-    private final static String STATUS = "status";
-    private final static String CREATE_ON = "createdOn";
-    private final static String UPDATE_ON = "updatedOn";
-
-    private final static String TPL_FILE = "requestStatus.template";
-
-    // variables
-    private IRequestQueue mQueue = null;
-    private String mFormPath = null;
-    private String mAuthorityId = null;
-
-    public CMSRequest newCMSRequest() {
-        return new CMSRequest();
-    }
-
-    /**
-     * Constructs request query servlet.
-     */
-    public CheckRequest()
-            throws EBaseException {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * "requestStatus.template" to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mQueue = mAuthority.getRequestQueue();
-        mAuthorityId = mAuthority.getId();
-        mFormPath = "/" + mAuthorityId + "/" + TPL_FILE;
-
-        mTemplates.remove(ICMSRequest.SUCCESS);
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param requestId ID of the request to check
-     * <li>http.param format if 'id', then check the request based on the request ID parameter. If set to CMC, then use
-     * the 'queryPending' parameter.
-     * <li>http.param queryPending query formatted as a CMC request
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        CMS.debug("checkRequest: in process!");
-        SET transIds = null, sNonces = null;
-        boolean isCMCReq = false;
-        INTEGER bodyPartId = null;
-
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "read");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        // Note error is covered in the same template as success.
-        EBaseException error = null;
-
-        String requestId = req.getParameter("requestId");
-        String format = req.getParameter("format");
-
-        CMS.debug("checkRequest: requestId " + requestId);
-
-        // They may check the status using CMC queryPending
-        String queryPending = req.getParameter("queryPending");
-
-        if (format != null && format.equals("cmc") && queryPending != null && !queryPending.equals("")) {
-            try {
-                isCMCReq = true;
-                byte[] cmcBlob = CMS.AtoB(queryPending);
-                ByteArrayInputStream cmcBlobIn =
-                        new ByteArrayInputStream(cmcBlob);
-
-                org.mozilla.jss.pkix.cms.ContentInfo cii = (org.mozilla.jss.pkix.cms.ContentInfo)
-                        org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
-                SignedData cmcFullReq = (SignedData)
-                        cii.getInterpretedContent();
-
-                EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
-
-                OBJECT_IDENTIFIER id = ci.getContentType();
-
-                if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || !ci.hasContent()) {
-                    throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_PKIDATA"));
-                }
-                OCTET_STRING content = ci.getContent();
-                ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray());
-                PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s);
-
-                SEQUENCE controlSequence = pkiData.getControlSequence();
-                int numControls = controlSequence.size();
-
-                for (int i = 0; i < numControls; i++) {
-                    // decode message.
-                    TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence.elementAt(i);
-                    OBJECT_IDENTIFIER type = taggedAttr.getType();
-
-                    if (type.equals(OBJECT_IDENTIFIER.id_cmc_QueryPending)) {
-                        bodyPartId = taggedAttr.getBodyPartID();
-                        SET requestIds = taggedAttr.getValues();
-                        int numReq = requestIds.size();
-
-                        // We only process one for now.
-                        if (numReq > 0) {
-                            OCTET_STRING reqId = (OCTET_STRING)
-                                    ASN1Util.decode(OCTET_STRING.getTemplate(),
-                                            ASN1Util.encode(requestIds.elementAt(0)));
-
-                            requestId = new String(reqId.toByteArray());
-                        }
-                    } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_transactionId)) {
-                        transIds = taggedAttr.getValues();
-                    } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) {
-                        // recipient nonce
-                    } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
-                        sNonces = taggedAttr.getValues();
-                    }
-                }
-            } catch (Exception e) {
-                error = new EBaseException(e.toString());
-            }
-        }
-
-        IArgBlock httpParams = cmsReq.getHttpParams();
-        boolean importCert = httpParams.getValueAsBoolean("importCert",
-                false);
-        // xxx need to check why this is not available at startup
-        X509Certificate mCACerts[] = null;
-
-        try {
-            mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain();
-        } catch (Exception e) {
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE"));
-        }
-
-        if (requestId == null || requestId.trim().equals("")) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED"));
-            throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_REQUEST_ID_PROVIDED"));
-        }
-        try {
-            new BigInteger(requestId);
-        } catch (NumberFormatException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId));
-            throw new EBaseException(
-                    CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
-        }
-
-        IRequest r = mQueue.findRequest(new RequestId(requestId));
-
-        if (r == null) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND_1", requestId));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
-        }
-
-        if (authToken != null) {
-            // if RA, requestOwner must match the group
-            String group = authToken.getInString("group");
-            if ((group != null) && (group != "")) {
-                if (group.equals("Registration Manager Agents")) {
-                    boolean groupMatched = false;
-                    String requestOwner = r.getExtDataInString("requestOwner");
-                    if (requestOwner != null) {
-                        if (requestOwner.equals(group))
-                            groupMatched = true;
-                    }
-                    if (groupMatched == false) {
-                        log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId.toString()));
-                        throw new EBaseException(
-                                CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
-                    }
-                }
-            }
-        }
-
-        RequestStatus status = r.getRequestStatus();
-        String note = r.getExtDataInString("requestNotes");
-
-        header.addStringValue("authority", mAuthorityId);
-        header.addStringValue(REQ_ID, r.getRequestId().toString());
-        header.addStringValue(STATUS, status.toString());
-        header.addLongValue(CREATE_ON, r.getCreationTime().getTime() / 1000);
-        header.addLongValue(UPDATE_ON, r.getModificationTime().getTime() / 1000);
-        if (note != null && note.length() > 0)
-            header.addStringValue("requestNotes", note);
-
-        String type = r.getRequestType();
-        Integer result = r.getExtDataInInteger(IRequest.RESULT);
-
-        /*        if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") != null) && status.equals(RequestStatus.COMPLETE)) {
-                    X509CertImpl cert = (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT);
-                    IArgBlock rarg = CMS.createArgBlock();
-
-                    rarg.addBigIntegerValue("serialNumber",
-                        cert.getSerialNumber(), 16);
-                    argSet.addRepeatRecord(rarg);
-                }
-        */
-        String profileId = r.getExtDataInString("profileId");
-        if (profileId != null) {
-            result = IRequest.RES_SUCCESS;
-        }
-        if ((type != null) && (type.equals(IRequest.ENROLLMENT_REQUEST) ||
-                type.equals(IRequest.RENEWAL_REQUEST)) && (status != null) &&
-                status.equals(RequestStatus.COMPLETE) && (result != null) &&
-                result.equals(IRequest.RES_SUCCESS)) {
-            Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
-
-            if (profileId != null) {
-                X509CertImpl impl[] = new X509CertImpl[1];
-                impl[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
-                o = impl;
-            }
-            if (o != null && (o instanceof X509CertImpl[])) {
-                X509CertImpl[] certs = (X509CertImpl[]) o;
-
-                if (certs != null && certs.length > 0) {
-                    for (int i = 0; i < certs.length; i++) {
-                        if (certs[i] != null) {
-                            IArgBlock rarg = CMS.createArgBlock();
-
-                            rarg.addBigIntegerValue("serialNumber",
-                                    certs[i].getSerialNumber(), 16);
-                            // add pkcs7 cert for importing
-                            if (importCert || isCMCReq) {
-                                //byte[] ba = certs[i].getEncoded();
-                                X509CertImpl[] certsInChain = new X509CertImpl[1];
-                                ;
-                                if (mCACerts != null) {
-                                    for (int ii = 0; ii < mCACerts.length; ii++) {
-                                        if (certs[i].equals(mCACerts[ii])) {
-                                            certsInChain = new
-                                                    X509CertImpl[mCACerts.length];
-                                            break;
-                                        }
-                                        certsInChain = new X509CertImpl[mCACerts.length + 1];
-                                    }
-                                }
-
-                                // Set the EE cert
-                                certsInChain[0] = certs[i];
-
-                                // Set the Ca certificate chain
-                                if (mCACerts != null) {
-                                    for (int ii = 0; ii < mCACerts.length; ii++) {
-                                        if (!certs[i].equals(mCACerts[ii]))
-                                            certsInChain[ii + 1] = (X509CertImpl) mCACerts[ii];
-                                    }
-                                }
-                                // Wrap the chain into a degenerate P7 object
-                                String p7Str;
-
-                                try {
-                                    PKCS7 p7 = new PKCS7(new AlgorithmId[0],
-                                            new netscape.security.pkcs.ContentInfo(new byte[0]),
-                                            certsInChain,
-                                            new netscape.security.pkcs.SignerInfo[0]);
-                                    ByteArrayOutputStream bos = new ByteArrayOutputStream();
-
-                                    p7.encodeSignedData(bos);
-                                    byte[] p7Bytes = bos.toByteArray();
-
-                                    p7Str = CMS.BtoA(p7Bytes);
-
-                                    StringTokenizer tokenizer = null;
-
-                                    if (File.separator.equals("\\")) {
-                                        char[] nl = new char[2];
-
-                                        nl[0] = 10;
-                                        nl[1] = 13;
-                                        String nlstr = new String(nl);
-
-                                        tokenizer = new StringTokenizer(p7Str, nlstr);
-                                    } else
-                                        tokenizer = new StringTokenizer(p7Str, "\n");
-                                    StringBuffer res = new StringBuffer();
-
-                                    while (tokenizer.hasMoreTokens()) {
-                                        String elem = tokenizer.nextToken();
-
-                                        res.append(elem);
-                                    }
-
-                                    header.addStringValue("pkcs7ChainBase64", res.toString());
-
-                                    // compose full response
-                                    if (isCMCReq) {
-                                        SEQUENCE controlSeq = new SEQUENCE();
-                                        int bpid = 1;
-                                        SEQUENCE bpids = new SEQUENCE();
-
-                                        if (bodyPartId != null)
-                                            bpids.addElement(bodyPartId);
-                                        CMCStatusInfo cmcStatusInfo = new
-                                                CMCStatusInfo(CMCStatusInfo.SUCCESS, bpids);
-                                        TaggedAttribute ta = new TaggedAttribute(new
-                                                INTEGER(bpid++),
-                                                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
-                                                cmcStatusInfo);
-
-                                        controlSeq.addElement(ta);
-
-                                        // copy transactionID, senderNonce,
-                                        // create recipientNonce
-                                        if (transIds != null) {
-                                            ta = new TaggedAttribute(new
-                                                        INTEGER(bpid++),
-                                                        OBJECT_IDENTIFIER.id_cmc_transactionId,
-                                                        transIds);
-                                            controlSeq.addElement(ta);
-                                        }
-
-                                        if (sNonces != null) {
-                                            ta = new TaggedAttribute(new
-                                                        INTEGER(bpid++),
-                                                        OBJECT_IDENTIFIER.id_cmc_recipientNonce,
-                                                        sNonces);
-                                            controlSeq.addElement(ta);
-                                        }
-
-                                        String salt = CMSServlet.generateSalt();
-                                        byte[] dig;
-
-                                        try {
-                                            MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1");
-
-                                            dig = SHA1Digest.digest(salt.getBytes());
-                                        } catch (NoSuchAlgorithmException ex) {
-                                            dig = salt.getBytes();
-                                        }
-                                        String b64E = CMS.BtoA(dig);
-                                        String[] newNonce = { b64E };
-
-                                        ta = new TaggedAttribute(new
-                                                    INTEGER(bpid++),
-                                                    OBJECT_IDENTIFIER.id_cmc_senderNonce,
-                                                    new OCTET_STRING(newNonce[0].getBytes()));
-                                        controlSeq.addElement(ta);
-
-                                        ResponseBody rb = new ResponseBody(controlSeq, new
-                                                SEQUENCE(), new
-                                                SEQUENCE());
-                                        EncapsulatedContentInfo ci = new
-                                                EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse,
-                                                        rb);
-
-                                        org.mozilla.jss.crypto.X509Certificate x509cert = null;
-
-                                        if (mAuthority instanceof ICertificateAuthority) {
-                                            x509cert = ((ICertificateAuthority) mAuthority).getCaX509Cert();
-                                        } else if (mAuthority instanceof IRegistrationAuthority) {
-                                            x509cert = ((IRegistrationAuthority) mAuthority).getRACert();
-                                        }
-                                        if (x509cert == null)
-                                            throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR",
-                                                    "No signing cert found."));
-
-                                        X509CertImpl cert = new X509CertImpl(x509cert.getEncoded());
-                                        ByteArrayInputStream issuer1 = new
-                                                ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded());
-                                        Name issuer = (Name) Name.getTemplate().decode(issuer1);
-                                        IssuerAndSerialNumber ias =
-                                                new
-                                                IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber()
-                                                        .toString()));
-                                        SignerIdentifier si = new
-                                                SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
-
-                                        // SHA1 is the default digest Alg for now.
-                                        DigestAlgorithm digestAlg = null;
-                                        SignatureAlgorithm signAlg = null;
-                                        org.mozilla.jss.crypto.PrivateKey privKey =
-                                                CryptoManager.getInstance().findPrivKeyByCert(x509cert);
-                                        org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType();
-
-                                        if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA))
-                                            signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest;
-                                        else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA))
-                                            signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest;
-                                        MessageDigest SHADigest = null;
-                                        byte[] digest = null;
-
-                                        try {
-                                            SHADigest = MessageDigest.getInstance("SHA1");
-                                            digestAlg = DigestAlgorithm.SHA1;
-                                            ByteArrayOutputStream ostream = new ByteArrayOutputStream();
-
-                                            rb.encode(ostream);
-                                            digest = SHADigest.digest(ostream.toByteArray());
-                                        } catch (NoSuchAlgorithmException ex) {
-                                            //log("digest fail");
-                                        }
-
-                                        org.mozilla.jss.pkix.cms.SignerInfo signInfo = new
-                                                org.mozilla.jss.pkix.cms.SignerInfo(si, null, null,
-                                                        OBJECT_IDENTIFIER.id_cct_PKIResponse,
-                                                        digest, signAlg,
-                                                        privKey);
-                                        SET signInfos = new SET();
-
-                                        signInfos.addElement(signInfo);
-
-                                        SET digestAlgs = new SET();
-
-                                        if (digestAlg != null) {
-                                            AlgorithmIdentifier ai = new
-                                                    AlgorithmIdentifier(digestAlg.toOID(),
-                                                            null);
-
-                                            digestAlgs.addElement(ai);
-                                        }
-
-                                        SET jsscerts = new SET();
-
-                                        for (int j = 0; j < certsInChain.length; j++) {
-                                            ByteArrayInputStream is = new
-                                                    ByteArrayInputStream(certsInChain[j].getEncoded());
-                                            org.mozilla.jss.pkix.cert.Certificate certJss =
-                                                    (org.mozilla.jss.pkix.cert.Certificate)
-                                                    org.mozilla.jss.pkix.cert.Certificate.getTemplate().decode(is);
-
-                                            jsscerts.addElement(certJss);
-                                        }
-
-                                        SignedData fResponse = new
-                                                SignedData(digestAlgs, ci,
-                                                        jsscerts, null, signInfos);
-                                        org.mozilla.jss.pkix.cms.ContentInfo fullResponse =
-                                                new
-                                                org.mozilla.jss.pkix.cms.ContentInfo(
-                                                        org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse);
-                                        ByteArrayOutputStream ostream = new
-                                                ByteArrayOutputStream();
-
-                                        fullResponse.encode(ostream);
-                                        byte[] fr = ostream.toByteArray();
-
-                                        header.addStringValue(FULL_RESPONSE, CMS.BtoA(fr));
-                                    }
-                                } catch (Exception e) {
-                                    e.printStackTrace();
-                                    log(ILogger.LL_FAILURE,
-                                            CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString()));
-                                    throw new ECMSGWException(
-                                            CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
-                                }
-                            }
-                            argSet.addRepeatRecord(rarg);
-                        }
-                    }
-                }
-            }
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            if (error == null) {
-                String xmlOutput = req.getParameter("xml");
-                if (xmlOutput != null && xmlOutput.equals("true")) {
-                    outputXML(resp, argSet);
-                } else {
-                    resp.setContentType("text/html");
-                    form.renderOutput(out, argSet);
-                    cmsReq.setStatus(ICMSRequest.SUCCESS);
-                }
-            } else {
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                cmsReq.setError(error);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/request/IReqParser.java b/base/common/src/com/netscape/cms/servlet/request/IReqParser.java
deleted file mode 100644
index 7731efcb4..000000000
--- a/base/common/src/com/netscape/cms/servlet/request/IReqParser.java
+++ /dev/null
@@ -1,42 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request;
-
-import java.util.Locale;
-
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-
-/**
- * An interface representing a request parser which
- * converts Java request object into name value
- * pairs and vice versa.
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public interface IReqParser {
-
-    /**
-     * Maps request object into argument block.
-     */
-    public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
-            throws EBaseException;
-}
diff --git a/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java b/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java
deleted file mode 100644
index 9e1247520..000000000
--- a/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java
+++ /dev/null
@@ -1,81 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request;
-
-import java.math.BigInteger;
-import java.util.Locale;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.key.KeyRecordParser;
-
-/**
- * Output a 'pretty print' of a Key Archival request
- *
- * @version $Revision$, $Date$
- */
-public class KeyReqParser extends ReqParser {
-
-    public static final KeyReqParser PARSER = new KeyReqParser();
-    public static final String OUTPUT_SERIALNO = "serialNumber";
-
-    /**
-     * Constructs a certificate request parser.
-     */
-    public KeyReqParser() {
-    }
-
-    /**
-     * Fills in certificate specific request attributes.
-     */
-    public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
-            throws EBaseException {
-        // fill in the standard attributes
-        super.fillRequestIntoArg(l, req, argSet, arg);
-
-        String type = req.getRequestType();
-
-        if (type.equals(IRequest.ENROLLMENT_REQUEST)) {
-            BigInteger recSerialNo = req.getExtDataInBigInteger("keyRecord");
-            IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra");
-            if (kra != null) {
-                KeyRecordParser.fillRecordIntoArg(
-                        kra.getKeyRepository().readKeyRecord(recSerialNo),
-                        arg);
-            } else {
-                throw new EBaseException("KRA is not available");
-            }
-
-        } else if (type.equals(IRequest.KEYRECOVERY_REQUEST)) {
-            BigInteger kid = req.getExtDataInBigInteger("serialNumber");
-
-            arg.addStringValue(OUTPUT_SERIALNO, kid.toString());
-
-            // for async recovery
-            String agents = req.getExtDataInString("approvingAgents");
-            arg.addStringValue("approvingAgents", agents);
-        } else {
-            System.out.println("Bad Request " + type);
-            // invalid request
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/request/KeyRequestService.java b/base/common/src/com/netscape/cms/servlet/request/KeyRequestService.java
deleted file mode 100644
index 8db16b51f..000000000
--- a/base/common/src/com/netscape/cms/servlet/request/KeyRequestService.java
+++ /dev/null
@@ -1,297 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2011 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-
-package com.netscape.cms.servlet.request;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Request;
-import javax.ws.rs.core.UriInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.BadRequestException;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.dbs.keydb.KeyId;
-import com.netscape.certsrv.key.KeyArchivalRequest;
-import com.netscape.certsrv.key.KeyRecoveryRequest;
-import com.netscape.certsrv.key.KeyRequestInfo;
-import com.netscape.certsrv.key.KeyRequestInfos;
-import com.netscape.certsrv.key.KeyRequestResource;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestNotFoundException;
-import com.netscape.cms.servlet.base.PKIService;
-import com.netscape.cms.servlet.key.KeyRequestDAO;
-import com.netscape.cmsutil.ldap.LDAPUtil;
-
-/**
- * @author alee
- *
- */
-public class KeyRequestService extends PKIService implements KeyRequestResource {
-
-    @Context
-    private UriInfo uriInfo;
-
-    @Context
-    private HttpHeaders headers;
-
-    @Context
-    private Request request;
-
-    @Context
-    private HttpServletRequest servletRequest;
-
-    private static final String LOGGING_SIGNED_AUDIT_SECURITY_DATA_ARCHIVAL_REQUEST =
-            "LOGGING_SIGNED_AUDIT_SECURITY_DATA_ARCHIVAL_REQUEST_4";
-
-    private static final String LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST =
-            "LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST_4";
-
-    private static final String LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE =
-            "LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE_4";
-
-    public static final int DEFAULT_START = 0;
-    public static final int DEFAULT_PAGESIZE = 20;
-    public static final int DEFAULT_MAXRESULTS = 100;
-    public static final int DEFAULT_MAXTIME = 10;
-
-    /**
-     * Used to retrieve key request info for a specific request
-     */
-    public KeyRequestInfo getRequestInfo(RequestId id) {
-        // auth and authz
-        KeyRequestDAO dao = new KeyRequestDAO();
-        KeyRequestInfo info;
-        try {
-            info = dao.getRequest(id, uriInfo);
-        } catch (EBaseException e) {
-            // log error
-            e.printStackTrace();
-            throw new PKIException(e.getMessage(), e);
-        }
-        if (info == null) {
-            // request does not exist
-            throw new RequestNotFoundException(id);
-        }
-        return info;
-    }
-
-    // Archiving - used to test integration with a browser
-    public KeyRequestInfo archiveKey(MultivaluedMap<String, String> form) {
-        KeyArchivalRequest data = new KeyArchivalRequest(form);
-        return archiveKey(data);
-    }
-
-    public KeyRequestInfo archiveKey(KeyArchivalRequest data) {
-        // auth and authz
-        // Catch this before internal server processing has to deal with it
-
-        if (data == null || data.getClientId() == null
-                || data.getWrappedPrivateData() == null
-                || data.getDataType() == null) {
-            throw new BadRequestException("Invalid key archival request.");
-        }
-
-        KeyRequestDAO dao = new KeyRequestDAO();
-        KeyRequestInfo info;
-        try {
-            info = dao.submitRequest(data, uriInfo);
-            auditArchivalRequestMade(info.getRequestId(), ILogger.SUCCESS, data.getClientId());
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            auditArchivalRequestMade(null, ILogger.FAILURE, data.getClientId());
-            throw new PKIException(e.toString());
-        }
-        return info;
-    }
-
-    //Recovery - used to test integration with a browser
-    public KeyRequestInfo recoverKey(MultivaluedMap<String, String> form) {
-        KeyRecoveryRequest data = new KeyRecoveryRequest(form);
-        return recoverKey(data);
-    }
-
-    public KeyRequestInfo recoverKey(KeyRecoveryRequest data) {
-        // auth and authz
-
-        //Check for entirely illegal data combination here
-        //Catch this before the internal server processing has to deal with it
-        //If data has been provided, we need at least the wrapped session key,
-        //or the command is invalid.
-
-        if (data == null) {
-            throw new BadRequestException("Invalid request.");
-        }
-        if (data.getTransWrappedSessionKey() == null
-                && data.getSessionWrappedPassphrase() != null) {
-            throw new BadRequestException("No wrapped session key.");
-        }
-        KeyRequestDAO dao = new KeyRequestDAO();
-        KeyRequestInfo info;
-        try {
-            info = dao.submitRequest(data, uriInfo);
-            auditRecoveryRequestMade(info.getRequestId(), ILogger.SUCCESS, data.getKeyId());
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            auditRecoveryRequestMade(null, ILogger.FAILURE, data.getKeyId());
-            throw new PKIException(e.toString());
-        }
-        return info;
-    }
-
-    public void approveRequest(RequestId id) {
-        if (id == null) {
-            throw new BadRequestException("Invalid request id.");
-        }
-        // auth and authz
-        KeyRequestDAO dao = new KeyRequestDAO();
-        try {
-            dao.approveRequest(id);
-            auditRecoveryRequestChange(id, ILogger.SUCCESS, "approve");
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            auditRecoveryRequestChange(id, ILogger.FAILURE, "approve");
-            throw new PKIException(e.toString());
-        }
-    }
-
-    public void rejectRequest(RequestId id) {
-        if (id == null) {
-            throw new BadRequestException("Invalid request id.");
-        }
-        // auth and authz
-        KeyRequestDAO dao = new KeyRequestDAO();
-        try {
-            dao.rejectRequest(id);
-            auditRecoveryRequestChange(id, ILogger.SUCCESS, "reject");
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            auditRecoveryRequestChange(id, ILogger.FAILURE, "reject");
-            throw new PKIException(e.toString());
-        }
-    }
-
-    public void cancelRequest(RequestId id) {
-        if (id == null) {
-            throw new BadRequestException("Request id is null.");
-        }
-        // auth and authz
-        KeyRequestDAO dao = new KeyRequestDAO();
-        try {
-            dao.cancelRequest(id);
-            auditRecoveryRequestChange(id, ILogger.SUCCESS, "cancel");
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            auditRecoveryRequestChange(id, ILogger.FAILURE, "cancel");
-            throw new PKIException(e.toString());
-        }
-    }
-
-    /**
-     * Used to generate list of key requests based on the search parameters
-     */
-    public KeyRequestInfos listRequests(String requestState, String requestType, String clientID,
-            RequestId start, Integer pageSize, Integer maxResults, Integer maxTime) {
-        // auth and authz
-
-        // get ldap filter
-        String filter = createSearchFilter(requestState, requestType, clientID);
-        CMS.debug("listRequests: filter is " + filter);
-
-        start = start == null ? new RequestId(KeyRequestService.DEFAULT_START) : start;
-        pageSize = pageSize == null ? DEFAULT_PAGESIZE : pageSize;
-        maxResults = maxResults == null ? DEFAULT_MAXRESULTS : maxResults;
-        maxTime = maxTime == null ? DEFAULT_MAXTIME : maxTime;
-
-        KeyRequestDAO reqDAO = new KeyRequestDAO();
-        KeyRequestInfos requests;
-        try {
-            requests = reqDAO.listRequests(filter, start, pageSize, maxResults, maxTime, uriInfo);
-        } catch (EBaseException e) {
-            CMS.debug("listRequests: error in obtaining request results" + e);
-            e.printStackTrace();
-            throw new PKIException(e.toString());
-        }
-        return requests;
-    }
-
-    private String createSearchFilter(String requestState, String requestType, String clientID) {
-        String filter = "";
-        int matches = 0;
-
-        if ((requestState == null) && (requestType == null) && (clientID == null)) {
-            filter = "(requeststate=*)";
-            return filter;
-        }
-
-        if (requestState != null) {
-            filter += "(requeststate=" + LDAPUtil.escapeFilter(requestState) + ")";
-            matches ++;
-        }
-
-        if (requestType != null) {
-            filter += "(requesttype=" + LDAPUtil.escapeFilter(requestType) + ")";
-            matches ++;
-        }
-
-        if (clientID != null) {
-            filter += "(clientID=" + LDAPUtil.escapeFilter(clientID) + ")";
-            matches ++;
-        }
-
-        if (matches > 1) {
-            filter = "(&" + filter + ")";
-        }
-
-        return filter;
-    }
-
-    public void auditRecoveryRequestChange(RequestId requestId, String status, String operation) {
-        String msg = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE,
-                servletRequest.getUserPrincipal().getName(),
-                status,
-                requestId.toString(),
-                operation);
-        auditor.log(msg);
-    }
-
-    public void auditRecoveryRequestMade(RequestId requestId, String status, KeyId dataId) {
-        String msg = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST,
-                servletRequest.getUserPrincipal().getName(),
-                status,
-                requestId != null? requestId.toString(): "null",
-                dataId.toString());
-        auditor.log(msg);
-    }
-
-    public void auditArchivalRequestMade(RequestId requestId, String status, String clientId) {
-        String msg = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_SECURITY_DATA_ARCHIVAL_REQUEST,
-                servletRequest.getUserPrincipal().getName(),
-                status,
-                requestId != null? requestId.toString(): "null",
-                clientId);
-        auditor.log(msg);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java b/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java
deleted file mode 100644
index 367c558cb..000000000
--- a/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java
+++ /dev/null
@@ -1,1927 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Locale;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.extensions.NSCertTypeExtension;
-import netscape.security.extensions.PresenceServerExtension;
-import netscape.security.util.DerValue;
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.BasicConstraintsExtension;
-import netscape.security.x509.CertificateAlgorithmId;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.Extension;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.AuthToken;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.IAuthority;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.common.Constants;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.AuditFormat;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.IPublisherProcessor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.certsrv.usrgrp.IGroup;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.cert.ImportCertsTemplateFiller;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-import com.netscape.cmsutil.util.Utils;
-
-/**
- * Agent operations on Certificate requests. This servlet is used
- * by an Agent to approve, reject, reassign, or change a certificate
- * request.
- *
- * @version $Revision$, $Date$
- */
-public class ProcessCertReq extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 812464895240811318L;
-    private final static String SEQNUM = "seqNum";
-    private final static String TPL_FILE = "processCertReq.template";
-
-    private IRequestQueue mQueue = null;
-    private String mFormPath = null;
-    private IReqParser mParser = null;
-    private IPublisherProcessor mPublisherProcessor = null;
-    private boolean mExtraAgentParams = false;
-
-    // for RA only since it does not have a database.
-    private final static String REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template";
-    private final static String PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate";
-    private final static String PROP_EXTRA_AGENT_PARAMS = "extraAgentParams";
-    private String mReqCompletedTemplate = null;
-
-    private String auditServiceID = ILogger.UNIDENTIFIED;
-    private final static String AGENT_CA_CLONE_ENROLLMENT_SERVLET =
-            "caProcessCertReq";
-    private final static String AGENT_RA_CLONE_ENROLLMENT_SERVLET =
-            "raProcessCertReq";
-    private final static String SIGNED_AUDIT_ACCEPTANCE = "accept";
-    private final static String SIGNED_AUDIT_CANCELLATION = "cancel";
-    private final static String SIGNED_AUDIT_CLONING = "clone";
-    private final static String SIGNED_AUDIT_REJECTION = "reject";
-    private final static byte EOL[] = { Character.LINE_SEPARATOR };
-    private final static String[] SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] {
-
-    /* 0 */"manual non-profile cert request cancellation:  "
-            + "request cannot be processed due to an "
-            + "authorization failure",
-
-    /* 1 */"manual non-profile cert request cancellation:  "
-            + "no reason has been given for cancelling this "
-            + "cert request",
-
-    /* 2 */"manual non-profile cert request cancellation:  "
-            + "indeterminate reason for inability to process "
-            + "cert request due to an EBaseException",
-
-    /* 3 */"manual non-profile cert request cancellation:  "
-            + "indeterminate reason for inability to process "
-            + "cert request due to an IOException",
-
-    /* 4 */"manual non-profile cert request cancellation:  "
-            + "indeterminate reason for inability to process "
-            + "cert request due to a CertificateException",
-
-    /* 5 */"manual non-profile cert request cancellation:  "
-            + "indeterminate reason for inability to process "
-            + "cert request due to a NoSuchAlgorithmException"
-        };
-    private final static String[] SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] {
-
-    /* 0 */"manual non-profile cert request rejection:  "
-            + "request cannot be processed due to an "
-            + "authorization failure",
-
-    /* 1 */"manual non-profile cert request rejection:  "
-            + "no reason has been given for rejecting this "
-            + "cert request",
-
-    /* 2 */"manual non-profile cert request rejection:  "
-            + "indeterminate reason for inability to process "
-            + "cert request due to an EBaseException",
-
-    /* 3 */"manual non-profile cert request rejection:  "
-            + "indeterminate reason for inability to process "
-            + "cert request due to an IOException",
-
-    /* 4 */"manual non-profile cert request rejection:  "
-            + "indeterminate reason for inability to process "
-            + "cert request due to a CertificateException",
-
-    /* 5 */"manual non-profile cert request rejection:  "
-            + "indeterminate reason for inability to process "
-            + "cert request due to a NoSuchAlgorithmException"
-        };
-    private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST =
-            "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5";
-    private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
-            "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
-
-    /**
-     * Process request.
-     */
-    public ProcessCertReq()
-            throws EBaseException {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * "processCertReq.template" to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        try {
-            super.init(sc);
-
-            // determine the service ID for signed audit log messages
-            String id = sc.getInitParameter(CMSServlet.PROP_ID);
-
-            if (id != null) {
-                if (!(auditServiceID.equals(
-                            AGENT_CA_CLONE_ENROLLMENT_SERVLET))
-                        && !(auditServiceID.equals(
-                                AGENT_RA_CLONE_ENROLLMENT_SERVLET))) {
-                    auditServiceID = ILogger.UNIDENTIFIED;
-                } else {
-                    auditServiceID = id.trim();
-                }
-            }
-
-            mQueue = mAuthority.getRequestQueue();
-            mPublisherProcessor =
-                    ((ICertAuthority) mAuthority).getPublisherProcessor();
-
-            mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-
-            mParser = CertReqParser.DETAIL_PARSER;
-
-            // override success and error templates to null -
-            // handle templates locally.
-            mTemplates.remove(ICMSRequest.SUCCESS);
-
-            try {
-                mReqCompletedTemplate = sc.getInitParameter(
-                            PROP_REQ_COMPLETED_TEMPLATE);
-                if (mReqCompletedTemplate == null)
-                    mReqCompletedTemplate = REQ_COMPLETED_TEMPLATE;
-                String tmp = sc.getInitParameter(PROP_EXTRA_AGENT_PARAMS);
-
-                if (tmp != null && tmp.trim().equalsIgnoreCase("true"))
-                    mExtraAgentParams = true;
-                else
-                    mExtraAgentParams = false;
-            } catch (Exception e) {
-                // does not happen.
-            }
-        } catch (ServletException eAudit1) {
-            // rethrow caught exception
-            throw eAudit1;
-        }
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param seqNum request id
-     * <li>http.param notValidBefore certificate validity - notBefore - in seconds since jan 1, 1970
-     * <li>http.param notValidAfter certificate validity - notAfter - in seconds since jan 1, 1970
-     * <li>http.param subject certificate subject name
-     * <li>http.param toDo requested action (can be one of: clone, reject, accept, cancel)
-     * <li>http.param signatureAlgorithm certificate signing algorithm
-     * <li>http.param addExts base-64, DER encoded Extension or SEQUENCE OF Extensions to add to certificate
-     * <li>http.param pathLenConstraint integer path length constraint to use in BasicConstraint extension if applicable
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        long startTime = CMS.getCurrentDate().getTime();
-        String toDo = null;
-        String subject = null;
-        String signatureAlgorithm = null;
-        long notValidBefore = 0;
-        long notValidAfter = 0;
-        BigInteger seqNum = BigInteger.ONE.negate();
-        EBaseException error = null;
-
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        try {
-            if (req.getParameter(SEQNUM) != null) {
-                CMS.debug(
-                        "ProcessCertReq: parameter seqNum " + req.getParameter(SEQNUM));
-                seqNum = new BigInteger(req.getParameter(SEQNUM));
-            }
-            String notValidBeforeStr = req.getParameter("notValidBefore");
-
-            if (notValidBeforeStr != null && notValidBeforeStr.length() > 0) {
-                notValidBefore = Long.parseLong(notValidBeforeStr);
-                notValidBefore *= 1000;
-            }
-            String notValidAfterStr = req.getParameter("notValidAfter");
-
-            if (notValidAfterStr != null && notValidAfterStr.length() > 0) {
-                notValidAfter = Long.parseLong(notValidAfterStr);
-                notValidAfter *= 1000;
-            }
-
-            toDo = req.getParameter("toDo");
-
-            subject = req.getParameter("subject");
-            signatureAlgorithm = req.getParameter("signatureAlgorithm");
-
-            IRequest r = null;
-
-            if (seqNum.compareTo(BigInteger.ONE.negate()) > 0) {
-                r = mQueue.findRequest(new RequestId(seqNum));
-            }
-
-            if (seqNum.compareTo(BigInteger.ONE.negate()) > 0 && r != null) {
-                processX509(cmsReq, argSet, header, seqNum, req, resp,
-                        toDo, signatureAlgorithm, subject,
-                        notValidBefore, notValidAfter, locale[0], startTime);
-            } else {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_REQUEST_ID_1", seqNum.toString()));
-                error = new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
-                                seqNum.toString()));
-            }
-        } catch (EBaseException e) {
-            error = e;
-        } catch (NumberFormatException e) {
-            log(ILogger.LL_FAILURE, "Error " + e);
-            error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            if (error == null) {
-                String xmlOutput = req.getParameter("xml");
-                if (xmlOutput != null && xmlOutput.equals("true")) {
-                    outputXML(resp, argSet);
-                } else {
-                    resp.setContentType("text/html");
-                    form.renderOutput(out, argSet);
-                    cmsReq.setStatus(ICMSRequest.SUCCESS);
-                }
-            } else {
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                cmsReq.setError(error);
-            }
-
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-        return;
-    }
-
-    /**
-     * Process X509 certificate enrollment request and send request information
-     * to the caller.
-     * <P>
-     *
-     * (Certificate Request - an "agent" cert request for "cloning")
-     * <P>
-     *
-     * (Certificate Request Processed - either a manual "agent" non-profile based cert acceptance, a manual "agent"
-     * non-profile based cert cancellation, or a manual "agent" non-profile based cert rejection)
-     * <P>
-     *
-     * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a non-profile cert request is made
-     * (before approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been
-     * through the approval process
-     * </ul>
-     *
-     * @param cmsReq a certificate enrollment request
-     * @param argSet CMS template parameters
-     * @param header argument block
-     * @param seqNum sequence number
-     * @param req HTTP servlet request
-     * @param resp HTTP servlet response
-     * @param toDo string representing the requested action (can be one of:
-     *            clone, reject, accept, cancel)
-     * @param signatureAlgorithm string containing the signature algorithm
-     * @param subject string containing the subject name of the certificate
-     * @param notValidBefore certificate validity - notBefore - in seconds
-     *            since Jan 1, 1970
-     * @param notValidAfter certificate validity - notAfter - in seconds since
-     *            Jan 1, 1970
-     * @param locale the system locale
-     * @param startTime the current date
-     * @exception EBaseException an error has occurred
-     */
-    private void processX509(CMSRequest cmsReq,
-            CMSTemplateParams argSet, IArgBlock header,
-            BigInteger seqNum, HttpServletRequest req,
-            HttpServletResponse resp,
-            String toDo, String signatureAlgorithm,
-            String subject,
-            long notValidBefore, long notValidAfter,
-            Locale locale, long startTime)
-            throws EBaseException {
-        String auditMessage = null;
-        String auditSubjectID = auditSubjectID();
-        String auditRequesterID = ILogger.UNIDENTIFIED;
-        String auditCertificateSubjectName = subject;
-        String auditInfoName = auditInfoName(toDo);
-        String id = null;
-
-        // "normalize" the "auditCertificateSubjectName"
-        if (auditCertificateSubjectName != null) {
-            // NOTE:  This is ok even if the cert subject name is "" (empty)!
-            auditCertificateSubjectName = auditCertificateSubjectName.trim();
-        } else {
-            // NOTE:  Here, the cert subject name is MISSING, not "" (empty)!
-            auditCertificateSubjectName = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        try {
-            IRequest r = mQueue.findRequest(new RequestId(seqNum));
-
-            if (r != null) {
-                // overwrite "auditRequesterID" if and only if "id" != null
-                id = r.getRequestId().toString();
-                if (id != null) {
-                    auditRequesterID = id.trim();
-                }
-            }
-
-            if (mAuthority != null)
-                header.addStringValue("authorityid", mAuthority.getId());
-
-            if (toDo != null) {
-                // for audit log
-                IAuthToken authToken = authenticate(cmsReq);
-                AuthzToken authzToken = null;
-
-                try {
-                    authzToken = authorize(mAclMethod, authToken,
-                                mAuthzResourceName, "execute");
-                } catch (EAuthzAccessDenied e) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
-                                    e.toString()));
-                } catch (Exception e) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
-                                    e.toString()));
-                }
-
-                if (authzToken == null) {
-                    cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-
-                    // store a message in the signed audit log file
-                    if (toDo.equals(SIGNED_AUDIT_CLONING)) {
-                        // ("agent" cert request for "cloning")
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditRequesterID,
-                                    auditServiceID,
-                                    auditCertificateSubjectName);
-
-                        audit(auditMessage);
-                    } else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) {
-                        // (manual "agent" cert request processed - "accepted")
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditRequesterID,
-                                    auditInfoName,
-                                    ILogger.SIGNED_AUDIT_EMPTY_VALUE);
-
-                        audit(auditMessage);
-                    } else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) {
-                        // (manual "agent" cert request processed - "cancelled")
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditRequesterID,
-                                    auditInfoName,
-                                    SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[0]);
-
-                        audit(auditMessage);
-                    } else if (toDo.equals(SIGNED_AUDIT_REJECTION)) {
-                        // (manual "agent" cert request processed - "rejected")
-                        auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditRequesterID,
-                                    auditInfoName,
-                                    SIGNED_AUDIT_MANUAL_REJECTION_REASON[0]);
-
-                        audit(auditMessage);
-                    }
-
-                    return;
-                }
-
-                String authMgr = AuditFormat.NOAUTH;
-
-                if (authToken != null) {
-                    authMgr =
-                            authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
-                }
-                String agentID = authToken.getInString("userid");
-                String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID;
-
-                // Get the certificate info from the request
-                X509CertInfo certInfo[] = r.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
-                header.addStringValue("toDo", toDo);
-                if (toDo.equals("accept")) {
-
-                    if (certInfo != null) {
-                        int alterationCounter = 0;
-
-                        for (int i = 0; i < certInfo.length; i++) {
-                            CertificateAlgorithmId certAlgId =
-                                    (CertificateAlgorithmId)
-                                    certInfo[i].get(X509CertInfo.ALGORITHM_ID);
-
-                            AlgorithmId algId = (AlgorithmId)
-                                    certAlgId.get(CertificateAlgorithmId.ALGORITHM);
-
-                            if (!(algId.getName().equals(signatureAlgorithm))) {
-                                alterationCounter++;
-                                AlgorithmId newAlgId = AlgorithmId.get(signatureAlgorithm);
-
-                                certInfo[i].set(X509CertInfo.ALGORITHM_ID,
-                                        new CertificateAlgorithmId(newAlgId));
-                            }
-
-                            CertificateSubjectName certSubject =
-                                    (CertificateSubjectName)
-                                    certInfo[i].get(X509CertInfo.SUBJECT);
-
-                            if (subject != null &&
-                                    !(certSubject.toString().equals(subject))) {
-
-                                alterationCounter++;
-                                certInfo[i].set(X509CertInfo.SUBJECT,
-                                        new CertificateSubjectName(
-                                                (new X500Name(subject))));
-                            }
-
-                            CertificateValidity certValidity =
-                                    (CertificateValidity)
-                                    certInfo[i].get(X509CertInfo.VALIDITY);
-                            Date currentTime = CMS.getCurrentDate();
-                            boolean validityChanged = false;
-
-                            // only override these values if agent specified them
-                            if (notValidBefore > 0) {
-                                Date notBefore = (Date) certValidity.get(
-                                        CertificateValidity.NOT_BEFORE);
-
-                                if (notBefore.getTime() == 0 ||
-                                        notBefore.getTime() != notValidBefore) {
-                                    Date validFrom = new Date(notValidBefore);
-
-                                    notBefore = (notValidBefore == 0) ? currentTime : validFrom;
-                                    certValidity.set(CertificateValidity.NOT_BEFORE,
-                                            notBefore);
-                                    validityChanged = true;
-                                }
-                            }
-                            if (notValidAfter > 0) {
-                                Date validTo = new Date(notValidAfter);
-                                Date notAfter = (Date)
-                                        certValidity.get(CertificateValidity.NOT_AFTER);
-
-                                if (notAfter.getTime() == 0 ||
-                                        notAfter.getTime() != notValidAfter) {
-                                    notAfter = currentTime;
-                                    notAfter = (notValidAfter == 0) ? currentTime : validTo;
-                                    certValidity.set(CertificateValidity.NOT_AFTER,
-                                            notAfter);
-                                    validityChanged = true;
-                                }
-                            }
-                            if (validityChanged) {
-                                // this set() trigger this rebuild of internal
-                                // raw der encoding cache of X509CertInfo.
-                                // Otherwise, the above change wont have effect.
-                                certInfo[i].set(X509CertInfo.VALIDITY, certValidity);
-                            }
-
-                            if (certInfo[i].get(X509CertInfo.VERSION) == null) {
-                                certInfo[i].set(X509CertInfo.VERSION,
-                                        new CertificateVersion(
-                                                CertificateVersion.V3));
-                            }
-
-                            CertificateExtensions extensions = null;
-
-                            try {
-                                extensions = (CertificateExtensions)
-                                        certInfo[i].get(X509CertInfo.EXTENSIONS);
-                            } catch (Exception e) {
-                                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString()));
-                            }
-
-                            // 99/08/31 #361906 - handling additional extensions
-                            String addExts = req.getParameter("addExts");
-
-                            if (addExts != null && !addExts.trim().equals("")) {
-                                Vector<Extension> extsToBeAdded = new Vector<Extension>();
-
-                                byte[] b = Utils.base64decode(addExts);
-
-                                // this b can be "Extension" Or "SEQUENCE OF Extension"
-                                try {
-                                    DerValue b_der = new DerValue(b);
-
-                                    while (b_der.data.available() != 0) {
-                                        Extension de = new Extension(b_der.data.getDerValue());
-
-                                        extsToBeAdded.addElement(de);
-                                    }
-                                } catch (IOException e) {
-                                    // it could be a single extension
-                                    Extension de = new Extension(new DerValue(b));
-
-                                    extsToBeAdded.addElement(de);
-                                }
-                                if (extsToBeAdded.size() > 0) {
-                                    if (extensions == null) {
-                                        extensions = new CertificateExtensions();
-                                        certInfo[i].set(X509CertInfo.EXTENSIONS, extensions);
-                                    }
-                                    for (int j = 0; j < extsToBeAdded.size(); j++) {
-                                        Extension theExt = extsToBeAdded.elementAt(j);
-
-                                        extensions.set(theExt.getExtensionId().toString(), theExt);
-                                    }
-                                }
-                            }
-
-                            if (extensions != null) {
-                                try {
-                                    NSCertTypeExtension nsExtensions =
-                                            (NSCertTypeExtension)
-                                            extensions.get(
-                                                    NSCertTypeExtension.NAME);
-
-                                    if (nsExtensions != null) {
-                                        updateNSExtension(req, nsExtensions);
-                                    }
-                                } catch (IOException e) {
-                                    log(ILogger.LL_FAILURE,
-                                            CMS.getLogMessage("CMSGW_ERROR_PROCESS_NETSCAPE_EXTENSION", e.toString()));
-                                }
-
-                                String pathLength = req.getParameter("pathLenConstraint");
-
-                                if (pathLength != null) {
-                                    try {
-                                        int pathLen = Integer.parseInt(pathLength);
-                                        BasicConstraintsExtension bcExt =
-                                                (BasicConstraintsExtension)
-                                                extensions.get(
-                                                        BasicConstraintsExtension.NAME);
-
-                                        if (bcExt != null) {
-                                            Integer bcPathLen = (Integer) bcExt.get(BasicConstraintsExtension.PATH_LEN);
-                                            Boolean isCA = (Boolean) bcExt.get(BasicConstraintsExtension.IS_CA);
-
-                                            if (bcPathLen != null &&
-                                                    bcPathLen.intValue() != pathLen &&
-                                                    isCA != null) {
-                                                BasicConstraintsExtension bcExt0 =
-                                                        new BasicConstraintsExtension(isCA.booleanValue(), pathLen);
-
-                                                extensions.delete(BasicConstraintsExtension.NAME);
-                                                extensions.set(BasicConstraintsExtension.NAME, bcExt0);
-                                                alterationCounter++;
-                                            }
-                                        }
-                                    } catch (IOException e) {
-                                        log(ILogger.LL_FAILURE,
-                                                CMS.getLogMessage("CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION",
-                                                        e.toString()));
-                                    } catch (NumberFormatException e) {
-                                        log(ILogger.LL_FAILURE,
-                                                CMS.getLogMessage("CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION",
-                                                        e.toString()));
-                                    }
-                                }
-
-                                // handle Presence Server Extension
-                                String PSE_Enable = req.getParameter("PSE_Enable");
-
-                                if (PSE_Enable != null) {
-                                    boolean Critical = (req.getParameter("PSE_Critical") != null);
-                                    int Version = 0;
-
-                                    try {
-                                        Version = Integer.parseInt(req.getParameter("PSE_Version"));
-                                    } catch (Exception e1) {
-                                    }
-                                    String StreetAddress = req.getParameter("PSE_StreetAddress");
-
-                                    if (StreetAddress == null) {
-                                        StreetAddress = "";
-                                    }
-                                    String TelephoneNumber = req.getParameter("PSE_TelephoneNumber");
-
-                                    if (TelephoneNumber == null) {
-                                        TelephoneNumber = "";
-                                    }
-                                    String RFC822Name = req.getParameter("PSE_RFC822Name");
-
-                                    if (RFC822Name == null) {
-                                        RFC822Name = "";
-                                    }
-                                    String IMID = req.getParameter("PSE_IMID");
-
-                                    if (IMID == null) {
-                                        IMID = "";
-                                    }
-                                    String HostName = req.getParameter("PSE_HostName");
-
-                                    if (HostName == null) {
-                                        HostName = "";
-                                    }
-                                    int PortNumber = 0;
-
-                                    try {
-                                        PortNumber = Integer.parseInt(req.getParameter("PSE_PortNumber"));
-                                    } catch (Exception e1) {
-                                    }
-                                    int MaxUsers = 0;
-
-                                    try {
-                                        MaxUsers = Integer.parseInt(req.getParameter("PSE_MaxUsers"));
-                                    } catch (Exception e1) {
-                                    }
-                                    int ServiceLevel = 0;
-
-                                    try {
-                                        ServiceLevel = Integer.parseInt(req.getParameter("PSE_ServiceLevel"));
-                                    } catch (Exception e1) {
-                                    }
-                                    // create extension
-                                    PresenceServerExtension pseExt =
-                                            new PresenceServerExtension(Critical, Version, StreetAddress,
-                                                    TelephoneNumber, RFC822Name, IMID, HostName, PortNumber, MaxUsers,
-                                                    ServiceLevel);
-
-                                    extensions.set(pseExt.getExtensionId().toString(), pseExt);
-                                }
-
-                                if (mExtraAgentParams) {
-                                    Enumeration<String> extraparams = req.getParameterNames();
-                                    int l = IRequest.AGENT_PARAMS.length() + 1;
-                                    int ap_counter = 0;
-                                    Hashtable<String, String> agentparamsargblock = new Hashtable<String, String>();
-
-                                    if (extraparams != null) {
-                                        while (extraparams.hasMoreElements()) {
-                                            String s = extraparams.nextElement();
-
-                                            if (s.startsWith(IRequest.AGENT_PARAMS)) {
-                                                String param_value = req.getParameter(s);
-
-                                                if (param_value != null) {
-                                                    String new_name = s.substring(l);
-
-                                                    agentparamsargblock.put(new_name, param_value);
-                                                    ap_counter += 1;
-                                                }
-                                            }
-                                        }
-                                    }
-                                    if (ap_counter > 0) {
-                                        r.setExtData(IRequest.AGENT_PARAMS, agentparamsargblock);
-                                        alterationCounter++;
-                                    }
-                                }
-
-                                // this set() trigger this rebuild of internal
-                                // raw der encoding cache of X509CertInfo.
-                                // Otherwise, the above change wont have effect.
-                                certInfo[i].set(X509CertInfo.EXTENSIONS, extensions);
-                            }
-                            alterationCounter += updateExtensionsInRequest(req, r);
-                        }
-                        if (alterationCounter > 0) {
-                            mQueue.updateRequest(r);
-                        }
-                    }
-
-                    mQueue.approveRequest(r);
-
-                    if (r.getRequestStatus().equals(RequestStatus.PENDING)) {
-                        cmsReq.setResult(r);
-                        cmsReq.setStatus(ICMSRequest.PENDING);
-                        if (certInfo != null) {
-                            for (int i = 0; i < certInfo.length; i++) {
-                                mLogger.log(ILogger.EV_AUDIT,
-                                        ILogger.S_OTHER,
-                                        AuditFormat.LEVEL,
-                                        AuditFormat.FORMAT,
-                                        new Object[] {
-                                                r.getRequestType(),
-                                                r.getRequestId(),
-                                                initiative,
-                                                authMgr,
-                                                "pending",
-                                                certInfo[i].get(X509CertInfo.SUBJECT),
-                                                "" }
-                                        );
-                            }
-                        } else {
-                            if (subject != null) {
-                                mLogger.log(ILogger.EV_AUDIT,
-                                        ILogger.S_OTHER,
-                                        AuditFormat.LEVEL,
-                                        AuditFormat.FORMAT,
-                                        new Object[] {
-                                                r.getRequestType(),
-                                                r.getRequestId(),
-                                                initiative,
-                                                authMgr,
-                                                "pending",
-                                                subject,
-                                                "" }
-                                        );
-                            } else {
-                                mLogger.log(ILogger.EV_AUDIT,
-                                        ILogger.S_OTHER,
-                                        AuditFormat.LEVEL,
-                                        AuditFormat.NODNFORMAT,
-                                        new Object[] {
-                                                r.getRequestType(),
-                                                r.getRequestId(),
-                                                initiative,
-                                                authMgr,
-                                                "pending" }
-                                        );
-                            }
-                        }
-                    } else if (r.getRequestStatus().equals(
-                            RequestStatus.APPROVED) ||
-                            r.getRequestStatus().equals(
-                                    RequestStatus.SVC_PENDING)) {
-                        cmsReq.setResult(r);
-                        cmsReq.setStatus(ICMSRequest.SVC_PENDING);
-                        if (certInfo != null) {
-                            for (int i = 0; i < certInfo.length; i++) {
-                                mLogger.log(ILogger.EV_AUDIT,
-                                        ILogger.S_OTHER,
-                                        AuditFormat.LEVEL,
-                                        AuditFormat.FORMAT,
-                                        new Object[] {
-                                                r.getRequestType(),
-                                                r.getRequestId(),
-                                                initiative,
-                                                authMgr,
-                                                r.getRequestStatus(),
-                                                certInfo[i].get(X509CertInfo.SUBJECT),
-                                                "" }
-                                        );
-                            }
-                        } else {
-                            if (subject != null) {
-                                mLogger.log(ILogger.EV_AUDIT,
-                                        ILogger.S_OTHER,
-                                        AuditFormat.LEVEL,
-                                        AuditFormat.FORMAT,
-                                        new Object[] {
-                                                r.getRequestType(),
-                                                r.getRequestId(),
-                                                initiative,
-                                                authMgr,
-                                                r.getRequestStatus(),
-                                                subject,
-                                                "" }
-                                        );
-                            } else {
-                                mLogger.log(ILogger.EV_AUDIT,
-                                        ILogger.S_OTHER,
-                                        AuditFormat.LEVEL,
-                                        AuditFormat.NODNFORMAT,
-                                        new Object[] {
-                                                r.getRequestType(),
-                                                r.getRequestId(),
-                                                initiative,
-                                                authMgr,
-                                                r.getRequestStatus() }
-                                        );
-                            }
-                        }
-                    } else if (r.getRequestStatus().equals(
-                            RequestStatus.COMPLETE)) {
-                        cmsReq.setStatus(ICMSRequest.SUCCESS);
-
-                        // XXX make the repeat record.
-                        // Get the certificate(s) from the request
-                        X509CertImpl issuedCerts[] =
-                                r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
-
-                        // return potentially more than one certificates.
-                        if (issuedCerts != null) {
-                            long endTime = CMS.getCurrentDate().getTime();
-                            StringBuffer sbuf = new StringBuffer();
-
-                            //header.addBigIntegerValue("serialNumber",
-                            //issuedCerts[0].getSerialNumber(),16);
-                            for (int i = 0; i < issuedCerts.length; i++) {
-                                if (i != 0)
-                                    sbuf.append(", ");
-                                sbuf.append("0x" +
-                                        issuedCerts[i].getSerialNumber().toString(16));
-                                mLogger.log(ILogger.EV_AUDIT,
-                                        ILogger.S_OTHER,
-                                        AuditFormat.LEVEL,
-                                        AuditFormat.FORMAT,
-                                        new Object[] {
-                                                r.getRequestType(),
-                                                r.getRequestId(),
-                                                initiative,
-                                                authMgr,
-                                                "completed",
-                                                issuedCerts[i].getSubjectDN(),
-                                                "cert issued serial number: 0x"
-                                                        +
-                                                        issuedCerts[i].getSerialNumber().toString(16) + " time: "
-                                                        + (endTime - startTime) }
-                                        );
-
-                                // store a message in the signed audit log file
-                                // (one for each manual "agent"
-                                //  cert request processed - "accepted")
-                                auditMessage = CMS.getLogMessage(
-                                            LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                            auditSubjectID,
-                                            ILogger.SUCCESS,
-                                            auditRequesterID,
-                                            auditInfoName,
-                                            auditInfoCertValue(issuedCerts[i]));
-
-                                audit(auditMessage);
-                            }
-                            header.addStringValue(
-                                    "serialNumber", sbuf.toString());
-                        } else {
-                            if (subject != null) {
-                                mLogger.log(ILogger.EV_AUDIT,
-                                        ILogger.S_OTHER,
-                                        AuditFormat.LEVEL,
-                                        AuditFormat.FORMAT,
-                                        new Object[] {
-                                                r.getRequestType(),
-                                                r.getRequestId(),
-                                                initiative,
-                                                authMgr,
-                                                "completed",
-                                                subject,
-                                                "" }
-                                        );
-                            } else {
-                                mLogger.log(ILogger.EV_AUDIT,
-                                        ILogger.S_OTHER,
-                                        AuditFormat.LEVEL,
-                                        AuditFormat.NODNFORMAT,
-                                        new Object[] {
-                                                r.getRequestType(),
-                                                r.getRequestId(),
-                                                initiative,
-                                                authMgr,
-                                                "completed" }
-                                        );
-                            }
-
-                            // store a message in the signed audit log file
-                            // (manual "agent" cert request processed
-                            //  - "accepted")
-                            auditMessage = CMS.getLogMessage(
-                                        LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                        auditSubjectID,
-                                        ILogger.SUCCESS,
-                                        auditRequesterID,
-                                        auditInfoName,
-                                        ILogger.SIGNED_AUDIT_EMPTY_VALUE);
-
-                            audit(auditMessage);
-                        }
-
-                        // grant trusted manager or agent privileges
-                        try {
-                            int res = grant_privileges(
-                                    cmsReq, r, issuedCerts, header);
-
-                            if (res != 0) {
-                                header.addStringValue(GRANT_ERROR, "SUCCESS");
-                            }
-                        } catch (EBaseException e) {
-                            header.addStringValue(GRANT_ERROR, e.toString());
-                        }
-
-                        // if this is a RA, show the certificate right away
-                        // since ther is no cert database.
-                        /*
-                         if (mAuthority instanceof RegistrationAuthority) {
-                         Object[] results =
-                         new Object[] { issuedCerts, grantError };
-                         cmsReq.setResult(results);
-                         renderTemplate(cmsReq,
-                         mReqCompletedTemplate, REQ_COMPLETED_FILLER);
-
-                         return;
-                         }
-                         */
-
-                        cmsReq.setResult(r);
-
-                        String scheme = req.getScheme();
-
-                        if (scheme.equals("http") &&
-                                connectionIsSSL(req))
-                            scheme = "https";
-
-                        /*
-                         header.addStringValue(
-                         "authorityid", mAuthority.getId());
-                         header.addStringValue("serviceURL", scheme +"://"+
-                         req.getServerName() + ":"+
-                         req.getServerPort() +
-                         req.getRequestURI());
-                         */
-
-                        if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
-                            header.addStringValue("dirEnabled", "yes");
-
-                            Integer[] ldapPublishStatus =
-                                    r.getExtDataInIntegerArray("ldapPublishStatus");
-                            int certsUpdated = 0;
-
-                            if (ldapPublishStatus != null) {
-                                for (int i = 0; i < ldapPublishStatus.length; i++) {
-                                    if (ldapPublishStatus[i] == IRequest.RES_SUCCESS) {
-                                        certsUpdated++;
-                                    }
-                                }
-                            }
-                            header.addIntegerValue("certsUpdated", certsUpdated);
-
-                        } else {
-                            header.addStringValue("dirEnabled", "no");
-                        }
-                    }
-
-                } else if (toDo.equals("reject")) {
-                    mQueue.rejectRequest(r);
-                    if (certInfo != null) {
-                        for (int i = 0; i < certInfo.length; i++) {
-                            mLogger.log(ILogger.EV_AUDIT,
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
-                                    new Object[] {
-                                            r.getRequestType(),
-                                            r.getRequestId(),
-                                            initiative,
-                                            authMgr,
-                                            "rejected",
-                                            certInfo[i].get(X509CertInfo.SUBJECT),
-                                            "" }
-                                    );
-                        }
-                    } else {
-                        if (subject != null) {
-                            mLogger.log(ILogger.EV_AUDIT,
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
-                                    new Object[] {
-                                            r.getRequestType(),
-                                            r.getRequestId(),
-                                            initiative,
-                                            authMgr,
-                                            "rejected",
-                                            subject,
-                                            "" }
-                                    );
-                        } else {
-                            mLogger.log(ILogger.EV_AUDIT,
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.NODNFORMAT,
-                                    new Object[] {
-                                            r.getRequestType(),
-                                            r.getRequestId(),
-                                            initiative,
-                                            authMgr,
-                                            "rejected" }
-                                    );
-                        }
-                    }
-
-                    // store a message in the signed audit log file
-                    // (manual "agent" cert request processed - "rejected")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.SUCCESS,
-                                auditRequesterID,
-                                auditInfoName,
-                                SIGNED_AUDIT_MANUAL_REJECTION_REASON[1]);
-
-                    audit(auditMessage);
-
-                } else if (toDo.equals("cancel")) {
-                    mQueue.cancelRequest(r);
-
-                    if (certInfo != null) {
-                        for (int i = 0; i < certInfo.length; i++) {
-                            mLogger.log(ILogger.EV_AUDIT,
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
-                                    new Object[] {
-                                            r.getRequestType(),
-                                            r.getRequestId(),
-                                            initiative,
-                                            authMgr,
-                                            "canceled",
-                                            certInfo[i].get(X509CertInfo.SUBJECT),
-                                            "" }
-                                    );
-                        }
-                    } else {
-                        if (subject != null) {
-                            mLogger.log(ILogger.EV_AUDIT,
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
-                                    new Object[] {
-                                            r.getRequestType(),
-                                            r.getRequestId(),
-                                            initiative,
-                                            authMgr,
-                                            "canceled",
-                                            subject,
-                                            "" }
-                                    );
-                        } else {
-                            mLogger.log(ILogger.EV_AUDIT,
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.NODNFORMAT,
-                                    new Object[] {
-                                            r.getRequestType(),
-                                            r.getRequestId(),
-                                            initiative,
-                                            authMgr,
-                                            "canceled" }
-                                    );
-                        }
-
-                    }
-
-                    // store a message in the signed audit log file
-                    // (manual "agent" cert request processed - "cancelled")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.SUCCESS,
-                                auditRequesterID,
-                                auditInfoName,
-                                SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[1]);
-
-                    audit(auditMessage);
-
-                } else if (toDo.equals("clone")) {
-                    IRequest clonedRequest = mQueue.cloneAndMarkPending(r);
-
-                    header.addStringValue("clonedRequestId",
-                            clonedRequest.getRequestId().toString());
-
-                    if (certInfo != null) {
-                        for (int i = 0; i < certInfo.length; i++) {
-                            mLogger.log(ILogger.EV_AUDIT,
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
-                                    new Object[] {
-                                            r.getRequestType(),
-                                            r.getRequestId(),
-                                            initiative,
-                                            authMgr,
-                                            "cloned to reqID: " +
-                                                    clonedRequest.getRequestId().toString(),
-                                            certInfo[i].get(X509CertInfo.SUBJECT),
-                                            "" }
-                                    );
-                        }
-                    } else {
-                        if (subject != null) {
-                            mLogger.log(ILogger.EV_AUDIT,
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
-                                    new Object[] {
-                                            r.getRequestType(),
-                                            r.getRequestId(),
-                                            initiative,
-                                            authMgr,
-                                            "cloned to reqID: " +
-                                                    clonedRequest.getRequestId().toString(),
-                                            subject,
-                                            "" }
-                                    );
-                        } else {
-                            mLogger.log(ILogger.EV_AUDIT,
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.NODNFORMAT,
-                                    new Object[] {
-                                            r.getRequestType(),
-                                            r.getRequestId(),
-                                            initiative,
-                                            authMgr,
-                                            "cloned to reqID: " +
-                                                    clonedRequest.getRequestId().toString() }
-                                    );
-                        }
-                    }
-
-                    // store a message in the signed audit log file
-                    // ("agent" cert request for "cloning")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
-                                auditSubjectID,
-                                ILogger.SUCCESS,
-                                auditRequesterID,
-                                auditServiceID,
-                                auditCertificateSubjectName);
-
-                    audit(auditMessage);
-                }
-            }
-
-            // add authority names to know what privileges can be requested.
-            if (CMS.getSubsystem("kra") != null)
-                header.addStringValue("localkra", "yes");
-            if (CMS.getSubsystem("ca") != null)
-                header.addStringValue("localca", "yes");
-            if (CMS.getSubsystem("ra") != null)
-                header.addStringValue("localra", "yes");
-
-            header.addBigIntegerValue("seqNum", seqNum, 10);
-            mParser.fillRequestIntoArg(locale, r, argSet, header);
-            String rid = r.getExtDataInString(IRequest.REMOTE_REQID);
-
-            if (rid != null)
-                header.addStringValue("remoteReqID", rid);
-        } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
-
-            // store a message in the signed audit log file
-            if (toDo != null) {
-                if (toDo.equals(SIGNED_AUDIT_CLONING)) {
-                    // ("agent" cert request for "cloning")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditServiceID,
-                                auditCertificateSubjectName);
-
-                    audit(auditMessage);
-                } else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) {
-                    // (manual "agent" cert request processed - "accepted")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditInfoName,
-                                ILogger.SIGNED_AUDIT_EMPTY_VALUE);
-
-                    audit(auditMessage);
-                } else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) {
-                    // (manual "agent" cert request processed - "cancelled")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditInfoName,
-                                SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[2]);
-
-                    audit(auditMessage);
-                } else if (toDo.equals(SIGNED_AUDIT_REJECTION)) {
-                    // (manual "agent" cert request processed - "rejected")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditInfoName,
-                                SIGNED_AUDIT_MANUAL_REJECTION_REASON[2]);
-
-                    audit(auditMessage);
-                }
-            }
-
-            throw e;
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
-
-            // store a message in the signed audit log file
-            if (toDo != null) {
-                if (toDo.equals(SIGNED_AUDIT_CLONING)) {
-                    // ("agent" cert request for "cloning")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditServiceID,
-                                auditCertificateSubjectName);
-
-                    audit(auditMessage);
-                } else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) {
-                    // (manual "agent" cert request processed - "accepted")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditInfoName,
-                                ILogger.SIGNED_AUDIT_EMPTY_VALUE);
-
-                    audit(auditMessage);
-                } else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) {
-                    // (manual "agent" cert request processed - "cancelled")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditInfoName,
-                                SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[3]);
-
-                    audit(auditMessage);
-                } else if (toDo.equals(SIGNED_AUDIT_REJECTION)) {
-                    // (manual "agent" cert request processed - "rejected")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditInfoName,
-                                SIGNED_AUDIT_MANUAL_REJECTION_REASON[3]);
-
-                    audit(auditMessage);
-                }
-            }
-
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR"));
-        } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
-
-            // store a message in the signed audit log file
-            if (toDo != null) {
-                if (toDo.equals(SIGNED_AUDIT_CLONING)) {
-                    // ("agent" cert request for "cloning")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditServiceID,
-                                auditCertificateSubjectName);
-
-                    audit(auditMessage);
-                } else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) {
-                    // (manual "agent" cert request processed - "accepted")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditInfoName,
-                                ILogger.SIGNED_AUDIT_EMPTY_VALUE);
-
-                    audit(auditMessage);
-                } else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) {
-                    // (manual "agent" cert request processed - "cancelled")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditInfoName,
-                                SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[4]);
-
-                    audit(auditMessage);
-                } else if (toDo.equals(SIGNED_AUDIT_REJECTION)) {
-                    // (manual "agent" cert request processed - "rejected")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditInfoName,
-                                SIGNED_AUDIT_MANUAL_REJECTION_REASON[4]);
-
-                    audit(auditMessage);
-                }
-            }
-
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR"));
-        } catch (NoSuchAlgorithmException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
-
-            // store a message in the signed audit log file
-            if (toDo != null) {
-                if (toDo.equals(SIGNED_AUDIT_CLONING)) {
-                    // ("agent" cert request for "cloning")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditServiceID,
-                                auditCertificateSubjectName);
-
-                    audit(auditMessage);
-                } else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) {
-                    // (manual "agent" cert request processed - "accepted")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditInfoName,
-                                ILogger.SIGNED_AUDIT_EMPTY_VALUE);
-
-                    audit(auditMessage);
-                } else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) {
-                    // (manual "agent" cert request processed - "cancelled")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditInfoName,
-                                SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[5]);
-
-                    audit(auditMessage);
-                } else if (toDo.equals(SIGNED_AUDIT_REJECTION)) {
-                    // (manual "agent" cert request processed - "rejected")
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                auditInfoName,
-                                SIGNED_AUDIT_MANUAL_REJECTION_REASON[5]);
-
-                    audit(auditMessage);
-                }
-            }
-
-            throw new EBaseException(CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", e.toString()));
-        }
-        return;
-    }
-
-    private void updateNSExtension(HttpServletRequest req,
-            NSCertTypeExtension ext) throws IOException {
-        try {
-
-            if (req.getParameter("certTypeSSLServer") == null) {
-                ext.set(NSCertTypeExtension.SSL_SERVER, Boolean.valueOf(false));
-            } else {
-                ext.set(NSCertTypeExtension.SSL_SERVER, Boolean.valueOf(true));
-            }
-
-            if (req.getParameter("certTypeSSLClient") == null) {
-                ext.set(NSCertTypeExtension.SSL_CLIENT, Boolean.valueOf(false));
-            } else {
-                ext.set(NSCertTypeExtension.SSL_CLIENT, Boolean.valueOf(true));
-            }
-
-            if (req.getParameter("certTypeEmail") == null) {
-                ext.set(NSCertTypeExtension.EMAIL, Boolean.valueOf(false));
-            } else {
-                ext.set(NSCertTypeExtension.EMAIL, Boolean.valueOf(true));
-            }
-
-            if (req.getParameter("certTypeObjSigning") == null) {
-                ext.set(NSCertTypeExtension.OBJECT_SIGNING, Boolean.valueOf(false));
-            } else {
-                ext.set(NSCertTypeExtension.OBJECT_SIGNING, Boolean.valueOf(true));
-            }
-
-            if (req.getParameter("certTypeEmailCA") == null) {
-                ext.set(NSCertTypeExtension.EMAIL_CA, Boolean.valueOf(false));
-            } else {
-                ext.set(NSCertTypeExtension.EMAIL_CA, Boolean.valueOf(true));
-            }
-
-            if (req.getParameter("certTypeSSLCA") == null) {
-                ext.set(NSCertTypeExtension.SSL_CA, Boolean.valueOf(false));
-            } else {
-                ext.set(NSCertTypeExtension.SSL_CA, Boolean.valueOf(true));
-            }
-
-            if (req.getParameter("certTypeObjSigningCA") == null) {
-                ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA, Boolean.valueOf(false));
-            } else {
-                ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA, Boolean.valueOf(true));
-            }
-        } catch (CertificateException e) {
-        }
-    }
-
-    /**
-     * This method sets extensions parameter into the request so
-     * that the NSCertTypeExtension policy creates new
-     * NSCertTypExtension with this setting. Note that this
-     * setting will not be used if the NSCertType Extension
-     * already exist in CertificateExtension. In that case,
-     * updateExtensions() will be called to set the extension
-     * parameter into the extension directly.
-     */
-    private int updateExtensionsInRequest(HttpServletRequest req, IRequest r) {
-        int nChanges = 0;
-
-        if (req.getParameter("certTypeSSLServer") != null) {
-            r.setExtData(NSCertTypeExtension.SSL_SERVER, "true");
-            nChanges++;
-        } else {
-            r.deleteExtData(NSCertTypeExtension.SSL_SERVER);
-            nChanges++;
-        }
-
-        if (req.getParameter("certTypeSSLClient") != null) {
-            r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true");
-            nChanges++;
-        } else {
-            r.deleteExtData(NSCertTypeExtension.SSL_CLIENT);
-            nChanges++;
-        }
-
-        if (req.getParameter("certTypeEmail") != null) {
-            r.setExtData(NSCertTypeExtension.EMAIL, "true");
-            nChanges++;
-        } else {
-            r.deleteExtData(NSCertTypeExtension.EMAIL);
-            nChanges++;
-        }
-
-        if (req.getParameter("certTypeObjSigning") != null) {
-            r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true");
-            nChanges++;
-        } else {
-            r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING);
-            nChanges++;
-        }
-
-        if (req.getParameter("certTypeEmailCA") != null) {
-            r.setExtData(NSCertTypeExtension.EMAIL_CA, "true");
-            nChanges++;
-        } else {
-            r.deleteExtData(NSCertTypeExtension.EMAIL_CA);
-            nChanges++;
-        }
-
-        if (req.getParameter("certTypeSSLCA") != null) {
-            r.setExtData(NSCertTypeExtension.SSL_CA, "true");
-            nChanges++;
-        } else {
-            r.deleteExtData(NSCertTypeExtension.SSL_CA);
-            nChanges++;
-        }
-
-        if (req.getParameter("certTypeObjSigningCA") != null) {
-            r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true");
-            nChanges++;
-        } else {
-            r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA);
-            nChanges++;
-        }
-
-        return nChanges;
-    }
-
-    protected static final String GRANT_ERROR = "grantError";
-
-    public static final String GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege";
-    public static final String GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege";
-    public static final String GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege";
-    public static final String GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege";
-    public static final String GRANT_UID = "grantUID";
-    public static final String GRANT_PRIVILEGE = "grantPrivilege";
-
-    protected int grant_privileges(
-            CMSRequest cmsReq, IRequest req, Certificate[] certs, IArgBlock header)
-            throws EBaseException {
-        // get privileges to grant
-        IArgBlock httpParams = cmsReq.getHttpParams();
-
-        boolean grantTrustedMgr =
-                httpParams.getValueAsBoolean(GRANT_TRUSTEDMGR_PRIVILEGE, false);
-        boolean grantRMAgent =
-                httpParams.getValueAsBoolean(GRANT_RMAGENT_PRIVILEGE, false);
-        boolean grantCMAgent =
-                httpParams.getValueAsBoolean(GRANT_CMAGENT_PRIVILEGE, false);
-        boolean grantDRMAgent =
-                httpParams.getValueAsBoolean(GRANT_DRMAGENT_PRIVILEGE, false);
-
-        if (!grantTrustedMgr &&
-                !grantCMAgent && !grantRMAgent && !grantDRMAgent) {
-            return 0;
-        } else {
-            IAuthToken authToken = getAuthToken(req);
-            AuthzToken authzToken = null;
-            String resourceName = "certServer." + mAuthority.getId() + ".group";
-
-            try {
-                authzToken = authorize(mAclMethod, authToken,
-                            resourceName, "add");
-            } catch (Exception e) {
-                // do nothing for now
-            }
-
-            if (authzToken == null) {
-                String[] obj = new String[1];
-
-                if (grantTrustedMgr)
-                    obj[0] = TRUSTED_RA_GROUP;
-                else if (grantRMAgent)
-                    obj[0] = RA_AGENT_GROUP;
-                else if (grantCMAgent)
-                    obj[0] = CA_AGENT_GROUP;
-                else if (grantDRMAgent)
-                    obj[0] = KRA_AGENT_GROUP;
-                else
-                    obj[0] = "unknown group";
-
-                throw new ECMSGWException(CMS.getUserMessage("CMS_GW_UNAUTHORIZED_CREATE_GROUP", obj[0]));
-            }
-        }
-
-        String uid = httpParams.getValueAsString(GRANT_UID, null);
-
-        if (uid == null || uid.length() == 0) {
-            throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_GRANT_UID"));
-        }
-        header.addStringValue(GRANT_UID, uid);
-
-        String groupname = null, groupname1 = null;
-        String userType = "";
-
-        if (grantTrustedMgr) {
-            groupname = TRUSTED_RA_GROUP;
-            userType = Constants.PR_SUBSYSTEM_TYPE;
-        } else {
-            if (grantCMAgent)
-                groupname = CA_AGENT_GROUP;
-            else if (grantRMAgent)
-                groupname = RA_AGENT_GROUP;
-
-            if (grantDRMAgent) {
-                if (groupname != null)
-                    groupname1 = KRA_AGENT_GROUP;
-                else
-                    groupname = KRA_AGENT_GROUP;
-            }
-            userType = Constants.PR_AGENT_TYPE;
-        }
-
-        String privilege =
-                (groupname1 == null) ? groupname : groupname + " and " + groupname1;
-
-        header.addStringValue(GRANT_PRIVILEGE, privilege);
-
-        IUGSubsystem ug = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
-        IUser user = ug.createUser(uid);
-
-        user.setFullName(uid);
-        user.setEmail("");
-        user.setPhone("");
-        user.setPassword("");
-        user.setUserType(userType);
-        user.setState("1");
-        IGroup group = ug.findGroup(groupname), group1 = null;
-
-        if (group == null) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname));
-            throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname));
-        }
-        if (groupname1 != null) {
-            group1 = ug.findGroup(groupname1);
-            if (group1 == null) {
-                log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname));
-                throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname1));
-            }
-        }
-        try {
-            ug.addUser(user);
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid));
-            throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_USER_ERROR", uid));
-        }
-        try {
-            if (certs[0] instanceof X509CertImpl) {
-                X509CertImpl tmp[] = (X509CertImpl[]) certs;
-
-                user.setX509Certificates(tmp);
-            }
-
-            ug.addUserCert(user);
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid));
-            throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_CERT_ERROR", uid));
-        }
-        try {
-            group.addMemberName(uid);
-            ug.modifyGroup(group);
-            // for audit log
-            SessionContext sContext = SessionContext.getContext();
-            String adminId = (String) sContext.get(SessionContext.USER_ID);
-
-            mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-                    AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
-                    new Object[] { adminId, uid, groupname }
-                    );
-
-            if (group1 != null) {
-                group1.addMemberName(uid);
-                ug.modifyGroup(group1);
-
-                mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-                        AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
-                        new Object[] { adminId, uid, groupname1 }
-                        );
-
-            }
-        } catch (Exception e) {
-            String msg =
-                    "Could not add user " + uid + " to group " + groupname;
-
-            if (group1 != null)
-                msg += " or group " + groupname1;
-            log(ILogger.LL_FAILURE, msg);
-            if (group1 == null)
-                throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER", uid, groupname));
-            else
-                throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1));
-        }
-        return 1;
-    }
-
-    /**
-     * Signed Audit Log Info Name
-     *
-     * This method is called to obtain the "InfoName" for
-     * a signed audit log message.
-     * <P>
-     *
-     * @param type signed audit log request processing type
-     * @return id string containing the signed audit log message InfoName
-     */
-    private String auditInfoName(String type) {
-        // in this case, do NOT strip preceding/trailing whitespace
-        // from passed-in String parameters (this is done below)
-
-        String infoName = ILogger.UNIDENTIFIED;
-
-        if (mSignedAuditLogger == null) {
-            return infoName;
-        }
-
-        if (type != null) {
-            type = type.trim();
-
-            if (type.equals(SIGNED_AUDIT_ACCEPTANCE)) {
-                infoName = ILogger.SIGNED_AUDIT_ACCEPTANCE;
-            } else if (type.equals(SIGNED_AUDIT_CANCELLATION)) {
-                infoName = ILogger.SIGNED_AUDIT_CANCELLATION;
-            } else if (type.equals(SIGNED_AUDIT_REJECTION)) {
-                infoName = ILogger.SIGNED_AUDIT_REJECTION;
-            }
-        }
-
-        return infoName;
-    }
-
-    /**
-     * Signed Audit Log Info Certificate Value
-     *
-     * This method is called to obtain the certificate from the passed in
-     * "X509CertImpl" for a signed audit log message.
-     * <P>
-     *
-     * @param x509cert an X509CertImpl
-     * @return cert string containing the certificate
-     */
-    private String auditInfoCertValue(X509CertImpl x509cert) {
-        // if no signed audit object exists, bail
-        if (mSignedAuditLogger == null) {
-            return null;
-        }
-
-        if (x509cert == null) {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        byte rawData[] = null;
-
-        try {
-            rawData = x509cert.getEncoded();
-        } catch (CertificateEncodingException e) {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-
-        String cert = null;
-
-        // convert "rawData" into "base64Data"
-        if (rawData != null) {
-            String base64Data = null;
-
-            base64Data = Utils.base64encode(rawData).trim();
-
-            // extract all line separators from the "base64Data"
-            StringBuffer sb = new StringBuffer();
-            for (int i = 0; i < base64Data.length(); i++) {
-                if (base64Data.substring(i, i).getBytes() != EOL) {
-                    sb.append(base64Data.substring(i, i));
-                }
-            }
-            cert = sb.toString();
-        }
-
-        if (cert != null) {
-            cert = cert.trim();
-
-            if (cert.equals("")) {
-                return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-            } else {
-                return cert;
-            }
-        } else {
-            return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        }
-    }
-}
-
-class RAReqCompletedFiller extends ImportCertsTemplateFiller {
-    private static final String RA_AGENT_GROUP = "Registration Manager Agents";
-    private static final String KRA_AGENT_GROUP = "Data Recovery Manager Agents";
-
-    public RAReqCompletedFiller() {
-        super();
-    }
-
-    public CMSTemplateParams getTemplateParams(
-            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
-            throws Exception {
-
-        Object[] results = (Object[]) cmsReq.getResult();
-        Object grantError = results[1];
-        //X509CertImpl[] issuedCerts = (X509CertImpl[])results[0];
-        Certificate[] issuedCerts = (Certificate[]) results[0];
-
-        cmsReq.setResult(issuedCerts);
-        CMSTemplateParams params =
-                super.getTemplateParams(cmsReq, authority, locale, e);
-
-        if (grantError != null) {
-            IArgBlock header = params.getHeader();
-
-            if (grantError instanceof String) {
-                header.addStringValue(
-                        ProcessCertReq.GRANT_ERROR, (String) grantError);
-            } else {
-                EBaseException ex = (EBaseException) grantError;
-
-                header.addStringValue(
-                        ProcessCertReq.GRANT_ERROR, ex.toString(locale));
-            }
-            IArgBlock httpParams = cmsReq.getHttpParams();
-            String uid = httpParams.getValueAsString(
-                    ProcessCertReq.GRANT_UID, null);
-
-            header.addStringValue(ProcessCertReq.GRANT_UID, uid);
-            boolean grantRMAgent = httpParams.getValueAsBoolean(
-                    ProcessCertReq.GRANT_RMAGENT_PRIVILEGE, false);
-            boolean grantDRMAgent = httpParams.getValueAsBoolean(
-                    ProcessCertReq.GRANT_DRMAGENT_PRIVILEGE, false);
-            String privilege = null;
-
-            if (grantRMAgent) {
-                privilege = RA_AGENT_GROUP;
-            }
-            if (grantDRMAgent) {
-                if (privilege != null)
-                    privilege += " and " + KRA_AGENT_GROUP;
-                else
-                    privilege = KRA_AGENT_GROUP;
-            }
-            header.addStringValue(ProcessCertReq.GRANT_PRIVILEGE, privilege);
-        }
-        return params;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java b/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java
deleted file mode 100644
index 66c7129f6..000000000
--- a/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java
+++ /dev/null
@@ -1,330 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.X509CertImpl;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authority.ICertAuthority;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Display Generic Request detail to the user.
- *
- * @version $Revision$, $Date$
- */
-public class ProcessReq extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -6941843162486565610L;
-    private final static String SEQNUM = "seqNum";
-    private final static String DO_ASSIGN = "doAssign";
-    private final static String TPL_FILE = "processReq.template";
-    private final static String PROP_PARSER = "parser";
-
-    private IRequestQueue mQueue = null;
-    private String mFormPath = null;
-    private IReqParser mParser = null;
-    private String[] mSigningAlgorithms = null;
-
-    /**
-     * Process request.
-     */
-    public ProcessReq() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * "processReq.template" to process the response.
-     * The initialization parameter 'parser' is read from the
-     * servlet configration, and is used to set the type of request.
-     * The value of this parameter can be:
-     * <UL>
-     * <LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary
-     * <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail
-     * <LI><B>KeyReqParser.PARSER</B> - Show key archival detail
-     * </UL>
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mQueue = mAuthority.getRequestQueue();
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-
-        String tmp = sc.getInitParameter(PROP_PARSER);
-
-        if (tmp != null) {
-            if (tmp.trim().equals("CertReqParser.NODETAIL_PARSER"))
-                mParser = CertReqParser.NODETAIL_PARSER;
-            else if (tmp.trim().equals("CertReqParser.DETAIL_PARSER"))
-                mParser = CertReqParser.DETAIL_PARSER;
-            else if (tmp.trim().equals("KeyReqParser.PARSER"))
-                mParser = KeyReqParser.PARSER;
-        }
-
-        // override success and error templates to null -
-        // handle templates locally.
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        mTemplates.remove(ICMSRequest.ERROR);
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param seqNum
-     * <li>http.param doAssign reassign request. Value can be reassignToMe reassignToNobody
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        BigInteger seqNum = BigInteger.ONE.negate();
-
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock fixed = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
-
-        String doAssign = null;
-        EBaseException error = null;
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    "Error getting template " + mFormPath + " Error " + e);
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        try {
-            if (req.getParameter(SEQNUM) != null) {
-                seqNum = new BigInteger(req.getParameter(SEQNUM));
-            }
-            doAssign = req.getParameter(DO_ASSIGN);
-
-            if (seqNum.compareTo(BigInteger.ONE.negate()) > 0) {
-                // start authorization
-                AuthzToken authzToken = null;
-
-                try {
-                    if (doAssign == null) {
-                        authzToken = authorize(mAclMethod, authToken,
-                                    mAuthzResourceName, "read");
-                    } else if (doAssign.equals("toMe") ||
-                            doAssign.equals("reassignToMe")) {
-                        authzToken = authorize(mAclMethod, authToken,
-                                    mAuthzResourceName, "assign");
-                    } else if (doAssign.equals("reassignToNobody")) {
-                        authzToken = authorize(mAclMethod, authToken,
-                                    mAuthzResourceName, "unassign");
-                    }
-                } catch (EAuthzAccessDenied e) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-                } catch (Exception e) {
-                    log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-                }
-
-                if (authzToken == null) {
-                    cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-                    return;
-                }
-
-                process(argSet, header, seqNum, req, resp,
-                        doAssign, locale[0]);
-            } else {
-                log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum);
-                error = new ECMSGWException(
-                        CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
-                                String.valueOf(seqNum)));
-            }
-        } catch (EBaseException e) {
-            error = e;
-        } catch (NumberFormatException e) {
-            error = new EBaseException(CMS.getUserMessage(locale[0], "CMS_BASE_INVALID_NUMBER_FORMAT"));
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            if (error == null) {
-                String xmlOutput = req.getParameter("xml");
-                if (xmlOutput != null && xmlOutput.equals("true")) {
-                    outputXML(resp, argSet);
-                } else {
-                    resp.setContentType("text/html");
-                    form.renderOutput(out, argSet);
-                    cmsReq.setStatus(ICMSRequest.SUCCESS);
-                }
-            } else {
-                cmsReq.setError(error);
-                cmsReq.setStatus(ICMSRequest.ERROR);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    "Error getting servlet output stream for rendering template. " +
-                            "Error " + e);
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-        return;
-    }
-
-    /**
-     * Sends request information to the calller.
-     * returns whether there was an error or not.
-     */
-    private void process(CMSTemplateParams argSet, IArgBlock header,
-            BigInteger seqNum, HttpServletRequest req,
-            HttpServletResponse resp,
-            String doAssign, Locale locale)
-            throws EBaseException {
-
-        header.addBigIntegerValue("seqNum", seqNum, 10);
-
-        IRequest r = mQueue.findRequest(new RequestId(seqNum));
-
-        if (r != null) {
-            if (doAssign != null) {
-                if ((doAssign.equals("toMe"))
-                        || (doAssign.equals("reassignToMe"))) {
-                    SessionContext ctx = SessionContext.getContext();
-                    String id = (String) ctx.get(SessionContext.USER_ID);
-
-                    r.setRequestOwner(id);
-                    mQueue.updateRequest(r);
-                } else if (doAssign.equals("reassignToNobody")) {
-                    r.setRequestOwner(null);
-                    mQueue.updateRequest(r);
-                }
-            }
-
-            // add authority names to know what privileges can be requested.
-            if (CMS.getSubsystem("kra") != null)
-                header.addStringValue("localkra", "yes");
-            if (CMS.getSubsystem("ca") != null)
-                header.addStringValue("localca", "yes");
-            if (CMS.getSubsystem("ra") != null)
-                header.addStringValue("localra", "yes");
-
-            // DONT NEED TO DO THIS FOR DRM
-            if (mAuthority instanceof ICertAuthority) {
-                // Check/set signing algorithms dynamically.
-                // In RA mSigningAlgorithms could be null at startup if CA is not
-                // up and set later when CA comes back up.
-                // Once it's set assumed that it won't change.
-                String[] allAlgorithms = mSigningAlgorithms;
-
-                if (allAlgorithms == null) {
-                    allAlgorithms = mSigningAlgorithms =
-                                    ((ICertAuthority) mAuthority).getCASigningAlgorithms();
-                    if (allAlgorithms == null) {
-                        CMS.debug(
-                                "ProcessReq: signing algorithms set to All algorithms");
-                        allAlgorithms = AlgorithmId.ALL_SIGNING_ALGORITHMS;
-                    } else
-                        CMS.debug(
-                                "ProcessReq: First signing algorithms is " + allAlgorithms[0]);
-                }
-                String validAlgorithms = null;
-                StringBuffer sb = new StringBuffer();
-                for (int i = 0; i < allAlgorithms.length; i++) {
-                    if (i > 0) {
-                        sb.append("+");
-                        sb.append(allAlgorithms[i]);
-                    } else {
-                        sb.append(allAlgorithms[i]);
-                    }
-                }
-                validAlgorithms = sb.toString();
-                if (validAlgorithms != null)
-                    header.addStringValue("validAlgorithms", validAlgorithms);
-                if (mAuthority instanceof ICertificateAuthority) {
-                    String signingAlgorithm = ((ICertificateAuthority) mAuthority).getDefaultAlgorithm();
-
-                    if (signingAlgorithm != null)
-                        header.addStringValue("caSigningAlgorithm", signingAlgorithm);
-                    header.addLongValue("defaultValidityLength",
-                            ((ICertificateAuthority) mAuthority).getDefaultValidity() / 1000);
-                } else if (mAuthority instanceof IRegistrationAuthority) {
-                    header.addLongValue("defaultValidityLength",
-                            ((IRegistrationAuthority) mAuthority).getDefaultValidity() / 1000);
-                }
-                X509CertImpl caCert = ((ICertAuthority) mAuthority).getCACert();
-
-                if (caCert != null) {
-                    int caPathLen = caCert.getBasicConstraints();
-
-                    header.addIntegerValue("caPathLen", caPathLen);
-                }
-            }
-
-            mParser.fillRequestIntoArg(locale, r, argSet, header);
-        } else {
-            log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum.toString());
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
-                            seqNum.toString()));
-        }
-
-        return;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/request/QueryReq.java b/base/common/src/com/netscape/cms/servlet/request/QueryReq.java
deleted file mode 100644
index 09bf3a0b8..000000000
--- a/base/common/src/com/netscape/cms/servlet/request/QueryReq.java
+++ /dev/null
@@ -1,540 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Enumeration;
-import java.util.Locale;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.certsrv.request.IRequestVirtualList;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Show paged list of requests matching search criteria
- *
- * @version $Revision$, $Date$
- */
-public class QueryReq extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = -8729364426329835378L;
-    // constants
-    private final static String IN_SHOW_ALL = "showAll";
-    private final static String IN_SHOW_WAITING = "showWaiting";
-    private final static String IN_SHOW_IN_SERVICE = "showInService";
-    private final static String IN_SHOW_PENDING = "showPending";
-    private final static String IN_SHOW_CANCELLED = "showCancelled";
-    private final static String IN_SHOW_REJECTED = "showRejected";
-    private final static String IN_SHOW_COMPLETED = "showCompleted";
-    private final static String IN_MAXCOUNT = "maxCount";
-    private final static String IN_TOTALCOUNT = "totalRecordCount";
-    private final static String PROP_PARSER = "parser";
-
-    private final static String TPL_FILE = "queryReq.template";
-
-    private final static String OUT_TOTALCOUNT = IN_TOTALCOUNT;
-    private final static String OUT_CURRENTCOUNT = "currentRecordCount";
-    private final static String OUT_REQUESTING_USER = "requestingUser";
-    //keeps track of where to begin if page down
-    private final static String OUT_FIRST_ENTRY_ON_PAGE = "firstEntryOnPage";
-    //keeps track of where to begin if page up
-    private final static String OUT_LAST_ENTRY_ON_PAGE = "lastEntryOnPage";
-    private final static String OUT_ERROR = "error";
-    private final static String OUT_AUTHORITY_ID = "authorityid";
-
-    // variables
-    private IReqParser mParser = null;
-    private IRequestQueue mQueue = null;
-    private String mFormPath = null;
-    private int mMaxReturns = 2000;
-
-    public CMSRequest newCMSRequest() {
-        return new CMSRequest();
-    }
-
-    /**
-     * Constructor
-     */
-    public QueryReq() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses the template file
-     * "queryReq.template" to process the response.
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        mQueue = mAuthority.getRequestQueue();
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-
-        try {
-            mMaxReturns = Integer.parseInt(sc.getInitParameter("maxResults"));
-        } catch (Exception e) {
-            /* do nothing, just use the default if integer parsing failed */
-        }
-
-        String tmp = sc.getInitParameter(PROP_PARSER);
-
-        if (tmp != null) {
-            if (tmp.trim().equals("CertReqParser.NODETAIL_PARSER"))
-                mParser = CertReqParser.NODETAIL_PARSER;
-            else if (tmp.trim().equals("CertReqParser.DETAIL_PARSER"))
-                mParser = CertReqParser.DETAIL_PARSER;
-            else if (tmp.trim().equals("KeyReqParser.PARSER"))
-                mParser = KeyReqParser.PARSER;
-        }
-
-        // override success and error templates to null -
-        // handle templates locally.
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        mTemplates.remove(ICMSRequest.ERROR);
-
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-    }
-
-    private String getRequestType(String p) {
-        String filter = "(requestType=*)";
-
-        if (p == null)
-            return filter;
-        if (p.equals(IRequest.ENROLLMENT_REQUEST)) {
-            filter = "(requestType=" + IRequest.ENROLLMENT_REQUEST + ")";
-        } else if (p.equals(IRequest.RENEWAL_REQUEST)) {
-            filter = "(requestType=" + IRequest.RENEWAL_REQUEST + ")";
-        } else if (p.equals(IRequest.REVOCATION_REQUEST)) {
-            filter = "(requestType=" + IRequest.REVOCATION_REQUEST + ")";
-        } else if (p.equals(IRequest.UNREVOCATION_REQUEST)) {
-            filter = "(requestType=" + IRequest.UNREVOCATION_REQUEST + ")";
-        } else if (p.equals(IRequest.KEYARCHIVAL_REQUEST)) {
-            filter = "(requestType=" + IRequest.KEYARCHIVAL_REQUEST + ")";
-        } else if (p.equals(IRequest.KEYRECOVERY_REQUEST)) {
-            filter = "(requestType=" + IRequest.KEYRECOVERY_REQUEST + ")";
-        } else if (p.equals(IRequest.GETCACHAIN_REQUEST)) {
-            filter = "(requestType=" + IRequest.GETCACHAIN_REQUEST + ")";
-        } else if (p.equals(IRequest.GETREVOCATIONINFO_REQUEST)) {
-            filter = "(requestType=" + IRequest.GETREVOCATIONINFO_REQUEST + ")";
-        } else if (p.equals(IRequest.GETCRL_REQUEST)) {
-            filter = "(requestType=" + IRequest.GETCRL_REQUEST + ")";
-        } else if (p.equals(IRequest.GETCERTS_REQUEST)) {
-            filter = "(requestType=" + IRequest.GETCERTS_REQUEST + ")";
-        } else if (p.equals(IRequest.NETKEY_KEYGEN_REQUEST)) {
-            filter = "(requestType=" + IRequest.NETKEY_KEYGEN_REQUEST + ")";
-        } else if (p.equals(IN_SHOW_ALL)) {
-            filter = "(requestType=*)";
-        }
-        return filter;
-    }
-
-    private String getRequestState(String p) {
-        String filter = "(requeststate=*)";
-
-        if (p == null)
-            return filter;
-        if (p.equals(IN_SHOW_WAITING)) {
-            filter = "(requeststate=pending)";
-        } else if (p.equals(IN_SHOW_IN_SERVICE)) {
-            filter = "(requeststate=svc_pending)";
-        } else if (p.equals(IN_SHOW_PENDING)) {
-            filter = "(requeststate=pending)";
-        } else if (p.equals(IN_SHOW_CANCELLED)) {
-            filter = "(requeststate=canceled)";
-        } else if (p.equals(IN_SHOW_REJECTED)) {
-            filter = "(requeststate=rejected)";
-        } else if (p.equals(IN_SHOW_COMPLETED)) {
-            filter = "(requeststate=complete)";
-        } else if (p.equals(IN_SHOW_ALL)) {
-            filter = "(requeststate=*)";
-        }
-        return filter;
-    }
-
-    /**
-     * Process the HTTP request.
-     * <ul>
-     * <li>http.param reqState request state (one of showAll, showWaiting, showInService, showCancelled, showRejected,
-     * showCompleted)
-     * <li>http.param reqType
-     * <li>http.param seqNumFromDown request ID to start at (decimal, or hex if when paging down seqNumFromDown starts
-     * with 0x)
-     * <li>http.param seqNumFromUp request ID to start at (decimal, or hex if when paging up seqNumFromUp starts with
-     * 0x)
-     * <li>http.param maxCount maximum number of records to show
-     * <li>http.param totalCount total number of records in set of pages
-     * <li>http.param direction "up", "down", "begin", or "end"
-     * </ul>
-     *
-     * @param cmsReq the object holding the request and response information
-     */
-
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        CMS.debug("in QueryReq servlet");
-
-        // Authentication / Authorization
-
-        HttpServletRequest req = cmsReq.getHttpReq();
-        IAuthToken authToken = authenticate(cmsReq);
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                    mAuthzResourceName, "list");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            // if get a EBaseException we just throw it.
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        /**
-         * WARNING:
-         *
-         * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED.
-         *
-         **/
-        String filter = null;
-        String reqState = req.getParameter("reqState");
-        String reqType = req.getParameter("reqType");
-
-        if (reqState == null || reqType == null) {
-            filter = "(requeststate=*)";
-        } else if (reqState.equals(IN_SHOW_ALL) &&
-                reqType.equals(IN_SHOW_ALL)) {
-            filter = "(requeststate=*)";
-        } else if (reqState.equals(IN_SHOW_ALL)) {
-            filter = getRequestType(reqType);
-        } else if (reqType.equals(IN_SHOW_ALL)) {
-            filter = getRequestState(reqState);
-        } else {
-            filter = "(&" + getRequestState(reqState) +
-                    getRequestType(reqType) + ")";
-        }
-
-        String direction = "begin";
-        if (req.getParameter("direction") != null) {
-            direction = req.getParameter("direction").trim();
-        }
-
-        BigInteger top = BigInteger.ZERO;
-        BigInteger bottom = BigInteger.ZERO;
-
-        try {
-            String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE);
-            if (top_s == null)
-                top_s = "0";
-
-            String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE);
-            if (bottom_s == null)
-                bottom_s = "0";
-
-            if (top_s.trim().startsWith("0x")) {
-                top = new BigInteger(top_s.trim().substring(2), 16);
-            } else {
-                top = new BigInteger(top_s.trim());
-            }
-            if (bottom_s.trim().startsWith("0x")) {
-                bottom = new BigInteger(bottom_s.trim().substring(2), 16);
-            } else {
-                bottom = new BigInteger(bottom_s.trim());
-            }
-
-        } catch (NumberFormatException e) {
-
-        }
-
-        // avoid NumberFormatException to the user interface
-        int maxCount = 10;
-        try {
-            maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT));
-        } catch (Exception e) {
-        }
-        if (maxCount > mMaxReturns) {
-            CMS.debug("Resetting page size from " + maxCount + " to " + mMaxReturns);
-            maxCount = mMaxReturns;
-        }
-
-        HttpServletResponse resp = cmsReq.getHttpResp();
-        CMSTemplateParams argset = doSearch(locale[0], filter, maxCount, direction, top, bottom);
-
-        argset.getFixed().addStringValue("reqType", reqType);
-        argset.getFixed().addStringValue("reqState", reqState);
-        argset.getFixed().addIntegerValue("maxCount", maxCount);
-
-        try {
-            form.getOutput(argset);
-            resp.setContentType("text/html");
-            form.renderOutput(resp.getOutputStream(), argset);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-        cmsReq.setStatus(ICMSRequest.SUCCESS);
-        return;
-    }
-
-    /**
-     * Perform search based on direction button pressed
-     *
-     * @param filter ldap filter indicating which VLV to search through. This can be
-     *            'all requests', 'pending', etc
-     * @param count the number of requests to show per page
-     * @param direction either 'begin', 'end', 'previous' or 'next' (defaults to end)
-     * @param top the number of the request shown on at the top of the current page
-     * @param bottom the number of the request shown on at the bottom of the current page
-     * @return
-     */
-
-    private CMSTemplateParams doSearch(Locale l, String filter,
-            int count, String direction, BigInteger top, BigInteger bottom) {
-        CMSTemplateParams ctp = null;
-        if (direction.equals("previous")) {
-            ctp = doSearch(l, filter, -count, top);
-        } else if (direction.equals("next")) {
-            bottom = bottom.add(BigInteger.ONE);
-            ctp = doSearch(l, filter, count, bottom);
-        } else if (direction.equals("begin")) {
-            ctp = doSearch(l, filter, count, BigInteger.ZERO);
-        } else if (direction.equals("first")) {
-            ctp = doSearch(l, filter, count, bottom);
-        } else { // if 'direction is 'end', default here
-            ctp = doSearch(l, filter, -count, BigInteger.ONE.negate());
-        }
-        return ctp;
-    }
-
-    /**
-     *
-     * @param locale
-     * @param filter the types of requests to return - this must match the VLV index
-     * @param count maximum number of records to return
-     * @param marker indication of the request ID where the page is anchored
-     * @return
-     */
-
-    private CMSTemplateParams doSearch(
-            Locale locale,
-            String filter,
-            int count,
-            BigInteger marker) {
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock context = CMS.createArgBlock();
-        CMSTemplateParams argset = new CMSTemplateParams(header, context);
-
-        try {
-            long startTime = CMS.getCurrentDate().getTime();
-            // preserve the type of request that we are
-            // requesting.
-
-            header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId());
-            header.addStringValue(OUT_REQUESTING_USER, "admin");
-
-            boolean jumptoend = false;
-            if (marker.toString().equals("-1")) {
-                marker = BigInteger.ZERO; // I think this is inconsequential
-                jumptoend = true; // override  to '99' during search
-            }
-
-            RequestId id = new RequestId(marker);
-            IRequestVirtualList list = mQueue.getPagedRequestsByFilter(
-                    id,
-                    jumptoend,
-                    filter,
-                    ((count < 0) ? count - 1 : count + 1),
-                    "requestId");
-
-            int maxCount = 0;
-            if (count < 0 && jumptoend) {
-                maxCount = -count;
-            } else if (count < 0) {
-                maxCount = -count + 1;
-            } else {
-                maxCount = count;
-            }
-            int totalCount = (jumptoend) ? maxCount :
-                    (list.getSize() - list.getCurrentIndex());
-            header.addIntegerValue(OUT_TOTALCOUNT, totalCount);
-            header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize());
-
-            Vector<IRequest> v = fetchRecords(list, maxCount);
-            v = normalizeOrder(v);
-            trim(v, id);
-
-            int currentCount = 0;
-            BigInteger curNum = BigInteger.ZERO;
-            BigInteger firstNum = BigInteger.ONE.negate();
-            Enumeration<IRequest> requests = v.elements();
-
-            while (requests.hasMoreElements()) {
-                IRequest request = null;
-                try {
-                    request = requests.nextElement();
-                } catch (Exception e) {
-                    CMS.debug("Error displaying request:" + e.getMessage());
-                    // handled below
-                }
-                if (request == null) {
-                    log(ILogger.LL_WARN, "Error display request on page");
-                    continue;
-                }
-
-                curNum = new BigInteger(request.getRequestId().toString());
-
-                if (firstNum.equals(BigInteger.ONE.negate())) {
-                    firstNum = curNum;
-                }
-
-                IArgBlock rec = CMS.createArgBlock();
-                mParser.fillRequestIntoArg(locale, request, argset, rec);
-                mQueue.releaseRequest(request);
-                argset.addRepeatRecord(rec);
-
-                currentCount++;
-
-            }// while
-            long endTime = CMS.getCurrentDate().getTime();
-
-            header.addIntegerValue(OUT_CURRENTCOUNT, currentCount);
-            header.addStringValue("time", Long.toString(endTime - startTime));
-            header.addBigIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum, 10);
-            header.addBigIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum, 10);
-
-        } catch (EBaseException e) {
-            header.addStringValue(OUT_ERROR, e.toString(locale));
-        } catch (Exception e) {
-        }
-        return argset;
-    }
-
-    /**
-     * If the vector contains the marker element at the end, remove it.
-     *
-     * @param v The vector to trim
-     * @param marker the marker to look for.
-     */
-    private void trim(Vector<IRequest> v, RequestId marker) {
-        int i = v.size() - 1;
-        if (v.elementAt(i).getRequestId().toString().equals(
-                marker.toString())) {
-            v.remove(i);
-        }
-    }
-
-    /**
-     * Sometimes the list comes back from LDAP in reverse order. This function makes
-     * sure the results are in 'forward' order.
-     *
-     * @param list
-     * @return
-     */
-    private Vector<IRequest> fetchRecords(IRequestVirtualList list, int maxCount) {
-
-        Vector<IRequest> v = new Vector<IRequest>();
-        int count = list.getSize();
-        int c = 0;
-        for (int i = 0; i < count; i++) {
-            IRequest request = list.getElementAt(i);
-            if (request != null) {
-                v.add(request);
-                c++;
-            }
-            if (c >= maxCount)
-                break;
-        }
-
-        return v;
-
-    }
-
-    /**
-     * If the requests are in backwards order, reverse the list
-     *
-     * @param list
-     * @return
-     */
-    private Vector<IRequest> normalizeOrder(Vector<IRequest> list) {
-
-        BigInteger firstrequestnum = new BigInteger(list.elementAt(0)
-                .getRequestId().toString());
-        BigInteger lastrequestnum = new BigInteger(list.elementAt(list
-                .size() - 1).getRequestId().toString());
-        boolean reverse = false;
-        if (firstrequestnum.compareTo(lastrequestnum) > 0) {
-            reverse = true; // if the order is backwards, place items at the beginning
-        }
-        Vector<IRequest> v = new Vector<IRequest>();
-        int count = list.size();
-        for (int i = 0; i < count; i++) {
-            IRequest request = list.elementAt(i);
-            if (request != null) {
-                if (reverse)
-                    v.add(0, request);
-                else
-                    v.add(request);
-            }
-        }
-
-        return v;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/request/ReqParser.java b/base/common/src/com/netscape/cms/servlet/request/ReqParser.java
deleted file mode 100644
index 4a6a79072..000000000
--- a/base/common/src/com/netscape/cms/servlet/request/ReqParser.java
+++ /dev/null
@@ -1,79 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request;
-
-import java.util.Locale;
-import java.math.BigInteger;
-
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-
-/**
- * A class representing a request parser.
- * <P>
- *
- * @version $Revision$, $Date$
- */
-public class ReqParser implements IReqParser {
-
-    private final static String TYPE = "requestType";
-    private final static String STATUS = "status";
-    private final static String CREATE_ON = "createdOn";
-    private final static String UPDATE_ON = "updatedOn";
-    private final static String UPDATE_BY = "updatedBy";
-
-    /**
-     * Constructs a request parser.
-     */
-    public ReqParser() {
-    }
-
-    /**
-     * Maps request object into argument block.
-     */
-    public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
-            throws EBaseException {
-        arg.addStringValue(TYPE, req.getRequestType());
-        arg.addBigIntegerValue("seqNum",
-                new BigInteger(req.getRequestId().toString()), 10);
-        arg.addStringValue(STATUS,
-                req.getRequestStatus().toString());
-        arg.addLongValue(CREATE_ON,
-                req.getCreationTime().getTime() / 1000);
-        arg.addLongValue(UPDATE_ON,
-                req.getModificationTime().getTime() / 1000);
-        String updatedBy = req.getExtDataInString(IRequest.UPDATED_BY);
-
-        if (updatedBy == null)
-            updatedBy = "";
-        arg.addStringValue(UPDATE_BY, updatedBy);
-
-        SessionContext ctx = SessionContext.getContext();
-        String id = (String) ctx.get(SessionContext.USER_ID);
-
-        arg.addStringValue("callerName", id);
-
-        String owner = req.getRequestOwner();
-
-        if (owner != null)
-            arg.addStringValue("assignedTo", owner);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java b/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java
deleted file mode 100644
index 533199ebc..000000000
--- a/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java
+++ /dev/null
@@ -1,328 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.request;
-
-import java.io.IOException;
-import java.util.Date;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.ICMSRequest;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestList;
-import com.netscape.certsrv.request.IRequestQueue;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.cms.servlet.common.CMSTemplate;
-import com.netscape.cms.servlet.common.CMSTemplateParams;
-import com.netscape.cms.servlet.common.ECMSGWException;
-
-/**
- * Search for certificates matching complex query filter
- *
- * @version $Revision$, $Date$
- */
-public class SearchReqs extends CMSServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = 2449481964851735051L;
-    private final static String TPL_FILE = "queryReq.template";
-    private final static String PROP_MAX_SEARCH_RETURNS = "maxSearchReqReturns";
-    private final static String PROP_PARSER = "parser";
-    private final static String CURRENT_TIME = "currentTime";
-    private final static String OUT_TOTALCOUNT = "totalRecordCount";
-    private final static String OUT_CURRENTCOUNT = "currentRecordCount";
-    private final static int MAX_RESULTS = 1000;
-
-    private IRequestQueue mQueue = null;
-    private IReqParser mParser = null;
-    private String mFormPath = null;
-    private int mMaxReturns = MAX_RESULTS;
-    private int mTimeLimits = 30; /* in seconds */
-
-    /**
-     * Constructs query key servlet.
-     */
-    public SearchReqs() {
-        super();
-    }
-
-    /**
-     * initialize the servlet. This servlet uses queryReq.template
-     * to render the response
-     *
-     * @param sc servlet configuration, read from the web.xml file
-     */
-    public void init(ServletConfig sc) throws ServletException {
-        super.init(sc);
-        // override success to render own template.
-        mTemplates.remove(ICMSRequest.SUCCESS);
-
-        if (mAuthority instanceof ISubsystem) {
-            ISubsystem sub = mAuthority;
-            IConfigStore authConfig = sub.getConfigStore();
-
-            if (authConfig != null) {
-                try {
-                    mMaxReturns = authConfig.getInteger(PROP_MAX_SEARCH_RETURNS, MAX_RESULTS);
-                } catch (EBaseException e) {
-                    // do nothing
-                }
-            }
-        }
-        if (mAuthority instanceof ICertificateAuthority) {
-            ICertificateAuthority ca = (ICertificateAuthority) mAuthority;
-            mQueue = ca.getRequestQueue();
-        }
-
-        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-
-        /* Server-Side time limit */
-        try {
-            int maxResults = Integer.parseInt(sc.getInitParameter("maxResults"));
-            if (maxResults < mMaxReturns)
-                mMaxReturns = maxResults;
-        } catch (Exception e) {
-            /* do nothing, just use the default if integer parsing failed */
-        }
-        try {
-            mTimeLimits = Integer.parseInt(sc.getInitParameter("timeLimits"));
-        } catch (Exception e) {
-            /* do nothing, just use the default if integer parsing failed */
-        }
-
-        String tmp = sc.getInitParameter(PROP_PARSER);
-
-        if (tmp != null) {
-            if (tmp.trim().equals("CertReqParser.NODETAIL_PARSER"))
-                mParser = CertReqParser.NODETAIL_PARSER;
-            else if (tmp.trim().equals("CertReqParser.DETAIL_PARSER"))
-                mParser = CertReqParser.DETAIL_PARSER;
-            else if (tmp.trim().equals("KeyReqParser.PARSER"))
-                mParser = KeyReqParser.PARSER;
-        }
-
-        // override success and error templates to null -
-        // handle templates locally.
-        mTemplates.remove(ICMSRequest.SUCCESS);
-        mTemplates.remove(ICMSRequest.ERROR);
-
-        if (mOutputTemplatePath != null)
-            mFormPath = mOutputTemplatePath;
-    }
-
-    /**
-     * Serves HTTP request. This format of this request is as follows:
-     * queryCert?
-     * [maxCount=<number>]
-     * [queryFilter=<filter>]
-     * [revokeAll=<filter>]
-     */
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "list");
-        } catch (EAuthzAccessDenied e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        } catch (Exception e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-        }
-
-        if (authzToken == null) {
-            cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        EBaseException error = null;
-        int maxResults = -1;
-        int timeLimit = -1;
-
-        IArgBlock header = CMS.createArgBlock();
-        IArgBlock ctx = CMS.createArgBlock();
-        CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-
-        CMSTemplate form = null;
-        Locale[] locale = new Locale[1];
-
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-
-        try {
-            String maxResultsStr = req.getParameter("maxResults");
-
-            if (maxResultsStr != null && maxResultsStr.length() > 0)
-                maxResults = Integer.parseInt(maxResultsStr);
-            String timeLimitStr = req.getParameter("timeLimit");
-
-            if (timeLimitStr != null && timeLimitStr.length() > 0)
-                timeLimit = Integer.parseInt(timeLimitStr);
-
-            process(argSet, header, req.getParameter("queryRequestFilter"), authToken,
-                    maxResults, timeLimit, req, resp, locale[0]);
-        } catch (NumberFormatException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
-            error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
-        } catch (EBaseException e) {
-            error = e;
-        }
-
-        try {
-            ServletOutputStream out = resp.getOutputStream();
-
-            if (error == null) {
-                String xmlOutput = req.getParameter("xml");
-                if (xmlOutput != null && xmlOutput.equals("true")) {
-                    outputXML(resp, argSet);
-                } else {
-                    cmsReq.setStatus(ICMSRequest.SUCCESS);
-                    resp.setContentType("text/html");
-                    form.renderOutput(out, argSet);
-                }
-            } else {
-                cmsReq.setStatus(ICMSRequest.ERROR);
-                cmsReq.setError(error);
-            }
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-    }
-
-    /**
-     * Process the key search.
-     */
-    private void process(CMSTemplateParams argSet, IArgBlock header,
-            String filter, IAuthToken token,
-            int maxResults, int timeLimit,
-            HttpServletRequest req, HttpServletResponse resp,
-            Locale locale)
-            throws EBaseException {
-
-        try {
-            long startTime = CMS.getCurrentDate().getTime();
-
-            if (filter.indexOf(CURRENT_TIME, 0) > -1) {
-                filter = insertCurrentTime(filter);
-            }
-
-            String owner = req.getParameter("owner");
-            String requestowner_filter = "";
-            String newfilter = "";
-            if (owner.length() == 0) {
-                newfilter = filter;
-            } else {
-                if (owner.equals("self")) {
-                    String self_uid = token.getInString(IAuthToken.USER_ID);
-                    requestowner_filter = "(requestowner=" + self_uid + ")";
-                } else {
-                    String uid = req.getParameter("uid");
-                    requestowner_filter = "(requestowner=" + uid + ")";
-                }
-                newfilter = "(&" + requestowner_filter + filter.substring(2);
-            }
-            // xxx the filter includes serial number range???
-            if (maxResults == -1 || maxResults > mMaxReturns) {
-                CMS.debug("Resetting maximum of returned results from " + maxResults + " to " + mMaxReturns);
-                maxResults = mMaxReturns;
-            }
-            if (timeLimit == -1 || timeLimit > mTimeLimits) {
-                CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits);
-                timeLimit = mTimeLimits;
-            }
-            IRequestList list = (timeLimit > 0) ?
-                    mQueue.listRequestsByFilter(newfilter, maxResults, timeLimit) :
-                    mQueue.listRequestsByFilter(newfilter, maxResults);
-
-            int count = 0;
-
-            while (list != null && list.hasMoreElements()) {
-                IRequest request = list.nextRequestObject();
-
-                if (request != null) {
-                    count++;
-                    IArgBlock rarg = CMS.createArgBlock();
-                    mParser.fillRequestIntoArg(locale, request, argSet, rarg);
-                    argSet.addRepeatRecord(rarg);
-                    long endTime = CMS.getCurrentDate().getTime();
-
-                    header.addIntegerValue(OUT_CURRENTCOUNT, count);
-                    header.addStringValue("time", Long.toString(endTime - startTime));
-                }
-            }
-            header.addIntegerValue(OUT_TOTALCOUNT, count);
-        } catch (EBaseException e) {
-            CMS.getLogMessage("CMSGW_ERROR_LISTCERTS", e.toString());
-            throw e;
-        }
-        return;
-    }
-
-    private String insertCurrentTime(String filter) {
-        Date now = null;
-        StringBuffer newFilter = new StringBuffer();
-        int k = 0;
-        int i = filter.indexOf(CURRENT_TIME, k);
-
-        while (i > -1) {
-            if (now == null)
-                now = new Date();
-            newFilter.append(filter.substring(k, i));
-            newFilter.append(now.getTime());
-            k = i + CURRENT_TIME.length();
-            i = filter.indexOf(CURRENT_TIME, k);
-        }
-        if (k > 0) {
-            newFilter.append(filter.substring(k, filter.length()));
-        }
-        return newFilter.toString();
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/tks/TPSConnectorService.java b/base/common/src/com/netscape/cms/servlet/tks/TPSConnectorService.java
deleted file mode 100644
index 26f25bd4f..000000000
--- a/base/common/src/com/netscape/cms/servlet/tks/TPSConnectorService.java
+++ /dev/null
@@ -1,421 +0,0 @@
-package com.netscape.cms.servlet.tks;
-
-import java.io.IOException;
-import java.net.URI;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.TreeSet;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriInfo;
-
-import org.apache.commons.lang.ArrayUtils;
-import org.apache.commons.lang.StringUtils;
-import org.jboss.resteasy.plugins.providers.atom.Link;
-import org.mozilla.jss.CryptoManager.NotInitializedException;
-import org.mozilla.jss.crypto.InvalidKeyFormatException;
-import org.mozilla.jss.crypto.TokenException;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.BadRequestException;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.base.ResourceNotFoundException;
-import com.netscape.certsrv.base.UnauthorizedException;
-import com.netscape.certsrv.key.KeyData;
-import com.netscape.certsrv.system.TPSConnectorCollection;
-import com.netscape.certsrv.system.TPSConnectorData;
-import com.netscape.certsrv.system.TPSConnectorResource;
-import com.netscape.certsrv.tps.cert.TPSCertResource;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cms.realm.PKIPrincipal;
-import com.netscape.cmsutil.crypto.CryptoUtil;
-import com.netscape.cmsutil.util.Utils;
-
-public class TPSConnectorService implements TPSConnectorResource {
-
-    private static final String TPS_LIST = "tps.list";
-
-    IConfigStore cs = CMS.getConfigStore();
-
-    @Context
-    private UriInfo uriInfo;
-
-    @Context
-    private HttpServletRequest servletRequest;
-
-    public IUGSubsystem userGroupManager = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
-
-    @Override
-    public TPSConnectorCollection listConnectors() {
-        try {
-            TPSConnectorCollection ret = new TPSConnectorCollection();
-            String tpsList = cs.getString(TPS_LIST, "");
-
-            for (String tpsID : StringUtils.split(tpsList,",")) {
-                ret.addEntry(createTPSConnectorData(tpsID));
-            }
-            return ret;
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            throw new PKIException("Unable to get TPS connection data" + e);
-        }
-    }
-
-    private TPSConnectorData createTPSConnectorData(String tpsID) throws EBaseException {
-        TPSConnectorData data = new TPSConnectorData();
-        data.setID(tpsID);
-        data.setHost(cs.getString("tps." + tpsID + ".host", ""));
-        data.setPort(cs.getString("tps." + tpsID + ".port", ""));
-        data.setUserID(cs.getString("tps." + tpsID + ".userid", ""));
-        data.setNickname(cs.getString("tps." + tpsID + ".nickname", ""));
-        URI uri = uriInfo.getBaseUriBuilder().path(TPSCertResource.class).path("{id}").build(tpsID);
-        data.setLink(new Link("self", uri));
-        return data;
-    }
-
-    @Override
-    public TPSConnectorData getConnector(String id) {
-        try {
-            if (connectorExists(id)) return createTPSConnectorData(id);
-            throw new ResourceNotFoundException("Connector " + id + " not found.");
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            throw new PKIException("Unable to get TPS connection data" + e);
-        }
-    }
-
-    @Override
-    public TPSConnectorData getConnector(String host, String port) {
-        try {
-            String id = getConnectorID(host, port);
-            if (id != null) return createTPSConnectorData(id);
-            throw new ResourceNotFoundException(
-                    "Connector not found for " + host + ":" + port);
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            throw new PKIException("Unable to get TPS connection data" + e);
-        }
-    }
-
-    @Override
-    public Response createConnector(String tpsHost, String tpsPort) {
-        try {
-            String id = getConnectorID(tpsHost, tpsPort);
-            if (id != null) {
-                URI uri = uriInfo.getBaseUriBuilder().path(TPSCertResource.class)
-                        .path("{id}").build(id);
-                throw new BadRequestException("TPS connection already exists at " + uri.toString());
-            }
-            String newID = findNextConnectorID();
-
-            TPSConnectorData newData = new TPSConnectorData();
-            newData.setID(newID);
-            newData.setHost(tpsHost);
-            newData.setPort(tpsPort);
-            newData.setUserID("TPS-" + tpsHost + "-" + tpsPort);
-            URI uri = uriInfo.getBaseUriBuilder().path(TPSCertResource.class).path("{id}").build(newID);
-            newData.setLink(new Link("self", uri));
-            saveClientData(newData);
-
-            addToConnectorList(newID);
-            cs.commit(true);
-
-            return Response
-                    .created(newData.getLink().getHref())
-                    .entity(newData)
-                    .type(MediaType.APPLICATION_XML)
-                    .build();
-
-        } catch (EBaseException e) {
-            CMS.debug("Unable to create new TPS Connector: " + e);
-            e.printStackTrace();
-            throw new PKIException("Unable to create  new TPS connector: " + e);
-        }
-    }
-
-    @Override
-    public Response modifyConnector(String id, TPSConnectorData data) {
-        try {
-            if (id == null) {
-                throw new BadRequestException("Invalid connector ID");
-            }
-
-            if (!connectorExists(id)) {
-                throw new ResourceNotFoundException("TPS connection does not exist");
-            }
-
-            // Note: we are deliberately NOT allowing the userid to be modified by the
-            // admin here, because this is what maps to a user cert to retrieve the shared
-            // secret
-            if ((data.getUserID() != null) || (data.getNickname() != null)) {
-                throw new UnauthorizedException("Cannot change userid or nickname using this interface");
-            }
-            TPSConnectorData curData = getConnector(id);
-            curData.setHost(data.getHost());
-            curData.setPort(data.getPort());
-
-            saveClientData(curData);
-            cs.commit(true);
-
-            return Response
-                    .ok(curData.getLink().getHref())
-                    .entity(curData)
-                    .type(MediaType.APPLICATION_XML)
-                    .build();
-        } catch (EBaseException e) {
-            CMS.debug("Unable to modify TPS Connector: " + e);
-            e.printStackTrace();
-            throw new PKIException("Unable to modify TPS Connector: " + e);
-        }
-    }
-
-    private void saveClientData(TPSConnectorData newData) throws EBaseException {
-        String id = newData.getID();
-        if (StringUtils.isEmpty(id)) {
-            CMS.debug("saveClientData: Attempt to save tps connection with null or empty id");
-            return;
-        }
-        String prefix = "tps." + id + ".";
-
-        if (newData.getHost() != null)
-            cs.putString(prefix + "host", newData.getHost());
-        if (newData.getPort() != null)
-            cs.putString(prefix + "port", newData.getPort());
-        if (newData.getUserID() != null)
-            cs.putString(prefix + "userid", newData.getUserID());
-        if (newData.getNickname() != null)
-            cs.putString(prefix + "nickname", newData.getNickname());
-    }
-
-    @Override
-    public void deleteConnector(String id) {
-        try {
-            if (StringUtils.isEmpty(id))
-                throw new BadRequestException("Attempt to delete TPS connection with null or empty id");
-
-            if (!connectorExists(id)) return;
-
-            deleteSharedSecret(id);
-            cs.removeSubStore("tps." + id);
-            removeFromConnectorList(id);
-            cs.commit(true);
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            throw new PKIException("Failed to delete TPS connection" + e);
-        }
-    }
-
-    @Override
-    public void deleteConnector(String host, String port) {
-        String id;
-        try {
-            id = getConnectorID(host, port);
-            deleteConnector(id);
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            throw new PKIException("Failed to delete TPS connector: " + e);
-        }
-    }
-
-    @Override
-    public KeyData createSharedSecret(String id) {
-        try {
-            if (!connectorExists(id)) {
-                throw new ResourceNotFoundException("TPS connection does not exist");
-            }
-
-            // get and validate user
-            String userid = validateUser(id);
-
-            // get user cert
-            IUser user = userGroupManager.getUser(userid);
-            X509Certificate[] certs = user.getX509Certificates();
-
-            String nickname = userid + " sharedSecret";
-            if (CryptoUtil.sharedSecretExists(nickname)) {
-                throw new BadRequestException("Shared secret already exists");
-            }
-
-            CryptoUtil.createSharedSecret(nickname);
-
-            cs.putString("tps." + id + ".nickname", nickname);
-            cs.commit(true);
-
-            byte[] wrappedKey = CryptoUtil.exportSharedSecret(nickname, certs[0]);
-            KeyData keyData = new KeyData();
-            keyData.setWrappedPrivateData(Utils.base64encode(wrappedKey));
-            return keyData;
-
-        } catch (InvalidKeyException | IllegalStateException | NoSuchAlgorithmException
-                | InvalidAlgorithmParameterException | EBaseException
-                | NotInitializedException | TokenException | IOException | InvalidKeyFormatException e) {
-            e.printStackTrace();
-            CMS.debug("Error in generating and exporting shared secret: " + e);
-            throw new PKIException("Error in generating and exporting shared secret: " + e);
-        }
-    }
-
-    private String validateUser(String id) throws EBaseException {
-        String userid = cs.getString("tps." + id + ".userid", "");
-        if (userid.isEmpty()) {
-            throw new PKIException("Bad TPS connection configuration: userid not defined");
-        }
-
-        PKIPrincipal principal = (PKIPrincipal) servletRequest.getUserPrincipal();
-        if (principal == null) {
-            throw new UnauthorizedException("User credentials not provided");
-        }
-
-        String uid = principal.getName();
-        if (!uid.equals(userid)) {
-            throw new UnauthorizedException("TPS Connection belongs to another user");
-        }
-        return userid;
-    }
-
-    @Override
-    public KeyData replaceSharedSecret(String id) {
-        try {
-            if (!connectorExists(id)) {
-                throw new ResourceNotFoundException("TPS connection does not exist");
-            }
-
-            // get and validate user
-            String userid = validateUser(id);
-
-            String nickname = userid + " sharedSecret";
-            if (!CryptoUtil.sharedSecretExists(nickname)) {
-                throw new BadRequestException("Cannot replace. Shared secret does not exist");
-            }
-
-            // get user cert
-            IUser user = userGroupManager.getUser(userid);
-            X509Certificate[] certs = user.getX509Certificates();
-
-            CryptoUtil.deleteSharedSecret(nickname);
-            CryptoUtil.createSharedSecret(nickname);
-            byte[] wrappedKey = CryptoUtil.exportSharedSecret(nickname, certs[0]);
-            KeyData keyData = new KeyData();
-            keyData.setWrappedPrivateData(Utils.base64encode(wrappedKey));
-            return keyData;
-        } catch (InvalidKeyException | IllegalStateException | NoSuchAlgorithmException
-                | InvalidAlgorithmParameterException | EBaseException
-                | NotInitializedException | TokenException | IOException | InvalidKeyFormatException e) {
-            e.printStackTrace();
-            CMS.debug("Error in replacing shared secret: " + e);
-            throw new PKIException("Error in replacing shared secret: " + e);
-        }
-    }
-
-    @Override
-    public void deleteSharedSecret(String id) {
-        try {
-            if (!connectorExists(id)) {
-                return;
-            }
-
-            // get user
-            String userid = cs.getString("tps." + id + ".userid", "");
-            if (userid.isEmpty()) {
-                throw new PKIException("Bad TPS connection configuration: userid not defined");
-            }
-
-            String nickname = userid + " sharedSecret";
-            if (!CryptoUtil.sharedSecretExists(nickname)) {
-                return;
-            }
-            CryptoUtil.deleteSharedSecret(nickname);
-
-            cs.putString("tps." + id + ".nickname", "");
-            cs.commit(true);
-        } catch (InvalidKeyException | IllegalStateException | EBaseException
-                | NotInitializedException | TokenException e) {
-            e.printStackTrace();
-            CMS.debug("Error in deleting shared secret: " + e);
-            throw new PKIException("Error in deleting shared secret: " + e);
-        }
-    }
-
-    @Override
-    public KeyData getSharedSecret(String id) {
-        try {
-            if (!connectorExists(id)) {
-                throw new ResourceNotFoundException("TPS connection does not exist");
-            }
-
-            // get and validate user
-            String userid = validateUser(id);
-
-            String nickname = userid + " sharedSecret";
-            if (!CryptoUtil.sharedSecretExists(nickname)) {
-                return null;
-            }
-
-            // get user cert
-            IUser user = userGroupManager.getUser(userid);
-            X509Certificate[] certs = user.getX509Certificates();
-
-            byte[] wrappedKey = CryptoUtil.exportSharedSecret(nickname, certs[0]);
-            KeyData keyData = new KeyData();
-            keyData.setWrappedPrivateData(Utils.base64encode(wrappedKey));
-            return keyData;
-        } catch (InvalidKeyException | IllegalStateException | NoSuchAlgorithmException
-                | InvalidAlgorithmParameterException | EBaseException
-                | NotInitializedException | TokenException | IOException | InvalidKeyFormatException e) {
-            e.printStackTrace();
-            CMS.debug("Error in obtaining shared secret: " + e);
-            throw new PKIException("Error in obtaining shared secret: " + e);
-        }
-    }
-
-    private boolean connectorExists(String id) throws EBaseException {
-        String tpsList = cs.getString(TPS_LIST, "");
-        return ArrayUtils.contains(StringUtils.split(tpsList, ","), id);
-    }
-
-    private String getConnectorID(String host, String port) throws EBaseException {
-        String tpsList = cs.getString(TPS_LIST, "");
-        for (String tpsID : StringUtils.split(tpsList,",")) {
-            TPSConnectorData data = createTPSConnectorData(tpsID);
-            if (data.getHost().equals(host) && data.getPort().equals(port))
-                return tpsID;
-        }
-        return null;
-    }
-
-    private void addToConnectorList(String id) throws EBaseException {
-        String tpsList = cs.getString(TPS_LIST, "");
-        Collection<String> sorted = new TreeSet<String>();
-        sorted.addAll(Arrays.asList(StringUtils.split(tpsList, ",")));
-        sorted.add(id);
-        cs.putString(TPS_LIST, StringUtils.join(sorted, ","));
-    }
-
-    private void removeFromConnectorList(String id) throws EBaseException {
-        String tpsList = cs.getString(TPS_LIST, "");
-        Collection<String> sorted = new TreeSet<String>();
-        sorted.addAll(Arrays.asList(StringUtils.split(tpsList, ",")));
-        sorted.remove(id);
-        cs.putString(TPS_LIST, StringUtils.join(sorted, ","));
-    }
-
-    private String findNextConnectorID() throws EBaseException {
-        String tpsList = cs.getString(TPS_LIST, "");
-        Collection<String> sorted = new TreeSet<String>();
-        sorted.addAll(Arrays.asList(StringUtils.split(tpsList, ",")));
-
-        int index = 0;
-        while (sorted.contains(Integer.toString(index))) index++;
-        return Integer.toString(index);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java b/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java
deleted file mode 100644
index 766975651..000000000
--- a/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java
+++ /dev/null
@@ -1,1353 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.tks;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.util.StringTokenizer;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.crypto.KeyWrapAlgorithm;
-import org.mozilla.jss.crypto.KeyWrapper;
-import org.mozilla.jss.crypto.X509Certificate;
-import org.mozilla.jss.pkcs11.PK11SymKey;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IPrettyPrintFormat;
-import com.netscape.certsrv.base.SessionContext;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cms.servlet.base.CMSServlet;
-import com.netscape.cms.servlet.common.CMSRequest;
-import com.netscape.symkey.SessionKey;
-
-/**
- * A class representings an administration servlet for Token Key
- * Service Authority. This servlet is responsible to serve
- * tks administrative operation such as configuration
- * parameter updates.
- *
- * @version $Revision$, $Date$
- */
-public class TokenServlet extends CMSServlet {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 8687436109695172791L;
-    protected static final String PROP_ENABLED = "enabled";
-    protected static final String TRANSPORT_KEY_NAME = "sharedSecret";
-    private final static String INFO = "TokenServlet";
-    public static int ERROR = 1;
-    String mKeyNickName = null;
-    String mNewKeyNickName = null;
-    IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":");
-
-    private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST =
-            "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3";
-
-    private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS =
-            "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8";
-
-    private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE =
-            "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9";
-
-    private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST =
-            "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5";
-
-    private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS =
-            "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6";
-
-    private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE =
-            "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7";
-
-    private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST =
-            "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4";
-
-    private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS =
-            "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7";
-
-    private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE =
-            "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8";
-
-    private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST =
-            "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2";
-
-    private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS =
-            "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3";
-
-    private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE =
-            "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4";
-
-    /**
-     * Constructs tks servlet.
-     */
-    public TokenServlet() {
-        super();
-
-    }
-
-    public static String trim(String a) {
-        StringBuffer newa = new StringBuffer();
-        StringTokenizer tokens = new StringTokenizer(a, "\n");
-        while (tokens.hasMoreTokens()) {
-            newa.append(tokens.nextToken());
-        }
-        return newa.toString();
-    }
-
-    public void init(ServletConfig config) throws ServletException {
-        super.init(config);
-    }
-
-    /**
-     * Returns serlvet information.
-     *
-     * @return name of this servlet
-     */
-    public String getServletInfo() {
-        return INFO;
-    }
-
-    /**
-     * Process the HTTP request.
-     *
-     * @param s The URL to decode.
-     */
-    protected String URLdecode(String s) {
-        if (s == null)
-            return null;
-        ByteArrayOutputStream out = new ByteArrayOutputStream(s.length());
-
-        for (int i = 0; i < s.length(); i++) {
-            int c = s.charAt(i);
-
-            if (c == '+') {
-                out.write(' ');
-            } else if (c == '%') {
-                int c1 = Character.digit(s.charAt(++i), 16);
-                int c2 = Character.digit(s.charAt(++i), 16);
-
-                out.write((char) (c1 * 16 + c2));
-            } else {
-                out.write(c);
-            }
-        } // end for
-        return out.toString();
-    }
-
-    private void setDefaultSlotAndKeyName(HttpServletRequest req) {
-        try {
-
-            String keySet = req.getParameter("keySet");
-            if (keySet == null || keySet.equals("")) {
-                keySet = "defKeySet";
-            }
-            CMS.debug("keySet selected: " + keySet);
-
-            String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null);
-            String temp = req.getParameter("KeyInfo"); //#xx#xx
-            String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
-            String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
-            if (mappingValue != null) {
-                StringTokenizer st = new StringTokenizer(mappingValue, ":");
-                int tokenNumber = 0;
-                while (st.hasMoreTokens()) {
-
-                    String currentToken = st.nextToken();
-                    if (tokenNumber == 1)
-                        mKeyNickName = currentToken;
-                    tokenNumber++;
-
-                }
-            }
-            if (req.getParameter("newKeyInfo") != null) // for diversification
-            {
-                temp = req.getParameter("newKeyInfo"); //#xx#xx
-                String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
-                String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null);
-                if (newMappingValue != null) {
-                    StringTokenizer st = new StringTokenizer(newMappingValue, ":");
-                    int tokenNumber = 0;
-                    while (st.hasMoreTokens()) {
-                        String currentToken = st.nextToken();
-                        if (tokenNumber == 1)
-                            mNewKeyNickName = currentToken;
-                        tokenNumber++;
-
-                    }
-                }
-            }
-
-            SessionKey.SetDefaultPrefix(masterKeyPrefix);
-
-        } catch (Exception e) {
-            e.printStackTrace();
-            CMS.debug("Exception in TokenServlet::setDefaultSlotAndKeyName");
-        }
-
-    }
-
-    private void processComputeSessionKey(HttpServletRequest req,
-            HttpServletResponse resp) throws EBaseException {
-        byte[] card_challenge, host_challenge, keyInfo, xCUID, CUID, session_key;
-        byte[] card_crypto, host_cryptogram, input_card_crypto;
-        byte[] xcard_challenge, xhost_challenge;
-        byte[] enc_session_key, xkeyInfo;
-        String auditMessage = null;
-        String errorMsg = "";
-        String badParams = "";
-        String transportKeyName = "";
-
-        String rCUID = req.getParameter("CUID");
-        String keySet = req.getParameter("keySet");
-        if (keySet == null || keySet.equals("")) {
-            keySet = "defKeySet";
-        }
-        CMS.debug("keySet selected: " + keySet);
-
-        boolean serversideKeygen = false;
-        byte[] drm_trans_wrapped_desKey = null;
-        PK11SymKey desKey = null;
-        //        PK11SymKey kek_session_key;
-        PK11SymKey kek_key;
-
-        IConfigStore sconfig = CMS.getConfigStore();
-        boolean isCryptoValidate = true;
-        boolean missingParam = false;
-        session_key = null;
-        card_crypto = null;
-        host_cryptogram = null;
-        enc_session_key = null;
-        //        kek_session_key = null;
-
-        SessionContext sContext = SessionContext.getContext();
-
-        String agentId = "";
-        if (sContext != null) {
-            agentId =
-                    (String) sContext.get(SessionContext.USER_ID);
-        }
-
-        auditMessage = CMS.getLogMessage(
-                         LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST,
-                        rCUID,
-                        ILogger.SUCCESS,
-                        agentId);
-
-        audit(auditMessage);
-
-        String kek_wrapped_desKeyString = null;
-        String keycheck_s = null;
-
-        CMS.debug("processComputeSessionKey:");
-        String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true");
-        if (!useSoftToken_s.equalsIgnoreCase("true"))
-            useSoftToken_s = "false";
-
-        String rServersideKeygen = req.getParameter("serversideKeygen");
-        if (rServersideKeygen.equals("true")) {
-            CMS.debug("TokenServlet: serversideKeygen requested");
-            serversideKeygen = true;
-        } else {
-            CMS.debug("TokenServlet: serversideKeygen not requested");
-        }
-
-        try {
-            isCryptoValidate = sconfig.getBoolean("cardcryptogram.validate.enable", true);
-        } catch (EBaseException eee) {
-        }
-
-        transportKeyName = getSharedSecretName(sconfig);
-
-        CMS.debug("TokenServlet: ComputeSessionKey(): tksSharedSymKeyName: " + transportKeyName);
-
-        String rcard_challenge = req.getParameter("card_challenge");
-        String rhost_challenge = req.getParameter("host_challenge");
-        String rKeyInfo = req.getParameter("KeyInfo");
-        String rcard_cryptogram = req.getParameter("card_cryptogram");
-        if ((rCUID == null) || (rCUID.equals(""))) {
-            CMS.debug("TokenServlet: ComputeSessionKey(): missing request parameter: CUID");
-            badParams += " CUID,";
-            missingParam = true;
-        }
-
-        if ((rcard_challenge == null) || (rcard_challenge.equals(""))) {
-            badParams += " card_challenge,";
-            CMS.debug("TokenServlet: ComputeSessionKey(): missing request parameter: card challenge");
-            missingParam = true;
-        }
-
-        if ((rhost_challenge == null) || (rhost_challenge.equals(""))) {
-            badParams += " host_challenge,";
-            CMS.debug("TokenServlet: ComputeSessionKey(): missing request parameter: host challenge");
-            missingParam = true;
-        }
-
-        if ((rKeyInfo == null) || (rKeyInfo.equals(""))) {
-            badParams += " KeyInfo,";
-            CMS.debug("TokenServlet: ComputeSessionKey(): missing request parameter: key info");
-            missingParam = true;
-        }
-
-        String selectedToken = null;
-        String keyNickName = null;
-        boolean sameCardCrypto = true;
-
-        if (!missingParam) {
-
-            xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
-            if (xCUID == null || xCUID.length != 10) {
-                badParams += " CUID length,";
-                CMS.debug("TokenServlet: Invalid CUID length");
-                missingParam = true;
-            }
-            xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
-            if (xkeyInfo == null || xkeyInfo.length != 2) {
-                badParams += " KeyInfo length,";
-                CMS.debug("TokenServlet: Invalid key info length.");
-                missingParam = true;
-            }
-            xcard_challenge =
-                    com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge);
-            if (xcard_challenge == null || xcard_challenge.length != 8) {
-                badParams += " card_challenge length,";
-                CMS.debug("TokenServlet: Invalid card challenge length.");
-                missingParam = true;
-            }
-
-            xhost_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge);
-            if (xhost_challenge == null || xhost_challenge.length != 8) {
-                badParams += " host_challenge length,";
-                CMS.debug("TokenServlet: Invalid host challenge length");
-                missingParam = true;
-            }
-
-        }
-
-        CUID = null;
-        if (!missingParam) {
-            card_challenge =
-                    com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge);
-
-            host_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge);
-            keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
-
-            CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
-
-            String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; //#xx#xx
-            String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
-            if (mappingValue == null) {
-                selectedToken =
-                        CMS.getConfigStore().getString("tks.defaultSlot", "internal");
-                keyNickName = rKeyInfo;
-            } else {
-                StringTokenizer st = new StringTokenizer(mappingValue, ":");
-                if (st.hasMoreTokens())
-                    selectedToken = st.nextToken();
-                if (st.hasMoreTokens())
-                    keyNickName = st.nextToken();
-            }
-
-            if (selectedToken != null && keyNickName != null) {
-
-                try {
-
-                    byte macKeyArray[] =
-                            com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks."
-                                    + keySet + ".mac_key"));
-                    CMS.debug("TokenServlet about to try ComputeSessionKey selectedToken="
-                            + selectedToken + " keyNickName=" + keyNickName);
-                    session_key = SessionKey.ComputeSessionKey(
-                            selectedToken, keyNickName, card_challenge,
-                            host_challenge, keyInfo, CUID, macKeyArray, useSoftToken_s, keySet, transportKeyName);
-
-                    if (session_key == null) {
-                        CMS.debug("TokenServlet:Tried ComputeSessionKey, got NULL ");
-                        throw new Exception("Can't compute session key!");
-
-                    }
-
-                    byte encKeyArray[] =
-                            com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks."
-                                    + keySet + ".auth_key"));
-                    enc_session_key = SessionKey.ComputeEncSessionKey(
-                            selectedToken, keyNickName, card_challenge,
-                            host_challenge, keyInfo, CUID, encKeyArray, useSoftToken_s, keySet);
-
-                    if (enc_session_key == null) {
-                        CMS.debug("TokenServlet:Tried ComputeEncSessionKey, got NULL ");
-                        throw new Exception("Can't compute enc session key!");
-
-                    }
-
-                    if (serversideKeygen == true) {
-
-                        /**
-                         * 0. generate des key
-                         * 1. encrypt des key with kek key
-                         * 2. encrypt des key with DRM transport key
-                         * These two wrapped items are to be sent back to
-                         * TPS. 2nd item is to DRM
-                         **/
-                        CMS.debug("TokenServlet: calling ComputeKekKey");
-
-                        byte kekKeyArray[] =
-                                com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks."
-                                        + keySet + ".kek_key"));
-
-                        kek_key = SessionKey.ComputeKekKey(
-                                selectedToken, keyNickName, card_challenge,
-                                host_challenge, keyInfo, CUID, kekKeyArray, useSoftToken_s, keySet);
-
-                        CMS.debug("TokenServlet: called ComputeKekKey");
-
-                        if (kek_key == null) {
-                            CMS.debug("TokenServlet:Tried ComputeKekKey, got NULL ");
-                            throw new Exception("Can't compute kek key!");
-
-                        }
-                        // now use kek key to wrap kek session key..
-                        CMS.debug("computeSessionKey:kek key len =" +
-                                kek_key.getLength());
-
-                        // (1) generate DES key
-                        /* applet does not support DES3
-                        org.mozilla.jss.crypto.KeyGenerator kg =
-                            internalToken.getKeyGenerator(KeyGenAlgorithm.DES3);
-                            desKey = kg.generate();*/
-
-                        /*
-                         * GenerateSymkey firt generates a 16 byte DES2 key.
-                         * It then pads it into a 24 byte key with last
-                         * 8 bytes copied from the 1st 8 bytes.  Effectively
-                         * making it a 24 byte DES2 key.  We need this for
-                         * wrapping private keys on DRM.
-                         */
-                        /*generate it on whichever token the master key is at*/
-                        if (useSoftToken_s.equals("true")) {
-                            CMS.debug("TokenServlet: key encryption key generated on internal");
-                            //cfu audit here? sym key gen
-                            desKey = SessionKey.GenerateSymkey("internal");
-                            //cfu audit here? sym key gen done
-                        } else {
-                            CMS.debug("TokenServlet: key encryption key generated on " + selectedToken);
-                            desKey = SessionKey.GenerateSymkey(selectedToken);
-                        }
-                        if (desKey != null)
-                            CMS.debug("TokenServlet: key encryption key generated for " + rCUID);
-                        else {
-                            CMS.debug("TokenServlet: key encryption key generation failed for " + rCUID);
-                            throw new Exception("can't generate key encryption key");
-                        }
-
-                        /*
-                         * ECBencrypt actually takes the 24 byte DES2 key
-                         * and discard the last 8 bytes before it encrypts.
-                         * This is done so that the applet can digest it
-                         */
-                        byte[] encDesKey =
-                                SessionKey.ECBencrypt(kek_key,
-                                        desKey);
-                        /*
-                        CMS.debug("computeSessionKey:encrypted desKey size = "+encDesKey.length);
-                        CMS.debug(encDesKey);
-                        */
-
-                        kek_wrapped_desKeyString =
-                                com.netscape.cmsutil.util.Utils.SpecialEncode(encDesKey);
-
-                        // get keycheck
-                        byte[] keycheck =
-                                SessionKey.ComputeKeyCheck(desKey);
-                        /*
-                        CMS.debug("computeSessionKey:keycheck size = "+keycheck.length);
-                        CMS.debug(keycheck);
-                        */
-                        keycheck_s =
-                                com.netscape.cmsutil.util.Utils.SpecialEncode(keycheck);
-
-                        //use DRM transport cert to wrap desKey
-                        String drmTransNickname = CMS.getConfigStore().getString("tks.drm_transport_cert_nickname", "");
-
-                        if ((drmTransNickname == null) || (drmTransNickname == "")) {
-                            CMS.debug("TokenServlet:did not find DRM transport certificate nickname");
-                            throw new Exception("can't find DRM transport certificate nickname");
-                        } else {
-                            CMS.debug("TokenServlet:drmtransport_cert_nickname=" + drmTransNickname);
-                        }
-
-                        X509Certificate drmTransCert = null;
-                        drmTransCert = CryptoManager.getInstance().findCertByNickname(drmTransNickname);
-                        // wrap kek session key with DRM transport public key
-                        CryptoToken token = null;
-                        if (useSoftToken_s.equals("true")) {
-                            //token = CryptoManager.getInstance().getTokenByName(selectedToken);
-                            token = CryptoManager.getInstance().getInternalCryptoToken();
-                        } else {
-                            token = CryptoManager.getInstance().getTokenByName(selectedToken);
-                        }
-                        PublicKey pubKey = drmTransCert.getPublicKey();
-                        String pubKeyAlgo = pubKey.getAlgorithm();
-                        CMS.debug("Transport Cert Key Algorithm: " + pubKeyAlgo);
-                        KeyWrapper keyWrapper = null;
-                        //For wrapping symmetric keys don't need IV, use ECB
-                        if (pubKeyAlgo.equals("EC")) {
-                            keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.AES_ECB);
-                            keyWrapper.initWrap(pubKey, null);
-                        } else {
-                            keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.RSA);
-                            keyWrapper.initWrap(pubKey, null);
-                        }
-                        CMS.debug("desKey token " + desKey.getOwningToken().getName() + " token: " + token.getName());
-                        drm_trans_wrapped_desKey = keyWrapper.wrap(desKey);
-                        CMS.debug("computeSessionKey:desKey wrapped with drm transportation key.");
-
-                    } // if (serversideKeygen == true)
-
-                    byte authKeyArray[] =
-                            com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks."
-                                    + keySet + ".auth_key"));
-                    host_cryptogram = SessionKey.ComputeCryptogram(
-                            selectedToken, keyNickName, card_challenge,
-                            host_challenge, keyInfo, CUID, 0, authKeyArray, useSoftToken_s, keySet);
-
-                    if (host_cryptogram == null) {
-                        CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL ");
-                        throw new Exception("Can't compute host cryptogram!");
-
-                    }
-                    card_crypto = SessionKey.ComputeCryptogram(
-                            selectedToken, keyNickName, card_challenge,
-                            host_challenge, keyInfo, CUID, 1, authKeyArray, useSoftToken_s, keySet);
-
-                    if (card_crypto == null) {
-                        CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL ");
-                        throw new Exception("Can't compute card cryptogram!");
-
-                    }
-
-                    if (isCryptoValidate) {
-                        if (rcard_cryptogram == null) {
-                            CMS.debug("TokenServlet: ComputeCryptogram(): missing card cryptogram");
-                            throw new Exception("Missing card cryptogram");
-                        }
-                        input_card_crypto =
-                                com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram);
-                        if (card_crypto.length == input_card_crypto.length) {
-                            for (int i = 0; i < card_crypto.length; i++) {
-                                if (card_crypto[i] != input_card_crypto[i]) {
-                                    sameCardCrypto = false;
-                                    break;
-                                }
-                            }
-                        } else {
-                            // different length; must be different
-                            sameCardCrypto = false;
-                        }
-                    }
-
-                    CMS.getLogger().log(ILogger.EV_AUDIT,
-                            ILogger.S_TKS,
-                            ILogger.LL_INFO, "processComputeSessionKey for CUID=" +
-                                    trim(pp.toHexString(CUID)));
-                } catch (Exception e) {
-                    CMS.debug(e);
-                    CMS.debug("TokenServlet Computing Session Key: " + e.toString());
-                    if (isCryptoValidate)
-                        sameCardCrypto = false;
-                }
-            }
-        } // ! missingParam
-
-        String value = "";
-
-        resp.setContentType("text/html");
-
-        String outputString = "";
-        String encSessionKeyString = "";
-        String drm_trans_wrapped_desKeyString = "";
-        String cryptogram = "";
-        String status = "0";
-        if (session_key != null && session_key.length > 0) {
-            outputString =
-                    com.netscape.cmsutil.util.Utils.SpecialEncode(session_key);
-        } else {
-
-            status = "1";
-        }
-
-        if (enc_session_key != null && enc_session_key.length > 0) {
-            encSessionKeyString =
-                    com.netscape.cmsutil.util.Utils.SpecialEncode(enc_session_key);
-        } else {
-            status = "1";
-        }
-
-        if (serversideKeygen == true) {
-            if (drm_trans_wrapped_desKey != null && drm_trans_wrapped_desKey.length > 0)
-                drm_trans_wrapped_desKeyString =
-                        com.netscape.cmsutil.util.Utils.SpecialEncode(drm_trans_wrapped_desKey);
-            else {
-                status = "1";
-            }
-        }
-
-        if (host_cryptogram != null && host_cryptogram.length > 0) {
-            cryptogram =
-                    com.netscape.cmsutil.util.Utils.SpecialEncode(host_cryptogram);
-        } else {
-            status = "2";
-        }
-
-        if (selectedToken == null || keyNickName == null) {
-            status = "4";
-        }
-
-        if (!sameCardCrypto) {
-            status = "3";
-        }
-
-        if (missingParam) {
-            status = "3";
-        }
-
-        if (!status.equals("0")) {
-
-            if (status.equals("1")) {
-                errorMsg = "Problem generating session key info.";
-            }
-
-            if (status.equals("2")) {
-                errorMsg = "Problem creating host_cryptogram.";
-            }
-
-            if (status.equals("4")) {
-                errorMsg = "Problem obtaining token information.";
-            }
-
-            if (status.equals("3")) {
-                if (badParams.endsWith(",")) {
-                    badParams = badParams.substring(0, badParams.length() - 1);
-                }
-                errorMsg = "Missing input parameters :" + badParams;
-            }
-
-            value = "status=" + status;
-        } else {
-            if (serversideKeygen == true) {
-                StringBuffer sb = new StringBuffer();
-                sb.append("status=0&");
-                sb.append("sessionKey=");
-                sb.append(outputString);
-                sb.append("&hostCryptogram=");
-                sb.append(cryptogram);
-                sb.append("&encSessionKey=");
-                sb.append(encSessionKeyString);
-                sb.append("&kek_wrapped_desKey=");
-                sb.append(kek_wrapped_desKeyString);
-                sb.append("&keycheck=");
-                sb.append(keycheck_s);
-                sb.append("&drm_trans_wrapped_desKey=");
-                sb.append(drm_trans_wrapped_desKeyString);
-                value = sb.toString();
-            } else {
-                StringBuffer sb = new StringBuffer();
-                sb.append("status=0&");
-                sb.append("sessionKey=");
-                sb.append(outputString);
-                sb.append("&hostCryptogram=");
-                sb.append(cryptogram);
-                sb.append("&encSessionKey=");
-                sb.append(encSessionKeyString);
-                value = sb.toString();
-            }
-
-        }
-        CMS.debug("TokenServlet:outputString.encode " + value);
-
-        try {
-            resp.setContentLength(value.length());
-            CMS.debug("TokenServlet:outputString.length " + value.length());
-            OutputStream ooss = resp.getOutputStream();
-            ooss.write(value.getBytes());
-            ooss.flush();
-            mRenderResult = false;
-        } catch (IOException e) {
-            CMS.debug("TokenServlet: " + e.toString());
-        }
-
-        if (status.equals("0")) {
-
-            auditMessage = CMS.getLogMessage(
-                         LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS,
-                        rCUID,
-                        ILogger.SUCCESS,
-                        status,
-                        agentId,
-                        isCryptoValidate ? "true" : "false",
-                        serversideKeygen ? "true" : "false",
-                        selectedToken,
-                        keyNickName);
-
-        } else {
-
-            auditMessage = CMS.getLogMessage(
-                         LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,
-                        rCUID,
-                        ILogger.FAILURE,
-                        status,
-                        agentId,
-                        isCryptoValidate ? "true" : "false",
-                        serversideKeygen ? "true" : "false",
-                        selectedToken,
-                        keyNickName,
-                        errorMsg);
-        }
-
-        audit(auditMessage);
-    }
-
-    // This method will return the shared secret name.  In new 10.1 subsystems, this
-    // name will be stored in tps.X.nickname.
-    //
-    // Until multiple TKS/TPS connections is fully supported, this method will just
-    // return the first shared secret nickname found, on the assumption that only
-    // one nickname will be configured.  This will have to be changed to return the correct
-    // key based on some parameter in the request in future.
-    //
-    // On legacy systems, this method just returns what was previously returned.
-    private String getSharedSecretName(IConfigStore cs) throws EBaseException {
-        boolean useNewNames = cs.getBoolean("tks.useNewSharedSecretNames", false);
-
-        if (useNewNames) {
-            String tpsList = cs.getString("tps.list", "");
-            if (!tpsList.isEmpty()) {
-                for (String tpsID : tpsList.split(",")) {
-                    String sharedSecretName = cs.getString("tps." + tpsID + ".nickname", "");
-                    if (!sharedSecretName.isEmpty()) {
-                        return sharedSecretName;
-                    }
-                }
-            }
-            CMS.debug("getSharedSecretName: no shared secret has been configured");
-            throw new EBaseException("No shared secret has been configured");
-        }
-
-        // legacy system - return as before
-        return cs.getString("tks.tksSharedSymKeyName", TRANSPORT_KEY_NAME);
-    }
-
-    private void processDiversifyKey(HttpServletRequest req,
-            HttpServletResponse resp) throws EBaseException {
-        byte[] KeySetData, CUID, xCUID;
-        byte[] xkeyInfo, xnewkeyInfo;
-        boolean missingParam = false;
-        String errorMsg = "";
-        String badParams = "";
-
-        IConfigStore sconfig = CMS.getConfigStore();
-        String rnewKeyInfo = req.getParameter("newKeyInfo");
-        String newMasterKeyName = req.getParameter("newKeyInfo");
-        String oldMasterKeyName = req.getParameter("KeyInfo");
-        String rCUID = req.getParameter("CUID");
-        String auditMessage = "";
-
-        String keySet = req.getParameter("keySet");
-        if (keySet == null || keySet.equals("")) {
-            keySet = "defKeySet";
-        }
-        CMS.debug("keySet selected: " + keySet);
-
-        SessionContext sContext = SessionContext.getContext();
-
-        String agentId = "";
-        if (sContext != null) {
-            agentId =
-                    (String) sContext.get(SessionContext.USER_ID);
-        }
-
-        auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST,
-                        rCUID,
-                        ILogger.SUCCESS,
-                        agentId,
-                        oldMasterKeyName,
-                        newMasterKeyName);
-
-        audit(auditMessage);
-
-        if ((rCUID == null) || (rCUID.equals(""))) {
-            badParams += " CUID,";
-            CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: CUID");
-            missingParam = true;
-        }
-        if ((rnewKeyInfo == null) || (rnewKeyInfo.equals(""))) {
-            badParams += " newKeyInfo,";
-            CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: newKeyInfo");
-            missingParam = true;
-        }
-        if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))) {
-            badParams += " KeyInfo,";
-            CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: KeyInfo");
-            missingParam = true;
-        }
-
-        if (!missingParam) {
-            xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(oldMasterKeyName);
-            if (xkeyInfo == null || xkeyInfo.length != 2) {
-                badParams += " KeyInfo length,";
-                CMS.debug("TokenServlet: Invalid key info length");
-                missingParam = true;
-            }
-            xnewkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(newMasterKeyName);
-            if (xnewkeyInfo == null || xnewkeyInfo.length != 2) {
-                badParams += " NewKeyInfo length,";
-                CMS.debug("TokenServlet: Invalid new key info length");
-                missingParam = true;
-            }
-        }
-        String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true");
-        if (!useSoftToken_s.equalsIgnoreCase("true"))
-            useSoftToken_s = "false";
-
-        KeySetData = null;
-        if (!missingParam) {
-            xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
-            if (xCUID == null || xCUID.length != 10) {
-                badParams += " CUID length,";
-                CMS.debug("TokenServlet: Invalid CUID length");
-                missingParam = true;
-            }
-        }
-        if (!missingParam) {
-            CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
-
-            if (mKeyNickName != null)
-                oldMasterKeyName = mKeyNickName;
-            if (mNewKeyNickName != null)
-                newMasterKeyName = mNewKeyNickName;
-
-            String oldKeyInfoMap = "tks." + keySet + ".mk_mappings." + req.getParameter("KeyInfo"); //#xx#xx
-            String oldMappingValue = CMS.getConfigStore().getString(oldKeyInfoMap, null);
-            String oldSelectedToken = null;
-            String oldKeyNickName = null;
-            if (oldMappingValue == null) {
-                oldSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
-                oldKeyNickName = req.getParameter("KeyInfo");
-            } else {
-                StringTokenizer st = new StringTokenizer(oldMappingValue, ":");
-                oldSelectedToken = st.nextToken();
-                oldKeyNickName = st.nextToken();
-            }
-
-            String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; //#xx#xx
-            String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null);
-            String newSelectedToken = null;
-            String newKeyNickName = null;
-            if (newMappingValue == null) {
-                newSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
-                newKeyNickName = rnewKeyInfo;
-            } else {
-                StringTokenizer st = new StringTokenizer(newMappingValue, ":");
-                newSelectedToken = st.nextToken();
-                newKeyNickName = st.nextToken();
-            }
-
-            CMS.debug("process DiversifyKey for oldSelectedToke=" +
-                    oldSelectedToken + " newSelectedToken=" + newSelectedToken +
-                    " oldKeyNickName=" + oldKeyNickName + " newKeyNickName=" +
-                    newKeyNickName);
-
-            byte kekKeyArray[] =
-                    com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
-            KeySetData = SessionKey.DiversifyKey(oldSelectedToken,
-                     newSelectedToken, oldKeyNickName,
-                    newKeyNickName, rnewKeyInfo, CUID, kekKeyArray, useSoftToken_s, keySet);
-
-            if (KeySetData == null || KeySetData.length <= 1) {
-                CMS.getLogger().log(ILogger.EV_AUDIT,
-                        ILogger.S_TKS,
-                        ILogger.LL_INFO, "process DiversifyKey: Missing MasterKey in Slot");
-            }
-
-            CMS.getLogger().log(ILogger.EV_AUDIT,
-                    ILogger.S_TKS,
-                    ILogger.LL_INFO, "process DiversifyKey for CUID =" + trim(pp.toHexString(CUID))
-                            + ";from oldMasterKeyName=" + oldSelectedToken + ":" + oldKeyNickName
-                            + ";to newMasterKeyName=" + newSelectedToken + ":" + newKeyNickName);
-
-            resp.setContentType("text/html");
-        } // ! missingParam
-
-        //CMS.debug("TokenServlet:processDiversifyKey " +outputString);
-        //String value="keySetData=%00" if the KeySetData=byte[0]=0;
-
-        String value = "";
-        String status = "0";
-
-        if (KeySetData != null && KeySetData.length > 1) {
-            value = "status=0&" + "keySetData=" +
-                     com.netscape.cmsutil.util.Utils.SpecialEncode(KeySetData);
-            CMS.debug("TokenServlet:process DiversifyKey.encode " + value);
-        } else if (missingParam) {
-            status = "3";
-            if (badParams.endsWith(",")) {
-                badParams = badParams.substring(0, badParams.length() - 1);
-            }
-            errorMsg = "Missing input parameters: " + badParams;
-            value = "status=" + status;
-        } else {
-            errorMsg = "Problem diversifying key data.";
-            status = "1";
-            value = "status=" + status;
-        }
-
-        resp.setContentLength(value.length());
-        CMS.debug("TokenServlet:outputString.length " + value.length());
-
-        try {
-            OutputStream ooss = resp.getOutputStream();
-            ooss.write(value.getBytes());
-            ooss.flush();
-            mRenderResult = false;
-        } catch (Exception e) {
-            CMS.debug("TokenServlet:process DiversifyKey: " + e.toString());
-        }
-
-        if (status.equals("0")) {
-
-            auditMessage = CMS.getLogMessage(
-                         LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS,
-                        rCUID,
-                        ILogger.SUCCESS,
-                        status,
-                        agentId,
-                        oldMasterKeyName,
-                        newMasterKeyName);
-
-        } else {
-
-            auditMessage = CMS.getLogMessage(
-                         LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,
-                        rCUID,
-                        ILogger.FAILURE,
-                        status,
-                        agentId,
-                        oldMasterKeyName,
-                        newMasterKeyName,
-                        errorMsg);
-        }
-
-        audit(auditMessage);
-    }
-
-    private void processEncryptData(HttpServletRequest req,
-            HttpServletResponse resp) throws EBaseException {
-        byte[] keyInfo, CUID, xCUID, encryptedData, xkeyInfo;
-        boolean missingParam = false;
-        byte[] data = null;
-        boolean isRandom = true; // randomly generate the data to be encrypted
-
-        String errorMsg = "";
-        String badParams = "";
-        IConfigStore sconfig = CMS.getConfigStore();
-        encryptedData = null;
-        String rdata = req.getParameter("data");
-        String rKeyInfo = req.getParameter("KeyInfo");
-        String rCUID = req.getParameter("CUID");
-        String keySet = req.getParameter("keySet");
-        if (keySet == null || keySet.equals("")) {
-            keySet = "defKeySet";
-        }
-
-        SessionContext sContext = SessionContext.getContext();
-
-        String agentId = "";
-        if (sContext != null) {
-            agentId =
-                    (String) sContext.get(SessionContext.USER_ID);
-        }
-
-        CMS.debug("keySet selected: " + keySet);
-
-        String s_isRandom = sconfig.getString("tks.EncryptData.isRandom", "true");
-        if (s_isRandom.equalsIgnoreCase("false")) {
-            CMS.debug("TokenServlet: processEncryptData(): Random number not to be generated");
-            isRandom = false;
-        } else {
-            CMS.debug("TokenServlet: processEncryptData(): Random number generation required");
-            isRandom = true;
-        }
-
-        String auditMessage = CMS.getLogMessage(
-                       LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST,
-                       rCUID,
-                       ILogger.SUCCESS,
-                       agentId,
-                       s_isRandom);
-
-        audit(auditMessage);
-
-        if (isRandom) {
-            if ((rdata == null) || (rdata.equals(""))) {
-                CMS.debug("TokenServlet: processEncryptData(): no data in request.  Generating random number as data");
-            } else {
-                CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating...");
-            }
-            try {
-                SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
-                data = new byte[16];
-                random.nextBytes(data);
-            } catch (Exception e) {
-                CMS.debug("TokenServlet: processEncryptData():" + e.toString());
-                badParams += " Random Number,";
-                missingParam = true;
-            }
-        } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))) {
-            CMS.debug("TokenServlet: processEncryptData(): missing request parameter: data.");
-            badParams += " data,";
-            missingParam = true;
-        }
-
-        if ((rCUID == null) || (rCUID.equals(""))) {
-            badParams += " CUID,";
-            CMS.debug("TokenServlet: processEncryptData(): missing request parameter: CUID");
-            missingParam = true;
-        }
-
-        if ((rKeyInfo == null) || (rKeyInfo.equals(""))) {
-            badParams += " KeyInfo,";
-            CMS.debug("TokenServlet: processEncryptData(): missing request parameter: key info");
-            missingParam = true;
-        }
-
-        if (!missingParam) {
-            xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
-            if (xCUID == null || xCUID.length != 10) {
-                badParams += " CUID length,";
-                CMS.debug("TokenServlet: Invalid CUID length");
-                missingParam = true;
-            }
-            xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
-            if (xkeyInfo == null || xkeyInfo.length != 2) {
-                badParams += " KeyInfo length,";
-                CMS.debug("TokenServlet: Invalid key info length");
-                missingParam = true;
-            }
-        }
-
-        String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true");
-        if (!useSoftToken_s.equalsIgnoreCase("true"))
-            useSoftToken_s = "false";
-
-        String selectedToken = null;
-        String keyNickName = null;
-        if (!missingParam) {
-            if (!isRandom)
-                data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata);
-            keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
-            CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
-
-            String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo;
-            String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
-            if (mappingValue == null) {
-                selectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
-                keyNickName = rKeyInfo;
-            } else {
-                StringTokenizer st = new StringTokenizer(mappingValue, ":");
-                selectedToken = st.nextToken();
-                keyNickName = st.nextToken();
-            }
-
-            byte kekKeyArray[] =
-                    com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
-            encryptedData = SessionKey.EncryptData(
-                       selectedToken, keyNickName, data, keyInfo, CUID, kekKeyArray, useSoftToken_s, keySet);
-
-            CMS.getLogger().log(ILogger.EV_AUDIT,
-                     ILogger.S_TKS,
-                     ILogger.LL_INFO, "process EncryptData for CUID =" + trim(pp.toHexString(CUID)));
-        } // !missingParam
-
-        resp.setContentType("text/html");
-
-        String value = "";
-        String status = "0";
-        if (encryptedData != null && encryptedData.length > 0) {
-            // sending both the pre-encrypted and encrypted data back
-            value = "status=0&" + "data=" +
-                         com.netscape.cmsutil.util.Utils.SpecialEncode(data) +
-                         "&encryptedData=" +
-                         com.netscape.cmsutil.util.Utils.SpecialEncode(encryptedData);
-        } else if (missingParam) {
-            if (badParams.endsWith(",")) {
-                badParams = badParams.substring(0, badParams.length() - 1);
-            }
-            errorMsg = "Missing input parameters: " + badParams;
-            status = "3";
-            value = "status=" + status;
-        } else {
-            errorMsg = "Problem encrypting data.";
-            status = "1";
-            value = "status=" + status;
-        }
-
-        CMS.debug("TokenServlet:process EncryptData.encode " + value);
-
-        try {
-            resp.setContentLength(value.length());
-            CMS.debug("TokenServlet:outputString.lenght " + value.length());
-
-            OutputStream ooss = resp.getOutputStream();
-            ooss.write(value.getBytes());
-            ooss.flush();
-            mRenderResult = false;
-        } catch (Exception e) {
-            CMS.debug("TokenServlet: " + e.toString());
-        }
-
-        if (status.equals("0")) {
-
-            auditMessage = CMS.getLogMessage(
-                         LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,
-                        rCUID,
-                        ILogger.SUCCESS,
-                        status,
-                        agentId,
-                        s_isRandom,
-                        selectedToken,
-                        keyNickName);
-
-        } else {
-
-            auditMessage = CMS.getLogMessage(
-                         LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,
-                        rCUID,
-                        ILogger.FAILURE,
-                        status,
-                        agentId,
-                        s_isRandom,
-                        selectedToken,
-                        keyNickName,
-                        errorMsg);
-        }
-
-        audit(auditMessage);
-    }
-
-    /*
-     *   For EncryptData:
-     *   data=value1
-     *   CUID=value2 // missing from RA
-     *   versionID=value3  // missing from RA
-     *
-     *   For ComputeSession:
-     *   card_challenge=value1
-     *   host_challenge=value2
-
-     *   For DiversifyKey:
-     *   new_master_key_index
-     *   master_key_index
-     */
-
-    private void processComputeRandomData(HttpServletRequest req,
-            HttpServletResponse resp) throws EBaseException {
-
-        byte[] randomData = null;
-        String status = "0";
-        String errorMsg = "";
-        String badParams = "";
-        boolean missingParam = false;
-        int dataSize = 0;
-
-        CMS.debug("TokenServlet::processComputeRandomData");
-
-        SessionContext sContext = SessionContext.getContext();
-
-        String agentId = "";
-        if (sContext != null) {
-            agentId =
-                    (String) sContext.get(SessionContext.USER_ID);
-        }
-
-        String sDataSize = req.getParameter("dataNumBytes");
-
-        if (sDataSize == null || sDataSize.equals("")) {
-            CMS.debug("TokenServlet::processComputeRandomData missing param dataNumBytes");
-            badParams += " Random Data size, ";
-            missingParam = true;
-            status = "1";
-        } else {
-            try {
-                dataSize = Integer.parseInt(sDataSize.trim());
-            } catch (NumberFormatException nfe) {
-                CMS.debug("TokenServlet::processComputeRandomData invalid data size input!");
-                badParams += " Random Data size, ";
-                missingParam = true;
-                status = "1";
-            }
-
-        }
-
-        CMS.debug("TokenServlet::processComputeRandomData data size requested: " + dataSize);
-
-        String auditMessage = CMS.getLogMessage(
-                       LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST,
-                       ILogger.SUCCESS,
-                       agentId);
-
-        audit(auditMessage);
-
-        if (!missingParam) {
-            try {
-                SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
-                randomData = new byte[dataSize];
-                random.nextBytes(randomData);
-            } catch (Exception e) {
-                CMS.debug("TokenServlet::processComputeRandomData:" + e.toString());
-                errorMsg = "Can't generate random data!";
-                status = "2";
-            }
-        }
-
-        String randomDataOut = "";
-        if (status.equals("0")) {
-            if (randomData != null && randomData.length == dataSize) {
-                randomDataOut =
-                        com.netscape.cmsutil.util.Utils.SpecialEncode(randomData);
-            } else {
-                status = "2";
-                errorMsg = "Can't convert random data!";
-            }
-        }
-
-        if (status.equals("1") && missingParam) {
-
-            if (badParams.endsWith(",")) {
-                badParams = badParams.substring(0, badParams.length() - 1);
-            }
-            errorMsg = "Missing input parameters :" + badParams;
-        }
-
-        resp.setContentType("text/html");
-        String value = "";
-
-        value = "status=" + status;
-        if (status.equals("0")) {
-            value = value + "&DATA=" + randomDataOut;
-        }
-
-        try {
-            resp.setContentLength(value.length());
-            CMS.debug("TokenServler::processComputeRandomData :outputString.length " + value.length());
-
-            OutputStream ooss = resp.getOutputStream();
-            ooss.write(value.getBytes());
-            ooss.flush();
-            mRenderResult = false;
-        } catch (Exception e) {
-            CMS.debug("TokenServlet::processComputeRandomData " + e.toString());
-        }
-
-        if (status.equals("0")) {
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,
-                        ILogger.SUCCESS,
-                        status,
-                        agentId);
-        } else {
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,
-                        ILogger.FAILURE,
-                        status,
-                        agentId,
-                        errorMsg);
-        }
-
-        audit(auditMessage);
-    }
-
-    public void process(CMSRequest cmsReq) throws EBaseException {
-        HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();
-
-        IAuthToken authToken = authenticate(cmsReq);
-        AuthzToken authzToken = null;
-
-        try {
-            authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "execute");
-        } catch (Exception e) {
-        }
-
-        if (authzToken == null) {
-
-            try {
-                resp.setContentType("text/html");
-                String value = "unauthorized=";
-                CMS.debug("TokenServlet: Unauthorized");
-
-                resp.setContentLength(value.length());
-                OutputStream ooss = resp.getOutputStream();
-                ooss.write(value.getBytes());
-                ooss.flush();
-                mRenderResult = false;
-            } catch (Exception e) {
-                CMS.debug("TokenServlet: " + e.toString());
-            }
-
-            //       cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
-            return;
-        }
-
-        String temp = req.getParameter("card_challenge");
-        setDefaultSlotAndKeyName(req);
-        if (temp != null) {
-            processComputeSessionKey(req, resp);
-        } else if (req.getParameter("data") != null) {
-            processEncryptData(req, resp);
-        } else if (req.getParameter("newKeyInfo") != null) {
-            processDiversifyKey(req, resp);
-        } else if (req.getParameter("dataNumBytes") != null) {
-            processComputeRandomData(req, resp);
-        }
-    }
-
-    /**
-     * Serves HTTP admin request.
-     *
-     * @param req HTTP request
-     * @param resp HTTP response
-     */
-    public void service(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException {
-        super.service(req, resp);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java b/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java
deleted file mode 100644
index d9d3ddec7..000000000
--- a/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java
+++ /dev/null
@@ -1,111 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.wizard;
-
-import java.io.IOException;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.context.Context;
-
-import com.netscape.certsrv.property.PropertySet;
-
-public interface IWizardPanel {
-
-    /**
-     * Initializes this panel.
-     */
-    public void init(ServletConfig config, int panelno)
-                 throws ServletException;
-
-    public void init(WizardServlet servlet, ServletConfig config,
-                     int panelno, String id) throws ServletException;
-
-    public String getName();
-
-    public int getPanelNo();
-
-    public void setId(String id);
-
-    public String getId();
-
-    public PropertySet getUsage();
-
-    /**
-     * Should we skip this panel to the next one?
-     */
-    public boolean shouldSkip();
-
-    /**
-     * Cleans up panel so that isPanelDone returns false
-     */
-    public void cleanUp() throws IOException;
-
-    /**
-     * Is this panel done
-     */
-    public boolean isPanelDone();
-
-    /**
-     * Show "Apply" button on frame?
-     */
-    public boolean showApplyButton();
-
-    /**
-     * Is this a subPanel?
-     */
-    public boolean isSubPanel();
-
-    public boolean isLoopbackPanel();
-
-    /**
-     * has subPanels?
-     */
-    public boolean hasSubPanel();
-
-    /**
-     * Display the panel.
-     */
-    public void display(HttpServletRequest request,
-                            HttpServletResponse response,
-                            Context context);
-
-    /**
-     * Checks if the given parameters are valid.
-     */
-    public void validate(HttpServletRequest request,
-                            HttpServletResponse response,
-                            Context context) throws IOException;
-
-    /**
-     * Commit parameter changes
-     */
-    public void update(HttpServletRequest request,
-                          HttpServletResponse response,
-                          Context context) throws IOException;
-
-    /**
-     * If validiate() returns false, this method will be called.
-     */
-    public void displayError(HttpServletRequest request,
-                            HttpServletResponse response,
-                            Context context);
-}
diff --git a/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java b/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java
deleted file mode 100644
index 6deab6bc0..000000000
--- a/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java
+++ /dev/null
@@ -1,489 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.wizard;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.StringTokenizer;
-import java.util.Vector;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.Template;
-import org.apache.velocity.app.Velocity;
-import org.apache.velocity.context.Context;
-import org.apache.velocity.servlet.VelocityServlet;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.cms.servlet.csadmin.Cert;
-import com.netscape.cmsutil.crypto.Module;
-
-/**
- * wizard?p=[panel number]&op=usage <= usage in xml
- * wizard?p=[panel number]&op=display
- * wizard?p=[panel number]&op=next&...[additional parameters]...
- * wizard?p=[panel number]&op=apply
- * wizard?p=[panel number]&op=back
- * wizard?op=menu
- * return menu options
- */
-@SuppressWarnings("deprecation")
-public class WizardServlet extends VelocityServlet {
-
-    /**
-     *
-     */
-    private static final long serialVersionUID = -4513510177445656799L;
-    private String name = null;
-    private Vector<IWizardPanel> mPanels = new Vector<IWizardPanel>();
-
-    public void init(ServletConfig config) throws ServletException {
-        super.init(config);
-
-        /* load sequence map */
-        name = config.getInitParameter("name");
-        String panels = config.getInitParameter("panels");
-        StringTokenizer st = new StringTokenizer(panels, ",");
-        int pno = 0;
-        while (st.hasMoreTokens()) {
-            String p = st.nextToken();
-            StringTokenizer st1 = new StringTokenizer(p, "=");
-            String id = st1.nextToken();
-            String pvalue = st1.nextToken();
-            try {
-                IWizardPanel panel = (IWizardPanel) Class.forName(pvalue).newInstance();
-                panel.init(this, config, pno, id);
-                CMS.debug("WizardServlet: panel name=" + panel.getName());
-                mPanels.addElement(panel);
-            } catch (Exception e) {
-                CMS.debug("WizardServlet: " + e.toString());
-            }
-            pno++;
-        }
-        CMS.debug("WizardServlet: done");
-
-    }
-
-    public void exposePanels(HttpServletRequest request,
-                            HttpServletResponse response,
-                            Context context) {
-        Enumeration<IWizardPanel> e = mPanels.elements();
-        Vector<IWizardPanel> panels = new Vector<IWizardPanel>();
-        while (e.hasMoreElements()) {
-            IWizardPanel p = e.nextElement();
-            panels.addElement(p);
-        }
-        context.put("panels", panels);
-    }
-
-    /**
-     * Cleans up panels from a particular panel.
-     */
-    public void cleanUpFromPanel(int pno) throws IOException {
-        /* panel number starts from zero */
-        int s = mPanels.size();
-        for (int i = pno; i < s; i++) {
-            IWizardPanel panel = mPanels.elementAt(i);
-            panel.cleanUp();
-        }
-    }
-
-    public IWizardPanel getPanelByNo(int p) {
-        IWizardPanel panel = mPanels.elementAt(p);
-        if (panel.shouldSkip()) {
-            panel = getPanelByNo(p + 1);
-        }
-        return panel;
-    }
-
-    public Template displayPanel(HttpServletRequest request,
-                            HttpServletResponse response,
-                            Context context) {
-        CMS.debug("WizardServlet: in display");
-        int p = getPanelNo(request);
-
-        if (p == 0) {
-            CMS.debug("WizardServlet: firstpanel");
-            context.put("firstpanel", Boolean.TRUE);
-        }
-        if (p == (mPanels.size() - 1)) {
-            CMS.debug("WizardServlet: lastpanel");
-            context.put("lastpanel", Boolean.TRUE);
-        }
-        IWizardPanel panel = getPanelByNo(p);
-        CMS.debug("WizardServlet: panel=" + panel);
-
-        if (panel.showApplyButton() == true)
-            context.put("showApplyButton", Boolean.TRUE);
-        else
-            context.put("showApplyButton", Boolean.FALSE);
-
-        panel.display(request, response, context);
-        context.put("p", Integer.toString(panel.getPanelNo()));
-
-        try {
-            return Velocity.getTemplate("admin/console/config/wizard.vm");
-        } catch (Exception e) {
-        }
-        return null;
-    }
-
-    public String xml_value_flatten(Object v) {
-        String ret = "";
-        if (v instanceof String) {
-            ret += v;
-        } else if (v instanceof Integer) {
-            ret += ((Integer) v).toString();
-        } else if (v instanceof Vector) {
-            ret += "<Vector>";
-            Vector<?> v1 = (Vector<?>) v;
-            Enumeration<?> e = v1.elements();
-            StringBuffer sb = new StringBuffer();
-            while (e.hasMoreElements()) {
-                sb.append(xml_value_flatten(e.nextElement()));
-            }
-            ret += sb.toString();
-            ret += "</Vector>";
-        } else if (v instanceof Module) { // for hardware token
-            Module m = (Module) v;
-            ret += "<Module>";
-            ret += "<CommonName>" + m.getCommonName() + "</CommonName>";
-            ret += "<UserFriendlyName>" + m.getUserFriendlyName() + "</UserFriendlyName>";
-            ret += "<ImagePath>" + m.getImagePath() + "</ImagePath>";
-            ret += "</Module>";
-        } else if (v instanceof Cert) {
-            Cert m = (Cert) v;
-            ret += "<CertReqPair>";
-            ret += "<Nickname>" + m.getNickname() + "</Nickname>";
-            ret += "<Tokenname>" + m.getTokenname() + "</Tokenname>";
-            ret += "<Request>" + m.getRequest() + "</Request>";
-            ret += "<Certificate>" + m.getCert() + "</Certificate>";
-            ret += "<Type>" + m.getType() + "</Type>";
-            ret += "<DN>" + m.getDN() + "</DN>";
-            ret += "<CertPP>" + m.getCertpp() + "</CertPP>";
-            ret += "<KeyOption>" + m.getKeyOption() + "</KeyOption>";
-            ret += "</CertReqPair>";
-        } else if (v instanceof IWizardPanel) {
-            IWizardPanel m = (IWizardPanel) v;
-            ret += "<Panel>";
-            ret += "<Id>" + m.getId() + "</Id>";
-            ret += "<Name>" + m.getName() + "</Name>";
-            ret += "</Panel>";
-        } else {
-            CMS.debug("Error: unknown type " + v.getClass().getName());
-        }
-        return ret;
-    }
-
-    public String xml_flatten(Context context) {
-        StringBuffer ret = new StringBuffer();
-        Object o[] = context.getKeys();
-        for (int i = 0; i < o.length; i++) {
-            if (o[i] instanceof String) {
-                String key = (String) o[i];
-                if (key.startsWith("__")) {
-                    continue;
-                }
-                ret.append("<");
-                ret.append(key);
-                ret.append(">");
-                if (key.equals("bindpwd")) {
-                    ret.append("(sensitive)");
-                } else {
-                    Object v = context.get(key);
-                    ret.append(xml_value_flatten(v));
-                }
-                ret.append("</");
-                ret.append(key);
-                ret.append(">");
-            }
-        }
-        return ret.toString();
-    }
-
-    public int getPanelNo(HttpServletRequest request) {
-        int p = 0;
-
-        // panel number can be identified by either
-        //   panel no (p parameter) directly, or
-        //   panel name (panelname parameter).
-        if (request.getParameter("panelname") != null) {
-            String name = request.getParameter("panelname");
-            for (int i = 0; i < mPanels.size(); i++) {
-                IWizardPanel panel = mPanels.elementAt(i);
-                if (panel.getId().equals(name)) {
-                    return i;
-                }
-            }
-        } else if (request.getParameter("p") != null) {
-            p = Integer.parseInt(request.getParameter("p"));
-        }
-        return p;
-    }
-
-    public String getNameFromPanelNo(int p) {
-        IWizardPanel wp = mPanels.elementAt(p);
-        return wp.getId();
-    }
-
-    public IWizardPanel getPreviousPanel(int p) {
-        CMS.debug("getPreviousPanel input p=" + p);
-        IWizardPanel backpanel = mPanels.elementAt(p - 1);
-        if (backpanel.isSubPanel()) {
-            backpanel = mPanels.elementAt(p - 1 - 1);
-        }
-        while (backpanel.shouldSkip()) {
-            backpanel = mPanels.elementAt(backpanel.getPanelNo() - 1);
-        }
-        CMS.debug("getPreviousPanel output p=" + backpanel.getPanelNo());
-        return backpanel;
-    }
-
-    public IWizardPanel getNextPanel(int p) {
-        CMS.debug("getNextPanel input p=" + p);
-        IWizardPanel panel = mPanels.elementAt(p);
-        if (p == (mPanels.size() - 1)) {
-            // p = p;
-        } else if (panel.isSubPanel()) {
-            if (panel.isLoopbackPanel()) {
-                p = p - 1; // Login Panel is a loop back panel
-            } else {
-                p = p + 1;
-            }
-        } else if (panel.hasSubPanel()) {
-            p = p + 2;
-        } else {
-            p = p + 1;
-        }
-        IWizardPanel nextpanel = getPanelByNo(p);
-        CMS.debug("getNextPanel output p=" + p);
-        return nextpanel;
-    }
-
-    public Template goApply(HttpServletRequest request,
-                            HttpServletResponse response,
-                            Context context) {
-        return goNextApply(request, response, context, true);
-    }
-
-    public Template goNext(HttpServletRequest request,
-                            HttpServletResponse response,
-                            Context context) {
-        return goNextApply(request, response, context, false);
-    }
-
-    /*
-     * The parameter "stay" is used to indicate "apply" without
-     * moving to the next panel
-     */
-    public Template goNextApply(HttpServletRequest request,
-                            HttpServletResponse response,
-                Context context, boolean stay) {
-        int p = getPanelNo(request);
-        if (stay == true)
-            CMS.debug("WizardServlet: in reply " + p);
-        else
-            CMS.debug("WizardServlet: in next " + p);
-
-        IWizardPanel panel = mPanels.elementAt(p);
-        try {
-            panel.validate(request, response, context);
-            try {
-                panel.update(request, response, context);
-                if (stay == true) { // "apply"
-
-                    if (panel.showApplyButton() == true)
-                        context.put("showApplyButton", Boolean.TRUE);
-                    else
-                        context.put("showApplyButton", Boolean.FALSE);
-                    panel.display(request, response, context);
-                } else { // "next"
-                    IWizardPanel nextpanel = getNextPanel(p);
-
-                    if (nextpanel.showApplyButton() == true)
-                        context.put("showApplyButton", Boolean.TRUE);
-                    else
-                        context.put("showApplyButton", Boolean.FALSE);
-                    nextpanel.display(request, response, context);
-                    panel = nextpanel;
-                }
-                context.put("errorString", "");
-            } catch (Exception e) {
-                context.put("errorString", e.getMessage());
-                panel.displayError(request, response, context);
-            }
-        } catch (IOException eee) {
-            context.put("errorString", eee.getMessage());
-            panel.displayError(request, response, context);
-        }
-        p = panel.getPanelNo();
-        CMS.debug("panel no=" + p);
-        CMS.debug("panel name=" + getNameFromPanelNo(p));
-        CMS.debug("total number of panels=" + mPanels.size());
-        context.put("p", Integer.toString(p));
-        context.put("panelname", getNameFromPanelNo(p));
-        if (p == 0) {
-            CMS.debug("WizardServlet: firstpanel");
-            context.put("firstpanel", Boolean.TRUE);
-        }
-        if (p == (mPanels.size() - 1)) {
-            CMS.debug("WizardServlet: lastpanel");
-            context.put("lastpanel", Boolean.TRUE);
-        }
-        // this is where we handle the xml request
-        String xml = request.getParameter("xml");
-        if (xml != null && xml.equals("true")) {
-            CMS.debug("WizardServlet: found xml");
-
-            response.setContentType("application/xml");
-            String xmlstr = xml_flatten(context);
-            context.put("xml", xmlstr);
-            try {
-                return Velocity.getTemplate("admin/console/config/xml.vm");
-            } catch (Exception e) {
-                CMS.debug("Failing to get template" + e);
-            }
-        } else {
-            try {
-                return Velocity.getTemplate("admin/console/config/wizard.vm");
-            } catch (Exception e) {
-                CMS.debug("Failing to get template" + e);
-            }
-        }
-        return null;
-    }
-
-    public Template goBack(HttpServletRequest request,
-                            HttpServletResponse response,
-                            Context context) {
-        int p = getPanelNo(request);
-        CMS.debug("WizardServlet: in back " + p);
-        IWizardPanel backpanel = getPreviousPanel(p);
-
-        if (backpanel.showApplyButton() == true)
-            context.put("showApplyButton", Boolean.TRUE);
-        else
-            context.put("showApplyButton", Boolean.FALSE);
-        backpanel.display(request, response, context);
-        context.put("p", Integer.toString(backpanel.getPanelNo()));
-        context.put("panelname", getNameFromPanelNo(backpanel.getPanelNo()));
-
-        p = backpanel.getPanelNo();
-
-        if (p == 0) {
-            CMS.debug("WizardServlet: firstpanel");
-            context.put("firstpanel", Boolean.TRUE);
-        }
-        if (p == (mPanels.size() - 1)) {
-            CMS.debug("WizardServlet: lastpanel");
-            context.put("lastpanel", Boolean.TRUE);
-        }
-        try {
-            return Velocity.getTemplate("admin/console/config/wizard.vm");
-        } catch (Exception e) {
-        }
-        return null;
-    }
-
-    public boolean authenticate(HttpServletRequest request,
-                                   HttpServletResponse response,
-                                   Context context) {
-        String pin = (String) request.getSession().getAttribute("pin");
-        if (pin == null) {
-            try {
-                response.sendRedirect("login");
-            } catch (IOException e) {
-            }
-            return false;
-        }
-        return true;
-    }
-
-    public void outputHttpParameters(HttpServletRequest httpReq) {
-        CMS.debug("WizardServlet:service() uri = " + httpReq.getRequestURI());
-        Enumeration<String> paramNames = httpReq.getParameterNames();
-        while (paramNames.hasMoreElements()) {
-            String pn = paramNames.nextElement();
-            // added this facility so that password can be hidden,
-            // all sensitive parameters should be prefixed with
-            // __ (double underscores); however, in the event that
-            // a security parameter slips through, we perform multiple
-            // additional checks to insure that it is NOT displayed
-            if (pn.startsWith("__") ||
-                    pn.endsWith("password") ||
-                    pn.endsWith("passwd") ||
-                    pn.endsWith("pwd") ||
-                    pn.equalsIgnoreCase("admin_password_again") ||
-                    pn.equalsIgnoreCase("directoryManagerPwd") ||
-                    pn.equalsIgnoreCase("bindpassword") ||
-                    pn.equalsIgnoreCase("bindpwd") ||
-                    pn.equalsIgnoreCase("passwd") ||
-                    pn.equalsIgnoreCase("password") ||
-                    pn.equalsIgnoreCase("pin") ||
-                    pn.equalsIgnoreCase("pwd") ||
-                    pn.equalsIgnoreCase("pwdagain") ||
-                    pn.equalsIgnoreCase("uPasswd")) {
-                CMS.debug("WizardServlet::service() param name='" + pn +
-                         "' value='(sensitive)'");
-            } else {
-                CMS.debug("WizardServlet::service() param name='" + pn +
-                         "' value='" + httpReq.getParameter(pn) + "'");
-            }
-        }
-    }
-
-    public Template handleRequest(HttpServletRequest request,
-                            HttpServletResponse response,
-                            Context context) {
-        CMS.debug("WizardServlet: process");
-
-        if (CMS.debugOn()) {
-            outputHttpParameters(request);
-        }
-
-        if (!authenticate(request, response, context)) {
-            CMS.debug("WizardServlet: authentication failure");
-            return null;
-        }
-
-        String op = request.getParameter("op"); /* operation */
-        if (op == null) {
-            op = "display";
-        }
-        CMS.debug("WizardServlet: op=" + op);
-        CMS.debug("WizardServlet: size=" + mPanels.size());
-
-        context.put("name", name);
-        context.put("size", Integer.toString(mPanels.size()));
-        exposePanels(request, response, context);
-
-        if (op.equals("display")) {
-            return displayPanel(request, response, context);
-        } else if (op.equals("next")) {
-            return goNext(request, response, context);
-        } else if (op.equals("apply")) {
-            return goApply(request, response, context);
-        } else if (op.equals("back")) {
-            return goBack(request, response, context);
-        }
-        return null;
-    }
-}
diff --git a/base/common/src/com/netscape/cms/shares/OldJoinShares.java b/base/common/src/com/netscape/cms/shares/OldJoinShares.java
deleted file mode 100644
index cda8dddfe..000000000
--- a/base/common/src/com/netscape/cms/shares/OldJoinShares.java
+++ /dev/null
@@ -1,86 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.shares;
-
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Method;
-
-import com.netscape.certsrv.kra.IJoinShares;
-
-/**
- * Use Java's reflection API to leverage CMS's
- * old Share and JoinShares implementations.
- *
- * @deprecated
- * @version $Revision$ $Date$
- */
-public class OldJoinShares implements IJoinShares {
-
-    public Object mOldImpl = null;
-
-    public OldJoinShares() {
-    }
-
-    public void initialize(int threshold) throws Exception {
-        Class<?> c = Class.forName("com.netscape.cmscore.shares.JoinShares");
-        Class<?> types[] = { int.class };
-        Constructor<?> con = c.getConstructor(types);
-        Object params[] = { Integer.valueOf(threshold) };
-        mOldImpl = con.newInstance(params);
-    }
-
-    public void addShare(int shareNum, byte[] share) {
-        try {
-            Class<?> types[] = { int.class, share.getClass() };
-            Class<?> c = mOldImpl.getClass();
-            Method method = c.getMethod("addShare", types);
-            Object params[] = { Integer.valueOf(shareNum), share };
-            method.invoke(mOldImpl, params);
-        } catch (Exception e) {
-        }
-    }
-
-    public int getShareCount() {
-        if (mOldImpl == null)
-            return -1;
-        try {
-            Class<?> types[] = null;
-            Class<?> c = mOldImpl.getClass();
-            Method method = c.getMethod("getShareCount", types);
-            Object params[] = null;
-            Integer result = (Integer) method.invoke(mOldImpl, params);
-            return result.intValue();
-        } catch (Exception e) {
-            return -1;
-        }
-    }
-
-    public byte[] recoverSecret() {
-        if (mOldImpl == null)
-            return null;
-        try {
-            Class<?> types[] = null;
-            Class<?> c = mOldImpl.getClass();
-            Method method = c.getMethod("recoverSecret", types);
-            Object params[] = null;
-            return (byte[]) method.invoke(mOldImpl, params);
-        } catch (Exception e) {
-            return null;
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/shares/OldShare.java b/base/common/src/com/netscape/cms/shares/OldShare.java
deleted file mode 100644
index 2bf27f5ab..000000000
--- a/base/common/src/com/netscape/cms/shares/OldShare.java
+++ /dev/null
@@ -1,62 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.shares;
-
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Method;
-
-import com.netscape.certsrv.kra.IShare;
-
-/**
- * Use Java's reflection API to leverage CMS's
- * old Share and JoinShares implementations.
- *
- * @deprecated
- * @version $Revision$ $Date$
- */
-public class OldShare implements IShare {
-    public Object mOldImpl = null;
-
-    public OldShare() {
-    }
-
-    public void initialize(byte[] secret, int threshold) throws Exception {
-        try {
-            Class<?> c = Class.forName("com.netscape.cmscore.shares.Share");
-            Class<?> types[] = { secret.getClass(), int.class };
-            Constructor<?> con = c.getConstructor(types);
-            Object params[] = { secret, Integer.valueOf(threshold) };
-            mOldImpl = con.newInstance(params);
-        } catch (Exception e) {
-        }
-    }
-
-    public byte[] createShare(int sharenumber) {
-        if (mOldImpl == null)
-            return null;
-        try {
-            Class<?> types[] = { int.class };
-            Class<?> c = mOldImpl.getClass();
-            Method method = c.getMethod("createShare", types);
-            Object params[] = { Integer.valueOf(sharenumber) };
-            return (byte[]) method.invoke(mOldImpl, params);
-        } catch (Exception e) {
-            return null;
-        }
-    }
-}
diff --git a/base/common/src/com/netscape/cms/tomcat/ProxyRealm.java b/base/common/src/com/netscape/cms/tomcat/ProxyRealm.java
deleted file mode 100644
index 094c0561f..000000000
--- a/base/common/src/com/netscape/cms/tomcat/ProxyRealm.java
+++ /dev/null
@@ -1,139 +0,0 @@
-package com.netscape.cms.tomcat;
-
-import java.beans.PropertyChangeListener;
-import java.io.IOException;
-import java.security.Principal;
-import java.security.cert.X509Certificate;
-import java.util.HashMap;
-import java.util.Map;
-
-import org.apache.catalina.Container;
-import org.apache.catalina.Context;
-import org.apache.catalina.Realm;
-import org.apache.catalina.Wrapper;
-import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
-import org.apache.catalina.deploy.SecurityConstraint;
-import org.ietf.jgss.GSSContext;
-
-/**
- * @author Endi S. Dewata
- */
-public class ProxyRealm implements Realm {
-
-    public static Map<String, ProxyRealm> proxies = new HashMap<String, ProxyRealm>();
-
-    public Container container;
-    public Realm realm;
-
-    public ProxyRealm() {
-    }
-
-    @Override
-    public Container getContainer() {
-        return container;
-    }
-
-    @Override
-    public void setContainer(Container container) {
-        this.container = container;
-        if (container instanceof Context) {
-            Context context = (Context)container;
-            proxies.put(context.getBaseName(), this);
-        }
-    }
-
-    public Realm getRealm() {
-        return realm;
-    }
-
-    public void setRealm(Realm realm) {
-        this.realm = realm;
-        realm.setContainer(container);
-    }
-
-    public static void registerRealm(String contextName, Realm realm) {
-        ProxyRealm proxy = proxies.get(contextName);
-        if (proxy == null) return;
-
-        proxy.setRealm(realm);
-    }
-
-    @Override
-    public Principal authenticate(String username, String password) {
-        return realm.authenticate(username, password);
-    }
-
-    @Override
-    public Principal authenticate(X509Certificate certs[]) {
-        return realm.authenticate(certs);
-    }
-
-    @Override
-    public Principal authenticate(
-            String username,
-            String digest,
-            String nonce,
-            String nc,
-            String cnonce,
-            String qop,
-            String realmName,
-            String md5a2
-    ) {
-        return realm.authenticate(username, digest, nonce, nc, cnonce, qop, realmName, md5a2);
-    }
-
-    @Override
-    public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
-        return realm.authenticate(gssContext, storeCreds);
-    }
-
-    @Override
-    public boolean hasResourcePermission(
-            Request request,
-            Response response,
-            SecurityConstraint[] constraints,
-            Context context
-    ) throws IOException {
-        return realm.hasResourcePermission(request, response, constraints, context);
-    }
-
-    @Override
-    public String getInfo() {
-        return realm.getInfo();
-    }
-
-    @Override
-    public void backgroundProcess() {
-        realm.backgroundProcess();
-    }
-
-    @Override
-    public SecurityConstraint[] findSecurityConstraints(Request request, Context context) {
-        return realm.findSecurityConstraints(request, context);
-    }
-
-    @Override
-    public boolean hasRole(Wrapper wrapper, Principal principal, String role) {
-        return realm.hasRole(wrapper, principal, role);
-    }
-
-    @Override
-    public boolean hasUserDataPermission(
-            Request request,
-            Response response,
-            SecurityConstraint[] constraint
-    ) throws IOException {
-        return realm.hasUserDataPermission(request,  response, constraint);
-    }
-
-    @Override
-    public void addPropertyChangeListener(PropertyChangeListener listener) {
-        realm.addPropertyChangeListener(listener);
-    }
-
-    @Override
-    public void removePropertyChangeListener(PropertyChangeListener listener) {
-        realm.removePropertyChangeListener(listener);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java b/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java
deleted file mode 100644
index 20bf85d22..000000000
--- a/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java
+++ /dev/null
@@ -1,172 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-
-package com.netscape.cms.tomcat;
-
-import java.io.IOException;
-import java.security.cert.X509Certificate;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
-
-import org.apache.catalina.Container;
-import org.apache.catalina.Globals;
-import org.apache.catalina.LifecycleException;
-import org.apache.catalina.authenticator.AuthenticatorBase;
-import org.apache.catalina.authenticator.BasicAuthenticator;
-import org.apache.catalina.authenticator.FormAuthenticator;
-import org.apache.catalina.authenticator.SSLAuthenticator;
-import org.apache.catalina.connector.Request;
-import org.apache.catalina.deploy.LoginConfig;
-
-/**
- * @author Endi S. Dewata
- */
-public class SSLAuthenticatorWithFallback extends AuthenticatorBase {
-
-    public final static String BASIC_AUTHENTICATOR = "BASIC";
-    public final static String FORM_AUTHENTICATOR = "FORM";
-
-    String fallbackMethod = BASIC_AUTHENTICATOR;
-
-    AuthenticatorBase sslAuthenticator = new SSLAuthenticator();
-    AuthenticatorBase fallbackAuthenticator = new BasicAuthenticator();
-
-    public SSLAuthenticatorWithFallback() {
-        log("Creating SSL authenticator with fallback");
-    }
-
-    @Override
-    public String getInfo() {
-        return "SSL authenticator with "+fallbackMethod+" fallback.";
-    }
-
-    public String getFallbackMethod() {
-        return fallbackMethod;
-    }
-
-    public void setFallbackMethod(String fallbackMethod) {
-        log("Fallback method: "+fallbackMethod);
-        this.fallbackMethod = fallbackMethod;
-
-        if (BASIC_AUTHENTICATOR.equalsIgnoreCase(fallbackMethod)) {
-            fallbackAuthenticator = new BasicAuthenticator();
-
-        } else if (FORM_AUTHENTICATOR.equalsIgnoreCase(fallbackMethod)) {
-            fallbackAuthenticator = new FormAuthenticator();
-        }
-
-    }
-
-    @Override
-    public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws IOException {
-
-        X509Certificate certs[] = (X509Certificate[]) request.getAttribute(Globals.CERTIFICATES_ATTR);
-        boolean result;
-
-        if (certs != null && certs.length > 0) {
-            log("Authenticate with client certificate authentication");
-            HttpServletResponseWrapper wrapper = new HttpServletResponseWrapper(response) {
-                public void setHeader(String name, String value) {
-                    log("SSL auth header: "+name+"="+value);
-                };
-                public void sendError(int code) {
-                    log("SSL auth return code: "+code);
-                }
-            };
-            result = sslAuthenticator.authenticate(request, wrapper, config);
-
-        } else {
-            log("Authenticating with "+fallbackMethod+" authentication");
-            HttpServletResponseWrapper wrapper = new HttpServletResponseWrapper(response) {
-                public void setHeader(String name, String value) {
-                    log("Fallback auth header: "+name+"="+value);
-                };
-                public void sendError(int code) {
-                    log("Fallback auth return code: "+code);
-                }
-            };
-            result = fallbackAuthenticator.authenticate(request, wrapper, config);
-        }
-
-        if (result)
-            return true;
-
-        log("Result: "+result);
-
-        StringBuilder value = new StringBuilder(16);
-        value.append("Basic realm=\"");
-        if (config.getRealmName() == null) {
-            value.append(REALM_NAME);
-        } else {
-            value.append(config.getRealmName());
-        }
-        value.append('\"');
-        response.setHeader(AUTH_HEADER_NAME, value.toString());
-        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-
-        return false;
-    }
-
-    @Override
-    protected String getAuthMethod() {
-        return HttpServletRequest.CLIENT_CERT_AUTH;
-    };
-
-    @Override
-    public void setContainer(Container container) {
-        log("Setting container");
-        super.setContainer(container);
-        sslAuthenticator.setContainer(container);
-        fallbackAuthenticator.setContainer(container);
-    }
-
-    @Override
-    protected void initInternal() throws LifecycleException {
-        log("Initializing authenticators");
-
-        super.initInternal();
-
-        sslAuthenticator.setAlwaysUseSession(alwaysUseSession);
-        sslAuthenticator.init();
-
-        fallbackAuthenticator.setAlwaysUseSession(alwaysUseSession);
-        fallbackAuthenticator.init();
-    }
-
-    @Override
-    public void startInternal() throws LifecycleException {
-        log("Starting authenticators");
-        super.startInternal();
-        sslAuthenticator.start();
-        fallbackAuthenticator.start();
-    }
-
-    @Override
-    public void stopInternal() throws LifecycleException {
-        log("Stopping authenticators");
-        super.stopInternal();
-        sslAuthenticator.stop();
-        fallbackAuthenticator.stop();
-    }
-
-    public void log(String message) {
-        System.out.println("SSLAuthenticatorWithFallback: "+message);
-    }
-}