diff options
Diffstat (limited to 'base/server/cms/src/com/netscape/cms')
8 files changed, 66 insertions, 51 deletions
diff --git a/base/server/cms/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java b/base/server/cms/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java index a34a99373..562b8cd11 100644 --- a/base/server/cms/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java +++ b/base/server/cms/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java @@ -22,6 +22,15 @@ import java.security.cert.CertificateException; import java.security.cert.CertificateParsingException; import java.util.Locale; +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.IExtendedPluginInfo; +import com.netscape.certsrv.ca.ICMSCRLExtension; +import com.netscape.certsrv.ca.ICRLIssuingPoint; +import com.netscape.certsrv.ca.ICertificateAuthority; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.logging.ILogger; + import netscape.security.x509.AuthorityKeyIdentifierExtension; import netscape.security.x509.CertificateExtensions; import netscape.security.x509.Extension; @@ -33,15 +42,6 @@ import netscape.security.x509.SubjectKeyIdentifierExtension; import netscape.security.x509.X509CertImpl; import netscape.security.x509.X509CertInfo; -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.base.IExtendedPluginInfo; -import com.netscape.certsrv.ca.ICMSCRLExtension; -import com.netscape.certsrv.ca.ICRLIssuingPoint; -import com.netscape.certsrv.ca.ICertificateAuthority; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.logging.ILogger; - /** * This represents an authority key identifier extension. * @@ -127,7 +127,7 @@ public class CMSAuthorityKeyIdentifierExtension .getCACert().getSerialNumber())); } - } catch (IOException e) { + } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AKI_EXT", e.toString())); } diff --git a/base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java b/base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java index c0a9758da..b0cc927b2 100644 --- a/base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java +++ b/base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java @@ -17,11 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; -import netscape.security.x509.X509CertImpl; - import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.ca.ICertificateAuthority; +import netscape.security.x509.X509CertImpl; + /** * This class represents an abstract class for CA enrollment * constraint. @@ -38,7 +39,7 @@ public abstract class CAEnrollConstraint extends EnrollConstraint { /** * Retrieves the CA certificate. */ - public X509CertImpl getCACert() { + public X509CertImpl getCACert() throws EBaseException { ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); X509CertImpl caCert = ca.getCACert(); diff --git a/base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java b/base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java index a7a159de3..77585c076 100644 --- a/base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java +++ b/base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java @@ -21,11 +21,8 @@ import java.io.IOException; import java.util.Date; import java.util.Locale; -import netscape.security.x509.CertificateValidity; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; - import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.profile.EProfileException; import com.netscape.certsrv.profile.ERejectException; @@ -37,6 +34,10 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserValidityDefault; import com.netscape.cms.profile.def.ValidityDefault; +import netscape.security.x509.CertificateValidity; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; + /** * This class implements the validity constraint. * It checks if the validity in the certificate @@ -56,7 +57,12 @@ public class CAValidityConstraint extends CAEnrollConstraint { public void init(IProfile profile, IConfigStore config) throws EProfileException { super.init(profile, config); - X509CertImpl caCert = getCACert(); + X509CertImpl caCert; + try { + caCert = getCACert(); + } catch (EBaseException e) { + throw new EProfileException(e); + } mDefNotBefore = caCert.getNotBefore(); mDefNotAfter = caCert.getNotAfter(); diff --git a/base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java index bd71a4ef8..e2208aba7 100644 --- a/base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java +++ b/base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java @@ -21,6 +21,7 @@ import java.io.IOException; import java.util.Locale; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.ca.AuthorityID; import com.netscape.certsrv.ca.ICertificateAuthority; @@ -173,12 +174,17 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { if (ca == null) throw new EProfileException("Could not reach requested CA"); - AuthorityKeyIdentifierExtension ext = createExtension(ca, info); + AuthorityKeyIdentifierExtension ext; + try { + ext = createExtension(ca, info); + } catch (EBaseException e) { + throw new EProfileException(e); + } addExtension(PKIXExtensions.AuthorityKey_Id.toString(), ext, info); } public AuthorityKeyIdentifierExtension createExtension( - ICertificateAuthority ca, X509CertInfo info) { + ICertificateAuthority ca, X509CertInfo info) throws EBaseException { KeyIdentifier kid = null; String localKey = getConfig("localKey"); if (localKey != null && localKey.equals("true")) { diff --git a/base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java index 696830ead..14484e0c3 100644 --- a/base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java +++ b/base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java @@ -22,6 +22,10 @@ import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.ca.ICertificateAuthority; + import netscape.security.x509.CertificateX509Key; import netscape.security.x509.KeyIdentifier; import netscape.security.x509.PKIXExtensions; @@ -30,9 +34,6 @@ import netscape.security.x509.X509CertImpl; import netscape.security.x509.X509CertInfo; import netscape.security.x509.X509Key; -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.ca.ICertificateAuthority; - /** * This class implements an abstract CA specific * Enrollment default. This policy can only be @@ -68,7 +69,7 @@ public abstract class CAEnrollDefault extends EnrollDefault { return null; } - public KeyIdentifier getCAKeyIdentifier(ICertificateAuthority ca) { + public KeyIdentifier getCAKeyIdentifier(ICertificateAuthority ca) throws EBaseException { X509CertImpl caCert = ca.getCACert(); if (caCert == null) { // during configuration, we dont have the CA certificate diff --git a/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java index 8a6fa4cef..00d669e37 100644 --- a/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java +++ b/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java @@ -24,6 +24,23 @@ import java.util.NoSuchElementException; import java.util.StringTokenizer; import java.util.Vector; +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IAttrSet; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.IPrettyPrintFormat; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.pattern.Pattern; +import com.netscape.certsrv.profile.EProfileException; +import com.netscape.certsrv.profile.ICertInfoPolicyDefault; +import com.netscape.certsrv.profile.IEnrollProfile; +import com.netscape.certsrv.profile.IPolicyDefault; +import com.netscape.certsrv.profile.IProfile; +import com.netscape.certsrv.property.EPropertyException; +import com.netscape.certsrv.property.IDescriptor; +import com.netscape.certsrv.request.IRequest; +import com.netscape.cms.profile.common.EnrollProfile; + import netscape.security.extensions.KerberosName; import netscape.security.util.DerInputStream; import netscape.security.util.DerOutputStream; @@ -43,23 +60,6 @@ import netscape.security.x509.URIName; import netscape.security.x509.X500Name; import netscape.security.x509.X509CertInfo; -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IAttrSet; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.base.IPrettyPrintFormat; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.pattern.Pattern; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ICertInfoPolicyDefault; -import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements an enrollment default policy. * diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java index 146be519b..ba7ce5720 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -1510,7 +1510,7 @@ public abstract class CMSServlet extends HttpServlet { * The main purpose is to avoid revoking the self signed * CA certificate accidentially. */ - protected boolean isSystemCertificate(BigInteger serialNo) { + protected boolean isSystemCertificate(BigInteger serialNo) throws EBaseException { if (!(mAuthority instanceof ICertificateAuthority)) { return false; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/RevocationProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/cert/RevocationProcessor.java index e03fc2cfd..ffcda63f5 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/RevocationProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/RevocationProcessor.java @@ -27,13 +27,6 @@ import java.util.Collection; import java.util.Date; import java.util.Locale; -import netscape.security.x509.CRLExtensions; -import netscape.security.x509.CRLReasonExtension; -import netscape.security.x509.InvalidityDateExtension; -import netscape.security.x509.RevocationReason; -import netscape.security.x509.RevokedCertImpl; -import netscape.security.x509.X509CertImpl; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; @@ -53,6 +46,13 @@ import com.netscape.certsrv.request.RequestStatus; import com.netscape.certsrv.usrgrp.Certificates; import com.netscape.certsrv.usrgrp.IUser; +import netscape.security.x509.CRLExtensions; +import netscape.security.x509.CRLReasonExtension; +import netscape.security.x509.InvalidityDateExtension; +import netscape.security.x509.RevocationReason; +import netscape.security.x509.RevokedCertImpl; +import netscape.security.x509.X509CertImpl; + /** * @author Endi S. Dewata */ @@ -207,7 +207,8 @@ public class RevocationProcessor extends CertProcessor { } } - public void validateCertificateToRevoke(String subjectDN, ICertRecord targetRecord, boolean revokingCACert) { + public void validateCertificateToRevoke(String subjectDN, ICertRecord targetRecord, boolean revokingCACert) + throws EBaseException { X509CertImpl targetCert = targetRecord.getCertificate(); BigInteger targetSerialNumber = targetCert.getSerialNumber(); @@ -426,7 +427,7 @@ public class RevocationProcessor extends CertProcessor { * The main purpose is to avoid revoking the self signed * CA certificate accidentally. */ - public boolean isSystemCertificate(X509Certificate cert) { + public boolean isSystemCertificate(X509Certificate cert) throws EBaseException { X509Certificate caCert = authority.getCACert(); if (caCert == null) |