summaryrefslogtreecommitdiffstats
path: root/base/server/cms/src/com/netscape
diff options
context:
space:
mode:
Diffstat (limited to 'base/server/cms/src/com/netscape')
-rw-r--r--base/server/cms/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java20
-rw-r--r--base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java7
-rw-r--r--base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java16
-rw-r--r--base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java10
-rw-r--r--base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java9
-rw-r--r--base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java34
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java2
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/cert/RevocationProcessor.java19
8 files changed, 66 insertions, 51 deletions
diff --git a/base/server/cms/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java b/base/server/cms/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java
index a34a99373..562b8cd11 100644
--- a/base/server/cms/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java
+++ b/base/server/cms/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java
@@ -22,6 +22,15 @@ import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.util.Locale;
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.base.IExtendedPluginInfo;
+import com.netscape.certsrv.ca.ICMSCRLExtension;
+import com.netscape.certsrv.ca.ICRLIssuingPoint;
+import com.netscape.certsrv.ca.ICertificateAuthority;
+import com.netscape.certsrv.common.NameValuePairs;
+import com.netscape.certsrv.logging.ILogger;
+
import netscape.security.x509.AuthorityKeyIdentifierExtension;
import netscape.security.x509.CertificateExtensions;
import netscape.security.x509.Extension;
@@ -33,15 +42,6 @@ import netscape.security.x509.SubjectKeyIdentifierExtension;
import netscape.security.x509.X509CertImpl;
import netscape.security.x509.X509CertInfo;
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ca.ICMSCRLExtension;
-import com.netscape.certsrv.ca.ICRLIssuingPoint;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.logging.ILogger;
-
/**
* This represents an authority key identifier extension.
*
@@ -127,7 +127,7 @@ public class CMSAuthorityKeyIdentifierExtension
.getCACert().getSerialNumber()));
}
- } catch (IOException e) {
+ } catch (Exception e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AKI_EXT", e.toString()));
}
diff --git a/base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java b/base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java
index c0a9758da..b0cc927b2 100644
--- a/base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java
+++ b/base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java
@@ -17,11 +17,12 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.constraint;
-import netscape.security.x509.X509CertImpl;
-
import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.ca.ICertificateAuthority;
+import netscape.security.x509.X509CertImpl;
+
/**
* This class represents an abstract class for CA enrollment
* constraint.
@@ -38,7 +39,7 @@ public abstract class CAEnrollConstraint extends EnrollConstraint {
/**
* Retrieves the CA certificate.
*/
- public X509CertImpl getCACert() {
+ public X509CertImpl getCACert() throws EBaseException {
ICertificateAuthority ca = (ICertificateAuthority)
CMS.getSubsystem(CMS.SUBSYSTEM_CA);
X509CertImpl caCert = ca.getCACert();
diff --git a/base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java b/base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java
index a7a159de3..77585c076 100644
--- a/base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java
+++ b/base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java
@@ -21,11 +21,8 @@ import java.io.IOException;
import java.util.Date;
import java.util.Locale;
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.profile.EProfileException;
import com.netscape.certsrv.profile.ERejectException;
@@ -37,6 +34,10 @@ import com.netscape.cms.profile.def.NoDefault;
import com.netscape.cms.profile.def.UserValidityDefault;
import com.netscape.cms.profile.def.ValidityDefault;
+import netscape.security.x509.CertificateValidity;
+import netscape.security.x509.X509CertImpl;
+import netscape.security.x509.X509CertInfo;
+
/**
* This class implements the validity constraint.
* It checks if the validity in the certificate
@@ -56,7 +57,12 @@ public class CAValidityConstraint extends CAEnrollConstraint {
public void init(IProfile profile, IConfigStore config)
throws EProfileException {
super.init(profile, config);
- X509CertImpl caCert = getCACert();
+ X509CertImpl caCert;
+ try {
+ caCert = getCACert();
+ } catch (EBaseException e) {
+ throw new EProfileException(e);
+ }
mDefNotBefore = caCert.getNotBefore();
mDefNotAfter = caCert.getNotAfter();
diff --git a/base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java
index bd71a4ef8..e2208aba7 100644
--- a/base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java
+++ b/base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java
@@ -21,6 +21,7 @@ import java.io.IOException;
import java.util.Locale;
import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.ca.AuthorityID;
import com.netscape.certsrv.ca.ICertificateAuthority;
@@ -173,12 +174,17 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
if (ca == null)
throw new EProfileException("Could not reach requested CA");
- AuthorityKeyIdentifierExtension ext = createExtension(ca, info);
+ AuthorityKeyIdentifierExtension ext;
+ try {
+ ext = createExtension(ca, info);
+ } catch (EBaseException e) {
+ throw new EProfileException(e);
+ }
addExtension(PKIXExtensions.AuthorityKey_Id.toString(), ext, info);
}
public AuthorityKeyIdentifierExtension createExtension(
- ICertificateAuthority ca, X509CertInfo info) {
+ ICertificateAuthority ca, X509CertInfo info) throws EBaseException {
KeyIdentifier kid = null;
String localKey = getConfig("localKey");
if (localKey != null && localKey.equals("true")) {
diff --git a/base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java
index 696830ead..14484e0c3 100644
--- a/base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java
+++ b/base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java
@@ -22,6 +22,10 @@ import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.ca.ICertificateAuthority;
+
import netscape.security.x509.CertificateX509Key;
import netscape.security.x509.KeyIdentifier;
import netscape.security.x509.PKIXExtensions;
@@ -30,9 +34,6 @@ import netscape.security.x509.X509CertImpl;
import netscape.security.x509.X509CertInfo;
import netscape.security.x509.X509Key;
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-
/**
* This class implements an abstract CA specific
* Enrollment default. This policy can only be
@@ -68,7 +69,7 @@ public abstract class CAEnrollDefault extends EnrollDefault {
return null;
}
- public KeyIdentifier getCAKeyIdentifier(ICertificateAuthority ca) {
+ public KeyIdentifier getCAKeyIdentifier(ICertificateAuthority ca) throws EBaseException {
X509CertImpl caCert = ca.getCACert();
if (caCert == null) {
// during configuration, we dont have the CA certificate
diff --git a/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java
index 8a6fa4cef..00d669e37 100644
--- a/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java
+++ b/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java
@@ -24,6 +24,23 @@ import java.util.NoSuchElementException;
import java.util.StringTokenizer;
import java.util.Vector;
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IAttrSet;
+import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.base.IPrettyPrintFormat;
+import com.netscape.certsrv.common.NameValuePairs;
+import com.netscape.certsrv.pattern.Pattern;
+import com.netscape.certsrv.profile.EProfileException;
+import com.netscape.certsrv.profile.ICertInfoPolicyDefault;
+import com.netscape.certsrv.profile.IEnrollProfile;
+import com.netscape.certsrv.profile.IPolicyDefault;
+import com.netscape.certsrv.profile.IProfile;
+import com.netscape.certsrv.property.EPropertyException;
+import com.netscape.certsrv.property.IDescriptor;
+import com.netscape.certsrv.request.IRequest;
+import com.netscape.cms.profile.common.EnrollProfile;
+
import netscape.security.extensions.KerberosName;
import netscape.security.util.DerInputStream;
import netscape.security.util.DerOutputStream;
@@ -43,23 +60,6 @@ import netscape.security.x509.URIName;
import netscape.security.x509.X500Name;
import netscape.security.x509.X509CertInfo;
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IAttrSet;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IPrettyPrintFormat;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.pattern.Pattern;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ICertInfoPolicyDefault;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.common.EnrollProfile;
-
/**
* This class implements an enrollment default policy.
*
diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java
index 146be519b..ba7ce5720 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java
@@ -1510,7 +1510,7 @@ public abstract class CMSServlet extends HttpServlet {
* The main purpose is to avoid revoking the self signed
* CA certificate accidentially.
*/
- protected boolean isSystemCertificate(BigInteger serialNo) {
+ protected boolean isSystemCertificate(BigInteger serialNo) throws EBaseException {
if (!(mAuthority instanceof ICertificateAuthority)) {
return false;
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/RevocationProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/cert/RevocationProcessor.java
index e03fc2cfd..ffcda63f5 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/RevocationProcessor.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/RevocationProcessor.java
@@ -27,13 +27,6 @@ import java.util.Collection;
import java.util.Date;
import java.util.Locale;
-import netscape.security.x509.CRLExtensions;
-import netscape.security.x509.CRLReasonExtension;
-import netscape.security.x509.InvalidityDateExtension;
-import netscape.security.x509.RevocationReason;
-import netscape.security.x509.RevokedCertImpl;
-import netscape.security.x509.X509CertImpl;
-
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.BadRequestException;
import com.netscape.certsrv.base.EBaseException;
@@ -53,6 +46,13 @@ import com.netscape.certsrv.request.RequestStatus;
import com.netscape.certsrv.usrgrp.Certificates;
import com.netscape.certsrv.usrgrp.IUser;
+import netscape.security.x509.CRLExtensions;
+import netscape.security.x509.CRLReasonExtension;
+import netscape.security.x509.InvalidityDateExtension;
+import netscape.security.x509.RevocationReason;
+import netscape.security.x509.RevokedCertImpl;
+import netscape.security.x509.X509CertImpl;
+
/**
* @author Endi S. Dewata
*/
@@ -207,7 +207,8 @@ public class RevocationProcessor extends CertProcessor {
}
}
- public void validateCertificateToRevoke(String subjectDN, ICertRecord targetRecord, boolean revokingCACert) {
+ public void validateCertificateToRevoke(String subjectDN, ICertRecord targetRecord, boolean revokingCACert)
+ throws EBaseException {
X509CertImpl targetCert = targetRecord.getCertificate();
BigInteger targetSerialNumber = targetCert.getSerialNumber();
@@ -426,7 +427,7 @@ public class RevocationProcessor extends CertProcessor {
* The main purpose is to avoid revoking the self signed
* CA certificate accidentally.
*/
- public boolean isSystemCertificate(X509Certificate cert) {
+ public boolean isSystemCertificate(X509Certificate cert) throws EBaseException {
X509Certificate caCert = authority.getCACert();
if (caCert == null)
generated by cgit (git 2.34.1) at 2024-06-02 14:06:44 +0000