diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java')
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java | 469 |
1 files changed, 234 insertions, 235 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java index 8bc6f1903..44d7454e0 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -99,21 +98,21 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cmsutil.util.HMACDigest; - /** * This class implements a generic enrollment profile. - * + * * @version $Revision$, $Date$ */ -public abstract class EnrollProfile extends BasicProfile - implements IEnrollProfile { +public abstract class EnrollProfile extends BasicProfile + implements IEnrollProfile { private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = - "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; + "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = - "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; private PKIData mCMCData; + public EnrollProfile() { super(); } @@ -134,11 +133,11 @@ public abstract class EnrollProfile extends BasicProfile * Creates request. */ public IRequest[] createRequests(IProfileContext context, Locale locale) - throws EProfileException { + throws EProfileException { EnrollProfileContext ctx = (EnrollProfileContext) context; // determine how many requests should be created - String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE); + String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE); String cert_request = ctx.get(CTX_CERT_REQUEST); String is_renewal = ctx.get(CTX_RENEWAL); Integer renewal_seq_num = 0; @@ -175,10 +174,9 @@ public abstract class EnrollProfile extends BasicProfile if (renewal_seq_num_str != null) { renewal_seq_num = Integer.parseInt(renewal_seq_num_str); } else { - renewal_seq_num =0; + renewal_seq_num = 0; } } - // populate requests with appropriate content IRequest result[] = new IRequest[num_requests]; @@ -186,7 +184,7 @@ public abstract class EnrollProfile extends BasicProfile for (int i = 0; i < num_requests; i++) { result[i] = createEnrollmentRequest(); if ((is_renewal != null) && (is_renewal.equals("true"))) { - result[i].setExtData(REQUEST_SEQ_NUM,renewal_seq_num); + result[i].setExtData(REQUEST_SEQ_NUM, renewal_seq_num); } else { result[i].setExtData(REQUEST_SEQ_NUM, Integer.valueOf(i)); } @@ -211,32 +209,32 @@ public abstract class EnrollProfile extends BasicProfile 48, 92, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, 0, 3, 75, 0, 48, 72, 2, 65, 0, -65, 121, -119, -59, 105, 66, -122, -78, -30, -64, 63, -47, 44, -48, -104, 103, -47, -108, - 42, -38, 46, -8, 32, 49, -29, -26, -112, -29, -86,71, 24, + 42, -38, 46, -8, 32, 49, -29, -26, -112, -29, -86, 71, 24, -104, 78, -31, -75, -128, 90, -92, -34, -51, -125, -13, 80, 101, -78, 39, -119, -38, 117, 28, 67, -19, -71, -124, -85, 105, -53, - -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1}; + -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1 }; // default values into x509 certinfo. This thing is // not serializable by default try { - info.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); - info.set(X509CertInfo.SERIAL_NUMBER, - new CertificateSerialNumber(new BigInteger("0"))); - info.set(X509CertInfo.ISSUER, - new CertificateIssuerName(issuerName)); + info.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); + info.set(X509CertInfo.SERIAL_NUMBER, + new CertificateSerialNumber(new BigInteger("0"))); + info.set(X509CertInfo.ISSUER, + new CertificateIssuerName(issuerName)); info.set(X509CertInfo.KEY, - new CertificateX509Key(X509Key.parse(new DerValue(dummykey)))); - info.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(issuerName)); - info.set(X509CertInfo.VALIDITY, - new CertificateValidity(new Date(), new Date())); - info.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId( - AlgorithmId.getAlgorithmId("MD5withRSA"))); + new CertificateX509Key(X509Key.parse(new DerValue(dummykey)))); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(issuerName)); + info.set(X509CertInfo.VALIDITY, + new CertificateValidity(new Date(), new Date())); + info.set(X509CertInfo.ALGORITHM_ID, + new CertificateAlgorithmId( + AlgorithmId.getAlgorithmId("MD5withRSA"))); // add default extension container - info.set(X509CertInfo.EXTENSIONS, - new CertificateExtensions()); + info.set(X509CertInfo.EXTENSIONS, + new CertificateExtensions()); } catch (Exception e) { // throw exception - add key to template CMS.debug("EnrollProfile: Building X509CertInfo - " + e.toString()); @@ -246,7 +244,7 @@ public abstract class EnrollProfile extends BasicProfile } public IRequest createEnrollmentRequest() - throws EProfileException { + throws EProfileException { IRequest req = null; try { @@ -270,7 +268,7 @@ public abstract class EnrollProfile extends BasicProfile } public abstract void execute(IRequest request) - throws EProfileException; + throws EProfileException; /** * Perform simple policy set assignment. @@ -298,7 +296,7 @@ public abstract class EnrollProfile extends BasicProfile try { CertificateSubjectName sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + info.get(X509CertInfo.SUBJECT); return sn.toString(); } catch (Exception e) { @@ -308,11 +306,11 @@ public abstract class EnrollProfile extends BasicProfile } /** - * This method is called after the user submits the + * This method is called after the user submits the * request from the end-entity page. */ public void submit(IAuthToken token, IRequest request) - throws EDeferException, EProfileException { + throws EDeferException, EProfileException { // Request Submission Logic: // // if (Authentication Failed) { @@ -325,18 +323,18 @@ public abstract class EnrollProfile extends BasicProfile // } // } - IAuthority authority = (IAuthority) - getAuthority(); + IAuthority authority = (IAuthority) + getAuthority(); IRequestQueue queue = authority.getRequestQueue(); - // this profile queues request that is authenticated - // by NoAuth - try { - queue.updateRequest(request); - } catch (EBaseException e) { - // save request to disk - CMS.debug("EnrollProfile: Update request " + e.toString()); - } + // this profile queues request that is authenticated + // by NoAuth + try { + queue.updateRequest(request); + } catch (EBaseException e) { + // save request to disk + CMS.debug("EnrollProfile: Update request " + e.toString()); + } if (token == null) { CMS.debug("EnrollProfile: auth token is null"); @@ -359,7 +357,7 @@ public abstract class EnrollProfile extends BasicProfile } public TaggedRequest[] parseCMC(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { CMS.debug("EnrollProfile: parseCMC() certreq null"); @@ -374,15 +372,15 @@ public abstract class EnrollProfile extends BasicProfile try { byte data[] = CMS.AtoB(creq); ByteArrayInputStream cmcBlobIn = - new ByteArrayInputStream(data); - + new ByteArrayInputStream(data); + org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) - org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); - org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData)cmcReq.getInterpretedContent(); - org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); + org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); + org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData) cmcReq.getInterpretedContent(); + org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); OCTET_STRING content = ci.getContent(); - + ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s); @@ -398,22 +396,22 @@ public abstract class EnrollProfile extends BasicProfile if (numcontrols > 0) { context.put("numOfControls", Integer.valueOf(numcontrols)); TaggedAttribute[] attributes = new TaggedAttribute[numcontrols]; - for (int i=0; i<numcontrols; i++) { - attributes[i] = (TaggedAttribute)controlSeq.elementAt(i); + for (int i = 0; i < numcontrols; i++) { + attributes[i] = (TaggedAttribute) controlSeq.elementAt(i); OBJECT_IDENTIFIER oid = attributes[i].getType(); if (oid.equals(OBJECT_IDENTIFIER.id_cmc_identityProof)) { - boolean valid = verifyIdentityProof(attributes[i], - reqSeq); + boolean valid = verifyIdentityProof(attributes[i], + reqSeq); if (!valid) { - SEQUENCE bpids = getRequestBpids(reqSeq); + SEQUENCE bpids = getRequestBpids(reqSeq); context.put("identityProof", bpids); return null; } } else if (oid.equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkRandom)) { SET vals = attributes[i].getValues(); - OCTET_STRING ostr = - (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + OCTET_STRING ostr = + (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); randomSeed = ostr.toByteArray(); } else { context.put(attributes[i].getType(), attributes[i]); @@ -421,18 +419,18 @@ public abstract class EnrollProfile extends BasicProfile } } } - + SEQUENCE otherMsgSeq = pkiData.getOtherMsgSequence(); int numOtherMsgs = otherMsgSeq.size(); if (!context.containsKey("numOfOtherMsgs")) { context.put("numOfOtherMsgs", Integer.valueOf(numOtherMsgs)); - for (int i=0; i<numOtherMsgs; i++) { - OtherMsg omsg =(OtherMsg)(ASN1Util.decode(OtherMsg.getTemplate(), - ASN1Util.encode(otherMsgSeq.elementAt(i)))); - context.put("otherMsg"+i, omsg); + for (int i = 0; i < numOtherMsgs; i++) { + OtherMsg omsg = (OtherMsg) (ASN1Util.decode(OtherMsg.getTemplate(), + ASN1Util.encode(otherMsgSeq.elementAt(i)))); + context.put("otherMsg" + i, omsg); } } - + int nummsgs = reqSeq.size(); if (nummsgs > 0) { msgs = new TaggedRequest[reqSeq.size()]; @@ -445,7 +443,7 @@ public abstract class EnrollProfile extends BasicProfile valid = verifyPOPLinkWitness(randomSeed, msgs[i], bpids); if (!valid || bpids.size() > 0) { context.put("POPLinkWitness", bpids); - return null; + return null; } } } @@ -462,7 +460,7 @@ public abstract class EnrollProfile extends BasicProfile } private boolean verifyPOPLinkWitness(byte[] randomSeed, TaggedRequest req, - SEQUENCE bpids) { + SEQUENCE bpids) { ISharedToken tokenClass = null; boolean sharedSecretFound = true; String name = null; @@ -477,15 +475,15 @@ public abstract class EnrollProfile extends BasicProfile } try { - tokenClass = (ISharedToken)Class.forName(name).newInstance(); + tokenClass = (ISharedToken) Class.forName(name).newInstance(); } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: "+name); + CMS.debug("EnrollProfile: Failed to find class name: " + name); sharedSecretFound = false; } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: "+name); + CMS.debug("EnrollProfile: Failed to instantiate class: " + name); sharedSecretFound = false; } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: "+name); + CMS.debug("EnrollProfile: Illegal access: " + name); sharedSecretFound = false; } @@ -494,7 +492,7 @@ public abstract class EnrollProfile extends BasicProfile String sharedSecret = null; if (tokenClass != null) sharedSecret = tokenClass.getSharedToken(mCMCData); - if (req.getType().equals(TaggedRequest.PKCS10)) { + if (req.getType().equals(TaggedRequest.PKCS10)) { TaggedCertificationRequest tcr = req.getTcr(); if (!sharedSecretFound) { bpids.addElement(tcr.getBodyPartID()); @@ -503,25 +501,25 @@ public abstract class EnrollProfile extends BasicProfile CertificationRequest creq = tcr.getCertificationRequest(); CertificationRequestInfo cinfo = creq.getInfo(); SET attrs = cinfo.getAttributes(); - for (int j=0; j<attrs.size(); j++) { - Attribute pkcs10Attr = (Attribute)attrs.elementAt(j); + for (int j = 0; j < attrs.size(); j++) { + Attribute pkcs10Attr = (Attribute) attrs.elementAt(j); if (pkcs10Attr.getType().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { SET witnessVal = pkcs10Attr.getValues(); if (witnessVal.size() > 0) { try { OCTET_STRING str = - (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(witnessVal.elementAt(0)))); + (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(witnessVal.elementAt(0)))); bv = str.toByteArray(); return verifyDigest(sharedSecret.getBytes(), - randomSeed, bv); + randomSeed, bv); } catch (InvalidBERException ex) { return false; } } - } + } } - + return false; } } else if (req.getType().equals(TaggedRequest.CRMF)) { @@ -535,14 +533,14 @@ public abstract class EnrollProfile extends BasicProfile for (int i = 0; i < certReq.numControls(); i++) { AVA ava = certReq.controlAt(i); - if (ava.getOID().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { + if (ava.getOID().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { ASN1Value value = ava.getValue(); ByteArrayInputStream bis = new ByteArrayInputStream( - ASN1Util.encode(value)); + ASN1Util.encode(value)); OCTET_STRING ostr = null; try { ostr = (OCTET_STRING) - (new OCTET_STRING.Template()).decode(bis); + (new OCTET_STRING.Template()).decode(bis); bv = ostr.toByteArray(); } catch (Exception e) { bpids.addElement(reqId); @@ -550,7 +548,7 @@ public abstract class EnrollProfile extends BasicProfile } boolean valid = verifyDigest(sharedSecret.getBytes(), - randomSeed, bv); + randomSeed, bv); if (!valid) { bpids.addElement(reqId); return valid; @@ -569,7 +567,7 @@ public abstract class EnrollProfile extends BasicProfile MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); key = SHA1Digest.digest(sharedSecret); } catch (NoSuchAlgorithmException ex) { - CMS.debug("EnrollProfile: No such algorithm for this message digest."); + CMS.debug("EnrollProfile: No such algorithm for this message digest."); return false; } @@ -580,7 +578,7 @@ public abstract class EnrollProfile extends BasicProfile hmacDigest.update(text); finalDigest = hmacDigest.digest(); } catch (NoSuchAlgorithmException ex) { - CMS.debug("EnrollProfile: No such algorithm for this message digest."); + CMS.debug("EnrollProfile: No such algorithm for this message digest."); return false; } @@ -589,9 +587,9 @@ public abstract class EnrollProfile extends BasicProfile return false; } - for (int j=0; j<bv.length; j++) { + for (int j = 0; j < bv.length; j++) { if (bv[j] != finalDigest[j]) { - CMS.debug("EnrollProfile: The content of two HMAC digest are not the same."); + CMS.debug("EnrollProfile: The content of two HMAC digest are not the same."); return false; } } @@ -633,23 +631,23 @@ public abstract class EnrollProfile extends BasicProfile else { ISharedToken tokenClass = null; try { - tokenClass = (ISharedToken)Class.forName(name).newInstance(); + tokenClass = (ISharedToken) Class.forName(name).newInstance(); } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: "+name); + CMS.debug("EnrollProfile: Failed to find class name: " + name); return false; } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: "+name); + CMS.debug("EnrollProfile: Failed to instantiate class: " + name); return false; } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: "+name); + CMS.debug("EnrollProfile: Illegal access: " + name); return false; } - + String token = tokenClass.getSharedToken(mCMCData); OCTET_STRING ostr = null; try { - ostr = (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + ostr = (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { CMS.debug("EnrollProfile: Failed to decode the byte value."); return false; @@ -662,34 +660,34 @@ public abstract class EnrollProfile extends BasicProfile } public void fillTaggedRequest(Locale locale, TaggedRequest tagreq, X509CertInfo info, - IRequest req) - throws EProfileException { + IRequest req) + throws EProfileException { TaggedRequest.Type type = tagreq.getType(); - if (type.equals(TaggedRequest.PKCS10)) { + if (type.equals(TaggedRequest.PKCS10)) { try { - TaggedCertificationRequest tcr = tagreq.getTcr(); - CertificationRequest p10 = tcr.getCertificationRequest(); - ByteArrayOutputStream ostream = new ByteArrayOutputStream(); + TaggedCertificationRequest tcr = tagreq.getTcr(); + CertificationRequest p10 = tcr.getCertificationRequest(); + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); - p10.encode(ostream); + p10.encode(ostream); PKCS10 pkcs10 = new PKCS10(ostream.toByteArray()); req.setExtData("bodyPartId", tcr.getBodyPartID()); fillPKCS10(locale, pkcs10, info, req); } catch (Exception e) { - CMS.debug("EnrollProfile: fillTaggedRequest " + - e.toString()); + CMS.debug("EnrollProfile: fillTaggedRequest " + + e.toString()); } - } else if (type.equals(TaggedRequest.CRMF)) { - CertReqMsg crm = tagreq.getCrm(); + } else if (type.equals(TaggedRequest.CRMF)) { + CertReqMsg crm = tagreq.getCrm(); SessionContext context = SessionContext.getContext(); - Integer nums = (Integer)(context.get("numOfControls")); + Integer nums = (Integer) (context.get("numOfControls")); // check if the LRA POP Witness Control attribute exists if (nums != null && nums.intValue() > 0) { - TaggedAttribute attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); + TaggedAttribute attr = + (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); if (attr != null) { parseLRAPopWitness(locale, crm, attr); } else { @@ -708,42 +706,42 @@ public abstract class EnrollProfile extends BasicProfile } } - private void parseLRAPopWitness(Locale locale, CertReqMsg crm, - TaggedAttribute attr) throws EProfileException { + private void parseLRAPopWitness(Locale locale, CertReqMsg crm, + TaggedAttribute attr) throws EProfileException { SET vals = attr.getValues(); boolean donePOP = false; INTEGER reqId = null; if (vals.size() > 0) { LraPopWitness lraPop = null; try { - lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + lraPop = (LraPopWitness) (ASN1Util.decode(LraPopWitness.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { throw new EProfileException( - CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); + CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); } SEQUENCE bodyIds = lraPop.getBodyIds(); reqId = crm.getCertReq().getCertReqId(); - for (int i=0; i<bodyIds.size(); i++) { - INTEGER num = (INTEGER)(bodyIds.elementAt(i)); + for (int i = 0; i < bodyIds.size(); i++) { + INTEGER num = (INTEGER) (bodyIds.elementAt(i)); if (num.toString().equals(reqId.toString())) { donePOP = true; - CMS.debug("EnrollProfile: skip POP for request: "+reqId.toString()+ " because LRA POP Witness control is found."); + CMS.debug("EnrollProfile: skip POP for request: " + reqId.toString() + " because LRA POP Witness control is found."); break; } } } if (!donePOP) { - CMS.debug("EnrollProfile: not skip POP for request: "+reqId.toString()+" because this request id is not part of the body list in LRA Pop witness control."); + CMS.debug("EnrollProfile: not skip POP for request: " + reqId.toString() + " because this request id is not part of the body list in LRA Pop witness control."); verifyPOP(locale, crm); } } public CertReqMsg[] parseCRMF(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { @@ -758,10 +756,10 @@ public abstract class EnrollProfile extends BasicProfile try { byte data[] = CMS.AtoB(creq); ByteArrayInputStream crmfBlobIn = - new ByteArrayInputStream(data); + new ByteArrayInputStream(data); SEQUENCE crmfMsgs = (SEQUENCE) - new SEQUENCE.OF_Template(new - CertReqMsg.Template()).decode(crmfBlobIn); + new SEQUENCE.OF_Template(new + CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); if (nummsgs <= 0) @@ -779,17 +777,17 @@ public abstract class EnrollProfile extends BasicProfile } private static final OBJECT_IDENTIFIER PKIARCHIVEOPTIONS_OID = - new OBJECT_IDENTIFIER(new long[] {1, 3, 6, 1, 5, 5, 7, 5, 1, 4} - ); + new OBJECT_IDENTIFIER(new long[] { 1, 3, 6, 1, 5, 5, 7, 5, 1, 4 } + ); - protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) { - ASN1Value archVal = ava.getValue(); + protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) { + ASN1Value archVal = ava.getValue(); ByteArrayInputStream bis = new ByteArrayInputStream( - ASN1Util.encode(archVal)); + ASN1Util.encode(archVal)); PKIArchiveOptions archOpts = null; - try { - archOpts = (PKIArchiveOptions) + try { + archOpts = (PKIArchiveOptions) (new PKIArchiveOptions.Template()).decode(bis); } catch (Exception e) { CMS.debug("EnrollProfile: getPKIArchiveOptions " + e.toString()); @@ -801,8 +799,8 @@ public abstract class EnrollProfile extends BasicProfile ByteArrayInputStream bis = new ByteArrayInputStream(options); PKIArchiveOptions archOpts = null; - try { - archOpts = (PKIArchiveOptions) + try { + archOpts = (PKIArchiveOptions) (new PKIArchiveOptions.Template()).decode(bis); } catch (Exception e) { CMS.debug("EnrollProfile: toPKIArchiveOptions " + e.toString()); @@ -810,13 +808,13 @@ public abstract class EnrollProfile extends BasicProfile return archOpts; } - public byte[] toByteArray(PKIArchiveOptions options) { + public byte[] toByteArray(PKIArchiveOptions options) { return ASN1Util.encode(options); } public void fillCertReqMsg(Locale locale, CertReqMsg certReqMsg, X509CertInfo info, - IRequest req) - throws EProfileException { + IRequest req) + throws EProfileException { try { CMS.debug("Start parseCertReqMsg "); CertRequest certReq = certReqMsg.getCertReq(); @@ -825,12 +823,12 @@ public abstract class EnrollProfile extends BasicProfile for (int i = 0; i < certReq.numControls(); i++) { AVA ava = certReq.controlAt(i); - if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) { + if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) { PKIArchiveOptions opt = getPKIArchiveOptions(ava); //req.set(REQUEST_ARCHIVE_OPTIONS, opt); - req.setExtData(REQUEST_ARCHIVE_OPTIONS, - toByteArray(opt)); + req.setExtData(REQUEST_ARCHIVE_OPTIONS, + toByteArray(opt)); } } @@ -856,7 +854,7 @@ public abstract class EnrollProfile extends BasicProfile // parse validity if (certTemplate.getNotBefore() != null || - certTemplate.getNotAfter() != null) { + certTemplate.getNotAfter() != null) { CMS.debug("EnrollProfile: requested notBefore: " + certTemplate.getNotBefore()); CMS.debug("EnrollProfile: requested notAfter: " + certTemplate.getNotAfter()); CMS.debug("EnrollProfile: current CA time: " + new Date()); @@ -874,7 +872,7 @@ public abstract class EnrollProfile extends BasicProfile if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); ByteArrayOutputStream subjectEncStream = - new ByteArrayOutputStream(); + new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); @@ -886,18 +884,20 @@ public abstract class EnrollProfile extends BasicProfile req.setExtData(REQUEST_SUBJECT_NAME, new CertificateSubjectName(subject)); try { - String subjectCN = subject.getCommonName(); - if (subjectCN == null) subjectCN = ""; - req.setExtData(REQUEST_SUBJECT_NAME+".cn", subjectCN); + String subjectCN = subject.getCommonName(); + if (subjectCN == null) + subjectCN = ""; + req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME+".cn", ""); + req.setExtData(REQUEST_SUBJECT_NAME + ".cn", ""); } try { String subjectUID = subject.getUserID(); - if (subjectUID == null) subjectUID = ""; - req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID); + if (subjectUID == null) + subjectUID = ""; + req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME+".uid", ""); + req.setExtData(REQUEST_SUBJECT_NAME + ".uid", ""); } } @@ -921,10 +921,10 @@ public abstract class EnrollProfile extends BasicProfile for (int j = 0; j < numexts; j++) { org.mozilla.jss.pkix.cert.Extension jssext = - certTemplate.extensionAt(j); + certTemplate.extensionAt(j); boolean isCritical = jssext.getCritical(); org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = - jssext.getExtnId(); + jssext.getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; @@ -932,17 +932,17 @@ public abstract class EnrollProfile extends BasicProfile oidNumbers[k] = (int) numbers[k]; } ObjectIdentifier oid = - new ObjectIdentifier(oidNumbers); + new ObjectIdentifier(oidNumbers); org.mozilla.jss.asn1.OCTET_STRING jssvalue = - jssext.getExtnValue(); + jssext.getExtnValue(); ByteArrayOutputStream jssvalueout = - new ByteArrayOutputStream(); + new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); Extension ext = - new Extension(oid, isCritical, extValue); + new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } @@ -965,7 +965,7 @@ public abstract class EnrollProfile extends BasicProfile } public PKCS10 parsePKCS10(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { CMS.debug("EnrollProfile:parsePKCS10() certreq null"); @@ -996,7 +996,7 @@ public abstract class EnrollProfile extends BasicProfile CMS.debug("EnrollProfile: parsePKCS10: use internal token"); signToken = cm.getInternalCryptoToken(); } else { - CMS.debug("EnrollProfile: parsePKCS10: tokenName="+ tokenName); + CMS.debug("EnrollProfile: parsePKCS10: tokenName=" + tokenName); signToken = cm.getTokenByName(tokenName); } CMS.debug("EnrollProfile: parsePKCS10 setting thread token"); @@ -1021,7 +1021,7 @@ public abstract class EnrollProfile extends BasicProfile } public void fillPKCS10(Locale locale, PKCS10 pkcs10, X509CertInfo info, IRequest req) - throws EProfileException { + throws EProfileException { X509Key key = pkcs10.getSubjectPublicKeyInfo(); try { @@ -1033,18 +1033,20 @@ public abstract class EnrollProfile extends BasicProfile req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, new CertificateSubjectName(pkcs10.getSubjectName())); try { - String subjectCN = pkcs10.getSubjectName().getCommonName(); - if (subjectCN == null) subjectCN = ""; - req.setExtData(REQUEST_SUBJECT_NAME+".cn", subjectCN); + String subjectCN = pkcs10.getSubjectName().getCommonName(); + if (subjectCN == null) + subjectCN = ""; + req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME+".cn", ""); + req.setExtData(REQUEST_SUBJECT_NAME + ".cn", ""); } try { String subjectUID = pkcs10.getSubjectName().getUserID(); - if (subjectUID == null) subjectUID = ""; - req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID); + if (subjectUID == null) + subjectUID = ""; + req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME+".uid", ""); + req.setExtData(REQUEST_SUBJECT_NAME + ".uid", ""); } info.set(X509CertInfo.KEY, certKey); @@ -1052,11 +1054,12 @@ public abstract class EnrollProfile extends BasicProfile PKCS10Attributes p10Attrs = pkcs10.getAttributes(); if (p10Attrs != null) { PKCS10Attribute p10Attr = (PKCS10Attribute) - (p10Attrs.getAttribute(CertificateExtensions.NAME)); + (p10Attrs.getAttribute(CertificateExtensions.NAME)); if (p10Attr != null && p10Attr.getAttributeId().equals( - PKCS9Attribute.EXTENSION_REQUEST_OID)) { CMS.debug("Found PKCS10 extension"); + PKCS9Attribute.EXTENSION_REQUEST_OID)) { + CMS.debug("Found PKCS10 extension"); Extensions exts0 = (Extensions) - (p10Attr.getAttributeValue()); + (p10Attr.getAttributeValue()); DerOutputStream extOut = new DerOutputStream(); exts0.encode(extOut); @@ -1070,8 +1073,8 @@ public abstract class EnrollProfile extends BasicProfile } } else { CMS.debug("PKCS10 extension Not Found"); - } - } + } + } CMS.debug("Finish parsePKCS10 - " + pkcs10.getSubjectName()); } catch (IOException e) { @@ -1085,60 +1088,58 @@ public abstract class EnrollProfile extends BasicProfile } } + // for netkey + public void fillNSNKEY(Locale locale, String sn, String skey, X509CertInfo info, IRequest req) + throws EProfileException { - // for netkey - public void fillNSNKEY(Locale locale, String sn, String skey, X509CertInfo info, IRequest req) - throws EProfileException { + try { + //cfu - is the algorithm going to be replaced by the policy? + X509Key key = new X509Key(); + key.decode(CMS.AtoB(skey)); + + info.set(X509CertInfo.KEY, new CertificateX509Key(key)); + // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, + // new CertificateSubjectName(new + // X500Name("CN="+sn))); + req.setExtData("screenname", sn); + // keeping "aoluid" to be backward compatible + req.setExtData("aoluid", sn); + req.setExtData("uid", sn); + CMS.debug("EnrollPrifile: fillNSNKEY(): uid=" + sn); - try { - //cfu - is the algorithm going to be replaced by the policy? - X509Key key = new X509Key(); - key.decode(CMS.AtoB(skey)); - - info.set(X509CertInfo.KEY, new CertificateX509Key(key)); - // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, - // new CertificateSubjectName(new - // X500Name("CN="+sn))); - req.setExtData("screenname", sn); - // keeping "aoluid" to be backward compatible - req.setExtData("aoluid", sn); - req.setExtData("uid", sn); - CMS.debug("EnrollPrifile: fillNSNKEY(): uid="+sn); - - } catch (Exception e) { - CMS.debug("EnrollProfile: fillNSNKEY(): "+e.toString()); + } catch (Exception e) { + CMS.debug("EnrollProfile: fillNSNKEY(): " + e.toString()); throw new EProfileException( CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } } + } - // for house key - public void fillNSHKEY(Locale locale, String tcuid, String skey, X509CertInfo info, IRequest req) - throws EProfileException { + // for house key + public void fillNSHKEY(Locale locale, String tcuid, String skey, X509CertInfo info, IRequest req) + throws EProfileException { - try { - //cfu - is the algorithm going to be replaced by the policy? - X509Key key = new X509Key(); - key.decode(CMS.AtoB(skey)); + try { + //cfu - is the algorithm going to be replaced by the policy? + X509Key key = new X509Key(); + key.decode(CMS.AtoB(skey)); - info.set(X509CertInfo.KEY, new CertificateX509Key(key)); - // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, - // new CertificateSubjectName(new - // X500Name("CN="+sn))); - req.setExtData("tokencuid", tcuid); + info.set(X509CertInfo.KEY, new CertificateX509Key(key)); + // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, + // new CertificateSubjectName(new + // X500Name("CN="+sn))); + req.setExtData("tokencuid", tcuid); - CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid="+tcuid); + CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid=" + tcuid); - } catch (Exception e) { - CMS.debug("EnrollProfile: fillNSHKEY(): "+e.toString()); + } catch (Exception e) { + CMS.debug("EnrollProfile: fillNSHKEY(): " + e.toString()); throw new EProfileException( CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); - } } - + } public DerInputStream parseKeyGen(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { byte data[] = CMS.AtoB(certreq); DerInputStream derIn = new DerInputStream(data); @@ -1147,8 +1148,8 @@ public abstract class EnrollProfile extends BasicProfile } public void fillKeyGen(Locale locale, DerInputStream derIn, X509CertInfo info, IRequest req - ) - throws EProfileException { + ) + throws EProfileException { try { /* get SPKAC Algorithm & Signature */ @@ -1229,27 +1230,26 @@ public abstract class EnrollProfile extends BasicProfile /** * Populate input * <P> - * - * (either all "agent" profile cert requests NOT made through a connector, - * or all "EE" profile cert requests NOT made through a connector) + * + * (either all "agent" profile cert requests NOT made through a connector, or all "EE" profile cert requests NOT made through a connector) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a - * profile cert request is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a profile cert request is made (before approval process) * </ul> + * * @param ctx profile context * @param request the certificate request * @exception EProfileException an error related to this profile has - * occurred + * occurred */ public void populateInput(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { super.populateInput(ctx, request); } public void populate(IRequest request) - throws EProfileException { + throws EProfileException { super.populate(request); } @@ -1259,7 +1259,7 @@ public abstract class EnrollProfile extends BasicProfile * that validate the request against the profile. */ public void validate(IRequest request) - throws ERejectException { + throws ERejectException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(request); @@ -1272,7 +1272,7 @@ public abstract class EnrollProfile extends BasicProfile try { CertificateSubjectName sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + info.get(X509CertInfo.SUBJECT); // if the cert subject name is NOT MISSING, retrieve the // actual "auditCertificateSubjectName" and "normalize" it @@ -1348,12 +1348,12 @@ public abstract class EnrollProfile extends BasicProfile /** * Signed Audit Log Requester ID - * + * * This method is inherited by all extended "EnrollProfile"s, * and is called to obtain the "RequesterID" for * a signed audit log message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -1379,12 +1379,12 @@ public abstract class EnrollProfile extends BasicProfile /** * Signed Audit Log Profile ID - * + * * This method is inherited by all extended "EnrollProfile"s, * and is called to obtain the "ProfileID" for * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message ProfileID */ protected String auditProfileID() { @@ -1405,7 +1405,7 @@ public abstract class EnrollProfile extends BasicProfile } public void verifyPOP(Locale locale, CertReqMsg certReqMsg) - throws EProfileException { + throws EProfileException { CMS.debug("EnrollProfile ::in verifyPOP"); String auditMessage = null; @@ -1429,32 +1429,31 @@ public abstract class EnrollProfile extends BasicProfile CMS.debug("POP verification using internal token"); certReqMsg.verify(); } else { - CMS.debug("POP verification using token:"+ tokenName); + CMS.debug("POP verification using token:" + tokenName); verifyToken = cm.getTokenByName(tokenName); certReqMsg.verify(verifyToken); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.SUCCESS ); - audit( auditMessage ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.SUCCESS); + audit(auditMessage); } catch (Exception e) { - CMS.debug("Failed POP verify! "+e.toString()); + CMS.debug("Failed POP verify! " + e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); throw new EProfileException(CMS.getUserMessage(locale, "CMS_POP_VERIFICATION_ERROR")); } } } - |