summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java267
1 files changed, 141 insertions, 126 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
index 61cadc4aa..62a1f5e90 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
@@ -67,13 +66,12 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Display detailed information about a certificate
- *
- * The template 'displayBySerial.template' is used to
- * render the response for this servlet.
- *
+ *
+ * The template 'displayBySerial.template' is used to render the response for
+ * this servlet.
+ *
* @version $Revision$, $Date$
*/
public class DisplayBySerial extends CMSServlet {
@@ -99,26 +97,29 @@ public class DisplayBySerial extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
if (mAuthority instanceof ICertificateAuthority) {
- mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository();
+ mCertDB = ((ICertificateAuthority) mAuthority)
+ .getCertificateRepository();
}
try {
- mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain();
+ mCACerts = ((ICertAuthority) mAuthority).getCACertChain()
+ .getChain();
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE"));
}
// coming from ee
mForm1Path = "/" + mAuthority.getId() + "/" + TPL_FILE1;
-
- if (mOutputTemplatePath != null)
+
+ if (mOutputTemplatePath != null)
mForm1Path = mOutputTemplatePath;
- // override success and error templates to null -
+ // override success and error templates to null -
// handle templates locally.
mTemplates.remove(CMSRequest.SUCCESS);
}
@@ -126,8 +127,8 @@ public class DisplayBySerial extends CMSServlet {
/**
* Serves HTTP request. The format of this request is as follows:
* <ul>
- * <li>http.param serialNumber Decimal serial number of certificate to display
- * (or hex if serialNumber preceded by 0x)
+ * <li>http.param serialNumber Decimal serial number of certificate to
+ * display (or hex if serialNumber preceded by 0x)
* </ul>
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -148,10 +149,11 @@ public class DisplayBySerial extends CMSServlet {
try {
authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ mAuthzResourceName, "read");
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
}
if (authzToken == null) {
@@ -166,17 +168,22 @@ public class DisplayBySerial extends CMSServlet {
form = getTemplate(mForm1Path, req, locale);
}
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", String.valueOf(serialNumber)));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1",
+ String.valueOf(serialNumber)));
- error = new ECMSGWException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+ error = new ECMSGWException(
+ CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path,
+ e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
} catch (EDBRecordNotFoundException e) {
- throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", "0x" + serialNumber.toString(16)));
+ throw new ECMSGWException(CMS.getLogMessage(
+ "CMSGW_CERT_SERIAL_NOT_FOUND_1",
+ "0x" + serialNumber.toString(16)));
}
IArgBlock header = CMS.createArgBlock();
@@ -185,15 +192,14 @@ public class DisplayBySerial extends CMSServlet {
try {
if (serialNumber.compareTo(MINUS_ONE) > 0) {
- process(argSet, header, serialNumber,
- req, resp, locale[0]);
+ process(argSet, header, serialNumber, req, resp, locale[0]);
} else {
error = new ECMSGWException(
- CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER"));
+ CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER"));
}
} catch (EBaseException e) {
error = e;
- }
+ }
try {
ServletOutputStream out = resp.getOutputStream();
@@ -201,20 +207,22 @@ public class DisplayBySerial extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString()));
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM",
+ e.toString()));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
}
@@ -223,55 +231,53 @@ public class DisplayBySerial extends CMSServlet {
* Display information about a particular certificate
*/
private void process(CMSTemplateParams argSet, IArgBlock header,
- BigInteger seq, HttpServletRequest req,
- HttpServletResponse resp,
- Locale locale)
- throws EBaseException {
+ BigInteger seq, HttpServletRequest req, HttpServletResponse resp,
+ Locale locale) throws EBaseException {
String certType[] = new String[1];
try {
ICertRecord rec = getCertRecord(seq, certType);
-
+
if (certType[0].equalsIgnoreCase("x509")) {
processX509(argSet, header, seq, req, resp, locale);
return;
}
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
throw e;
}
-
+
return;
}
-
+
private void processX509(CMSTemplateParams argSet, IArgBlock header,
- BigInteger seq, HttpServletRequest req,
- HttpServletResponse resp,
- Locale locale)
- throws EBaseException {
+ BigInteger seq, HttpServletRequest req, HttpServletResponse resp,
+ Locale locale) throws EBaseException {
try {
ICertRecord rec = (ICertRecord) mCertDB.readCertificateRecord(seq);
- if (rec == null) {
- CMS.debug("DisplayBySerial: failed to read record");
- throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
+ if (rec == null) {
+ CMS.debug("DisplayBySerial: failed to read record");
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
}
X509CertImpl cert = rec.getCertificate();
- if (cert == null) {
- CMS.debug("DisplayBySerial: no certificate in record");
- throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
+ if (cert == null) {
+ CMS.debug("DisplayBySerial: no certificate in record");
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
}
try {
- X509CertInfo info = (X509CertInfo) cert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
- if (info == null) {
- CMS.debug("DisplayBySerial: no info found");
- throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
+ X509CertInfo info = (X509CertInfo) cert.get(X509CertImpl.NAME
+ + "." + X509CertImpl.INFO);
+ if (info == null) {
+ CMS.debug("DisplayBySerial: no info found");
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
}
- CertificateExtensions extensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions) info
+ .get(X509CertInfo.EXTENSIONS);
boolean emailCert = false;
@@ -282,16 +288,20 @@ public class DisplayBySerial extends CMSServlet {
if (ext instanceof NSCertTypeExtension) {
NSCertTypeExtension type = (NSCertTypeExtension) ext;
- if (((Boolean) type.get(NSCertTypeExtension.EMAIL)).booleanValue())
+ if (((Boolean) type.get(NSCertTypeExtension.EMAIL))
+ .booleanValue())
emailCert = true;
}
if (ext instanceof KeyUsageExtension) {
- KeyUsageExtension usage =
- (KeyUsageExtension) ext;
+ KeyUsageExtension usage = (KeyUsageExtension) ext;
try {
- if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() ||
- ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue())
+ if (((Boolean) usage
+ .get(KeyUsageExtension.DIGITAL_SIGNATURE))
+ .booleanValue()
+ || ((Boolean) usage
+ .get(KeyUsageExtension.DATA_ENCIPHERMENT))
+ .booleanValue())
emailCert = true;
} catch (ArrayIndexOutOfBoundsException e) {
// bug356108:
@@ -304,16 +314,23 @@ public class DisplayBySerial extends CMSServlet {
header.addBooleanValue("emailCert", emailCert);
boolean noCertImport = true;
- MetaInfo metaInfo = (MetaInfo) rec.get(ICertRecord.ATTR_META_INFO);
+ MetaInfo metaInfo = (MetaInfo) rec
+ .get(ICertRecord.ATTR_META_INFO);
if (metaInfo != null) {
- String rid = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
-
- if (rid != null && mAuthority instanceof ICertificateAuthority) {
- IRequest r = ((ICertificateAuthority) mAuthority).getRequestQueue().findRequest(new RequestId(rid));
- String certType = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
-
- if (certType != null && certType.equals(IRequest.CLIENT_CERT)) {
+ String rid = (String) metaInfo
+ .get(ICertRecord.META_REQUEST_ID);
+
+ if (rid != null
+ && mAuthority instanceof ICertificateAuthority) {
+ IRequest r = ((ICertificateAuthority) mAuthority)
+ .getRequestQueue().findRequest(
+ new RequestId(rid));
+ String certType = r.getExtDataInString(
+ IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
+
+ if (certType != null
+ && certType.equals(IRequest.CLIENT_CERT)) {
noCertImport = false;
}
}
@@ -321,8 +338,9 @@ public class DisplayBySerial extends CMSServlet {
header.addBooleanValue("noCertImport", noCertImport);
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS",
+ e.toString()));
}
IRevocationInfo revocationInfo = rec.getRevocationInfo();
@@ -338,7 +356,8 @@ public class DisplayBySerial extends CMSServlet {
Extension ext = (Extension) enumx.nextElement();
if (ext instanceof CRLReasonExtension) {
- reason = ((CRLReasonExtension) ext).getReason().toInt();
+ reason = ((CRLReasonExtension) ext).getReason()
+ .toInt();
}
}
header.addIntegerValue("revocationReason", reason);
@@ -347,20 +366,16 @@ public class DisplayBySerial extends CMSServlet {
ICertPrettyPrint certDetails = CMS.getCertPrettyPrint(cert);
- header.addStringValue("certPrettyPrint",
- certDetails.toString(locale));
+ header.addStringValue("certPrettyPrint",
+ certDetails.toString(locale));
/*
- String scheme = req.getScheme();
- if (scheme.equals("http") && connectionIsSSL(req))
- scheme = "https";
- String requestURI = req.getRequestURI();
- int i = requestURI.indexOf('?');
- String newRequestURI =
- (i > -1)? requestURI.substring(0, i): requestURI;
- header.addStringValue("serviceURL", scheme +"://"+
- req.getServerName() + ":"+
- req.getServerPort() + newRequestURI);
+ * String scheme = req.getScheme(); if (scheme.equals("http") &&
+ * connectionIsSSL(req)) scheme = "https"; String requestURI =
+ * req.getRequestURI(); int i = requestURI.indexOf('?'); String
+ * newRequestURI = (i > -1)? requestURI.substring(0, i): requestURI;
+ * header.addStringValue("serviceURL", scheme +"://"+
+ * req.getServerName() + ":"+ req.getServerPort() + newRequestURI);
*/
header.addStringValue("authorityid", mAuthority.getId());
@@ -369,8 +384,9 @@ public class DisplayBySerial extends CMSServlet {
try {
certFingerprints = CMS.getFingerPrints(cert);
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT",
+ e.toString()));
}
if (certFingerprints.length() > 0)
header.addStringValue("certFingerprint", certFingerprints);
@@ -378,30 +394,30 @@ public class DisplayBySerial extends CMSServlet {
byte[] ba = cert.getEncoded();
// Do base 64 encoding
- header.addStringValue("certChainBase64", com.netscape.osutil.OSUtil.BtoA(ba));
+ header.addStringValue("certChainBase64",
+ com.netscape.osutil.OSUtil.BtoA(ba));
header.addStringValue("serialNumber", seq.toString(16));
/*
- String userAgent = req.getHeader("user-agent");
- String agent =
- (userAgent != null)? UserInfo.getUserAgent(userAgent): "";
+ * String userAgent = req.getHeader("user-agent"); String agent =
+ * (userAgent != null)? UserInfo.getUserAgent(userAgent): "";
*/
// Now formulate a PKCS#7 blob
- X509CertImpl[] certsInChain = new X509CertImpl[1];;
+ X509CertImpl[] certsInChain = new X509CertImpl[1];
+ ;
if (mCACerts != null) {
for (int i = 0; i < mCACerts.length; i++) {
if (cert.equals(mCACerts[i])) {
- certsInChain = new
- X509CertImpl[mCACerts.length];
+ certsInChain = new X509CertImpl[mCACerts.length];
break;
}
certsInChain = new X509CertImpl[mCACerts.length + 1];
}
}
-
+
// Set the EE cert
certsInChain[0] = cert;
-
+
// Set the Ca certificate chain
if (mCACerts != null) {
for (int i = 0; i < mCACerts.length; i++) {
@@ -414,43 +430,42 @@ public class DisplayBySerial extends CMSServlet {
String p7Str;
try {
- PKCS7 p7 = new PKCS7(new AlgorithmId[0],
- new ContentInfo(new byte[0]),
- certsInChain,
- new SignerInfo[0]);
+ PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(
+ new byte[0]), certsInChain, new SignerInfo[0]);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
- p7.encodeSignedData(bos,false);
+ p7.encodeSignedData(bos, false);
byte[] p7Bytes = bos.toByteArray();
- p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes);
+ p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes);
header.addStringValue("pkcs7ChainBase64", p7Str);
} catch (Exception e) {
- //p7Str = "PKCS#7 B64 Encoding error - " + e.toString()
- //+ "; Please contact your administrator";
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString()));
+ // p7Str = "PKCS#7 B64 Encoding error - " + e.toString()
+ // + "; Please contact your administrator";
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1",
+ e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7"));
}
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString()));
throw e;
} catch (CertificateEncodingException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
}
return;
}
-
+
private ICertRecord getCertRecord(BigInteger seq, String certtype[])
- throws EBaseException {
+ throws EBaseException {
ICertRecord rec = null;
-
+
try {
rec = (ICertRecord) mCertDB.readCertificateRecord(seq);
X509CertImpl x509cert = rec.getCertificate();
@@ -460,28 +475,28 @@ public class DisplayBySerial extends CMSServlet {
return rec;
}
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
throw e;
}
-
+
return rec;
}
private BigInteger getSerialNumber(HttpServletRequest req)
- throws NumberFormatException {
+ throws NumberFormatException {
String serialNumString = req.getParameter("serialNumber");
if (serialNumString != null) {
serialNumString = serialNumString.trim();
- if (serialNumString.startsWith("0x") || serialNumString.startsWith("0X")) {
+ if (serialNumString.startsWith("0x")
+ || serialNumString.startsWith("0X")) {
return new BigInteger(serialNumString.substring(2), 16);
} else {
- return new BigInteger(serialNumString);
+ return new BigInteger(serialNumString);
}
- } else {
+ } else {
throw new NumberFormatException();
- }
+ }
}
}
-
generated by cgit (git 2.34.1) at 2024-07-03 13:09:25 +0000