diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java | 267 |
1 files changed, 141 insertions, 126 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java index 61cadc4aa..62a1f5e90 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; @@ -67,13 +66,12 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Display detailed information about a certificate - * - * The template 'displayBySerial.template' is used to - * render the response for this servlet. - * + * + * The template 'displayBySerial.template' is used to render the response for + * this servlet. + * * @version $Revision$, $Date$ */ public class DisplayBySerial extends CMSServlet { @@ -99,26 +97,29 @@ public class DisplayBySerial extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); if (mAuthority instanceof ICertificateAuthority) { - mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); + mCertDB = ((ICertificateAuthority) mAuthority) + .getCertificateRepository(); } try { - mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain(); + mCACerts = ((ICertAuthority) mAuthority).getCACertChain() + .getChain(); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); } // coming from ee mForm1Path = "/" + mAuthority.getId() + "/" + TPL_FILE1; - - if (mOutputTemplatePath != null) + + if (mOutputTemplatePath != null) mForm1Path = mOutputTemplatePath; - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); } @@ -126,8 +127,8 @@ public class DisplayBySerial extends CMSServlet { /** * Serves HTTP request. The format of this request is as follows: * <ul> - * <li>http.param serialNumber Decimal serial number of certificate to display - * (or hex if serialNumber preceded by 0x) + * <li>http.param serialNumber Decimal serial number of certificate to + * display (or hex if serialNumber preceded by 0x) * </ul> */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -148,10 +149,11 @@ public class DisplayBySerial extends CMSServlet { try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + mAuthzResourceName, "read"); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { @@ -166,17 +168,22 @@ public class DisplayBySerial extends CMSServlet { form = getTemplate(mForm1Path, req, locale); } } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", String.valueOf(serialNumber))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", + String.valueOf(serialNumber))); - error = new ECMSGWException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + error = new ECMSGWException( + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, + e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } catch (EDBRecordNotFoundException e) { - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", "0x" + serialNumber.toString(16))); + throw new ECMSGWException(CMS.getLogMessage( + "CMSGW_CERT_SERIAL_NOT_FOUND_1", + "0x" + serialNumber.toString(16))); } IArgBlock header = CMS.createArgBlock(); @@ -185,15 +192,14 @@ public class DisplayBySerial extends CMSServlet { try { if (serialNumber.compareTo(MINUS_ONE) > 0) { - process(argSet, header, serialNumber, - req, resp, locale[0]); + process(argSet, header, serialNumber, req, resp, locale[0]); } else { error = new ECMSGWException( - CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); + CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); } } catch (EBaseException e) { error = e; - } + } try { ServletOutputStream out = resp.getOutputStream(); @@ -201,20 +207,22 @@ public class DisplayBySerial extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString())); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", + e.toString())); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } @@ -223,55 +231,53 @@ public class DisplayBySerial extends CMSServlet { * Display information about a particular certificate */ private void process(CMSTemplateParams argSet, IArgBlock header, - BigInteger seq, HttpServletRequest req, - HttpServletResponse resp, - Locale locale) - throws EBaseException { + BigInteger seq, HttpServletRequest req, HttpServletResponse resp, + Locale locale) throws EBaseException { String certType[] = new String[1]; try { ICertRecord rec = getCertRecord(seq, certType); - + if (certType[0].equalsIgnoreCase("x509")) { processX509(argSet, header, seq, req, resp, locale); return; } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); throw e; } - + return; } - + private void processX509(CMSTemplateParams argSet, IArgBlock header, - BigInteger seq, HttpServletRequest req, - HttpServletResponse resp, - Locale locale) - throws EBaseException { + BigInteger seq, HttpServletRequest req, HttpServletResponse resp, + Locale locale) throws EBaseException { try { ICertRecord rec = (ICertRecord) mCertDB.readCertificateRecord(seq); - if (rec == null) { - CMS.debug("DisplayBySerial: failed to read record"); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); + if (rec == null) { + CMS.debug("DisplayBySerial: failed to read record"); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } X509CertImpl cert = rec.getCertificate(); - if (cert == null) { - CMS.debug("DisplayBySerial: no certificate in record"); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); + if (cert == null) { + CMS.debug("DisplayBySerial: no certificate in record"); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } try { - X509CertInfo info = (X509CertInfo) cert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO); - if (info == null) { - CMS.debug("DisplayBySerial: no info found"); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); + X509CertInfo info = (X509CertInfo) cert.get(X509CertImpl.NAME + + "." + X509CertImpl.INFO); + if (info == null) { + CMS.debug("DisplayBySerial: no info found"); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } - CertificateExtensions extensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS); + CertificateExtensions extensions = (CertificateExtensions) info + .get(X509CertInfo.EXTENSIONS); boolean emailCert = false; @@ -282,16 +288,20 @@ public class DisplayBySerial extends CMSServlet { if (ext instanceof NSCertTypeExtension) { NSCertTypeExtension type = (NSCertTypeExtension) ext; - if (((Boolean) type.get(NSCertTypeExtension.EMAIL)).booleanValue()) + if (((Boolean) type.get(NSCertTypeExtension.EMAIL)) + .booleanValue()) emailCert = true; } if (ext instanceof KeyUsageExtension) { - KeyUsageExtension usage = - (KeyUsageExtension) ext; + KeyUsageExtension usage = (KeyUsageExtension) ext; try { - if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() || - ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue()) + if (((Boolean) usage + .get(KeyUsageExtension.DIGITAL_SIGNATURE)) + .booleanValue() + || ((Boolean) usage + .get(KeyUsageExtension.DATA_ENCIPHERMENT)) + .booleanValue()) emailCert = true; } catch (ArrayIndexOutOfBoundsException e) { // bug356108: @@ -304,16 +314,23 @@ public class DisplayBySerial extends CMSServlet { header.addBooleanValue("emailCert", emailCert); boolean noCertImport = true; - MetaInfo metaInfo = (MetaInfo) rec.get(ICertRecord.ATTR_META_INFO); + MetaInfo metaInfo = (MetaInfo) rec + .get(ICertRecord.ATTR_META_INFO); if (metaInfo != null) { - String rid = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); - - if (rid != null && mAuthority instanceof ICertificateAuthority) { - IRequest r = ((ICertificateAuthority) mAuthority).getRequestQueue().findRequest(new RequestId(rid)); - String certType = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); - - if (certType != null && certType.equals(IRequest.CLIENT_CERT)) { + String rid = (String) metaInfo + .get(ICertRecord.META_REQUEST_ID); + + if (rid != null + && mAuthority instanceof ICertificateAuthority) { + IRequest r = ((ICertificateAuthority) mAuthority) + .getRequestQueue().findRequest( + new RequestId(rid)); + String certType = r.getExtDataInString( + IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); + + if (certType != null + && certType.equals(IRequest.CLIENT_CERT)) { noCertImport = false; } } @@ -321,8 +338,9 @@ public class DisplayBySerial extends CMSServlet { header.addBooleanValue("noCertImport", noCertImport); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", + e.toString())); } IRevocationInfo revocationInfo = rec.getRevocationInfo(); @@ -338,7 +356,8 @@ public class DisplayBySerial extends CMSServlet { Extension ext = (Extension) enumx.nextElement(); if (ext instanceof CRLReasonExtension) { - reason = ((CRLReasonExtension) ext).getReason().toInt(); + reason = ((CRLReasonExtension) ext).getReason() + .toInt(); } } header.addIntegerValue("revocationReason", reason); @@ -347,20 +366,16 @@ public class DisplayBySerial extends CMSServlet { ICertPrettyPrint certDetails = CMS.getCertPrettyPrint(cert); - header.addStringValue("certPrettyPrint", - certDetails.toString(locale)); + header.addStringValue("certPrettyPrint", + certDetails.toString(locale)); /* - String scheme = req.getScheme(); - if (scheme.equals("http") && connectionIsSSL(req)) - scheme = "https"; - String requestURI = req.getRequestURI(); - int i = requestURI.indexOf('?'); - String newRequestURI = - (i > -1)? requestURI.substring(0, i): requestURI; - header.addStringValue("serviceURL", scheme +"://"+ - req.getServerName() + ":"+ - req.getServerPort() + newRequestURI); + * String scheme = req.getScheme(); if (scheme.equals("http") && + * connectionIsSSL(req)) scheme = "https"; String requestURI = + * req.getRequestURI(); int i = requestURI.indexOf('?'); String + * newRequestURI = (i > -1)? requestURI.substring(0, i): requestURI; + * header.addStringValue("serviceURL", scheme +"://"+ + * req.getServerName() + ":"+ req.getServerPort() + newRequestURI); */ header.addStringValue("authorityid", mAuthority.getId()); @@ -369,8 +384,9 @@ public class DisplayBySerial extends CMSServlet { try { certFingerprints = CMS.getFingerPrints(cert); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", + e.toString())); } if (certFingerprints.length() > 0) header.addStringValue("certFingerprint", certFingerprints); @@ -378,30 +394,30 @@ public class DisplayBySerial extends CMSServlet { byte[] ba = cert.getEncoded(); // Do base 64 encoding - header.addStringValue("certChainBase64", com.netscape.osutil.OSUtil.BtoA(ba)); + header.addStringValue("certChainBase64", + com.netscape.osutil.OSUtil.BtoA(ba)); header.addStringValue("serialNumber", seq.toString(16)); /* - String userAgent = req.getHeader("user-agent"); - String agent = - (userAgent != null)? UserInfo.getUserAgent(userAgent): ""; + * String userAgent = req.getHeader("user-agent"); String agent = + * (userAgent != null)? UserInfo.getUserAgent(userAgent): ""; */ // Now formulate a PKCS#7 blob - X509CertImpl[] certsInChain = new X509CertImpl[1];; + X509CertImpl[] certsInChain = new X509CertImpl[1]; + ; if (mCACerts != null) { for (int i = 0; i < mCACerts.length; i++) { if (cert.equals(mCACerts[i])) { - certsInChain = new - X509CertImpl[mCACerts.length]; + certsInChain = new X509CertImpl[mCACerts.length]; break; } certsInChain = new X509CertImpl[mCACerts.length + 1]; } } - + // Set the EE cert certsInChain[0] = cert; - + // Set the Ca certificate chain if (mCACerts != null) { for (int i = 0; i < mCACerts.length; i++) { @@ -414,43 +430,42 @@ public class DisplayBySerial extends CMSServlet { String p7Str; try { - PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), - certsInChain, - new SignerInfo[0]); + PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo( + new byte[0]), certsInChain, new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); - p7.encodeSignedData(bos,false); + p7.encodeSignedData(bos, false); byte[] p7Bytes = bos.toByteArray(); - p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes); + p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes); header.addStringValue("pkcs7ChainBase64", p7Str); } catch (Exception e) { - //p7Str = "PKCS#7 B64 Encoding error - " + e.toString() - //+ "; Please contact your administrator"; - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); + // p7Str = "PKCS#7 B64 Encoding error - " + e.toString() + // + "; Please contact your administrator"; + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", + e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7")); } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString())); throw e; } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } return; } - + private ICertRecord getCertRecord(BigInteger seq, String certtype[]) - throws EBaseException { + throws EBaseException { ICertRecord rec = null; - + try { rec = (ICertRecord) mCertDB.readCertificateRecord(seq); X509CertImpl x509cert = rec.getCertificate(); @@ -460,28 +475,28 @@ public class DisplayBySerial extends CMSServlet { return rec; } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); throw e; } - + return rec; } private BigInteger getSerialNumber(HttpServletRequest req) - throws NumberFormatException { + throws NumberFormatException { String serialNumString = req.getParameter("serialNumber"); if (serialNumString != null) { serialNumString = serialNumString.trim(); - if (serialNumString.startsWith("0x") || serialNumString.startsWith("0X")) { + if (serialNumString.startsWith("0x") + || serialNumString.startsWith("0X")) { return new BigInteger(serialNumString.substring(2), 16); } else { - return new BigInteger(serialNumString); + return new BigInteger(serialNumString); } - } else { + } else { throw new NumberFormatException(); - } + } } } - |