diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java | 268 |
1 files changed, 128 insertions, 140 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java index e17910451..e5b3fe808 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.util.Enumeration; @@ -56,11 +55,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * 'Unrevoke' a certificate. (For certificates that are on-hold only, * take them off-hold) - * + * * @version $Revision$, $Date$ */ public class DoUnrevoke extends CMSServlet { @@ -80,19 +78,18 @@ public class DoUnrevoke extends CMSServlet { private final static String OFF_HOLD = "off-hold"; private final static int OFF_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; - + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + public DoUnrevoke() { super(); } /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -112,14 +109,11 @@ public class DoUnrevoke extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The - * certificate must be revoked with a revovcation reason 'on hold' for this - * operation to succeed. The serial number may be expressed as a hex number by - * prefixing '0x' to the serialNumber string + * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The certificate must be revoked with a revovcation reason 'on hold' for this operation to succeed. The serial number may be expressed as a hex number by prefixing '0x' to the serialNumber string * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -136,10 +130,10 @@ public class DoUnrevoke extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -152,17 +146,17 @@ public class DoUnrevoke extends CMSServlet { //for audit log. IAuthToken authToken = authenticate(cmsReq); String authMgr = AuditFormat.NOAUTH; - + if (authToken != null) { authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - } else { - CMS.debug( "DoUnrevoke::process() - authToken is null!" ); + } else { + CMS.debug("DoUnrevoke::process() - authToken is null!"); return; } String agentID = authToken.getInString("userid"); String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID - + " authenticated by " + authMgr; + + " authenticated by " + authMgr; AuthzToken authzToken = null; @@ -171,10 +165,10 @@ public class DoUnrevoke extends CMSServlet { mAuthzResourceName, "unrevoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -186,7 +180,7 @@ public class DoUnrevoke extends CMSServlet { } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -197,44 +191,39 @@ public class DoUnrevoke extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - /** * Process X509 cert status change request * <P> - * - * (Certificate Request - an "agent" cert status change request to take - * a certificate off-hold) + * + * (Certificate Request - an "agent" cert status change request to take a certificate off-hold) * <P> - * - * (Certificate Request Processed - an "agent" cert status change request - * to take a certificate off-hold) + * + * (Certificate Request Processed - an "agent" cert status change request to take a certificate off-hold) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before - * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (taken off-hold) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (taken off-hold) * </ul> + * * @param argSet CMS template parameters * @param header argument block * @param serialNumbers the serial number of the certificate @@ -245,11 +234,11 @@ public class DoUnrevoke extends CMSServlet { * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - BigInteger[] serialNumbers, - HttpServletRequest req, - HttpServletResponse resp, - Locale locale, String initiative) - throws EBaseException { + BigInteger[] serialNumbers, + HttpServletRequest req, + HttpServletResponse resp, + Locale locale, String initiative) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -265,8 +254,9 @@ public class DoUnrevoke extends CMSServlet { // certs are for old cloning and they should be removed as soon as possible X509CertImpl[] certs = new X509CertImpl[serialNumbers.length]; for (int i = 0; i < serialNumbers.length; i++) { - certs[i] = (X509CertImpl)getX509Certificate(serialNumbers[i]); - if (snList.length() > 0) snList.append(", "); + certs[i] = (X509CertImpl) getX509Certificate(serialNumbers[i]); + if (snList.length() > 0) + snList.append(", "); snList.append("0x"); snList.append(serialNumbers[i].toString(16)); } @@ -310,15 +300,15 @@ public class DoUnrevoke extends CMSServlet { header.addStringValue("unrevoked", "yes"); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "completed", - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "completed", + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } else { header.addStringValue("unrevoked", "no"); @@ -328,29 +318,29 @@ public class DoUnrevoke extends CMSServlet { header.addStringValue("error", error); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "completed with error: " + - error, - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "completed with error: " + + error, + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } /****************************************************/ - + /* IMPORTANT: In the event that the following */ - + /* "throw error;" statement is */ - + /* uncommented, uncomment the following */ - + /* signed audit log message, also!!! */ - + /****************************************************/ // // store a message in the signed audit log file @@ -379,8 +369,8 @@ public class DoUnrevoke extends CMSServlet { } } - Integer updateCRLResult = - unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -389,15 +379,15 @@ public class DoUnrevoke extends CMSServlet { } else { header.addStringValue("updateCRLSuccess", "no"); String crlError = - unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); - if (crlError != null) - header.addStringValue("updateCRLError", - crlError); + if (crlError != null) + header.addStringValue("updateCRLError", + crlError); } // let known crl publishing status too. - Integer publishCRLResult = - unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = + unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { @@ -405,22 +395,22 @@ public class DoUnrevoke extends CMSServlet { } else { header.addStringValue("publishCRLSuccess", "no"); String publError = - unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); - if (publError != null) - header.addStringValue("publishCRLError", - publError); + if (publError != null) + header.addStringValue("publishCRLError", + publError); } } } // let known update and publish status of all crls. - Enumeration otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + Enumeration otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) @@ -431,48 +421,48 @@ public class DoUnrevoke extends CMSServlet { if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { CMS.debug("DoUnrevoke: adding header " + - updateStatusStr + " yes "); + updateStatusStr + " yes "); header.addStringValue(updateStatusStr, "yes"); } else { String updateErrorStr = crl.getCrlUpdateErrorStr(); CMS.debug("DoUnrevoke: adding header " + - updateStatusStr + " no "); + updateStatusStr + " no "); header.addStringValue(updateStatusStr, "no"); String error = - unrevReq.getExtDataInString(updateErrorStr); + unrevReq.getExtDataInString(updateErrorStr); - if (error != null) + if (error != null) header.addStringValue( - updateErrorStr, error); + updateErrorStr, error); } String publishStatusStr = crl.getCrlPublishStatusStr(); Integer publishResult = - unrevReq.getExtDataInInteger(publishStatusStr); + unrevReq.getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (publishResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue(publishStatusStr, "yes"); } else { - String publishErrorStr = - crl.getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); String error = - unrevReq.getExtDataInString(publishErrorStr); + unrevReq.getExtDataInString(publishErrorStr); - if (error != null) + if (error != null) header.addStringValue( - publishErrorStr, error); + publishErrorStr, error); } } } if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - unrevReq.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + unrevReq.getExtDataInIntegerArray("ldapPublishStatus"); if (ldapPublishStatus != null) { if (ldapPublishStatus[0] == IRequest.RES_SUCCESS) { @@ -490,30 +480,30 @@ public class DoUnrevoke extends CMSServlet { header.addStringValue("unrevoked", "pending"); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "pending", - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "pending", + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } else { header.addStringValue("error", "Request Status.Error"); header.addStringValue("unrevoked", "no"); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - status.toString(), - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + status.toString(), + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } @@ -521,9 +511,8 @@ public class DoUnrevoke extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) - ) { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -557,10 +546,10 @@ public class DoUnrevoke extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -580,7 +569,7 @@ public class DoUnrevoke extends CMSServlet { } private BigInteger[] getSerialNumbers(HttpServletRequest req) - throws NumberFormatException { + throws NumberFormatException { String serialNumString = req.getParameter("serialNumber"); StringTokenizer snList = new StringTokenizer(serialNumString, " "); @@ -601,7 +590,7 @@ public class DoUnrevoke extends CMSServlet { biList.addElement(bi); } else { throw new NumberFormatException(); - } + } } if (biList.size() < 1) { throw new NumberFormatException(); @@ -617,11 +606,11 @@ public class DoUnrevoke extends CMSServlet { /** * Signed Audit Log Requester ID - * + * * This method is called to obtain the "RequesterID" for * a signed audit log message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -647,11 +636,11 @@ public class DoUnrevoke extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -670,7 +659,7 @@ public class DoUnrevoke extends CMSServlet { // convert it to hexadecimal serialNumber = "0x" + Integer.toHexString( - Integer.valueOf(serialNumber).intValue()); + Integer.valueOf(serialNumber).intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -678,4 +667,3 @@ public class DoUnrevoke extends CMSServlet { return serialNumber; } } - |