summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java147
1 files changed, 69 insertions, 78 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java
index e80b5a7ef..a723cb52d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
+
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
@@ -57,6 +58,7 @@ import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
import com.netscape.cmsutil.crypto.CryptoUtil;
+
/**
* Retrieve certificate by serial number.
*
@@ -81,17 +83,17 @@ public class GetBySerial extends CMSServlet {
super();
}
- /**
+ /**
* Initialize the servlet. This servlet uses the template file
- * "ImportCert.template" to import the cert to the users browser, if that is
- * what the user requested
- *
+ * "ImportCert.template" to import the cert to the users browser,
+ * if that is what the user requested
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
try {
- mImportTemplate = sc.getInitParameter(PROP_SUCCESS_TEMPLATE);
+ mImportTemplate = sc.getInitParameter(
+ PROP_SUCCESS_TEMPLATE);
mIETemplate = sc.getInitParameter("importCertTemplate");
if (mImportTemplate == null)
mImportTemplate = IMPORT_CERT_TEMPLATE;
@@ -100,12 +102,11 @@ public class GetBySerial extends CMSServlet {
}
mImportTemplateFiller = new ImportCertsTemplateFiller();
- // override success and error templates to null -
+ // override success and error templates to null -
// handle templates locally.
mTemplates.remove(CMSRequest.SUCCESS);
- ICertificateAuthority mCa = (ICertificateAuthority) CMS
- .getSubsystem("ca");
+ ICertificateAuthority mCa = (ICertificateAuthority) CMS.getSubsystem("ca");
if (mCa == null) {
return;
}
@@ -114,11 +115,11 @@ public class GetBySerial extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
- * <li>http.param serialNumber serial number of certificate in HEX
+ * <li>http.param serialNumber serial number of certificate in HEX
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -134,14 +135,14 @@ public class GetBySerial extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
- "import");
+ authzToken = authorize(mAclMethod, authToken,
+ mAuthzResourceName, "import");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -159,22 +160,20 @@ public class GetBySerial extends CMSServlet {
serialNo = null;
}
if (serial == null || serialNo == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER"));
- cmsReq.setError(new ECMSGWException(CMS
- .getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER"));
+ cmsReq.setError(new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
ICertRecord certRecord = (ICertRecord) getCertRecord(serialNo);
if (certRecord == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1",
- serialNo.toString(16)));
- cmsReq.setError(new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_CERT_SERIAL_NOT_FOUND",
- "0x" + serialNo.toString(16))));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16)));
+ cmsReq.setError(new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16))));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -182,41 +181,37 @@ public class GetBySerial extends CMSServlet {
// if RA, needs requestOwner to match
// first, find the user's group
if (authToken != null) {
- String group = authToken.getInString("group");
-
- if ((group != null) && (group != "")) {
- CMS.debug("GetBySerial process: auth group=" + group);
- if (group.equals("Registration Manager Agents")) {
- boolean groupMatched = false;
- // find the cert record's orig. requestor's group
- MetaInfo metai = certRecord.getMetaInfo();
- if (metai != null) {
- String reqId = (String) metai
- .get(ICertRecord.META_REQUEST_ID);
- RequestId rid = new RequestId(reqId);
- IRequest creq = mReqQ.findRequest(rid);
- if (creq != null) {
- String reqOwner = creq.getRequestOwner();
- if (reqOwner != null) {
- CMS.debug("GetBySerial process: req owner="
- + reqOwner);
- if (reqOwner.equals(group))
- groupMatched = true;
- }
- }
- }
- if (groupMatched == false) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSGW_CERT_SERIAL_NOT_FOUND_1",
- serialNo.toString(16)));
- cmsReq.setError(new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_CERT_SERIAL_NOT_FOUND",
- "0x" + serialNo.toString(16))));
- cmsReq.setStatus(CMSRequest.ERROR);
- return;
- }
+ String group = authToken.getInString("group");
+
+ if ((group != null) && (group != "")) {
+ CMS.debug("GetBySerial process: auth group="+group);
+ if (group.equals("Registration Manager Agents")) {
+ boolean groupMatched = false;
+ // find the cert record's orig. requestor's group
+ MetaInfo metai = certRecord.getMetaInfo();
+ if (metai != null) {
+ String reqId = (String) metai.get(ICertRecord.META_REQUEST_ID);
+ RequestId rid = new RequestId(reqId);
+ IRequest creq = mReqQ.findRequest(rid);
+ if (creq != null) {
+ String reqOwner = creq.getRequestOwner();
+ if (reqOwner != null) {
+ CMS.debug("GetBySerial process: req owner="+reqOwner);
+ if (reqOwner.equals(group))
+ groupMatched = true;
+ }
}
+ }
+ if (groupMatched == false) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16)));
+ cmsReq.setError(new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16))));
+ cmsReq.setStatus(CMSRequest.ERROR);
+ return;
+ }
}
+ }
}
X509CertImpl cert = certRecord.getCertificate();
@@ -229,8 +224,7 @@ public class GetBySerial extends CMSServlet {
IArgBlock ctx = CMS.createArgBlock();
Locale[] locale = new Locale[1];
CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
- ICertificateAuthority ca = (ICertificateAuthority) CMS
- .getSubsystem("ca");
+ ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
CertificateChain cachain = ca.getCACertChain();
X509Certificate[] cacerts = cachain.getChain();
X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
@@ -241,8 +235,8 @@ public class GetBySerial extends CMSServlet {
}
userChain[0] = cert;
- PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(
- new byte[0]), userChain, new SignerInfo[0]);
+ PKCS7 p7 = new PKCS7(new AlgorithmId[0],
+ new ContentInfo(new byte[0]), userChain, new SignerInfo[0]);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
try {
@@ -252,9 +246,8 @@ public class GetBySerial extends CMSServlet {
byte[] p7Bytes = bos.toByteArray();
String p7Str = CMS.BtoA(p7Bytes);
-
- header.addStringValue("pkcs7",
- CryptoUtil.normalizeCertStr(p7Str));
+
+ header.addStringValue("pkcs7", CryptoUtil.normalizeCertStr(p7Str));
try {
CMSTemplate form = getTemplate(mIETemplate, req, locale);
ServletOutputStream out = response.getOutputStream();
@@ -263,22 +256,21 @@ public class GetBySerial extends CMSServlet {
form.renderOutput(out, argSet);
return;
} catch (Exception ee) {
- CMS.debug("GetBySerial process: Exception=" + ee.toString());
+ CMS.debug("GetBySerial process: Exception="+ee.toString());
}
- } // browser is IE
-
+ } //browser is IE
+
MetaInfo metai = certRecord.getMetaInfo();
String crmfReqId = null;
if (metai != null) {
crmfReqId = (String) metai.get(ICertRecord.META_CRMF_REQID);
- if (crmfReqId != null)
+ if (crmfReqId != null)
cmsReq.setResult(IRequest.CRMF_REQID, crmfReqId);
}
- if (crmfReqId == null
- && checkImportCertToNav(cmsReq.getHttpResp(),
- cmsReq.getHttpParams(), cert)) {
+ if (crmfReqId == null && checkImportCertToNav(
+ cmsReq.getHttpResp(), cmsReq.getHttpParams(), cert)) {
cmsReq.setStatus(CMSRequest.SUCCESS);
return;
}
@@ -291,20 +283,19 @@ public class GetBySerial extends CMSServlet {
cmsReq.setStatus(CMSRequest.SUCCESS);
// XXX follow request in cert record to set certtype, which will
- // import cert only if it's client. For now assume "client" if
+ // import cert only if it's client. For now assume "client" if
// someone clicked to import this cert.
cmsReq.getHttpParams().set("certType", "client");
try {
renderTemplate(cmsReq, mImportTemplate, mImportTemplateFiller);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
-
+
return;
}
}
+
generated by cgit (git 2.34.1) at 2024-05-22 22:11:52 +0000