diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java | 147 |
1 files changed, 69 insertions, 78 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java index e80b5a7ef..a723cb52d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; @@ -57,6 +58,7 @@ import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.crypto.CryptoUtil; + /** * Retrieve certificate by serial number. * @@ -81,17 +83,17 @@ public class GetBySerial extends CMSServlet { super(); } - /** + /** * Initialize the servlet. This servlet uses the template file - * "ImportCert.template" to import the cert to the users browser, if that is - * what the user requested - * + * "ImportCert.template" to import the cert to the users browser, + * if that is what the user requested * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); try { - mImportTemplate = sc.getInitParameter(PROP_SUCCESS_TEMPLATE); + mImportTemplate = sc.getInitParameter( + PROP_SUCCESS_TEMPLATE); mIETemplate = sc.getInitParameter("importCertTemplate"); if (mImportTemplate == null) mImportTemplate = IMPORT_CERT_TEMPLATE; @@ -100,12 +102,11 @@ public class GetBySerial extends CMSServlet { } mImportTemplateFiller = new ImportCertsTemplateFiller(); - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); - ICertificateAuthority mCa = (ICertificateAuthority) CMS - .getSubsystem("ca"); + ICertificateAuthority mCa = (ICertificateAuthority) CMS.getSubsystem("ca"); if (mCa == null) { return; } @@ -114,11 +115,11 @@ public class GetBySerial extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param serialNumber serial number of certificate in HEX + * <li>http.param serialNumber serial number of certificate in HEX * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -134,14 +135,14 @@ public class GetBySerial extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "import"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "import"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -159,22 +160,20 @@ public class GetBySerial extends CMSServlet { serialNo = null; } if (serial == null || serialNo == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER"))); cmsReq.setStatus(CMSRequest.ERROR); return; } ICertRecord certRecord = (ICertRecord) getCertRecord(serialNo); if (certRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", - serialNo.toString(16))); - cmsReq.setError(new ECMSGWException(CMS.getUserMessage( - "CMS_GW_CERT_SERIAL_NOT_FOUND", - "0x" + serialNo.toString(16)))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16))); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16)))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -182,41 +181,37 @@ public class GetBySerial extends CMSServlet { // if RA, needs requestOwner to match // first, find the user's group if (authToken != null) { - String group = authToken.getInString("group"); - - if ((group != null) && (group != "")) { - CMS.debug("GetBySerial process: auth group=" + group); - if (group.equals("Registration Manager Agents")) { - boolean groupMatched = false; - // find the cert record's orig. requestor's group - MetaInfo metai = certRecord.getMetaInfo(); - if (metai != null) { - String reqId = (String) metai - .get(ICertRecord.META_REQUEST_ID); - RequestId rid = new RequestId(reqId); - IRequest creq = mReqQ.findRequest(rid); - if (creq != null) { - String reqOwner = creq.getRequestOwner(); - if (reqOwner != null) { - CMS.debug("GetBySerial process: req owner=" - + reqOwner); - if (reqOwner.equals(group)) - groupMatched = true; - } - } - } - if (groupMatched == false) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_CERT_SERIAL_NOT_FOUND_1", - serialNo.toString(16))); - cmsReq.setError(new ECMSGWException(CMS.getUserMessage( - "CMS_GW_CERT_SERIAL_NOT_FOUND", - "0x" + serialNo.toString(16)))); - cmsReq.setStatus(CMSRequest.ERROR); - return; - } + String group = authToken.getInString("group"); + + if ((group != null) && (group != "")) { + CMS.debug("GetBySerial process: auth group="+group); + if (group.equals("Registration Manager Agents")) { + boolean groupMatched = false; + // find the cert record's orig. requestor's group + MetaInfo metai = certRecord.getMetaInfo(); + if (metai != null) { + String reqId = (String) metai.get(ICertRecord.META_REQUEST_ID); + RequestId rid = new RequestId(reqId); + IRequest creq = mReqQ.findRequest(rid); + if (creq != null) { + String reqOwner = creq.getRequestOwner(); + if (reqOwner != null) { + CMS.debug("GetBySerial process: req owner="+reqOwner); + if (reqOwner.equals(group)) + groupMatched = true; + } } + } + if (groupMatched == false) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16))); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16)))); + cmsReq.setStatus(CMSRequest.ERROR); + return; + } } + } } X509CertImpl cert = certRecord.getCertificate(); @@ -229,8 +224,7 @@ public class GetBySerial extends CMSServlet { IArgBlock ctx = CMS.createArgBlock(); Locale[] locale = new Locale[1]; CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); CertificateChain cachain = ca.getCACertChain(); X509Certificate[] cacerts = cachain.getChain(); X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; @@ -241,8 +235,8 @@ public class GetBySerial extends CMSServlet { } userChain[0] = cert; - PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo( - new byte[0]), userChain, new SignerInfo[0]); + PKCS7 p7 = new PKCS7(new AlgorithmId[0], + new ContentInfo(new byte[0]), userChain, new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); try { @@ -252,9 +246,8 @@ public class GetBySerial extends CMSServlet { byte[] p7Bytes = bos.toByteArray(); String p7Str = CMS.BtoA(p7Bytes); - - header.addStringValue("pkcs7", - CryptoUtil.normalizeCertStr(p7Str)); + + header.addStringValue("pkcs7", CryptoUtil.normalizeCertStr(p7Str)); try { CMSTemplate form = getTemplate(mIETemplate, req, locale); ServletOutputStream out = response.getOutputStream(); @@ -263,22 +256,21 @@ public class GetBySerial extends CMSServlet { form.renderOutput(out, argSet); return; } catch (Exception ee) { - CMS.debug("GetBySerial process: Exception=" + ee.toString()); + CMS.debug("GetBySerial process: Exception="+ee.toString()); } - } // browser is IE - + } //browser is IE + MetaInfo metai = certRecord.getMetaInfo(); String crmfReqId = null; if (metai != null) { crmfReqId = (String) metai.get(ICertRecord.META_CRMF_REQID); - if (crmfReqId != null) + if (crmfReqId != null) cmsReq.setResult(IRequest.CRMF_REQID, crmfReqId); } - if (crmfReqId == null - && checkImportCertToNav(cmsReq.getHttpResp(), - cmsReq.getHttpParams(), cert)) { + if (crmfReqId == null && checkImportCertToNav( + cmsReq.getHttpResp(), cmsReq.getHttpParams(), cert)) { cmsReq.setStatus(CMSRequest.SUCCESS); return; } @@ -291,20 +283,19 @@ public class GetBySerial extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); // XXX follow request in cert record to set certtype, which will - // import cert only if it's client. For now assume "client" if + // import cert only if it's client. For now assume "client" if // someone clicked to import this cert. cmsReq.getHttpParams().set("certType", "client"); try { renderTemplate(cmsReq, mImportTemplate, mImportTemplateFiller); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - + return; } } + |