diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java | 283 |
1 files changed, 155 insertions, 128 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java index 2bbec4828..3b87ed5a5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CRLException; @@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Retrieve CRL for a Certificate Authority - * + * * @version $Revision$, $Date$ */ public class GetCRL extends CMSServlet { @@ -68,6 +66,7 @@ public class GetCRL extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -79,15 +78,13 @@ public class GetCRL extends CMSServlet { mFormPath = mOutputTemplatePath; } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information - * @see DisplayCRL#process + * @see DisplayCRL#process */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -96,14 +93,14 @@ public class GetCRL extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -115,9 +112,10 @@ public class GetCRL extends CMSServlet { IArgBlock args = cmsReq.getHttpParams(); if (!(mAuthority instanceof ICertificateAuthority)) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -125,14 +123,15 @@ public class GetCRL extends CMSServlet { CMSTemplate form = null; Locale[] locale = new Locale[1]; -CMS.debug("**** mFormPath before getTemplate = "+mFormPath); + CMS.debug("**** mFormPath before getTemplate = " + mFormPath); try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -148,16 +147,18 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); op = args.getValueAsString("op", null); crlId = args.getValueAsString("crlIssuingPoint", null); if (op == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } if (crlId == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT")); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_CRL_SELECTED"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT")); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_NO_CRL_SELECTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -165,23 +166,25 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); ICRLIssuingPointRecord crlRecord = null; ICertificateAuthority ca = (ICertificateAuthority) mAuthority; ICRLIssuingPoint crlIP = null; - if (ca != null) crlIP = ca.getCRLIssuingPoint(crlId); + if (ca != null) + crlIP = ca.getCRLIssuingPoint(crlId); try { - crlRecord = (ICRLIssuingPointRecord) ca.getCRLRepository().readCRLIssuingPointRecord(crlId); + crlRecord = (ICRLIssuingPointRecord) ca.getCRLRepository() + .readCRLIssuingPointRecord(crlId); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId)); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRL_NOT_FOUND"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId)); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_CRL_NOT_FOUND"))); cmsReq.setStatus(CMSRequest.ERROR); return; } if (crlRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -200,40 +203,43 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); header.addStringValue("crlDisplayType", crlDisplayType); } - if ((op.equals("checkCRLcache") || - (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) && - (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP.isCRLCacheEmpty())) { - cmsReq.setError( - CMS.getUserMessage( - ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP.isCRLCacheEmpty())? - "CMS_GW_CRL_CACHE_IS_EMPTY":"CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId)); + if ((op.equals("checkCRLcache") || (op.equals("displayCRL") + && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) + && (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP + .isCRLCacheEmpty())) { + cmsReq.setError(CMS.getUserMessage( + ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP + .isCRLCacheEmpty()) ? "CMS_GW_CRL_CACHE_IS_EMPTY" + : "CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId)); cmsReq.setStatus(CMSRequest.ERROR); return; } byte[] crlbytes = null; - if (op.equals("importDeltaCRL") || op.equals("getDeltaCRL") || - (op.equals("displayCRL") && crlDisplayType != null && - crlDisplayType.equals("deltaCRL"))) { + if (op.equals("importDeltaCRL") + || op.equals("getDeltaCRL") + || (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType + .equals("deltaCRL"))) { crlbytes = crlRecord.getDeltaCRL(); - } else if (op.equals("importCRL") || op.equals("getCRL") || - op.equals("checkCRL") || - (op.equals("displayCRL") && - crlDisplayType != null && - (crlDisplayType.equals("entireCRL") || - crlDisplayType.equals("crlHeader") || - crlDisplayType.equals("base64Encoded")))) { + } else if (op.equals("importCRL") + || op.equals("getCRL") + || op.equals("checkCRL") + || (op.equals("displayCRL") && crlDisplayType != null && (crlDisplayType + .equals("entireCRL") + || crlDisplayType.equals("crlHeader") || crlDisplayType + .equals("base64Encoded")))) { crlbytes = crlRecord.getCRL(); - } - - if (crlbytes == null && (!op.equals("checkCRLcache")) && - (!(op.equals("displayCRL") && crlDisplayType != null && - crlDisplayType.equals("cachedCRL")))) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + } + + if (crlbytes == null + && (!op.equals("checkCRLcache")) + && (!(op.equals("displayCRL") && crlDisplayType != null && crlDisplayType + .equals("cachedCRL")))) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -241,48 +247,56 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); X509CRLImpl crl = null; - if (op.equals("checkCRL") || op.equals("importCRL") || - op.equals("importDeltaCRL") || - (op.equals("displayCRL") && crlDisplayType != null && - (crlDisplayType.equals("entireCRL") || - crlDisplayType.equals("crlHeader") || - crlDisplayType.equals("base64Encoded") || - crlDisplayType.equals("deltaCRL")))) { + if (op.equals("checkCRL") + || op.equals("importCRL") + || op.equals("importDeltaCRL") + || (op.equals("displayCRL") && crlDisplayType != null && (crlDisplayType + .equals("entireCRL") + || crlDisplayType.equals("crlHeader") + || crlDisplayType.equals("base64Encoded") || crlDisplayType + .equals("deltaCRL")))) { try { - if (op.equals("displayCRL") && crlDisplayType != null && - crlDisplayType.equals("crlHeader")) { + if (op.equals("displayCRL") && crlDisplayType != null + && crlDisplayType.equals("crlHeader")) { crl = new X509CRLImpl(crlbytes, false); } else { crl = new X509CRLImpl(crlbytes); } } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAILED_DECODE_CRL_1", e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODE_CRL_FAILED"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_DECODE_CRL_1", + e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DECODE_CRL_FAILED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } - if ((op.equals("importDeltaCRL") || (op.equals("displayCRL") && - crlDisplayType != null && crlDisplayType.equals("deltaCRL"))) && - ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) && - (crlRecord.getCRLNumber() == null || - crlRecord.getDeltaCRLNumber() == null || - crlRecord.getDeltaCRLNumber().compareTo(crlRecord.getCRLNumber()) < 0 || - crlRecord.getDeltaCRLSize() == null || - crlRecord.getDeltaCRLSize().longValue() == -1))) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL_1")); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + if ((op.equals("importDeltaCRL") || (op.equals("displayCRL") + && crlDisplayType != null && crlDisplayType + .equals("deltaCRL"))) + && ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) && (crlRecord + .getCRLNumber() == null + || crlRecord.getDeltaCRLNumber() == null + || crlRecord.getDeltaCRLNumber().compareTo( + crlRecord.getCRLNumber()) < 0 + || crlRecord.getDeltaCRLSize() == null || crlRecord + .getDeltaCRLSize().longValue() == -1))) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL_1")); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } - } + } String mimeType = "application/x-pkcs7-crl"; - if (op.equals("checkCRLcache") || op.equals("checkCRL") || op.equals("displayCRL")) { + if (op.equals("checkCRLcache") || op.equals("checkCRL") + || op.equals("displayCRL")) { header.addStringValue("toDo", op); - String certSerialNumber = args.getValueAsString("certSerialNumber", ""); + String certSerialNumber = args.getValueAsString("certSerialNumber", + ""); header.addStringValue("certSerialNumber", certSerialNumber); if (certSerialNumber.startsWith("0x")) { @@ -290,8 +304,8 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); } if (op.equals("checkCRLcache")) { - if (crlIP.getRevocationDateFromCache( - new BigInteger(certSerialNumber), false, false) != null) { + if (crlIP.getRevocationDateFromCache(new BigInteger( + certSerialNumber), false, false) != null) { header.addBooleanValue("isOnCRL", true); } else { header.addBooleanValue("isOnCRL", false); @@ -300,14 +314,15 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); if (op.equals("checkCRL")) { header.addBooleanValue("isOnCRL", - crl.isRevoked(new BigInteger(certSerialNumber))); + crl.isRevoked(new BigInteger(certSerialNumber))); } if (op.equals("displayCRL")) { - if (crlDisplayType.equals("entireCRL") || crlDisplayType.equals("cachedCRL")) { - ICRLPrettyPrint crlDetails = (crlDisplayType.equals("entireCRL"))? - CMS.getCRLPrettyPrint(crl): - CMS.getCRLCachePrettyPrint(crlIP); + if (crlDisplayType.equals("entireCRL") + || crlDisplayType.equals("cachedCRL")) { + ICRLPrettyPrint crlDetails = (crlDisplayType + .equals("entireCRL")) ? CMS.getCRLPrettyPrint(crl) + : CMS.getCRLCachePrettyPrint(crlIP); String pageStart = args.getValueAsString("pageStart", null); String pageSize = args.getValueAsString("pageSize", null); @@ -315,26 +330,28 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); long lPageStart = new Long(pageStart).longValue(); long lPageSize = new Long(pageSize).longValue(); - if (lPageStart < 1) lPageStart = 1; + if (lPageStart < 1) + lPageStart = 1; - header.addStringValue("crlPrettyPrint", - crlDetails.toString(locale[0], - lCRLSize, lPageStart, lPageSize)); + header.addStringValue("crlPrettyPrint", crlDetails + .toString(locale[0], lCRLSize, lPageStart, + lPageSize)); header.addLongValue("pageStart", lPageStart); header.addLongValue("pageSize", lPageSize); } else { - header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale[0])); + header.addStringValue("crlPrettyPrint", + crlDetails.toString(locale[0])); } } else if (crlDisplayType.equals("crlHeader")) { ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl); - header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale[0], lCRLSize, 0, 0)); + header.addStringValue("crlPrettyPrint", + crlDetails.toString(locale[0], lCRLSize, 0, 0)); } else if (crlDisplayType.equals("base64Encoded")) { try { byte[] ba = crl.getEncoded(); - String crlBase64Encoded = com.netscape.osutil.OSUtil.BtoA(ba); + String crlBase64Encoded = com.netscape.osutil.OSUtil + .BtoA(ba); int length = crlBase64Encoded.length(); int i = 0; int j = 0; @@ -351,11 +368,14 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); IArgBlock rarg = CMS.createArgBlock(); if (k > -1) { - rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k)); + rarg.addStringValue("crlBase64Encoded", + crlBase64Encoded.substring(j, k)); i = k + 1; j = i; } else { - rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length)); + rarg.addStringValue("crlBase64Encoded", + crlBase64Encoded.substring(j, + length)); i = length; } argSet.addRepeatRecord(rarg); @@ -365,16 +385,17 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); } } else if (crlDisplayType.equals("deltaCRL")) { header.addIntegerValue("deltaCRLSize", - crl.getNumberOfRevokedCertificates()); + crl.getNumberOfRevokedCertificates()); ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl); - header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale[0], 0, 0, 0)); + header.addStringValue("crlPrettyPrint", + crlDetails.toString(locale[0], 0, 0, 0)); try { byte[] ba = crl.getEncoded(); - String crlBase64Encoded = com.netscape.osutil.OSUtil.BtoA(ba); + String crlBase64Encoded = com.netscape.osutil.OSUtil + .BtoA(ba); int length = crlBase64Encoded.length(); int i = 0; int j = 0; @@ -391,11 +412,14 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); IArgBlock rarg = CMS.createArgBlock(); if (k > -1) { - rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k)); + rarg.addStringValue("crlBase64Encoded", + crlBase64Encoded.substring(j, k)); i = k + 1; j = i; } else { - rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length)); + rarg.addStringValue("crlBase64Encoded", + crlBase64Encoded.substring(j, + length)); i = length; } argSet.addRepeatRecord(rarg); @@ -413,10 +437,11 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", + e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } return; @@ -427,32 +452,34 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); mimeType = "application/x-pkcs7-crl"; } else if (op.equals("getCRL")) { mimeType = "application/octet-stream"; - httpResp.setHeader("Content-disposition", - "attachment; filename=" + crlId + ".crl"); + httpResp.setHeader("Content-disposition", "attachment; filename=" + + crlId + ".crl"); } else if (op.equals("getDeltaCRL")) { mimeType = "application/octet-stream"; httpResp.setHeader("Content-disposition", - "attachment; filename=delta-" + crlId + ".crl"); + "attachment; filename=delta-" + crlId + ".crl"); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_OPTIONS_SELECTED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_OPTIONS_SELECTED")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); + CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); } try { - // if (clientIsMSIE(httpReq) && op.equals("getCRL")) - // httpResp.setHeader("Content-disposition", - // "attachment; filename=getCRL.crl"); + // if (clientIsMSIE(httpReq) && op.equals("getCRL")) + // httpResp.setHeader("Content-disposition", + // "attachment; filename=getCRL.crl"); httpResp.setContentType(mimeType); httpResp.setContentLength(bytes.length); httpResp.getOutputStream().write(bytes); httpResp.getOutputStream().flush(); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CRLINFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CRLINFO")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR")); } - // cmsReq.setResult(null); + // cmsReq.setResult(null); cmsReq.setStatus(CMSRequest.SUCCESS); return; } |