diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java | 283 |
1 files changed, 128 insertions, 155 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java index 3b87ed5a5..2bbec4828 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.math.BigInteger; import java.security.cert.CRLException; @@ -47,9 +48,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Retrieve CRL for a Certificate Authority - * + * * @version $Revision$, $Date$ */ public class GetCRL extends CMSServlet { @@ -66,7 +68,6 @@ public class GetCRL extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -78,13 +79,15 @@ public class GetCRL extends CMSServlet { mFormPath = mOutputTemplatePath; } + /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information - * @see DisplayCRL#process + * @see DisplayCRL#process */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -93,14 +96,14 @@ public class GetCRL extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -112,10 +115,9 @@ public class GetCRL extends CMSServlet { IArgBlock args = cmsReq.getHttpParams(); if (!(mAuthority instanceof ICertificateAuthority)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -123,15 +125,14 @@ public class GetCRL extends CMSServlet { CMSTemplate form = null; Locale[] locale = new Locale[1]; - CMS.debug("**** mFormPath before getTemplate = " + mFormPath); +CMS.debug("**** mFormPath before getTemplate = "+mFormPath); try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -147,18 +148,16 @@ public class GetCRL extends CMSServlet { op = args.getValueAsString("op", null); crlId = args.getValueAsString("crlIssuingPoint", null); if (op == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } if (crlId == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT")); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_NO_CRL_SELECTED"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT")); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_CRL_SELECTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -166,25 +165,23 @@ public class GetCRL extends CMSServlet { ICRLIssuingPointRecord crlRecord = null; ICertificateAuthority ca = (ICertificateAuthority) mAuthority; ICRLIssuingPoint crlIP = null; - if (ca != null) - crlIP = ca.getCRLIssuingPoint(crlId); + if (ca != null) crlIP = ca.getCRLIssuingPoint(crlId); try { - crlRecord = (ICRLIssuingPointRecord) ca.getCRLRepository() - .readCRLIssuingPointRecord(crlId); + crlRecord = (ICRLIssuingPointRecord) ca.getCRLRepository().readCRLIssuingPointRecord(crlId); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId)); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_CRL_NOT_FOUND"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId)); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_CRL_NOT_FOUND"))); cmsReq.setStatus(CMSRequest.ERROR); return; } if (crlRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -203,43 +200,40 @@ public class GetCRL extends CMSServlet { header.addStringValue("crlDisplayType", crlDisplayType); } - if ((op.equals("checkCRLcache") || (op.equals("displayCRL") - && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) - && (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP - .isCRLCacheEmpty())) { - cmsReq.setError(CMS.getUserMessage( - ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP - .isCRLCacheEmpty()) ? "CMS_GW_CRL_CACHE_IS_EMPTY" - : "CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId)); + if ((op.equals("checkCRLcache") || + (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) && + (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP.isCRLCacheEmpty())) { + cmsReq.setError( + CMS.getUserMessage( + ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP.isCRLCacheEmpty())? + "CMS_GW_CRL_CACHE_IS_EMPTY":"CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId)); cmsReq.setStatus(CMSRequest.ERROR); return; } byte[] crlbytes = null; - if (op.equals("importDeltaCRL") - || op.equals("getDeltaCRL") - || (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType - .equals("deltaCRL"))) { + if (op.equals("importDeltaCRL") || op.equals("getDeltaCRL") || + (op.equals("displayCRL") && crlDisplayType != null && + crlDisplayType.equals("deltaCRL"))) { crlbytes = crlRecord.getDeltaCRL(); - } else if (op.equals("importCRL") - || op.equals("getCRL") - || op.equals("checkCRL") - || (op.equals("displayCRL") && crlDisplayType != null && (crlDisplayType - .equals("entireCRL") - || crlDisplayType.equals("crlHeader") || crlDisplayType - .equals("base64Encoded")))) { + } else if (op.equals("importCRL") || op.equals("getCRL") || + op.equals("checkCRL") || + (op.equals("displayCRL") && + crlDisplayType != null && + (crlDisplayType.equals("entireCRL") || + crlDisplayType.equals("crlHeader") || + crlDisplayType.equals("base64Encoded")))) { crlbytes = crlRecord.getCRL(); - } - - if (crlbytes == null - && (!op.equals("checkCRLcache")) - && (!(op.equals("displayCRL") && crlDisplayType != null && crlDisplayType - .equals("cachedCRL")))) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + } + + if (crlbytes == null && (!op.equals("checkCRLcache")) && + (!(op.equals("displayCRL") && crlDisplayType != null && + crlDisplayType.equals("cachedCRL")))) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -247,56 +241,48 @@ public class GetCRL extends CMSServlet { X509CRLImpl crl = null; - if (op.equals("checkCRL") - || op.equals("importCRL") - || op.equals("importDeltaCRL") - || (op.equals("displayCRL") && crlDisplayType != null && (crlDisplayType - .equals("entireCRL") - || crlDisplayType.equals("crlHeader") - || crlDisplayType.equals("base64Encoded") || crlDisplayType - .equals("deltaCRL")))) { + if (op.equals("checkCRL") || op.equals("importCRL") || + op.equals("importDeltaCRL") || + (op.equals("displayCRL") && crlDisplayType != null && + (crlDisplayType.equals("entireCRL") || + crlDisplayType.equals("crlHeader") || + crlDisplayType.equals("base64Encoded") || + crlDisplayType.equals("deltaCRL")))) { try { - if (op.equals("displayCRL") && crlDisplayType != null - && crlDisplayType.equals("crlHeader")) { + if (op.equals("displayCRL") && crlDisplayType != null && + crlDisplayType.equals("crlHeader")) { crl = new X509CRLImpl(crlbytes, false); } else { crl = new X509CRLImpl(crlbytes); } } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_DECODE_CRL_1", - e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DECODE_CRL_FAILED"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAILED_DECODE_CRL_1", e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DECODE_CRL_FAILED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } - if ((op.equals("importDeltaCRL") || (op.equals("displayCRL") - && crlDisplayType != null && crlDisplayType - .equals("deltaCRL"))) - && ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) && (crlRecord - .getCRLNumber() == null - || crlRecord.getDeltaCRLNumber() == null - || crlRecord.getDeltaCRLNumber().compareTo( - crlRecord.getCRLNumber()) < 0 - || crlRecord.getDeltaCRLSize() == null || crlRecord - .getDeltaCRLSize().longValue() == -1))) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL_1")); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + if ((op.equals("importDeltaCRL") || (op.equals("displayCRL") && + crlDisplayType != null && crlDisplayType.equals("deltaCRL"))) && + ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) && + (crlRecord.getCRLNumber() == null || + crlRecord.getDeltaCRLNumber() == null || + crlRecord.getDeltaCRLNumber().compareTo(crlRecord.getCRLNumber()) < 0 || + crlRecord.getDeltaCRLSize() == null || + crlRecord.getDeltaCRLSize().longValue() == -1))) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL_1")); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } - } + } String mimeType = "application/x-pkcs7-crl"; - if (op.equals("checkCRLcache") || op.equals("checkCRL") - || op.equals("displayCRL")) { + if (op.equals("checkCRLcache") || op.equals("checkCRL") || op.equals("displayCRL")) { header.addStringValue("toDo", op); - String certSerialNumber = args.getValueAsString("certSerialNumber", - ""); + String certSerialNumber = args.getValueAsString("certSerialNumber", ""); header.addStringValue("certSerialNumber", certSerialNumber); if (certSerialNumber.startsWith("0x")) { @@ -304,8 +290,8 @@ public class GetCRL extends CMSServlet { } if (op.equals("checkCRLcache")) { - if (crlIP.getRevocationDateFromCache(new BigInteger( - certSerialNumber), false, false) != null) { + if (crlIP.getRevocationDateFromCache( + new BigInteger(certSerialNumber), false, false) != null) { header.addBooleanValue("isOnCRL", true); } else { header.addBooleanValue("isOnCRL", false); @@ -314,15 +300,14 @@ public class GetCRL extends CMSServlet { if (op.equals("checkCRL")) { header.addBooleanValue("isOnCRL", - crl.isRevoked(new BigInteger(certSerialNumber))); + crl.isRevoked(new BigInteger(certSerialNumber))); } if (op.equals("displayCRL")) { - if (crlDisplayType.equals("entireCRL") - || crlDisplayType.equals("cachedCRL")) { - ICRLPrettyPrint crlDetails = (crlDisplayType - .equals("entireCRL")) ? CMS.getCRLPrettyPrint(crl) - : CMS.getCRLCachePrettyPrint(crlIP); + if (crlDisplayType.equals("entireCRL") || crlDisplayType.equals("cachedCRL")) { + ICRLPrettyPrint crlDetails = (crlDisplayType.equals("entireCRL"))? + CMS.getCRLPrettyPrint(crl): + CMS.getCRLCachePrettyPrint(crlIP); String pageStart = args.getValueAsString("pageStart", null); String pageSize = args.getValueAsString("pageSize", null); @@ -330,28 +315,26 @@ public class GetCRL extends CMSServlet { long lPageStart = new Long(pageStart).longValue(); long lPageSize = new Long(pageSize).longValue(); - if (lPageStart < 1) - lPageStart = 1; + if (lPageStart < 1) lPageStart = 1; - header.addStringValue("crlPrettyPrint", crlDetails - .toString(locale[0], lCRLSize, lPageStart, - lPageSize)); + header.addStringValue("crlPrettyPrint", + crlDetails.toString(locale[0], + lCRLSize, lPageStart, lPageSize)); header.addLongValue("pageStart", lPageStart); header.addLongValue("pageSize", lPageSize); } else { - header.addStringValue("crlPrettyPrint", - crlDetails.toString(locale[0])); + header.addStringValue( + "crlPrettyPrint", crlDetails.toString(locale[0])); } } else if (crlDisplayType.equals("crlHeader")) { ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl); - header.addStringValue("crlPrettyPrint", - crlDetails.toString(locale[0], lCRLSize, 0, 0)); + header.addStringValue( + "crlPrettyPrint", crlDetails.toString(locale[0], lCRLSize, 0, 0)); } else if (crlDisplayType.equals("base64Encoded")) { try { byte[] ba = crl.getEncoded(); - String crlBase64Encoded = com.netscape.osutil.OSUtil - .BtoA(ba); + String crlBase64Encoded = com.netscape.osutil.OSUtil.BtoA(ba); int length = crlBase64Encoded.length(); int i = 0; int j = 0; @@ -368,14 +351,11 @@ public class GetCRL extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); if (k > -1) { - rarg.addStringValue("crlBase64Encoded", - crlBase64Encoded.substring(j, k)); + rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k)); i = k + 1; j = i; } else { - rarg.addStringValue("crlBase64Encoded", - crlBase64Encoded.substring(j, - length)); + rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length)); i = length; } argSet.addRepeatRecord(rarg); @@ -385,17 +365,16 @@ public class GetCRL extends CMSServlet { } } else if (crlDisplayType.equals("deltaCRL")) { header.addIntegerValue("deltaCRLSize", - crl.getNumberOfRevokedCertificates()); + crl.getNumberOfRevokedCertificates()); ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl); - header.addStringValue("crlPrettyPrint", - crlDetails.toString(locale[0], 0, 0, 0)); + header.addStringValue( + "crlPrettyPrint", crlDetails.toString(locale[0], 0, 0, 0)); try { byte[] ba = crl.getEncoded(); - String crlBase64Encoded = com.netscape.osutil.OSUtil - .BtoA(ba); + String crlBase64Encoded = com.netscape.osutil.OSUtil.BtoA(ba); int length = crlBase64Encoded.length(); int i = 0; int j = 0; @@ -412,14 +391,11 @@ public class GetCRL extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); if (k > -1) { - rarg.addStringValue("crlBase64Encoded", - crlBase64Encoded.substring(j, k)); + rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k)); i = k + 1; j = i; } else { - rarg.addStringValue("crlBase64Encoded", - crlBase64Encoded.substring(j, - length)); + rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length)); i = length; } argSet.addRepeatRecord(rarg); @@ -437,11 +413,10 @@ public class GetCRL extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", - e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } return; @@ -452,34 +427,32 @@ public class GetCRL extends CMSServlet { mimeType = "application/x-pkcs7-crl"; } else if (op.equals("getCRL")) { mimeType = "application/octet-stream"; - httpResp.setHeader("Content-disposition", "attachment; filename=" - + crlId + ".crl"); + httpResp.setHeader("Content-disposition", + "attachment; filename=" + crlId + ".crl"); } else if (op.equals("getDeltaCRL")) { mimeType = "application/octet-stream"; httpResp.setHeader("Content-disposition", - "attachment; filename=delta-" + crlId + ".crl"); + "attachment; filename=delta-" + crlId + ".crl"); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_OPTIONS_SELECTED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_OPTIONS_SELECTED")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); + CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); } try { - // if (clientIsMSIE(httpReq) && op.equals("getCRL")) - // httpResp.setHeader("Content-disposition", - // "attachment; filename=getCRL.crl"); + // if (clientIsMSIE(httpReq) && op.equals("getCRL")) + // httpResp.setHeader("Content-disposition", + // "attachment; filename=getCRL.crl"); httpResp.setContentType(mimeType); httpResp.setContentLength(bytes.length); httpResp.getOutputStream().write(bytes); httpResp.getOutputStream().flush(); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CRLINFO")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CRLINFO")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR")); } - // cmsReq.setResult(null); + // cmsReq.setResult(null); cmsReq.setStatus(CMSRequest.SUCCESS); return; } |