diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java | 836 |
1 files changed, 425 insertions, 411 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java index 0922f8821..645cb831b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -84,9 +85,10 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; + /** * performs face-to-face enrollment. - * + * * @version $Revision$, $Date$ */ public class HashEnrollServlet extends CMSServlet { @@ -98,9 +100,10 @@ public class HashEnrollServlet extends CMSServlet { public final static String ADMIN_ENROLL_SERVLET_ID = "adminEnroll"; // enrollment templates. - public static final String ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template"; + public static final String + ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template"; - // http params + // http params public static final String OLD_CERT_TYPE = "csrCertType"; public static final String CERT_TYPE = "certType"; // same as in ConfigConstant.java @@ -120,7 +123,8 @@ public class HashEnrollServlet extends CMSServlet { private boolean mAuthTokenOverride = true; private String mEnrollSuccessTemplate = null; - private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller(); + private ICMSTemplateFiller + mEnrollSuccessFiller = new ImportCertsTemplateFiller(); ICertificateAuthority mCa = null; ICertificateRepository mRepository = null; @@ -131,7 +135,6 @@ public class HashEnrollServlet extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -139,17 +142,17 @@ public class HashEnrollServlet extends CMSServlet { // override success template to allow direct import of keygen certs. mTemplates.remove(CMSRequest.SUCCESS); try { - mEnrollSuccessTemplate = sc - .getInitParameter(CMSServlet.PROP_SUCCESS_TEMPLATE); + mEnrollSuccessTemplate = sc.getInitParameter( + CMSServlet.PROP_SUCCESS_TEMPLATE); if (mEnrollSuccessTemplate == null) mEnrollSuccessTemplate = ENROLL_SUCCESS_TEMPLATE; - String fillername = sc - .getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); + String fillername = + sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mEnrollSuccessFiller = filler; } @@ -158,18 +161,20 @@ public class HashEnrollServlet extends CMSServlet { init_testbed_hack(mConfig); } catch (Exception e) { - // this should never happen. - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); + // this should never happen. + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); } } + /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -187,8 +192,8 @@ public class HashEnrollServlet extends CMSServlet { IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); - IAuthSubsystem authSS = (IAuthSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem authSS = (IAuthSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr; @@ -221,15 +226,14 @@ public class HashEnrollServlet extends CMSServlet { certType = httpParams.getValueAsString(OLD_CERT_TYPE, null); if (certType == null) { certType = httpParams.getValueAsString(CERT_TYPE, "client"); - } else { - ; - } + } else {; + } - processX509(cmsReq); + processX509(cmsReq); } - + private void printError(CMSRequest cmsReq, String errorCode) - throws EBaseException { + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -249,10 +253,9 @@ public class HashEnrollServlet extends CMSServlet { form = getTemplate(formPath, httpReq, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, - e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -264,15 +267,16 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", - e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", + e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } } - protected void processX509(CMSRequest cmsReq) throws EBaseException { + protected void processX509(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); @@ -280,16 +284,19 @@ public class HashEnrollServlet extends CMSServlet { IRequest req = mRequestQueue.newRequest(IRequest.ENROLLMENT_REQUEST); /* - * === certAuth based enroll === "certAuthEnroll" is on. - * "certauthEnrollType can be one of the three: single - it's for single - * cert enrollment dual - it's for dual certs enrollment encryption - - * getting the encryption cert only via authentication of the signing - * cert (crmf or keyGenInfo) + * === certAuth based enroll === + * "certAuthEnroll" is on. + * "certauthEnrollType can be one of the three: + * single - it's for single cert enrollment + * dual - it's for dual certs enrollment + * encryption - getting the encryption cert only via + * authentication of the signing cert + * (crmf or keyGenInfo) */ boolean certAuthEnroll = false; - String certAuthEnrollOn = httpParams.getValueAsString("certauthEnroll", - null); + String certAuthEnrollOn = + httpParams.getValueAsString("certauthEnroll", null); X509CertInfo new_certInfo = null; if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) { @@ -300,8 +307,8 @@ public class HashEnrollServlet extends CMSServlet { String certauthEnrollType = null; if (certAuthEnroll == true) { - certauthEnrollType = httpParams.getValueAsString( - "certauthEnrollType", null); + certauthEnrollType = + httpParams.getValueAsString("certauthEnrollType", null); if (certauthEnrollType != null) { if (certauthEnrollType.equals("dual")) { CMS.debug("HashEnrollServlet: certauthEnrollType is dual"); @@ -310,22 +317,20 @@ public class HashEnrollServlet extends CMSServlet { } else if (certauthEnrollType.equals("single")) { CMS.debug("HashEnrollServlet: certauthEnrollType is single"); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", - certauthEnrollType)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); } } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); } } - String challengePassword = httpParams.getValueAsString( - "challengePassword", ""); + String challengePassword = httpParams.getValueAsString("challengePassword", ""); cmsReq.setIRequest(req); saveHttpHeaders(httpReq, req); @@ -335,8 +340,8 @@ public class HashEnrollServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, token, mAuthzResourceName, - "import"); + authzToken = authorize(mAclMethod, token, + mAuthzResourceName, "import"); } catch (Exception e) { // do nothing for now } @@ -351,43 +356,41 @@ public class HashEnrollServlet extends CMSServlet { String certBasedOldSubjectDN = null; BigInteger certBasedOldSerialNum = null; - // check if request was authenticated, if so set authtoken & certInfo. - // also if authenticated, take certInfo from authToken. + // check if request was authenticated, if so set authtoken & certInfo. + // also if authenticated, take certInfo from authToken. X509CertInfo certInfo = null; if (certAuthEnroll == true) { sslClientCert = getSSLClientCertificate(httpReq); if (sslClientCert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); + CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); } - certBasedOldSubjectDN = (String) sslClientCert.getSubjectDN() - .toString(); - certBasedOldSerialNum = (BigInteger) sslClientCert - .getSerialNumber(); + certBasedOldSubjectDN = (String) sslClientCert.getSubjectDN().toString(); + certBasedOldSerialNum = (BigInteger) sslClientCert.getSerialNumber(); try { - certInfo = (X509CertInfo) ((X509CertImpl) sslClientCert) - .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); + certInfo = (X509CertInfo) + ((X509CertImpl) sslClientCert).get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); - throw new ECMSGWException(CMS.getUserMessage( - getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); + throw new ECMSGWException( + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); } } else { certInfo = CMS.getDefaultX509CertInfo(); } - X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo }; + X509CertInfo[] certInfoArray = new X509CertInfo[] {certInfo}; - // AuthToken authToken = access.getAuthToken(); + //AuthToken authToken = access.getAuthToken(); IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); - IAuthSubsystem authSS = (IAuthSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem authSS = (IAuthSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr1 = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr1; String pageID = httpParams.getValueAsString("pageID", null); @@ -402,22 +405,24 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); return; } else { - authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - // don't store agent token in request. - // agent currently used for bulk issuance. + authMgr = + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + // don't store agent token in request. + // agent currently used for bulk issuance. // if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - log(ILogger.LL_INFO, "Enrollment request was authenticated by " - + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); + log(ILogger.LL_INFO, + "Enrollment request was authenticated by " + + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); fillCertInfoFromAuthToken(certInfo, authToken); - // save authtoken attrs to request directly (for policy use) + // save authtoken attrs to request directly (for policy use) saveAuthToken(authToken, req); // req.set(IRequest.AUTH_TOKEN, authToken); // } } // fill certInfo from input types: keygen, cmc, pkcs10 or crmf - KeyGenInfo keyGenInfo = httpParams.getValueAsKeyGenInfo( - SUBJECT_KEYGEN_INFO, null); + KeyGenInfo keyGenInfo = + httpParams.getValueAsKeyGenInfo(SUBJECT_KEYGEN_INFO, null); String certType = null; @@ -436,7 +441,8 @@ public class HashEnrollServlet extends CMSServlet { req.setExtData(IRequest.HTTP_PARAMS, CERT_TYPE, certType); } - String crmf = httpParams.getValueAsString(CRMF_REQUEST, null); + String crmf = + httpParams.getValueAsString(CRMF_REQUEST, null); if (certAuthEnroll == true) { @@ -445,21 +451,25 @@ public class HashEnrollServlet extends CMSServlet { // for dual certs if (certauthEnrollType.equals(CERT_AUTH_DUAL)) { if (mCa == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NOT_A_CA")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NOT_A_CA")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_A_CA")); + CMS.getUserMessage("CMS_GW_NOT_A_CA")); } // first, make sure the client cert is indeed a - // signing only cert - if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false) - || ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS - .isEncryptionCert((X509CertImpl) sslClientCert) == true))) { + // signing only cert + if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == + false) || + ((CMS.isSigningCert((X509CertImpl) sslClientCert) == + true) && + (CMS.isEncryptionCert((X509CertImpl) sslClientCert) == + true))) { // either it's not a signing cert, or it's a dual cert log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); + CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); } X509Key key = null; @@ -468,27 +478,22 @@ public class HashEnrollServlet extends CMSServlet { try { certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", - e.toString())); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", - e.toString())); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } - String filter = "(&(x509cert.subject=" + certBasedOldSubjectDN - + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum - + "))(certStatus=VALID))"; - ICertRecordList list = (ICertRecordList) mCa - .getCertificateRepository().findCertRecordsInList( - filter, null, 10); + String filter = + "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; + ICertRecordList list = + (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, + null, 10); int size = list.getSize(); Enumeration en = list.getCertRecords(0, size - 1); boolean gotEncCert = false; @@ -497,8 +502,8 @@ public class HashEnrollServlet extends CMSServlet { // pairing encryption cert not found } else { X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo(); - X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo, - encCertInfo }; + X509CertInfo[] cInfoArray = new X509CertInfo[] {certInfo, + encCertInfo}; int i = 1; while (en.hasMoreElements()) { @@ -506,47 +511,37 @@ public class HashEnrollServlet extends CMSServlet { X509CertImpl cert = record.getCertificate(); // if not encryption cert only, try next one - if ((CMS.isEncryptionCert(cert) == false) - || ((CMS.isEncryptionCert(cert) == true) && (CMS - .isSigningCert(cert) == true))) { + if ((CMS.isEncryptionCert(cert) == false) || + ((CMS.isEncryptionCert(cert) == true) && + (CMS.isSigningCert(cert) == true))) { continue; } key = (X509Key) cert.getPublicKey(); try { - encCertInfo = (X509CertInfo) cert - .get(X509CertImpl.NAME + "." - + X509CertImpl.INFO); + encCertInfo = (X509CertInfo) + cert.get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); - throw new ECMSGWException(CMS.getUserMessage( - getLocale(httpReq), - "CMS_GW_MISSING_CERTINFO")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); + throw new ECMSGWException( + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); } try { - encCertInfo.set(X509CertInfo.KEY, - new CertificateX509Key(key)); + encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage( - "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage( - "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", - e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage( - "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage( - "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", - e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } fillCertInfoFromAuthToken(encCertInfo, authToken); @@ -560,21 +555,24 @@ public class HashEnrollServlet extends CMSServlet { if (gotEncCert == false) { // encryption cert not found, bail log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); } } else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) { // first, make sure the client cert is indeed a - // signing only cert - if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false) - || ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS - .isEncryptionCert((X509CertImpl) sslClientCert) == true))) { + // signing only cert + if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == + false) || + ((CMS.isSigningCert((X509CertImpl) sslClientCert) == + true) && + (CMS.isEncryptionCert((X509CertImpl) sslClientCert) == + true))) { // either it's not a signing cert, or it's a dual cert log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); + CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); } /* @@ -582,15 +580,15 @@ public class HashEnrollServlet extends CMSServlet { */ if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); - req.setExtData(CLIENT_ISSUER, sslClientCert.getIssuerDN() - .toString()); - CMS.debug("HashEnrollServlet: sslClientCert issuerDN = " - + sslClientCert.getIssuerDN().toString()); + req.setExtData(CLIENT_ISSUER, + sslClientCert.getIssuerDN().toString()); + CMS.debug( + "HashEnrollServlet: sslClientCert issuerDN = " + sslClientCert.getIssuerDN().toString()); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); - throw new ECMSGWException(CMS.getUserMessage( - getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), + "CMS_GW_MISSING_KEYGEN_INFO")); } } else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) { // have to be buried here to handle the issuer @@ -598,21 +596,21 @@ public class HashEnrollServlet extends CMSServlet { if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); - throw new ECMSGWException(CMS.getUserMessage( - getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), + "CMS_GW_MISSING_KEYGEN_INFO")); } - req.setExtData(CLIENT_ISSUER, sslClientCert.getIssuerDN() - .toString()); + req.setExtData(CLIENT_ISSUER, + sslClientCert.getIssuerDN().toString()); } } else if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), - "CMS_GW_MISSING_KEYGEN_INFO")); + "CMS_GW_MISSING_KEYGEN_INFO")); } req.setExtData(IRequest.CERT_INFO, certInfoArray); @@ -623,9 +621,9 @@ public class HashEnrollServlet extends CMSServlet { req.setExtData(CHALLENGE_PASSWORD, pwd); } - // send request to request queue. + // send request to request queue. mRequestQueue.processRequest(req); - // process result. + // process result. // render OLD_CERT_TYPE's response differently, we // dont want any javascript in HTML, and need to @@ -640,28 +638,27 @@ public class HashEnrollServlet extends CMSServlet { return; } - // for audit log + //for audit log String initiative = null; String agentID = null; if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - // request is from eegateway, so fromUser. + // request is from eegateway, so fromUser. initiative = AuditFormat.FROMUSER; } else { agentID = authToken.getInString("userid"); initiative = AuditFormat.FROMAGENT + " agentID: " + agentID; - } + } // if service not complete return standard templates. RequestStatus status = req.getRequestStatus(); if (status != RequestStatus.COMPLETE) { cmsReq.setIRequestStatus(); // set status acc. to IRequest status. - // audit log the status + // audit log the status try { if (status == RequestStatus.REJECTED) { - Vector messages = req - .getExtDataInStringVector(IRequest.ERRORS); + Vector messages = req.getExtDataInStringVector(IRequest.ERRORS); if (messages != null) { Enumeration msgs = messages.elements(); @@ -671,42 +668,52 @@ public class HashEnrollServlet extends CMSServlet { wholeMsg.append("\n"); wholeMsg.append(msgs.nextElement()); } - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { req.getRequestId(), initiative, - authMgr, status.toString(), - certInfo.get(X509CertInfo.SUBJECT), - " violation: " + wholeMsg.toString() }, - ILogger.L_MULTILINE); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), + " violation: " + + wholeMsg.toString()}, + ILogger.L_MULTILINE + ); } else { // no policy violation, from agent - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { req.getRequestId(), initiative, - authMgr, status.toString(), - certInfo.get(X509CertInfo.SUBJECT), "" }); - } - } else { // other imcomplete status - mLogger.log( - ILogger.EV_AUDIT, + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.ENROLLMENTFORMAT, - new Object[] { req.getRequestId(), initiative, - authMgr, status.toString(), - certInfo.get(X509CertInfo.SUBJECT), "" }); + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), ""} + ); + } + } else { // other imcomplete status + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), ""} + ); } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } return; } @@ -717,35 +724,39 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(req.getExtDataInString(IRequest.ERROR)); - String[] svcErrors = req - .getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = + req.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - // System.out.println( - // "revocation servlet: setting error description "+ - // err.toString()); + //System.out.println( + //"revocation servlet: setting error description "+ + //err.toString()); cmsReq.setErrorDescription(err); // audit log the error try { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, new Object[] { - req.getRequestId(), initiative, - authMgr, - "completed with error: " + err, - certInfo.get(X509CertInfo.SUBJECT), - "" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed with error: " + + err, + certInfo.get(X509CertInfo.SUBJECT), ""} + ); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } } @@ -756,143 +767,144 @@ public class HashEnrollServlet extends CMSServlet { // service success cmsReq.setStatus(CMSRequest.SUCCESS); - X509CertImpl[] issuedCerts = req - .getExtDataInCertArray(IRequest.ISSUED_CERTS); + X509CertImpl[] issuedCerts = + req.getExtDataInCertArray(IRequest.ISSUED_CERTS); // audit log the success. - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed", - issuedCerts[0].getSubjectDN(), - "cert issued serial number: 0x" - + issuedCerts[0].getSerialNumber().toString(16) }); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed", + issuedCerts[0].getSubjectDN(), + "cert issued serial number: 0x" + + issuedCerts[0].getSerialNumber().toString(16)} + ); // return cert as mime type binary if requested. - if (checkImportCertToNav(cmsReq.getHttpResp(), httpParams, - issuedCerts[0])) { + if (checkImportCertToNav( + cmsReq.getHttpResp(), httpParams, issuedCerts[0])) { cmsReq.setStatus(CMSRequest.SUCCESS); return; } - + // use success template. try { - cmsReq.setResult(issuedCerts); - renderTemplate(cmsReq, mEnrollSuccessTemplate, mEnrollSuccessFiller); - cmsReq.setStatus(CMSRequest.SUCCESS); + cmsReq.setResult(issuedCerts); + renderTemplate(cmsReq, mEnrollSuccessTemplate, + mEnrollSuccessFiller); + cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_TEMP_REND_ERR", - mEnrollSuccessFiller.toString(), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(), e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); + CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); } return; } /** - * fill subject name, validity, extensions from authoken if any, overriding - * what was in pkcs10. fill subject name, extensions from http input if not - * authenticated. requests not authenticated will need to be approved by an - * agent. + * fill subject name, validity, extensions from authoken if any, + * overriding what was in pkcs10. + * fill subject name, extensions from http input if not authenticated. + * requests not authenticated will need to be approved by an agent. */ - protected void fillCertInfoFromAuthToken(X509CertInfo certInfo, - IAuthToken authToken) throws EBaseException { + protected void fillCertInfoFromAuthToken( + X509CertInfo certInfo, IAuthToken authToken) + throws EBaseException { // override subject, validity and extensions from auth token // CA determines algorithm, version and issuer. - // take key from keygen, cmc, pkcs10 or crmf. + // take key from keygen, cmc, pkcs10 or crmf. // subject name. try { - String subjectname = authToken - .getInString(AuthToken.TOKEN_CERT_SUBJECT); + String subjectname = + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT); if (subjectname != null) { - CertificateSubjectName certSubject = (CertificateSubjectName) new CertificateSubjectName( - new X500Name(subjectname)); + CertificateSubjectName certSubject = (CertificateSubjectName) + new CertificateSubjectName(new X500Name(subjectname)); certInfo.set(X509CertInfo.SUBJECT, certSubject); - log(ILogger.LL_INFO, "cert subject set to " + certSubject - + " from authtoken"); + log(ILogger.LL_INFO, + "cert subject set to " + certSubject + " from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } // validity try { CertificateValidity validity = null; - Date notBefore = authToken - .getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); - Date notAfter = authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); + Date notBefore = + authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); + Date notAfter = + authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); if (notBefore != null && notAfter != null) { validity = new CertificateValidity(notBefore, notAfter); certInfo.set(X509CertInfo.VALIDITY, validity); - log(ILogger.LL_INFO, "cert validity set to " + validity - + " from authtoken"); + log(ILogger.LL_INFO, + "cert validity set to " + validity + " from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } - + // extensions try { - CertificateExtensions extensions = authToken - .getInCertExts(X509CertInfo.EXTENSIONS); + CertificateExtensions extensions = + authToken.getInCertExts(X509CertInfo.EXTENSIONS); if (extensions != null) { certInfo.set(X509CertInfo.EXTENSIONS, extensions); log(ILogger.LL_INFO, "cert extensions set from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } } - protected X509CertInfo[] fillCRMF(String crmf, IAuthToken authToken, - IArgBlock httpParams, IRequest req) throws EBaseException { + protected X509CertInfo[] fillCRMF( + String crmf, IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { try { byte[] crmfBlob = CMS.AtoB(crmf); - ByteArrayInputStream crmfBlobIn = new ByteArrayInputStream(crmfBlob); - - SEQUENCE crmfMsgs = (SEQUENCE) new SEQUENCE.OF_Template( - new CertReqMsg.Template()).decode(crmfBlobIn); + ByteArrayInputStream crmfBlobIn = + new ByteArrayInputStream(crmfBlob); + + SEQUENCE crmfMsgs = (SEQUENCE) + new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs]; @@ -902,11 +914,17 @@ public class HashEnrollServlet extends CMSServlet { CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i); /* - * if (certReqMsg.hasPop()) { try { certReqMsg.verify(); } catch - * (ChallengeResponseException ex) { // create and save the - * challenge // construct the cmmf message together // in a - * sequence to challenge the requestor } catch (Exception e) { - * // failed, should only affect one request } } + if (certReqMsg.hasPop()) { + try { + certReqMsg.verify(); + } catch (ChallengeResponseException ex) { + // create and save the challenge + // construct the cmmf message together + // in a sequence to challenge the requestor + } catch (Exception e) { + // failed, should only affect one request + } + } */ CertRequest certReq = certReqMsg.getCertReq(); INTEGER certReqId = certReq.getCertReqId(); @@ -930,94 +948,95 @@ public class HashEnrollServlet extends CMSServlet { // field suggested notBefore and notAfter in CRMF // Tech Support #383184 - if (certTemplate.getNotBefore() != null - || certTemplate.getNotAfter() != null) { - CertificateValidity certValidity = new CertificateValidity( - certTemplate.getNotBefore(), - certTemplate.getNotAfter()); + if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) { + CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter()); - certInfo.set(X509CertInfo.VALIDITY, certValidity); + certInfo.set(X509CertInfo.VALIDITY, certValidity); } if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); - ByteArrayOutputStream subjectEncStream = new ByteArrayOutputStream(); + ByteArrayOutputStream subjectEncStream = + new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); X500Name subject = new X500Name(subjectEnc); - certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subject)); - } else if (authToken == null - || authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { - // No subject name - error! - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + certInfo.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(subject)); + } else if (authToken == null || + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + // No subject name - error! + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); } - // get extensions + // get extensions CertificateExtensions extensions = null; try { - extensions = (CertificateExtensions) certInfo - .get(X509CertInfo.EXTENSIONS); + extensions = (CertificateExtensions) + certInfo.get(X509CertInfo.EXTENSIONS); } catch (CertificateException e) { extensions = null; } catch (IOException e) { extensions = null; } if (certTemplate.hasExtensions()) { - // put each extension from CRMF into CertInfo. - // index by extension name, consistent with + // put each extension from CRMF into CertInfo. + // index by extension name, consistent with // CertificateExtensions.parseExtension() method. - if (extensions == null) + if (extensions == null) extensions = new CertificateExtensions(); int numexts = certTemplate.numExtensions(); for (int j = 0; j < numexts; j++) { - org.mozilla.jss.pkix.cert.Extension jssext = certTemplate - .extensionAt(j); + org.mozilla.jss.pkix.cert.Extension jssext = + certTemplate.extensionAt(j); boolean isCritical = jssext.getCritical(); - org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = jssext - .getExtnId(); + org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = + jssext.getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; for (int k = numbers.length - 1; k >= 0; k--) { oidNumbers[k] = (int) numbers[k]; } - ObjectIdentifier oid = new ObjectIdentifier(oidNumbers); - org.mozilla.jss.asn1.OCTET_STRING jssvalue = jssext - .getExtnValue(); - ByteArrayOutputStream jssvalueout = new ByteArrayOutputStream(); + ObjectIdentifier oid = + new ObjectIdentifier(oidNumbers); + org.mozilla.jss.asn1.OCTET_STRING jssvalue = + jssext.getExtnValue(); + ByteArrayOutputStream jssvalueout = + new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); - Extension ext = new Extension(oid, isCritical, extValue); + Extension ext = + new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } - certInfo.set(X509CertInfo.VERSION, new CertificateVersion( - CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } - // Added a new configuration parameter + // Added a new configuration parameter // eeGateway.Enrollment.authTokenOverride=[true|false] // By default, it is set to true. In most // of the case, administrator would want // to have the control of the subject name // formulation. // -- CRMFfillCert - if (authToken != null - && authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { - // if authenticated override subect name, validity and + if (authToken != null && + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { + // if authenticated override subect name, validity and // extensions if any from authtoken. fillCertInfoFromAuthToken(certInfo, authToken); } @@ -1029,34 +1048,32 @@ public class HashEnrollServlet extends CMSServlet { return certInfoArray; } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidKeyException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } - protected void renderServerEnrollResult(CMSRequest cmsReq) - throws IOException { + protected void renderServerEnrollResult(CMSRequest cmsReq) throws + IOException { HttpServletResponse httpResp = cmsReq.getHttpResp(); httpResp.setContentType("text/html"); @@ -1071,16 +1088,11 @@ public class HashEnrollServlet extends CMSServlet { out.println("</TITLE>"); // out.println("<BODY BGCOLOR=white>"); - if (cmsReq.getIRequest().getRequestStatus() - .equals(RequestStatus.COMPLETE)) { + if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.COMPLETE)) { out.println("<H1>"); out.println("SUCCESS"); out.println("</H1>"); - out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX - // - - // localize - // the - // message + out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX - localize the message out.println("<P>"); out.println("Request Creation Time: "); out.println(cmsReq.getIRequest().getCreationTime().toString()); @@ -1094,30 +1106,25 @@ public class HashEnrollServlet extends CMSServlet { out.println("Certificate: "); out.println("<P>"); out.println("<PRE>"); - X509CertImpl certs[] = cmsReq.getIRequest().getExtDataInCertArray( - IRequest.ISSUED_CERTS); + X509CertImpl certs[] = + cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS); out.println(CMS.getEncodedCert(certs[0])); out.println("</PRE>"); out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" - + cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" - + cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" - + cmsReq.getIRequest().getRequestId().toString() + ">"); - out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" - + CMS.getEncodedCert(certs[0]) + ">"); - } else if (cmsReq.getIRequest().getRequestStatus() - .equals(RequestStatus.PENDING)) { + out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); + out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" + + CMS.getEncodedCert(certs[0]) + ">"); + } else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) { out.println("<H1>"); out.println("PENDING"); out.println("</H1>"); - out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX - // - - // localize - // the - // message + out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX - localize the message out.println("<P>"); out.println("Request Creation Time: "); out.println(cmsReq.getIRequest().getCreationTime().toString()); @@ -1128,22 +1135,18 @@ public class HashEnrollServlet extends CMSServlet { out.println("Request ID: "); out.println(cmsReq.getIRequest().getRequestId().toString()); out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" - + cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" - + cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" - + cmsReq.getIRequest().getRequestId().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); } else { out.println("<H1>"); out.println("ERROR"); out.println("</H1>"); out.println("<!INFO>"); - out.println("Please consult your local administrator for assistance."); // XXX - // - - // localize - // the - // message + out.println("Please consult your local administrator for assistance."); // XXX - localize the message out.println("<!/INFO>"); out.println("<P>"); out.println("Request Status: "); @@ -1152,55 +1155,62 @@ public class HashEnrollServlet extends CMSServlet { out.println("Error: "); out.println(cmsReq.getError()); // XXX - need to parse in Locale out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" - + cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT ERROR=" + cmsReq.getError() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT ERROR=" + + cmsReq.getError() + ">"); } /** - * // include all the input data IArgBlock args = - * cmsReq.getHttpParams(); Enumeration ele = args.getElements(); while - * (ele.hasMoreElements()) { String eleT = (String)ele.nextElement(); - * out.println("<!HTTP_INPUT " + eleT + "=" + args.get(eleT) + ">"); } + // include all the input data + IArgBlock args = cmsReq.getHttpParams(); + Enumeration ele = args.getElements(); + while (ele.hasMoreElements()) { + String eleT = (String)ele.nextElement(); + out.println("<!HTTP_INPUT " + eleT + "=" + + args.get(eleT) + ">"); + } **/ out.println("</HTML>"); } - // XXX ALERT !! - // Remove the following and calls to them when we bundle a cartman - // later than alpha1. - // These are here to cover up problem in cartman where the - // key usage extension always ends up being digital signature only + // XXX ALERT !! + // Remove the following and calls to them when we bundle a cartman + // later than alpha1. + // These are here to cover up problem in cartman where the + // key usage extension always ends up being digital signature only // and for rsa-ex ends up having no bits set. private boolean mIsTestBed = false; - private void init_testbed_hack(IConfigStore config) throws EBaseException { + private void init_testbed_hack(IConfigStore config) + throws EBaseException { mIsTestBed = config.getBoolean("isTestBed", true); } - private void do_testbed_hack(int nummsgs, X509CertInfo[] certinfo, - IArgBlock httpParams) throws EBaseException { - if (!mIsTestBed) + private void do_testbed_hack( + int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams) + throws EBaseException { + if (!mIsTestBed) return; - // get around bug in cartman - bits are off by one byte. + // get around bug in cartman - bits are off by one byte. for (int i = 0; i < certinfo.length; i++) { try { X509CertInfo cert = certinfo[i]; - CertificateExtensions exts = (CertificateExtensions) cert - .get(CertificateExtensions.NAME); + CertificateExtensions exts = (CertificateExtensions) + cert.get(CertificateExtensions.NAME); if (exts == null) { // should not happen. continue; } - KeyUsageExtension ext = (KeyUsageExtension) exts - .get(KeyUsageExtension.NAME); + KeyUsageExtension ext = (KeyUsageExtension) + exts.get(KeyUsageExtension.NAME); - if (ext == null) - // should not happen + if (ext == null) + // should not happen continue; byte[] value = ext.getExtensionValue(); @@ -1211,32 +1221,36 @@ public class HashEnrollServlet extends CMSServlet { newvalue[1] = 0x03; newvalue[2] = 0x07; newvalue[3] = value[3]; - // force encryption certs to have digitial signature + // force encryption certs to have digitial signature // set too so smime can find the cert for encryption. if (value[3] == 0x20) { /* - * newvalue[3] = 0x3f; newvalue[4] = (byte)0x80; + newvalue[3] = 0x3f; + newvalue[4] = (byte)0x80; */ - if (httpParams.getValueAsBoolean("dual-use-hack", true)) { + if (httpParams.getValueAsBoolean( + "dual-use-hack", true)) { newvalue[3] = (byte) 0xE0; // same as rsa-dual-use. } } newvalue[4] = 0; - KeyUsageExtension newext = new KeyUsageExtension( - Boolean.valueOf(true), (Object) newvalue); + KeyUsageExtension newext = + new KeyUsageExtension(Boolean.valueOf(true), + (Object) newvalue); exts.delete(KeyUsageExtension.NAME); exts.set(KeyUsageExtension.NAME, newext); } } catch (IOException e) { - // should never happen + // should never happen continue; } catch (CertificateException e) { - // should never happen + // should never happen continue; } } } } + |