diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java | 836 |
1 files changed, 411 insertions, 425 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java index 645cb831b..0922f8821 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -85,10 +84,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** * performs face-to-face enrollment. - * + * * @version $Revision$, $Date$ */ public class HashEnrollServlet extends CMSServlet { @@ -100,10 +98,9 @@ public class HashEnrollServlet extends CMSServlet { public final static String ADMIN_ENROLL_SERVLET_ID = "adminEnroll"; // enrollment templates. - public static final String - ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template"; + public static final String ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template"; - // http params + // http params public static final String OLD_CERT_TYPE = "csrCertType"; public static final String CERT_TYPE = "certType"; // same as in ConfigConstant.java @@ -123,8 +120,7 @@ public class HashEnrollServlet extends CMSServlet { private boolean mAuthTokenOverride = true; private String mEnrollSuccessTemplate = null; - private ICMSTemplateFiller - mEnrollSuccessFiller = new ImportCertsTemplateFiller(); + private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller(); ICertificateAuthority mCa = null; ICertificateRepository mRepository = null; @@ -135,6 +131,7 @@ public class HashEnrollServlet extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -142,17 +139,17 @@ public class HashEnrollServlet extends CMSServlet { // override success template to allow direct import of keygen certs. mTemplates.remove(CMSRequest.SUCCESS); try { - mEnrollSuccessTemplate = sc.getInitParameter( - CMSServlet.PROP_SUCCESS_TEMPLATE); + mEnrollSuccessTemplate = sc + .getInitParameter(CMSServlet.PROP_SUCCESS_TEMPLATE); if (mEnrollSuccessTemplate == null) mEnrollSuccessTemplate = ENROLL_SUCCESS_TEMPLATE; - String fillername = - sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); + String fillername = sc + .getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mEnrollSuccessFiller = filler; } @@ -161,20 +158,18 @@ public class HashEnrollServlet extends CMSServlet { init_testbed_hack(mConfig); } catch (Exception e) { - // this should never happen. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); + // this should never happen. + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); } } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -192,8 +187,8 @@ public class HashEnrollServlet extends CMSServlet { IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); - IAuthSubsystem authSS = (IAuthSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem authSS = (IAuthSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr; @@ -226,14 +221,15 @@ public class HashEnrollServlet extends CMSServlet { certType = httpParams.getValueAsString(OLD_CERT_TYPE, null); if (certType == null) { certType = httpParams.getValueAsString(CERT_TYPE, "client"); - } else {; - } + } else { + ; + } - processX509(cmsReq); + processX509(cmsReq); } - + private void printError(CMSRequest cmsReq, String errorCode) - throws EBaseException { + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -253,9 +249,10 @@ public class HashEnrollServlet extends CMSServlet { form = getTemplate(formPath, httpReq, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, + e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -267,16 +264,15 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", - e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", + e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } } - protected void processX509(CMSRequest cmsReq) - throws EBaseException { + protected void processX509(CMSRequest cmsReq) throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); @@ -284,19 +280,16 @@ public class HashEnrollServlet extends CMSServlet { IRequest req = mRequestQueue.newRequest(IRequest.ENROLLMENT_REQUEST); /* - * === certAuth based enroll === - * "certAuthEnroll" is on. - * "certauthEnrollType can be one of the three: - * single - it's for single cert enrollment - * dual - it's for dual certs enrollment - * encryption - getting the encryption cert only via - * authentication of the signing cert - * (crmf or keyGenInfo) + * === certAuth based enroll === "certAuthEnroll" is on. + * "certauthEnrollType can be one of the three: single - it's for single + * cert enrollment dual - it's for dual certs enrollment encryption - + * getting the encryption cert only via authentication of the signing + * cert (crmf or keyGenInfo) */ boolean certAuthEnroll = false; - String certAuthEnrollOn = - httpParams.getValueAsString("certauthEnroll", null); + String certAuthEnrollOn = httpParams.getValueAsString("certauthEnroll", + null); X509CertInfo new_certInfo = null; if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) { @@ -307,8 +300,8 @@ public class HashEnrollServlet extends CMSServlet { String certauthEnrollType = null; if (certAuthEnroll == true) { - certauthEnrollType = - httpParams.getValueAsString("certauthEnrollType", null); + certauthEnrollType = httpParams.getValueAsString( + "certauthEnrollType", null); if (certauthEnrollType != null) { if (certauthEnrollType.equals("dual")) { CMS.debug("HashEnrollServlet: certauthEnrollType is dual"); @@ -317,20 +310,22 @@ public class HashEnrollServlet extends CMSServlet { } else if (certauthEnrollType.equals("single")) { CMS.debug("HashEnrollServlet: certauthEnrollType is single"); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", + certauthEnrollType)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); } } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); } } - String challengePassword = httpParams.getValueAsString("challengePassword", ""); + String challengePassword = httpParams.getValueAsString( + "challengePassword", ""); cmsReq.setIRequest(req); saveHttpHeaders(httpReq, req); @@ -340,8 +335,8 @@ public class HashEnrollServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, token, - mAuthzResourceName, "import"); + authzToken = authorize(mAclMethod, token, mAuthzResourceName, + "import"); } catch (Exception e) { // do nothing for now } @@ -356,41 +351,43 @@ public class HashEnrollServlet extends CMSServlet { String certBasedOldSubjectDN = null; BigInteger certBasedOldSerialNum = null; - // check if request was authenticated, if so set authtoken & certInfo. - // also if authenticated, take certInfo from authToken. + // check if request was authenticated, if so set authtoken & certInfo. + // also if authenticated, take certInfo from authToken. X509CertInfo certInfo = null; if (certAuthEnroll == true) { sslClientCert = getSSLClientCertificate(httpReq); if (sslClientCert == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); + CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); } - certBasedOldSubjectDN = (String) sslClientCert.getSubjectDN().toString(); - certBasedOldSerialNum = (BigInteger) sslClientCert.getSerialNumber(); + certBasedOldSubjectDN = (String) sslClientCert.getSubjectDN() + .toString(); + certBasedOldSerialNum = (BigInteger) sslClientCert + .getSerialNumber(); try { - certInfo = (X509CertInfo) - ((X509CertImpl) sslClientCert).get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + certInfo = (X509CertInfo) ((X509CertImpl) sslClientCert) + .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); - throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); + throw new ECMSGWException(CMS.getUserMessage( + getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); } } else { certInfo = CMS.getDefaultX509CertInfo(); } - X509CertInfo[] certInfoArray = new X509CertInfo[] {certInfo}; + X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo }; - //AuthToken authToken = access.getAuthToken(); + // AuthToken authToken = access.getAuthToken(); IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); - IAuthSubsystem authSS = (IAuthSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem authSS = (IAuthSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr1 = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr1; String pageID = httpParams.getValueAsString("pageID", null); @@ -405,24 +402,22 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); return; } else { - authMgr = - authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - // don't store agent token in request. - // agent currently used for bulk issuance. + authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + // don't store agent token in request. + // agent currently used for bulk issuance. // if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - log(ILogger.LL_INFO, - "Enrollment request was authenticated by " + - authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); + log(ILogger.LL_INFO, "Enrollment request was authenticated by " + + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); fillCertInfoFromAuthToken(certInfo, authToken); - // save authtoken attrs to request directly (for policy use) + // save authtoken attrs to request directly (for policy use) saveAuthToken(authToken, req); // req.set(IRequest.AUTH_TOKEN, authToken); // } } // fill certInfo from input types: keygen, cmc, pkcs10 or crmf - KeyGenInfo keyGenInfo = - httpParams.getValueAsKeyGenInfo(SUBJECT_KEYGEN_INFO, null); + KeyGenInfo keyGenInfo = httpParams.getValueAsKeyGenInfo( + SUBJECT_KEYGEN_INFO, null); String certType = null; @@ -441,8 +436,7 @@ public class HashEnrollServlet extends CMSServlet { req.setExtData(IRequest.HTTP_PARAMS, CERT_TYPE, certType); } - String crmf = - httpParams.getValueAsString(CRMF_REQUEST, null); + String crmf = httpParams.getValueAsString(CRMF_REQUEST, null); if (certAuthEnroll == true) { @@ -451,25 +445,21 @@ public class HashEnrollServlet extends CMSServlet { // for dual certs if (certauthEnrollType.equals(CERT_AUTH_DUAL)) { if (mCa == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NOT_A_CA")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NOT_A_CA")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_A_CA")); + CMS.getUserMessage("CMS_GW_NOT_A_CA")); } // first, make sure the client cert is indeed a - // signing only cert - if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == - false) || - ((CMS.isSigningCert((X509CertImpl) sslClientCert) == - true) && - (CMS.isEncryptionCert((X509CertImpl) sslClientCert) == - true))) { + // signing only cert + if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false) + || ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS + .isEncryptionCert((X509CertImpl) sslClientCert) == true))) { // either it's not a signing cert, or it's a dual cert log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); + CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); } X509Key key = null; @@ -478,22 +468,27 @@ public class HashEnrollServlet extends CMSServlet { try { certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", + e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", + e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", + e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", + e.toString())); } - String filter = - "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; - ICertRecordList list = - (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, - null, 10); + String filter = "(&(x509cert.subject=" + certBasedOldSubjectDN + + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + + "))(certStatus=VALID))"; + ICertRecordList list = (ICertRecordList) mCa + .getCertificateRepository().findCertRecordsInList( + filter, null, 10); int size = list.getSize(); Enumeration en = list.getCertRecords(0, size - 1); boolean gotEncCert = false; @@ -502,8 +497,8 @@ public class HashEnrollServlet extends CMSServlet { // pairing encryption cert not found } else { X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo(); - X509CertInfo[] cInfoArray = new X509CertInfo[] {certInfo, - encCertInfo}; + X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo, + encCertInfo }; int i = 1; while (en.hasMoreElements()) { @@ -511,37 +506,47 @@ public class HashEnrollServlet extends CMSServlet { X509CertImpl cert = record.getCertificate(); // if not encryption cert only, try next one - if ((CMS.isEncryptionCert(cert) == false) || - ((CMS.isEncryptionCert(cert) == true) && - (CMS.isSigningCert(cert) == true))) { + if ((CMS.isEncryptionCert(cert) == false) + || ((CMS.isEncryptionCert(cert) == true) && (CMS + .isSigningCert(cert) == true))) { continue; } key = (X509Key) cert.getPublicKey(); try { - encCertInfo = (X509CertInfo) - cert.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + encCertInfo = (X509CertInfo) cert + .get(X509CertImpl.NAME + "." + + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); - throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); + throw new ECMSGWException(CMS.getUserMessage( + getLocale(httpReq), + "CMS_GW_MISSING_CERTINFO")); } try { - encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); + encCertInfo.set(X509CertInfo.KEY, + new CertificateX509Key(key)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage( + "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", + e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage( + "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", + e.toString())); } fillCertInfoFromAuthToken(encCertInfo, authToken); @@ -555,24 +560,21 @@ public class HashEnrollServlet extends CMSServlet { if (gotEncCert == false) { // encryption cert not found, bail log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); } } else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) { // first, make sure the client cert is indeed a - // signing only cert - if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == - false) || - ((CMS.isSigningCert((X509CertImpl) sslClientCert) == - true) && - (CMS.isEncryptionCert((X509CertImpl) sslClientCert) == - true))) { + // signing only cert + if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false) + || ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS + .isEncryptionCert((X509CertImpl) sslClientCert) == true))) { // either it's not a signing cert, or it's a dual cert log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); + CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); } /* @@ -580,15 +582,15 @@ public class HashEnrollServlet extends CMSServlet { */ if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); - req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); - CMS.debug( - "HashEnrollServlet: sslClientCert issuerDN = " + sslClientCert.getIssuerDN().toString()); + req.setExtData(CLIENT_ISSUER, sslClientCert.getIssuerDN() + .toString()); + CMS.debug("HashEnrollServlet: sslClientCert issuerDN = " + + sslClientCert.getIssuerDN().toString()); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); - throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), - "CMS_GW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + throw new ECMSGWException(CMS.getUserMessage( + getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); } } else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) { // have to be buried here to handle the issuer @@ -596,21 +598,21 @@ public class HashEnrollServlet extends CMSServlet { if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); - throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), - "CMS_GW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + throw new ECMSGWException(CMS.getUserMessage( + getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); } - req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); + req.setExtData(CLIENT_ISSUER, sslClientCert.getIssuerDN() + .toString()); } } else if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), - "CMS_GW_MISSING_KEYGEN_INFO")); + "CMS_GW_MISSING_KEYGEN_INFO")); } req.setExtData(IRequest.CERT_INFO, certInfoArray); @@ -621,9 +623,9 @@ public class HashEnrollServlet extends CMSServlet { req.setExtData(CHALLENGE_PASSWORD, pwd); } - // send request to request queue. + // send request to request queue. mRequestQueue.processRequest(req); - // process result. + // process result. // render OLD_CERT_TYPE's response differently, we // dont want any javascript in HTML, and need to @@ -638,27 +640,28 @@ public class HashEnrollServlet extends CMSServlet { return; } - //for audit log + // for audit log String initiative = null; String agentID = null; if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - // request is from eegateway, so fromUser. + // request is from eegateway, so fromUser. initiative = AuditFormat.FROMUSER; } else { agentID = authToken.getInString("userid"); initiative = AuditFormat.FROMAGENT + " agentID: " + agentID; - } + } // if service not complete return standard templates. RequestStatus status = req.getRequestStatus(); if (status != RequestStatus.COMPLETE) { cmsReq.setIRequestStatus(); // set status acc. to IRequest status. - // audit log the status + // audit log the status try { if (status == RequestStatus.REJECTED) { - Vector messages = req.getExtDataInStringVector(IRequest.ERRORS); + Vector messages = req + .getExtDataInStringVector(IRequest.ERRORS); if (messages != null) { Enumeration msgs = messages.elements(); @@ -668,52 +671,42 @@ public class HashEnrollServlet extends CMSServlet { wholeMsg.append("\n"); wholeMsg.append(msgs.nextElement()); } - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), - " violation: " + - wholeMsg.toString()}, - ILogger.L_MULTILINE - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { req.getRequestId(), initiative, + authMgr, status.toString(), + certInfo.get(X509CertInfo.SUBJECT), + " violation: " + wholeMsg.toString() }, + ILogger.L_MULTILINE); } else { // no policy violation, from agent - mLogger.log(ILogger.EV_AUDIT, + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { req.getRequestId(), initiative, + authMgr, status.toString(), + certInfo.get(X509CertInfo.SUBJECT), "" }); + } + } else { // other imcomplete status + mLogger.log( + ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), ""} - ); - } - } else { // other imcomplete status - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), ""} - ); + new Object[] { req.getRequestId(), initiative, + authMgr, status.toString(), + certInfo.get(X509CertInfo.SUBJECT), "" }); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } return; } @@ -724,39 +717,35 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(req.getExtDataInString(IRequest.ERROR)); - String[] svcErrors = - req.getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = req + .getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //System.out.println( - //"revocation servlet: setting error description "+ - //err.toString()); + // System.out.println( + // "revocation servlet: setting error description "+ + // err.toString()); cmsReq.setErrorDescription(err); // audit log the error try { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed with error: " + - err, - certInfo.get(X509CertInfo.SUBJECT), ""} - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, new Object[] { + req.getRequestId(), initiative, + authMgr, + "completed with error: " + err, + certInfo.get(X509CertInfo.SUBJECT), + "" }); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } } @@ -767,144 +756,143 @@ public class HashEnrollServlet extends CMSServlet { // service success cmsReq.setStatus(CMSRequest.SUCCESS); - X509CertImpl[] issuedCerts = - req.getExtDataInCertArray(IRequest.ISSUED_CERTS); + X509CertImpl[] issuedCerts = req + .getExtDataInCertArray(IRequest.ISSUED_CERTS); // audit log the success. - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed", - issuedCerts[0].getSubjectDN(), - "cert issued serial number: 0x" + - issuedCerts[0].getSerialNumber().toString(16)} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed", + issuedCerts[0].getSubjectDN(), + "cert issued serial number: 0x" + + issuedCerts[0].getSerialNumber().toString(16) }); // return cert as mime type binary if requested. - if (checkImportCertToNav( - cmsReq.getHttpResp(), httpParams, issuedCerts[0])) { + if (checkImportCertToNav(cmsReq.getHttpResp(), httpParams, + issuedCerts[0])) { cmsReq.setStatus(CMSRequest.SUCCESS); return; } - + // use success template. try { - cmsReq.setResult(issuedCerts); - renderTemplate(cmsReq, mEnrollSuccessTemplate, - mEnrollSuccessFiller); - cmsReq.setStatus(CMSRequest.SUCCESS); + cmsReq.setResult(issuedCerts); + renderTemplate(cmsReq, mEnrollSuccessTemplate, mEnrollSuccessFiller); + cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(), e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_TEMP_REND_ERR", + mEnrollSuccessFiller.toString(), e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); + CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); } return; } /** - * fill subject name, validity, extensions from authoken if any, - * overriding what was in pkcs10. - * fill subject name, extensions from http input if not authenticated. - * requests not authenticated will need to be approved by an agent. + * fill subject name, validity, extensions from authoken if any, overriding + * what was in pkcs10. fill subject name, extensions from http input if not + * authenticated. requests not authenticated will need to be approved by an + * agent. */ - protected void fillCertInfoFromAuthToken( - X509CertInfo certInfo, IAuthToken authToken) - throws EBaseException { + protected void fillCertInfoFromAuthToken(X509CertInfo certInfo, + IAuthToken authToken) throws EBaseException { // override subject, validity and extensions from auth token // CA determines algorithm, version and issuer. - // take key from keygen, cmc, pkcs10 or crmf. + // take key from keygen, cmc, pkcs10 or crmf. // subject name. try { - String subjectname = - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT); + String subjectname = authToken + .getInString(AuthToken.TOKEN_CERT_SUBJECT); if (subjectname != null) { - CertificateSubjectName certSubject = (CertificateSubjectName) - new CertificateSubjectName(new X500Name(subjectname)); + CertificateSubjectName certSubject = (CertificateSubjectName) new CertificateSubjectName( + new X500Name(subjectname)); certInfo.set(X509CertInfo.SUBJECT, certSubject); - log(ILogger.LL_INFO, - "cert subject set to " + certSubject + " from authtoken"); + log(ILogger.LL_INFO, "cert subject set to " + certSubject + + " from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } // validity try { CertificateValidity validity = null; - Date notBefore = - authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); - Date notAfter = - authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); + Date notBefore = authToken + .getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); + Date notAfter = authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); if (notBefore != null && notAfter != null) { validity = new CertificateValidity(notBefore, notAfter); certInfo.set(X509CertInfo.VALIDITY, validity); - log(ILogger.LL_INFO, - "cert validity set to " + validity + " from authtoken"); + log(ILogger.LL_INFO, "cert validity set to " + validity + + " from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } - + // extensions try { - CertificateExtensions extensions = - authToken.getInCertExts(X509CertInfo.EXTENSIONS); + CertificateExtensions extensions = authToken + .getInCertExts(X509CertInfo.EXTENSIONS); if (extensions != null) { certInfo.set(X509CertInfo.EXTENSIONS, extensions); log(ILogger.LL_INFO, "cert extensions set from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } } - protected X509CertInfo[] fillCRMF( - String crmf, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + protected X509CertInfo[] fillCRMF(String crmf, IAuthToken authToken, + IArgBlock httpParams, IRequest req) throws EBaseException { try { byte[] crmfBlob = CMS.AtoB(crmf); - ByteArrayInputStream crmfBlobIn = - new ByteArrayInputStream(crmfBlob); - - SEQUENCE crmfMsgs = (SEQUENCE) - new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn); + ByteArrayInputStream crmfBlobIn = new ByteArrayInputStream(crmfBlob); + + SEQUENCE crmfMsgs = (SEQUENCE) new SEQUENCE.OF_Template( + new CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs]; @@ -914,17 +902,11 @@ public class HashEnrollServlet extends CMSServlet { CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i); /* - if (certReqMsg.hasPop()) { - try { - certReqMsg.verify(); - } catch (ChallengeResponseException ex) { - // create and save the challenge - // construct the cmmf message together - // in a sequence to challenge the requestor - } catch (Exception e) { - // failed, should only affect one request - } - } + * if (certReqMsg.hasPop()) { try { certReqMsg.verify(); } catch + * (ChallengeResponseException ex) { // create and save the + * challenge // construct the cmmf message together // in a + * sequence to challenge the requestor } catch (Exception e) { + * // failed, should only affect one request } } */ CertRequest certReq = certReqMsg.getCertReq(); INTEGER certReqId = certReq.getCertReqId(); @@ -948,95 +930,94 @@ public class HashEnrollServlet extends CMSServlet { // field suggested notBefore and notAfter in CRMF // Tech Support #383184 - if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) { - CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter()); + if (certTemplate.getNotBefore() != null + || certTemplate.getNotAfter() != null) { + CertificateValidity certValidity = new CertificateValidity( + certTemplate.getNotBefore(), + certTemplate.getNotAfter()); - certInfo.set(X509CertInfo.VALIDITY, certValidity); + certInfo.set(X509CertInfo.VALIDITY, certValidity); } if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); - ByteArrayOutputStream subjectEncStream = - new ByteArrayOutputStream(); + ByteArrayOutputStream subjectEncStream = new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); X500Name subject = new X500Name(subjectEnc); - certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subject)); - } else if (authToken == null || - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { - // No subject name - error! - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + certInfo.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(subject)); + } else if (authToken == null + || authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + // No subject name - error! + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); } - // get extensions + // get extensions CertificateExtensions extensions = null; try { - extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + extensions = (CertificateExtensions) certInfo + .get(X509CertInfo.EXTENSIONS); } catch (CertificateException e) { extensions = null; } catch (IOException e) { extensions = null; } if (certTemplate.hasExtensions()) { - // put each extension from CRMF into CertInfo. - // index by extension name, consistent with + // put each extension from CRMF into CertInfo. + // index by extension name, consistent with // CertificateExtensions.parseExtension() method. - if (extensions == null) + if (extensions == null) extensions = new CertificateExtensions(); int numexts = certTemplate.numExtensions(); for (int j = 0; j < numexts; j++) { - org.mozilla.jss.pkix.cert.Extension jssext = - certTemplate.extensionAt(j); + org.mozilla.jss.pkix.cert.Extension jssext = certTemplate + .extensionAt(j); boolean isCritical = jssext.getCritical(); - org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = - jssext.getExtnId(); + org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = jssext + .getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; for (int k = numbers.length - 1; k >= 0; k--) { oidNumbers[k] = (int) numbers[k]; } - ObjectIdentifier oid = - new ObjectIdentifier(oidNumbers); - org.mozilla.jss.asn1.OCTET_STRING jssvalue = - jssext.getExtnValue(); - ByteArrayOutputStream jssvalueout = - new ByteArrayOutputStream(); + ObjectIdentifier oid = new ObjectIdentifier(oidNumbers); + org.mozilla.jss.asn1.OCTET_STRING jssvalue = jssext + .getExtnValue(); + ByteArrayOutputStream jssvalueout = new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); - Extension ext = - new Extension(oid, isCritical, extValue); + Extension ext = new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, new CertificateVersion( + CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } - // Added a new configuration parameter + // Added a new configuration parameter // eeGateway.Enrollment.authTokenOverride=[true|false] // By default, it is set to true. In most // of the case, administrator would want // to have the control of the subject name // formulation. // -- CRMFfillCert - if (authToken != null && - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { - // if authenticated override subect name, validity and + if (authToken != null + && authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { + // if authenticated override subect name, validity and // extensions if any from authtoken. fillCertInfoFromAuthToken(certInfo, authToken); } @@ -1048,32 +1029,34 @@ public class HashEnrollServlet extends CMSServlet { return certInfoArray; } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidKeyException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } - protected void renderServerEnrollResult(CMSRequest cmsReq) throws - IOException { + protected void renderServerEnrollResult(CMSRequest cmsReq) + throws IOException { HttpServletResponse httpResp = cmsReq.getHttpResp(); httpResp.setContentType("text/html"); @@ -1088,11 +1071,16 @@ public class HashEnrollServlet extends CMSServlet { out.println("</TITLE>"); // out.println("<BODY BGCOLOR=white>"); - if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.COMPLETE)) { + if (cmsReq.getIRequest().getRequestStatus() + .equals(RequestStatus.COMPLETE)) { out.println("<H1>"); out.println("SUCCESS"); out.println("</H1>"); - out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX - localize the message + out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX + // - + // localize + // the + // message out.println("<P>"); out.println("Request Creation Time: "); out.println(cmsReq.getIRequest().getCreationTime().toString()); @@ -1106,25 +1094,30 @@ public class HashEnrollServlet extends CMSServlet { out.println("Certificate: "); out.println("<P>"); out.println("<PRE>"); - X509CertImpl certs[] = - cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS); + X509CertImpl certs[] = cmsReq.getIRequest().getExtDataInCertArray( + IRequest.ISSUED_CERTS); out.println(CMS.getEncodedCert(certs[0])); out.println("</PRE>"); out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + - cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" + - cmsReq.getIRequest().getRequestId().toString() + ">"); - out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" + - CMS.getEncodedCert(certs[0]) + ">"); - } else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) { + out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); + out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" + + CMS.getEncodedCert(certs[0]) + ">"); + } else if (cmsReq.getIRequest().getRequestStatus() + .equals(RequestStatus.PENDING)) { out.println("<H1>"); out.println("PENDING"); out.println("</H1>"); - out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX - localize the message + out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX + // - + // localize + // the + // message out.println("<P>"); out.println("Request Creation Time: "); out.println(cmsReq.getIRequest().getCreationTime().toString()); @@ -1135,18 +1128,22 @@ public class HashEnrollServlet extends CMSServlet { out.println("Request ID: "); out.println(cmsReq.getIRequest().getRequestId().toString()); out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + - cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" + - cmsReq.getIRequest().getRequestId().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); } else { out.println("<H1>"); out.println("ERROR"); out.println("</H1>"); out.println("<!INFO>"); - out.println("Please consult your local administrator for assistance."); // XXX - localize the message + out.println("Please consult your local administrator for assistance."); // XXX + // - + // localize + // the + // message out.println("<!/INFO>"); out.println("<P>"); out.println("Request Status: "); @@ -1155,62 +1152,55 @@ public class HashEnrollServlet extends CMSServlet { out.println("Error: "); out.println(cmsReq.getError()); // XXX - need to parse in Locale out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT ERROR=" + - cmsReq.getError() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT ERROR=" + cmsReq.getError() + ">"); } /** - // include all the input data - IArgBlock args = cmsReq.getHttpParams(); - Enumeration ele = args.getElements(); - while (ele.hasMoreElements()) { - String eleT = (String)ele.nextElement(); - out.println("<!HTTP_INPUT " + eleT + "=" + - args.get(eleT) + ">"); - } + * // include all the input data IArgBlock args = + * cmsReq.getHttpParams(); Enumeration ele = args.getElements(); while + * (ele.hasMoreElements()) { String eleT = (String)ele.nextElement(); + * out.println("<!HTTP_INPUT " + eleT + "=" + args.get(eleT) + ">"); } **/ out.println("</HTML>"); } - // XXX ALERT !! - // Remove the following and calls to them when we bundle a cartman - // later than alpha1. - // These are here to cover up problem in cartman where the - // key usage extension always ends up being digital signature only + // XXX ALERT !! + // Remove the following and calls to them when we bundle a cartman + // later than alpha1. + // These are here to cover up problem in cartman where the + // key usage extension always ends up being digital signature only // and for rsa-ex ends up having no bits set. private boolean mIsTestBed = false; - private void init_testbed_hack(IConfigStore config) - throws EBaseException { + private void init_testbed_hack(IConfigStore config) throws EBaseException { mIsTestBed = config.getBoolean("isTestBed", true); } - private void do_testbed_hack( - int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams) - throws EBaseException { - if (!mIsTestBed) + private void do_testbed_hack(int nummsgs, X509CertInfo[] certinfo, + IArgBlock httpParams) throws EBaseException { + if (!mIsTestBed) return; - // get around bug in cartman - bits are off by one byte. + // get around bug in cartman - bits are off by one byte. for (int i = 0; i < certinfo.length; i++) { try { X509CertInfo cert = certinfo[i]; - CertificateExtensions exts = (CertificateExtensions) - cert.get(CertificateExtensions.NAME); + CertificateExtensions exts = (CertificateExtensions) cert + .get(CertificateExtensions.NAME); if (exts == null) { // should not happen. continue; } - KeyUsageExtension ext = (KeyUsageExtension) - exts.get(KeyUsageExtension.NAME); + KeyUsageExtension ext = (KeyUsageExtension) exts + .get(KeyUsageExtension.NAME); - if (ext == null) - // should not happen + if (ext == null) + // should not happen continue; byte[] value = ext.getExtensionValue(); @@ -1221,36 +1211,32 @@ public class HashEnrollServlet extends CMSServlet { newvalue[1] = 0x03; newvalue[2] = 0x07; newvalue[3] = value[3]; - // force encryption certs to have digitial signature + // force encryption certs to have digitial signature // set too so smime can find the cert for encryption. if (value[3] == 0x20) { /* - newvalue[3] = 0x3f; - newvalue[4] = (byte)0x80; + * newvalue[3] = 0x3f; newvalue[4] = (byte)0x80; */ - if (httpParams.getValueAsBoolean( - "dual-use-hack", true)) { + if (httpParams.getValueAsBoolean("dual-use-hack", true)) { newvalue[3] = (byte) 0xE0; // same as rsa-dual-use. } } newvalue[4] = 0; - KeyUsageExtension newext = - new KeyUsageExtension(Boolean.valueOf(true), - (Object) newvalue); + KeyUsageExtension newext = new KeyUsageExtension( + Boolean.valueOf(true), (Object) newvalue); exts.delete(KeyUsageExtension.NAME); exts.set(KeyUsageExtension.NAME, newext); } } catch (IOException e) { - // should never happen + // should never happen continue; } catch (CertificateException e) { - // should never happen + // should never happen continue; } } } } - |