diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java | 171 |
1 files changed, 90 insertions, 81 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java index 8f1e57c45..75726730a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.StringReader; @@ -57,25 +58,25 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; + /** * Set up HTTP response to import certificate into browsers * - * The result must have been populate with the set of certificates to return. - * + * The result must have been populate with the set of certificates + * to return. * <pre> * inputs: certtype. * outputs: - * - cert type from http input (if any) + * - cert type from http input (if any) * - CA chain - * - authority name (RM, CM, DRM) + * - authority name (RM, CM, DRM) * - scheme:host:port of server. - * array of one or more + * array of one or more * - cert serial number * - cert pretty print - * - cert in base 64 encoding. - * - cmmf blob to import + * - cert in base 64 encoding. + * - cmmf blob to import * </pre> - * * @version $Revision$, $Date$ */ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { @@ -87,7 +88,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { public static final String CERT_FINGERPRINT = "certFingerprint"; // cisco public static final String CERT_NICKNAME = "certNickname"; public static final String CMMF_RESP = "cmmfResponse"; - public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE + public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE public ImportCertsTemplateFiller() { } @@ -98,31 +99,33 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { * @param locale locale of template. * @param e unexpected exception e. ignored. */ - public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, - IAuthority authority, Locale locale, Exception e) throws Exception { + public CMSTemplateParams getTemplateParams( + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { Certificate[] certs = (Certificate[]) cmsReq.getResult(); if (certs instanceof X509CertImpl[]) - return getX509TemplateParams(cmsReq, authority, locale, e); + return getX509TemplateParams(cmsReq, authority, locale, e); else return null; } - - public CMSTemplateParams getX509TemplateParams(CMSRequest cmsReq, - IAuthority authority, Locale locale, Exception e) throws Exception { + + public CMSTemplateParams getX509TemplateParams( + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { IArgBlock header = CMS.createArgBlock(); IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(header, fixed); - // set host name and port. + // set host name and port. HttpServletRequest httpReq = cmsReq.getHttpReq(); String host = httpReq.getServerName(); int port = httpReq.getServerPort(); String scheme = httpReq.getScheme(); String format = httpReq.getParameter("format"); - if (format != null && format.equals("cmc")) + if(format!=null && format.equals("cmc")) fixed.set("importCMC", "false"); - String agentPort = "" + port; + String agentPort = ""+port; fixed.set("agentHost", host); fixed.set("agentPort", agentPort); fixed.set(ICMSTemplateFiller.HOST, host); @@ -131,8 +134,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { IRequest r = cmsReq.getIRequest(); if (r != null) { - fixed.set(ICMSTemplateFiller.REQUEST_ID, r.getRequestId() - .toString()); + fixed.set(ICMSTemplateFiller.REQUEST_ID, r.getRequestId().toString()); } // set key record (if KRA enabled) @@ -140,53 +142,53 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { BigInteger keyRecSerialNo = r.getExtDataInBigInteger("keyRecord"); if (keyRecSerialNo != null) { - fixed.set(ICMSTemplateFiller.KEYREC_ID, - keyRecSerialNo.toString()); + fixed.set(ICMSTemplateFiller.KEYREC_ID, keyRecSerialNo.toString()); } } // set cert type. IArgBlock httpParams = cmsReq.getHttpParams(); - String certType = httpParams.getValueAsString(CERT_TYPE, null); + String certType = + httpParams.getValueAsString(CERT_TYPE, null); - if (certType != null) + if (certType != null) fixed.set(CERT_TYPE, certType); - // this authority - fixed.set(ICMSTemplateFiller.AUTHORITY, - (String) authority.getOfficialName()); + // this authority + fixed.set(ICMSTemplateFiller.AUTHORITY, + (String) authority.getOfficialName()); // CA chain. - CertificateChain cachain = ((ICertAuthority) authority) - .getCACertChain(); + CertificateChain cachain = + ((ICertAuthority) authority).getCACertChain(); X509Certificate[] cacerts = cachain.getChain(); String replyTo = httpParams.getValueAsString("replyTo", null); - if (replyTo != null) - fixed.set("replyTo", replyTo); + if (replyTo != null) fixed.set("replyTo", replyTo); - // set user + CA cert chain and pkcs7 for MSIE. + // set user + CA cert chain and pkcs7 for MSIE. X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; int m = 1, n = 0; - for (; n < cacerts.length; m++, n++) + for (; n < cacerts.length; m++, n++) userChain[m] = (X509CertImpl) cacerts[n]; - // certs. + // certs. X509CertImpl[] certs = (X509CertImpl[]) cmsReq.getResult(); // expose CRMF request id String crmfReqId = cmsReq.getExtData(IRequest.CRMF_REQID); if (crmfReqId == null) { - crmfReqId = (String) cmsReq.getResult(IRequest.CRMF_REQID); + crmfReqId = (String) cmsReq.getResult( + IRequest.CRMF_REQID); } if (crmfReqId != null) { fixed.set(CRMF_REQID, crmfReqId); } - // set CA certs in cmmf, initialize CertRepContent + // set CA certs in cmmf, initialize CertRepContent // note cartman can't trust ca certs yet but it'll import them. // also set cert nickname for cartman. CertRepContent certRepContent = null; @@ -194,31 +196,33 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { if (CMSServlet.doCMMFResponse(httpParams)) { byte[][] caPubs = new byte[cacerts.length][]; - for (int j = 0; j < cacerts.length; j++) + for (int j = 0; j < cacerts.length; j++) caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded(); certRepContent = new CertRepContent(caPubs); - String certnickname = cmsReq.getHttpParams().getValueAsString( - CERT_NICKNAME, null); + String certnickname = + cmsReq.getHttpParams().getValueAsString(CERT_NICKNAME, null); // if nickname is not requested set to subject name by default. - if (certnickname == null) + if (certnickname == null) fixed.set(CERT_NICKNAME, certs[0].getSubjectDN().toString()); else fixed.set(CERT_NICKNAME, certnickname); } - // make pkcs7 for MSIE - if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) - && (certType == null || certType.equals("client"))) { + // make pkcs7 for MSIE + if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) && + (certType == null || certType.equals("client"))) { userChain[0] = certs[0]; - PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo( - new byte[0]), userChain, new SignerInfo[0]); + PKCS7 p7 = new PKCS7(new AlgorithmId[0], + new ContentInfo(new byte[0]), + userChain, + new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); p7.encodeSignedData(bos); byte[] p7Bytes = bos.toByteArray(); - // String p7Str = encoder.encodeBuffer(p7Bytes); + // String p7Str = encoder.encodeBuffer(p7Bytes); String p7Str = CMS.BtoA(p7Bytes); header.set(PKCS7_RESP, p7Str); @@ -230,23 +234,24 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { X509CertImpl cert = certs[i]; // set serial number. - BigInteger serialNo = ((X509Certificate) cert).getSerialNumber(); + BigInteger serialNo = + ((X509Certificate) cert).getSerialNumber(); repeat.addBigIntegerValue(ISSUED_CERT_SERIAL, serialNo, 16); // set base64 encoded blob. byte[] certEncoded = cert.getEncoded(); - // String b64 = encoder.encodeBuffer(certEncoded); + // String b64 = encoder.encodeBuffer(certEncoded); String b64 = CMS.BtoA(certEncoded); - String b64cert = "-----BEGIN CERTIFICATE-----\n" + b64 - + "\n-----END CERTIFICATE-----"; + String b64cert = "-----BEGIN CERTIFICATE-----\n" + + b64 + "\n-----END CERTIFICATE-----"; repeat.set(BASE64_CERT, b64cert); - + // set cert pretty print. - - String prettyPrintRequested = cmsReq.getHttpParams() - .getValueAsString(CERT_PRETTYPRINT, null); + + String prettyPrintRequested = + cmsReq.getHttpParams().getValueAsString(CERT_PRETTYPRINT, null); if (prettyPrintRequested == null) { prettyPrintRequested = "true"; @@ -261,21 +266,21 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { repeat.set(CERT_PRETTYPRINT, ppStr); // Now formulate a PKCS#7 blob - X509CertImpl[] certsInChain = new X509CertImpl[1]; - ; + X509CertImpl[] certsInChain = new X509CertImpl[1];; if (cacerts != null) { for (int j = 0; j < cacerts.length; j++) { if (cert.equals(cacerts[j])) { - certsInChain = new X509CertImpl[cacerts.length]; + certsInChain = new + X509CertImpl[cacerts.length]; break; } certsInChain = new X509CertImpl[cacerts.length + 1]; } } - + // Set the EE cert certsInChain[0] = cert; - + // Set the Ca certificate chain if (cacerts != null) { for (int j = 0; j < cacerts.length; j++) { @@ -287,21 +292,23 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { String p7Str; try { - PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo( - new byte[0]), certsInChain, new SignerInfo[0]); + PKCS7 p7 = new PKCS7(new AlgorithmId[0], + new ContentInfo(new byte[0]), + certsInChain, + new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); p7.encodeSignedData(bos); byte[] p7Bytes = bos.toByteArray(); - // p7Str = encoder.encodeBuffer(p7Bytes); + //p7Str = encoder.encodeBuffer(p7Bytes); p7Str = CMS.BtoA(p7Bytes); repeat.addStringValue("pkcs7ChainBase64", p7Str); } catch (Exception ex) { - // p7Str = "PKCS#7 B64 Encoding error - " + ex.toString() - // + "; Please contact your administrator"; + //p7Str = "PKCS#7 B64 Encoding error - " + ex.toString() + //+ "; Please contact your administrator"; throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); + CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); } // set cert fingerprint (for Cisco routers) @@ -311,24 +318,25 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { fingerprint = CMS.getFingerPrints(cert); } catch (CertificateEncodingException ex) { // should never happen - throw new EBaseException(CMS.getUserMessage(locale, - "CMS_BASE_INTERNAL_ERROR", ex.toString())); + throw new EBaseException( + CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", ex.toString())); } catch (NoSuchAlgorithmException ex) { // should never happen - throw new EBaseException(CMS.getUserMessage(locale, - "CMS_BASE_INTERNAL_ERROR", ex.toString())); + throw new EBaseException( + CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", ex.toString())); } - if (fingerprint != null && fingerprint.length() > 0) + if (fingerprint != null && fingerprint.length() > 0) repeat.set(CERT_FINGERPRINT, fingerprint); - // cmmf response for this cert. - if (CMSServlet.doCMMFResponse(httpParams) && crmfReqId != null - && (certType == null || certType.equals("client"))) { + // cmmf response for this cert. + if (CMSServlet.doCMMFResponse(httpParams) && crmfReqId != null && + (certType == null || certType.equals("client"))) { PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted); - CertifiedKeyPair certifiedKP = new CertifiedKeyPair( - new CertOrEncCert(certEncoded)); - CertResponse resp = new CertResponse(new INTEGER(crmfReqId), - status, certifiedKP); + CertifiedKeyPair certifiedKP = + new CertifiedKeyPair(new CertOrEncCert(certEncoded)); + CertResponse resp = + new CertResponse(new INTEGER(crmfReqId), status, + certifiedKP); certRepContent.addCertResponse(resp); } @@ -344,19 +352,19 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { byte[] certRepBytes = certRepOut.toByteArray(); String certRepB64 = com.netscape.osutil.OSUtil.BtoA(certRepBytes); // add CR to each return as required by cartman - BufferedReader certRepB64lines = new BufferedReader( - new StringReader(certRepB64)); + BufferedReader certRepB64lines = + new BufferedReader(new StringReader(certRepB64)); StringWriter certRepStringOut = new StringWriter(); String oneLine = null; boolean first = true; while ((oneLine = certRepB64lines.readLine()) != null) { if (first) { - // certRepStringOut.write("\""+oneLine+"\""); + //certRepStringOut.write("\""+oneLine+"\""); certRepStringOut.write(oneLine); first = false; } else { - // certRepStringOut.write("+\"\\n"+oneLine+"\""); + //certRepStringOut.write("+\"\\n"+oneLine+"\""); certRepStringOut.write("\n" + oneLine); } } @@ -368,3 +376,4 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { return params; } } + |