summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java171
1 files changed, 90 insertions, 81 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
index 8f1e57c45..75726730a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
+
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.StringReader;
@@ -57,25 +58,25 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
+
/**
* Set up HTTP response to import certificate into browsers
*
- * The result must have been populate with the set of certificates to return.
- *
+ * The result must have been populate with the set of certificates
+ * to return.
* <pre>
* inputs: certtype.
* outputs:
- * - cert type from http input (if any)
+ * - cert type from http input (if any)
* - CA chain
- * - authority name (RM, CM, DRM)
+ * - authority name (RM, CM, DRM)
* - scheme:host:port of server.
- * array of one or more
+ * array of one or more
* - cert serial number
* - cert pretty print
- * - cert in base 64 encoding.
- * - cmmf blob to import
+ * - cert in base 64 encoding.
+ * - cmmf blob to import
* </pre>
- *
* @version $Revision$, $Date$
*/
public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
@@ -87,7 +88,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
public static final String CERT_FINGERPRINT = "certFingerprint"; // cisco
public static final String CERT_NICKNAME = "certNickname";
public static final String CMMF_RESP = "cmmfResponse";
- public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE
+ public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE
public ImportCertsTemplateFiller() {
}
@@ -98,31 +99,33 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
* @param locale locale of template.
* @param e unexpected exception e. ignored.
*/
- public CMSTemplateParams getTemplateParams(CMSRequest cmsReq,
- IAuthority authority, Locale locale, Exception e) throws Exception {
+ public CMSTemplateParams getTemplateParams(
+ CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
+ throws Exception {
Certificate[] certs = (Certificate[]) cmsReq.getResult();
if (certs instanceof X509CertImpl[])
- return getX509TemplateParams(cmsReq, authority, locale, e);
+ return getX509TemplateParams(cmsReq, authority, locale, e);
else
return null;
}
-
- public CMSTemplateParams getX509TemplateParams(CMSRequest cmsReq,
- IAuthority authority, Locale locale, Exception e) throws Exception {
+
+ public CMSTemplateParams getX509TemplateParams(
+ CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
+ throws Exception {
IArgBlock header = CMS.createArgBlock();
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(header, fixed);
- // set host name and port.
+ // set host name and port.
HttpServletRequest httpReq = cmsReq.getHttpReq();
String host = httpReq.getServerName();
int port = httpReq.getServerPort();
String scheme = httpReq.getScheme();
String format = httpReq.getParameter("format");
- if (format != null && format.equals("cmc"))
+ if(format!=null && format.equals("cmc"))
fixed.set("importCMC", "false");
- String agentPort = "" + port;
+ String agentPort = ""+port;
fixed.set("agentHost", host);
fixed.set("agentPort", agentPort);
fixed.set(ICMSTemplateFiller.HOST, host);
@@ -131,8 +134,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
IRequest r = cmsReq.getIRequest();
if (r != null) {
- fixed.set(ICMSTemplateFiller.REQUEST_ID, r.getRequestId()
- .toString());
+ fixed.set(ICMSTemplateFiller.REQUEST_ID, r.getRequestId().toString());
}
// set key record (if KRA enabled)
@@ -140,53 +142,53 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
BigInteger keyRecSerialNo = r.getExtDataInBigInteger("keyRecord");
if (keyRecSerialNo != null) {
- fixed.set(ICMSTemplateFiller.KEYREC_ID,
- keyRecSerialNo.toString());
+ fixed.set(ICMSTemplateFiller.KEYREC_ID, keyRecSerialNo.toString());
}
}
// set cert type.
IArgBlock httpParams = cmsReq.getHttpParams();
- String certType = httpParams.getValueAsString(CERT_TYPE, null);
+ String certType =
+ httpParams.getValueAsString(CERT_TYPE, null);
- if (certType != null)
+ if (certType != null)
fixed.set(CERT_TYPE, certType);
- // this authority
- fixed.set(ICMSTemplateFiller.AUTHORITY,
- (String) authority.getOfficialName());
+ // this authority
+ fixed.set(ICMSTemplateFiller.AUTHORITY,
+ (String) authority.getOfficialName());
// CA chain.
- CertificateChain cachain = ((ICertAuthority) authority)
- .getCACertChain();
+ CertificateChain cachain =
+ ((ICertAuthority) authority).getCACertChain();
X509Certificate[] cacerts = cachain.getChain();
String replyTo = httpParams.getValueAsString("replyTo", null);
- if (replyTo != null)
- fixed.set("replyTo", replyTo);
+ if (replyTo != null) fixed.set("replyTo", replyTo);
- // set user + CA cert chain and pkcs7 for MSIE.
+ // set user + CA cert chain and pkcs7 for MSIE.
X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
int m = 1, n = 0;
- for (; n < cacerts.length; m++, n++)
+ for (; n < cacerts.length; m++, n++)
userChain[m] = (X509CertImpl) cacerts[n];
- // certs.
+ // certs.
X509CertImpl[] certs = (X509CertImpl[]) cmsReq.getResult();
// expose CRMF request id
String crmfReqId = cmsReq.getExtData(IRequest.CRMF_REQID);
if (crmfReqId == null) {
- crmfReqId = (String) cmsReq.getResult(IRequest.CRMF_REQID);
+ crmfReqId = (String) cmsReq.getResult(
+ IRequest.CRMF_REQID);
}
if (crmfReqId != null) {
fixed.set(CRMF_REQID, crmfReqId);
}
- // set CA certs in cmmf, initialize CertRepContent
+ // set CA certs in cmmf, initialize CertRepContent
// note cartman can't trust ca certs yet but it'll import them.
// also set cert nickname for cartman.
CertRepContent certRepContent = null;
@@ -194,31 +196,33 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
if (CMSServlet.doCMMFResponse(httpParams)) {
byte[][] caPubs = new byte[cacerts.length][];
- for (int j = 0; j < cacerts.length; j++)
+ for (int j = 0; j < cacerts.length; j++)
caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded();
certRepContent = new CertRepContent(caPubs);
- String certnickname = cmsReq.getHttpParams().getValueAsString(
- CERT_NICKNAME, null);
+ String certnickname =
+ cmsReq.getHttpParams().getValueAsString(CERT_NICKNAME, null);
// if nickname is not requested set to subject name by default.
- if (certnickname == null)
+ if (certnickname == null)
fixed.set(CERT_NICKNAME, certs[0].getSubjectDN().toString());
else
fixed.set(CERT_NICKNAME, certnickname);
}
- // make pkcs7 for MSIE
- if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq())
- && (certType == null || certType.equals("client"))) {
+ // make pkcs7 for MSIE
+ if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) &&
+ (certType == null || certType.equals("client"))) {
userChain[0] = certs[0];
- PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(
- new byte[0]), userChain, new SignerInfo[0]);
+ PKCS7 p7 = new PKCS7(new AlgorithmId[0],
+ new ContentInfo(new byte[0]),
+ userChain,
+ new SignerInfo[0]);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
p7.encodeSignedData(bos);
byte[] p7Bytes = bos.toByteArray();
- // String p7Str = encoder.encodeBuffer(p7Bytes);
+ // String p7Str = encoder.encodeBuffer(p7Bytes);
String p7Str = CMS.BtoA(p7Bytes);
header.set(PKCS7_RESP, p7Str);
@@ -230,23 +234,24 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
X509CertImpl cert = certs[i];
// set serial number.
- BigInteger serialNo = ((X509Certificate) cert).getSerialNumber();
+ BigInteger serialNo =
+ ((X509Certificate) cert).getSerialNumber();
repeat.addBigIntegerValue(ISSUED_CERT_SERIAL, serialNo, 16);
// set base64 encoded blob.
byte[] certEncoded = cert.getEncoded();
- // String b64 = encoder.encodeBuffer(certEncoded);
+ // String b64 = encoder.encodeBuffer(certEncoded);
String b64 = CMS.BtoA(certEncoded);
- String b64cert = "-----BEGIN CERTIFICATE-----\n" + b64
- + "\n-----END CERTIFICATE-----";
+ String b64cert = "-----BEGIN CERTIFICATE-----\n" +
+ b64 + "\n-----END CERTIFICATE-----";
repeat.set(BASE64_CERT, b64cert);
-
+
// set cert pretty print.
-
- String prettyPrintRequested = cmsReq.getHttpParams()
- .getValueAsString(CERT_PRETTYPRINT, null);
+
+ String prettyPrintRequested =
+ cmsReq.getHttpParams().getValueAsString(CERT_PRETTYPRINT, null);
if (prettyPrintRequested == null) {
prettyPrintRequested = "true";
@@ -261,21 +266,21 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
repeat.set(CERT_PRETTYPRINT, ppStr);
// Now formulate a PKCS#7 blob
- X509CertImpl[] certsInChain = new X509CertImpl[1];
- ;
+ X509CertImpl[] certsInChain = new X509CertImpl[1];;
if (cacerts != null) {
for (int j = 0; j < cacerts.length; j++) {
if (cert.equals(cacerts[j])) {
- certsInChain = new X509CertImpl[cacerts.length];
+ certsInChain = new
+ X509CertImpl[cacerts.length];
break;
}
certsInChain = new X509CertImpl[cacerts.length + 1];
}
}
-
+
// Set the EE cert
certsInChain[0] = cert;
-
+
// Set the Ca certificate chain
if (cacerts != null) {
for (int j = 0; j < cacerts.length; j++) {
@@ -287,21 +292,23 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
String p7Str;
try {
- PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(
- new byte[0]), certsInChain, new SignerInfo[0]);
+ PKCS7 p7 = new PKCS7(new AlgorithmId[0],
+ new ContentInfo(new byte[0]),
+ certsInChain,
+ new SignerInfo[0]);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
p7.encodeSignedData(bos);
byte[] p7Bytes = bos.toByteArray();
- // p7Str = encoder.encodeBuffer(p7Bytes);
+ //p7Str = encoder.encodeBuffer(p7Bytes);
p7Str = CMS.BtoA(p7Bytes);
repeat.addStringValue("pkcs7ChainBase64", p7Str);
} catch (Exception ex) {
- // p7Str = "PKCS#7 B64 Encoding error - " + ex.toString()
- // + "; Please contact your administrator";
+ //p7Str = "PKCS#7 B64 Encoding error - " + ex.toString()
+ //+ "; Please contact your administrator";
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
+ CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
}
// set cert fingerprint (for Cisco routers)
@@ -311,24 +318,25 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
fingerprint = CMS.getFingerPrints(cert);
} catch (CertificateEncodingException ex) {
// should never happen
- throw new EBaseException(CMS.getUserMessage(locale,
- "CMS_BASE_INTERNAL_ERROR", ex.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", ex.toString()));
} catch (NoSuchAlgorithmException ex) {
// should never happen
- throw new EBaseException(CMS.getUserMessage(locale,
- "CMS_BASE_INTERNAL_ERROR", ex.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", ex.toString()));
}
- if (fingerprint != null && fingerprint.length() > 0)
+ if (fingerprint != null && fingerprint.length() > 0)
repeat.set(CERT_FINGERPRINT, fingerprint);
- // cmmf response for this cert.
- if (CMSServlet.doCMMFResponse(httpParams) && crmfReqId != null
- && (certType == null || certType.equals("client"))) {
+ // cmmf response for this cert.
+ if (CMSServlet.doCMMFResponse(httpParams) && crmfReqId != null &&
+ (certType == null || certType.equals("client"))) {
PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted);
- CertifiedKeyPair certifiedKP = new CertifiedKeyPair(
- new CertOrEncCert(certEncoded));
- CertResponse resp = new CertResponse(new INTEGER(crmfReqId),
- status, certifiedKP);
+ CertifiedKeyPair certifiedKP =
+ new CertifiedKeyPair(new CertOrEncCert(certEncoded));
+ CertResponse resp =
+ new CertResponse(new INTEGER(crmfReqId), status,
+ certifiedKP);
certRepContent.addCertResponse(resp);
}
@@ -344,19 +352,19 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
byte[] certRepBytes = certRepOut.toByteArray();
String certRepB64 = com.netscape.osutil.OSUtil.BtoA(certRepBytes);
// add CR to each return as required by cartman
- BufferedReader certRepB64lines = new BufferedReader(
- new StringReader(certRepB64));
+ BufferedReader certRepB64lines =
+ new BufferedReader(new StringReader(certRepB64));
StringWriter certRepStringOut = new StringWriter();
String oneLine = null;
boolean first = true;
while ((oneLine = certRepB64lines.readLine()) != null) {
if (first) {
- // certRepStringOut.write("\""+oneLine+"\"");
+ //certRepStringOut.write("\""+oneLine+"\"");
certRepStringOut.write(oneLine);
first = false;
} else {
- // certRepStringOut.write("+\"\\n"+oneLine+"\"");
+ //certRepStringOut.write("+\"\\n"+oneLine+"\"");
certRepStringOut.write("\n" + oneLine);
}
}
@@ -368,3 +376,4 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
return params;
}
}
+
generated by cgit (git 2.34.1) at 2024-09-17 21:38:09 +0000