diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java | 836 |
1 files changed, 392 insertions, 444 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java index 1eabe7802..03cb83f63 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -93,31 +94,33 @@ import com.netscape.certsrv.request.RequestStatus; /** * Utility CMCOutputTemplate - * + * * @version $ $, $Date$ */ public class CMCOutputTemplate { public CMCOutputTemplate() { } - public void createFullResponseWithFailedStatus(HttpServletResponse resp, - SEQUENCE bpids, int code, UTF8String s) { + public void createFullResponseWithFailedStatus(HttpServletResponse resp, + SEQUENCE bpids, int code, UTF8String s) { SEQUENCE controlSeq = new SEQUENCE(); SEQUENCE cmsSeq = new SEQUENCE(); SEQUENCE otherMsgSeq = new SEQUENCE(); int bpid = 1; - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(code), - null); - CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(new INTEGER( - CMCStatusInfo.FAILED), bpids, s, otherInfo); - TaggedAttribute tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(code), null); + CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( + new INTEGER(CMCStatusInfo.FAILED), + bpids, s, otherInfo); + TaggedAttribute tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); try { - ResponseBody respBody = new ResponseBody(controlSeq, cmsSeq, - otherMsgSeq); + ResponseBody respBody = new ResponseBody(controlSeq, + cmsSeq, otherMsgSeq); SET certs = new SET(); ContentInfo contentInfo = getContentInfo(respBody, certs); @@ -134,14 +137,13 @@ public class CMCOutputTemplate { os.write(contentBytes); os.flush(); } catch (Exception e) { - CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: " - + e.toString()); + CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: "+e.toString()); return; } } - public void createFullResponse(HttpServletResponse resp, IRequest[] reqs, - String cert_request_type, int[] error_codes) { + public void createFullResponse(HttpServletResponse resp, IRequest []reqs, + String cert_request_type, int[] error_codes) { SEQUENCE controlSeq = new SEQUENCE(); SEQUENCE cmsSeq = new SEQUENCE(); @@ -154,106 +156,113 @@ public class CMCOutputTemplate { SEQUENCE pending_bpids = null; SEQUENCE success_bpids = null; SEQUENCE failed_bpids = null; - if (cert_request_type.equals("crmf") - || cert_request_type.equals("pkcs10")) { + if (cert_request_type.equals("crmf") || + cert_request_type.equals("pkcs10")) { String reqId = reqs[0].getRequestId().toString(); OtherInfo otherInfo = null; if (error_codes[0] == 2) { PendInfo pendInfo = new PendInfo(reqId, new Date()); - otherInfo = new OtherInfo(OtherInfo.PEND, null, pendInfo); + otherInfo = new OtherInfo(OtherInfo.PEND, null, + pendInfo); } else { - otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER( - OtherInfo.BAD_REQUEST), null); + otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_REQUEST), null); } - + SEQUENCE bpids = new SEQUENCE(); bpids.addElement(new INTEGER(1)); - CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( - CMCStatusInfo.PENDING, bpids, (String) null, otherInfo); - TaggedAttribute tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, + bpids, (String)null, otherInfo); + TaggedAttribute tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } else if (cert_request_type.equals("cmc")) { pending_bpids = new SEQUENCE(); success_bpids = new SEQUENCE(); failed_bpids = new SEQUENCE(); if (reqs != null) { - for (int i = 0; i < reqs.length; i++) { + for (int i=0; i<reqs.length; i++) { if (error_codes[i] == 0) { - success_bpids.addElement(new INTEGER(reqs[i] - .getExtDataInBigInteger("bodyPartId"))); + success_bpids.addElement(new INTEGER( + reqs[i].getExtDataInBigInteger("bodyPartId"))); } else if (error_codes[i] == 2) { - pending_bpids.addElement(new INTEGER(reqs[i] - .getExtDataInBigInteger("bodyPartId"))); + pending_bpids.addElement(new INTEGER( + reqs[i].getExtDataInBigInteger("bodyPartId"))); } else { - failed_bpids.addElement(new INTEGER(reqs[i] - .getExtDataInBigInteger("bodyPartId"))); - } + failed_bpids.addElement(new INTEGER( + reqs[i].getExtDataInBigInteger("bodyPartId"))); + } } } TaggedAttribute tagattr = null; CMCStatusInfo cmcStatusInfo = null; - SEQUENCE identityBpids = (SEQUENCE) context.get("identityProof"); + SEQUENCE identityBpids = (SEQUENCE)context.get("identityProof"); if (identityBpids != null && identityBpids.size() > 0) { - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_IDENTITY), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_IDENTITY), null); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - identityBpids, (String) null, otherInfo); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + identityBpids, (String)null, otherInfo); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } - SEQUENCE POPLinkWitnessBpids = (SEQUENCE) context - .get("POPLinkWitness"); + SEQUENCE POPLinkWitnessBpids = (SEQUENCE)context.get("POPLinkWitness"); if (POPLinkWitnessBpids != null && POPLinkWitnessBpids.size() > 0) { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_REQUEST), null); + new INTEGER(OtherInfo.BAD_REQUEST), null); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - POPLinkWitnessBpids, (String) null, otherInfo); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + POPLinkWitnessBpids, (String)null, otherInfo); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } if (pending_bpids.size() > 0) { - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, - pending_bpids, (String) null, null); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(tagattr); - } + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, + pending_bpids, (String)null, null); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(tagattr); + } if (success_bpids.size() > 0) { boolean confirmRequired = false; try { - confirmRequired = CMS.getConfigStore().getBoolean( - "cmc.cert.confirmRequired", false); - } catch (Exception e) { + confirmRequired = + CMS.getConfigStore().getBoolean("cmc.cert.confirmRequired", + false); + } catch (Exception e) { } if (confirmRequired) { CMS.debug("CMCOutputTemplate: confirmRequired in the request"); - cmcStatusInfo = new CMCStatusInfo( - CMCStatusInfo.CONFIRM_REQUIRED, success_bpids, - (String) null, null); + cmcStatusInfo = + new CMCStatusInfo(CMCStatusInfo.CONFIRM_REQUIRED, + success_bpids, (String)null, null); } else { - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, - success_bpids, (String) null, null); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, + success_bpids, (String)null, null); } - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(tagattr); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(tagattr); } if (failed_bpids.size() > 0) { - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_REQUEST), null); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - failed_bpids, (String) null, otherInfo); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(tagattr); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_REQUEST), null); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, + failed_bpids, (String)null, otherInfo); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(tagattr); } } @@ -261,80 +270,80 @@ public class CMCOutputTemplate { try { // deal with controls - Integer nums = (Integer) (context.get("numOfControls")); + Integer nums = (Integer)(context.get("numOfControls")); if (nums != null && nums.intValue() > 0) { - TaggedAttribute attr = (TaggedAttribute) (context - .get(OBJECT_IDENTIFIER.id_cmc_getCert)); + TaggedAttribute attr = + (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); if (attr != null) { try { processGetCertControl(attr, certs); } catch (EBaseException ee) { - CMS.debug("CMCOutputTemplate: " + ee.toString()); + CMS.debug("CMCOutputTemplate: "+ee.toString()); OtherInfo otherInfo1 = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_CERT_ID), null); + new INTEGER(OtherInfo.BAD_CERT_ID), null); SEQUENCE bpids1 = new SEQUENCE(); bpids1.addElement(attr.getBodyPartID()); CMCStatusInfo cmcStatusInfo1 = new CMCStatusInfo( - new INTEGER(CMCStatusInfo.FAILED), bpids1, - null, otherInfo1); + new INTEGER(CMCStatusInfo.FAILED), + bpids1, null, otherInfo1); TaggedAttribute tagattr1 = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo1); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo1); controlSeq.addElement(tagattr1); } } - attr = (TaggedAttribute) (context - .get(OBJECT_IDENTIFIER.id_cmc_dataReturn)); + attr = + (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_dataReturn)); if (attr != null) bpid = processDataReturnControl(attr, controlSeq, bpid); - attr = (TaggedAttribute) context - .get(OBJECT_IDENTIFIER.id_cmc_transactionId); + attr = + (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_transactionId); if (attr != null) bpid = processTransactionControl(attr, controlSeq, bpid); - attr = (TaggedAttribute) context - .get(OBJECT_IDENTIFIER.id_cmc_senderNonce); + attr = + (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_senderNonce); if (attr != null) bpid = processSenderNonceControl(attr, controlSeq, bpid); - attr = (TaggedAttribute) context - .get(OBJECT_IDENTIFIER.id_cmc_QueryPending); + attr = + (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_QueryPending); if (attr != null) - bpid = processQueryPendingControl(attr, controlSeq, bpid); + bpid = processQueryPendingControl(attr, controlSeq, bpid); - attr = (TaggedAttribute) context - .get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance); + attr = + (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance); - if (attr != null) - bpid = processConfirmCertAcceptanceControl(attr, - controlSeq, bpid); + if (attr != null) + bpid = processConfirmCertAcceptanceControl(attr, controlSeq, + bpid); - attr = (TaggedAttribute) context - .get(OBJECT_IDENTIFIER.id_cmc_revokeRequest); + attr = + (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_revokeRequest); - if (attr != null) - bpid = processRevokeRequestControl(attr, controlSeq, bpid); + if (attr != null) + bpid = processRevokeRequestControl(attr, controlSeq, + bpid); } if (success_bpids != null && success_bpids.size() > 0) { - for (int i = 0; i < reqs.length; i++) { + for (int i=0; i<reqs.length; i++) { if (error_codes[i] == 0) { - X509CertImpl impl = (reqs[i] - .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); + X509CertImpl impl = + (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); byte[] bin = impl.getEncoded(); Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate) certTemplate - .decode(new ByteArrayInputStream(bin)); + Certificate cert = (Certificate)certTemplate.decode( + new ByteArrayInputStream(bin)); certs.addElement(cert); } } } - ResponseBody respBody = new ResponseBody(controlSeq, cmsSeq, - otherMsgSeq); + ResponseBody respBody = new ResponseBody(controlSeq, + cmsSeq, otherMsgSeq); ContentInfo contentInfo = getContentInfo(respBody, certs); ByteArrayOutputStream fos = new ByteArrayOutputStream(); @@ -345,16 +354,16 @@ public class CMCOutputTemplate { resp.setContentType("application/pkcs7-mime"); resp.setContentLength(contentBytes.length); OutputStream os = resp.getOutputStream(); - os.write(contentBytes); + os.write(contentBytes); os.flush(); } catch (java.security.cert.CertificateEncodingException e) { - CMS.debug("CMCOutputTemplate exception: " + e.toString()); + CMS.debug("CMCOutputTemplate exception: "+e.toString()); } catch (InvalidBERException e) { - CMS.debug("CMCOutputTemplate exception: " + e.toString()); + CMS.debug("CMCOutputTemplate exception: "+e.toString()); } catch (IOException e) { - CMS.debug("CMCOutputTemplate exception: " + e.toString()); + CMS.debug("CMCOutputTemplate exception: "+e.toString()); } catch (Exception e) { - CMS.debug("Exception: " + e.toString()); + CMS.debug("Exception: "+e.toString()); } } @@ -362,46 +371,48 @@ public class CMCOutputTemplate { try { ICertificateAuthority ca = null; // add CA cert chain - ca = (ICertificateAuthority) CMS.getSubsystem("ca"); + ca = (ICertificateAuthority)CMS.getSubsystem("ca"); CertificateChain certchains = ca.getCACertChain(); java.security.cert.X509Certificate[] chains = certchains.getChain(); - for (int i = 0; i < chains.length; i++) { + for (int i=0; i<chains.length; i++) { Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate) certTemplate - .decode(new ByteArrayInputStream(chains[i].getEncoded())); + Certificate cert = (Certificate)certTemplate.decode( + new ByteArrayInputStream(chains[i].getEncoded())); certs.addElement(cert); } - + EncapsulatedContentInfo enContentInfo = new EncapsulatedContentInfo( - OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody); + OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody); org.mozilla.jss.crypto.X509Certificate x509CAcert = null; x509CAcert = ca.getCaX509Cert(); X509CertImpl caimpl = new X509CertImpl(x509CAcert.getEncoded()); - X500Name issuerName = (X500Name) caimpl.getIssuerDN(); + X500Name issuerName = (X500Name)caimpl.getIssuerDN(); byte[] issuerByte = issuerName.getEncoded(); - ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); + ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); Name issuer = (Name) Name.getTemplate().decode(istream); - IssuerAndSerialNumber ias = new IssuerAndSerialNumber(issuer, - new INTEGER(x509CAcert.getSerialNumber().toString())); + IssuerAndSerialNumber ias = new IssuerAndSerialNumber( + issuer, new INTEGER(x509CAcert.getSerialNumber().toString())); SignerIdentifier si = new SignerIdentifier( - SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); + SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); // use CA instance's default signature and digest algorithm SignatureAlgorithm signAlg = ca.getDefaultSignatureAlgorithm(); - org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager - .getInstance().findPrivKeyByCert(x509CAcert); - /* - * org.mozilla.jss.crypto.PrivateKey.Type keyType = - * privKey.getType(); if( keyType.equals( - * org.mozilla.jss.crypto.PrivateKey.RSA ) ) { signAlg = - * SignatureAlgorithm.RSASignatureWithSHA1Digest; } else if( - * keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) { - * signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; } else - * if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) { - * signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest; } else { - * CMS.debug( "CMCOutputTemplate::getContentInfo() - " + - * "signAlg is unsupported!" ); return null; } - */ + org.mozilla.jss.crypto.PrivateKey privKey = + CryptoManager.getInstance().findPrivKeyByCert(x509CAcert); +/* + org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType(); + if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.RSA ) ) { + signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; + } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) { + signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; + } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) { + signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest; + } else { + CMS.debug( "CMCOutputTemplate::getContentInfo() - " + + "signAlg is unsupported!" ); + return null; + } +*/ DigestAlgorithm digestAlg = signAlg.getDigestAlg(); MessageDigest msgDigest = null; byte[] digest = null; @@ -413,9 +424,10 @@ public class CMCOutputTemplate { respBody.encode((OutputStream) ostream); digest = msgDigest.digest(ostream.toByteArray()); - SignerInfo signInfo = new SignerInfo(si, null, null, - OBJECT_IDENTIFIER.id_cct_PKIResponse, digest, signAlg, - privKey); + SignerInfo signInfo = new + SignerInfo(si, null, null, + OBJECT_IDENTIFIER.id_cct_PKIResponse, + digest, signAlg, privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); @@ -423,32 +435,31 @@ public class CMCOutputTemplate { SET digestAlgs = new SET(); if (digestAlg != null) { - AlgorithmIdentifier ai = new AlgorithmIdentifier( - digestAlg.toOID(), null); - + AlgorithmIdentifier ai = new + AlgorithmIdentifier(digestAlg.toOID(), null); + digestAlgs.addElement(ai); } - SignedData signedData = new SignedData(digestAlgs, enContentInfo, - certs, null, signInfos); + SignedData signedData = new SignedData(digestAlgs, + enContentInfo, certs, null, signInfos); ContentInfo contentInfo = new ContentInfo(signedData); CMS.debug("CMCOutputTemplate::getContentInfo() - done"); return contentInfo; } catch (Exception e) { - CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: " - + e.toString()); + CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: "+e.toString()); } - return null; + return null; } - public void createSimpleResponse(HttpServletResponse resp, IRequest[] reqs) { + public void createSimpleResponse(HttpServletResponse resp, IRequest []reqs) { SET certs = new SET(); SessionContext context = SessionContext.getContext(); try { - TaggedAttribute attr = (TaggedAttribute) (context - .get(OBJECT_IDENTIFIER.id_cmc_getCert)); + TaggedAttribute attr = + (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); processGetCertControl(attr, certs); - } catch (Exception e) { + } catch (Exception e) { CMS.debug("CMCOutputTemplate: No certificate is found."); } @@ -457,42 +468,38 @@ public class CMCOutputTemplate { // oid for id-data OBJECT_IDENTIFIER oid = new OBJECT_IDENTIFIER("1.2.840.113549.1.7.1"); - EncapsulatedContentInfo enContentInfo = new EncapsulatedContentInfo( - oid, null); + EncapsulatedContentInfo enContentInfo = new EncapsulatedContentInfo(oid, null); try { if (reqs != null) { - for (int i = 0; i < reqs.length; i++) { - X509CertImpl impl = (reqs[i] - .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); + for (int i=0; i<reqs.length; i++) { + X509CertImpl impl = + (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); byte[] bin = impl.getEncoded(); Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate) certTemplate - .decode(new ByteArrayInputStream(bin)); + Certificate cert = + (Certificate)certTemplate.decode(new ByteArrayInputStream(bin)); certs.addElement(cert); } // Get CA certs - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); CertificateChain certchains = ca.getCACertChain(); - java.security.cert.X509Certificate[] chains = certchains - .getChain(); + java.security.cert.X509Certificate[] chains = certchains.getChain(); - for (int i = 0; i < chains.length; i++) { + for (int i=0; i<chains.length; i++) { Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate) certTemplate - .decode(new ByteArrayInputStream(chains[i] - .getEncoded())); + Certificate cert = (Certificate)certTemplate.decode( + new ByteArrayInputStream(chains[i].getEncoded())); certs.addElement(cert); } } - + if (certs.size() == 0) return; SignedData signedData = new SignedData(digestAlgorithms, - enContentInfo, certs, null, signedInfos); + enContentInfo, certs, null, signedInfos); ContentInfo contentInfo = new ContentInfo(signedData); ByteArrayOutputStream fos = new ByteArrayOutputStream(); @@ -503,47 +510,48 @@ public class CMCOutputTemplate { resp.setContentType("application/pkcs7-mime"); resp.setContentLength(contentBytes.length); OutputStream os = resp.getOutputStream(); - os.write(contentBytes); + os.write(contentBytes); os.flush(); } catch (java.security.cert.CertificateEncodingException e) { - CMS.debug("CMCOutputTemplate exception: " + e.toString()); + CMS.debug("CMCOutputTemplate exception: "+e.toString()); } catch (InvalidBERException e) { - CMS.debug("CMCOutputTemplate exception: " + e.toString()); + CMS.debug("CMCOutputTemplate exception: "+e.toString()); } catch (IOException e) { - CMS.debug("CMCOutputTemplate exception: " + e.toString()); + CMS.debug("CMCOutputTemplate exception: "+e.toString()); } } - private int processConfirmCertAcceptanceControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) { + private int processConfirmCertAcceptanceControl( + TaggedAttribute attr, SEQUENCE controlSeq, int bpid) { if (attr != null) { INTEGER bodyId = attr.getBodyPartID(); SEQUENCE seq = new SEQUENCE(); - seq.addElement(bodyId); + seq.addElement(bodyId); SET values = attr.getValues(); if (values != null && values.size() > 0) { try { - CMCCertId cmcCertId = (CMCCertId) (ASN1Util.decode( - CMCCertId.getTemplate(), - ASN1Util.encode(values.elementAt(0)))); - BigInteger serialno = (BigInteger) (cmcCertId.getSerial()); - SEQUENCE issuers = cmcCertId.getIssuer(); - // ANY issuer = (ANY)issuers.elementAt(0); - ANY issuer = (ANY) (ASN1Util.decode(ANY.getTemplate(), - ASN1Util.encode(issuers.elementAt(0)))); + CMCCertId cmcCertId = + (CMCCertId)(ASN1Util.decode(CMCCertId.getTemplate(), + ASN1Util.encode(values.elementAt(0)))); + BigInteger serialno = (BigInteger)(cmcCertId.getSerial()); + SEQUENCE issuers = cmcCertId.getIssuer(); + //ANY issuer = (ANY)issuers.elementAt(0); + ANY issuer = + (ANY)(ASN1Util.decode(ANY.getTemplate(), + ASN1Util.encode(issuers.elementAt(0)))); byte[] b = issuer.getEncoded(); X500Name n = new X500Name(b); ICertificateAuthority ca = null; - ca = (ICertificateAuthority) CMS.getSubsystem("ca"); + ca = (ICertificateAuthority)CMS.getSubsystem("ca"); X500Name caName = ca.getX500Name(); boolean confirmAccepted = false; if (n.toString().equalsIgnoreCase(caName.toString())) { CMS.debug("CMCOutputTemplate: Issuer names are equal"); - ICertificateRepository repository = (ICertificateRepository) ca - .getCertificateRepository(); + ICertificateRepository repository = + (ICertificateRepository)ca.getCertificateRepository(); X509CertImpl impl = null; try { - repository.getX509Certificate(serialno); + repository.getX509Certificate(serialno); } catch (EBaseException ee) { CMS.debug("CMCOutputTemplate: Certificate in the confirm acceptance control was not found"); } @@ -551,85 +559,81 @@ public class CMCOutputTemplate { CMCStatusInfo cmcStatusInfo = null; if (confirmAccepted) { CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate exists in the certificate repository."); - cmcStatusInfo = new CMCStatusInfo( - CMCStatusInfo.SUCCESS, seq, (String) null, null); + cmcStatusInfo = + new CMCStatusInfo(CMCStatusInfo.SUCCESS, seq, + (String)null, null); } else { CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate does not exist in the certificate repository."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_CERT_ID), null); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - seq, (String) null, otherInfo); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_CERT_ID), null); + cmcStatusInfo = + new CMCStatusInfo(CMCStatusInfo.FAILED, seq, + (String)null, otherInfo); } TaggedAttribute statustagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); - controlSeq.addElement(statustagattr); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(statustagattr); } catch (Exception e) { - CMS.debug("CMCOutputTemplate exception: " + e.toString()); + CMS.debug("CMCOutputTemplate exception: "+e.toString()); } - } + } } return bpid; } private void processGetCertControl(TaggedAttribute attr, SET certs) - throws InvalidBERException, - java.security.cert.CertificateEncodingException, IOException, - EBaseException { + throws InvalidBERException, java.security.cert.CertificateEncodingException, + IOException, EBaseException { if (attr != null) { SET vals = attr.getValues(); if (vals.size() == 1) { - GetCert getCert = (GetCert) (ASN1Util.decode( - GetCert.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); - BigInteger serialno = (BigInteger) (getCert.getSerialNumber()); - ANY issuer = (ANY) getCert.getIssuer(); + GetCert getCert = + (GetCert)(ASN1Util.decode(GetCert.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); + BigInteger serialno = (BigInteger)(getCert.getSerialNumber()); + ANY issuer = (ANY)getCert.getIssuer(); byte b[] = issuer.getEncoded(); X500Name n = new X500Name(b); - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); X500Name caName = ca.getX500Name(); if (!n.toString().equalsIgnoreCase(caName.toString())) { CMS.debug("CMCOutputTemplate: Issuer names are equal in the GetCert Control"); throw new EBaseException("Certificate is not found"); } - ICertificateRepository repository = (ICertificateRepository) ca - .getCertificateRepository(); + ICertificateRepository repository = + (ICertificateRepository)ca.getCertificateRepository(); X509CertImpl impl = repository.getX509Certificate(serialno); byte[] bin = impl.getEncoded(); Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate) certTemplate - .decode(new ByteArrayInputStream(bin)); + Certificate cert = + (Certificate)certTemplate.decode(new ByteArrayInputStream(bin)); certs.addElement(cert); } } } - + private int processQueryPendingControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) { + SEQUENCE controlSeq, int bpid) { if (attr != null) { SET values = attr.getValues(); - if (values != null && values.size() > 0) { + if (values != null && values.size() > 0) { SEQUENCE pending_bpids = new SEQUENCE(); SEQUENCE success_bpids = new SEQUENCE(); SEQUENCE failed_bpids = new SEQUENCE(); - for (int i = 0; i < values.size(); i++) { + for (int i=0; i<values.size(); i++) { try { - INTEGER reqId = (INTEGER) ASN1Util.decode( - INTEGER.getTemplate(), - ASN1Util.encode(values.elementAt(i))); + INTEGER reqId = (INTEGER) + ASN1Util.decode(INTEGER.getTemplate(), + ASN1Util.encode(values.elementAt(i))); String requestId = new String(reqId.toByteArray()); - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); IRequestQueue queue = ca.getRequestQueue(); - IRequest r = queue - .findRequest(new RequestId(requestId)); + IRequest r = queue.findRequest(new RequestId(requestId)); if (r != null) { - Integer result = r - .getExtDataInInteger(IRequest.RESULT); + Integer result = r.getExtDataInInteger(IRequest.RESULT); RequestStatus status = r.getRequestStatus(); if (status.equals(RequestStatus.PENDING)) { pending_bpids.addElement(reqId); @@ -644,47 +648,44 @@ public class CMCOutputTemplate { } if (pending_bpids.size() > 0) { - CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( - CMCStatusInfo.PENDING, pending_bpids, - (String) null, null); - TaggedAttribute tagattr = new TaggedAttribute(new INTEGER( - bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, + pending_bpids, (String)null, null); + TaggedAttribute tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } if (success_bpids.size() > 0) { - CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( - CMCStatusInfo.SUCCESS, pending_bpids, - (String) null, null); - TaggedAttribute tagattr = new TaggedAttribute(new INTEGER( - bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, + pending_bpids, (String)null, null); + TaggedAttribute tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } if (failed_bpids.size() > 0) { - CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( - CMCStatusInfo.FAILED, pending_bpids, (String) null, - null); - TaggedAttribute tagattr = new TaggedAttribute(new INTEGER( - bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, + pending_bpids, (String)null, null); + TaggedAttribute tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } - } + } } return bpid; } - private int processTransactionControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) { + private int processTransactionControl(TaggedAttribute attr, + SEQUENCE controlSeq, int bpid) { if (attr != null) { SET transIds = attr.getValues(); if (transIds != null) { - TaggedAttribute tagattr = new TaggedAttribute(new INTEGER( - bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId, - transIds); + TaggedAttribute tagattr = new TaggedAttribute( + new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId, + transIds); controlSeq.addElement(tagattr); } } @@ -693,29 +694,28 @@ public class CMCOutputTemplate { } private int processSenderNonceControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) { + SEQUENCE controlSeq, int bpid) { if (attr != null) { SET sNonce = attr.getValues(); if (sNonce != null) { - TaggedAttribute tagattr = new TaggedAttribute(new INTEGER( - bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce, - sNonce); + TaggedAttribute tagattr = new TaggedAttribute( + new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce, + sNonce); controlSeq.addElement(tagattr); Date date = new Date(); - String salt = "lala123" + date.toString(); + String salt = "lala123"+date.toString(); byte[] dig; try { - MessageDigest SHA1Digest = MessageDigest - .getInstance("SHA1"); + MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); dig = SHA1Digest.digest(salt.getBytes()); } catch (NoSuchAlgorithmException ex) { dig = salt.getBytes(); } String b64E = CMS.BtoA(dig); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_senderNonce, new OCTET_STRING( - b64E.getBytes())); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce, + new OCTET_STRING(b64E.getBytes())); controlSeq.addElement(tagattr); } } @@ -723,28 +723,29 @@ public class CMCOutputTemplate { return bpid; } - private int processDataReturnControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) throws InvalidBERException { + private int processDataReturnControl(TaggedAttribute attr, + SEQUENCE controlSeq, int bpid) throws InvalidBERException { if (attr != null) { SET vals = attr.getValues(); - + if (vals.size() > 0) { - OCTET_STRING str = (OCTET_STRING) (ASN1Util.decode( - OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); - TaggedAttribute tagattr = new TaggedAttribute(new INTEGER( - bpid++), OBJECT_IDENTIFIER.id_cmc_dataReturn, str); - controlSeq.addElement(tagattr); + OCTET_STRING str = + (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); + TaggedAttribute tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_dataReturn, str); + controlSeq.addElement(tagattr); } - } + } return bpid; } - private int processRevokeRequestControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) throws InvalidBERException, - EBaseException, IOException { + private int processRevokeRequestControl(TaggedAttribute attr, + SEQUENCE controlSeq, int bpid) throws InvalidBERException, EBaseException, + IOException { boolean revoke = false; SessionContext context = SessionContext.getContext(); if (attr != null) { @@ -752,49 +753,39 @@ public class CMCOutputTemplate { CMCStatusInfo cmcStatusInfo = null; SET vals = attr.getValues(); if (vals.size() > 0) { - RevRequest revRequest = (RevRequest) (ASN1Util.decode( - new RevRequest.Template(), - ASN1Util.encode(vals.elementAt(0)))); + RevRequest revRequest = + (RevRequest)(ASN1Util.decode(new RevRequest.Template(), + ASN1Util.encode(vals.elementAt(0)))); OCTET_STRING str = revRequest.getSharedSecret(); - INTEGER pid = attr.getBodyPartID(); + INTEGER pid = attr.getBodyPartID(); TaggedAttribute tagattr = null; INTEGER revokeCertSerial = revRequest.getSerialNumber(); - BigInteger revokeSerial = new BigInteger( - revokeCertSerial.toByteArray()); + BigInteger revokeSerial = new BigInteger(revokeCertSerial.toByteArray()); if (str == null) { boolean needVerify = true; try { - needVerify = CMS.getConfigStore().getBoolean( - "cmc.revokeCert.verify", true); + needVerify = CMS.getConfigStore().getBoolean("cmc.revokeCert.verify", true); } catch (Exception e) { } - + if (needVerify) { - Integer num1 = (Integer) context.get("numOfOtherMsgs"); + Integer num1 = (Integer)context.get("numOfOtherMsgs"); int num = num1.intValue(); - for (int i = 0; i < num; i++) { - OtherMsg data = (OtherMsg) context.get("otherMsg" - + i); - INTEGER dpid = data.getBodyPartID(); + for (int i=0; i<num; i++) { + OtherMsg data = (OtherMsg)context.get("otherMsg"+i); + INTEGER dpid = data.getBodyPartID(); if (pid.longValue() == dpid.longValue()) { - ANY msgValue = data.getOtherMsgValue(); - SignedData msgData = (SignedData) msgValue - .decodeWith(SignedData.getTemplate()); + ANY msgValue = data.getOtherMsgValue(); + SignedData msgData = + (SignedData)msgValue.decodeWith(SignedData.getTemplate()); if (!verifyRevRequestSignature(msgData)) { - OtherInfo otherInfo = new OtherInfo( - OtherInfo.FAIL, - new INTEGER( - OtherInfo.BAD_MESSAGE_CHECK), - null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo( - CMCStatusInfo.FAILED, failed_bpids, - (String) null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -803,14 +794,13 @@ public class CMCOutputTemplate { } revoke = true; - // check shared secret + // check shared secret } else { ISharedToken tokenClass = null; boolean sharedSecretFound = true; String name = null; try { - name = CMS.getConfigStore().getString( - "cmc.revokeCert.sharedSecret.class"); + name = CMS.getConfigStore().getString("cmc.revokeCert.sharedSecret.class"); } catch (EPropertyNotFound e) { CMS.debug("EnrollProfile: Failed to find the token class in the configuration file."); sharedSecretFound = false; @@ -820,32 +810,27 @@ public class CMCOutputTemplate { } try { - tokenClass = (ISharedToken) Class.forName(name) - .newInstance(); + tokenClass = (ISharedToken)Class.forName(name).newInstance(); } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: " - + name); + CMS.debug("EnrollProfile: Failed to find class name: "+name); sharedSecretFound = false; } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: " - + name); + CMS.debug("EnrollProfile: Failed to instantiate class: "+name); sharedSecretFound = false; } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: " + name); + CMS.debug("EnrollProfile: Illegal access: "+name); sharedSecretFound = false; } if (!sharedSecretFound) { CMS.debug("CMCOutputTemplate: class for shared secret was not found."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - failed_bpids, (String) null, otherInfo); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -858,15 +843,13 @@ public class CMCOutputTemplate { if (sharedSecret == null) { CMS.debug("CMCOutputTemplate: class for shared secret was not found."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - failed_bpids, (String) null, otherInfo); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -878,44 +861,37 @@ public class CMCOutputTemplate { revoke = true; } else { CMS.debug("CMCOutputTemplate: Both client and server shared secret are not the same, cant revoke certificate."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - failed_bpids, (String) null, otherInfo); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } - } + } if (revoke) { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem("ca"); - ICertificateRepository repository = (ICertificateRepository) ca - .getCertificateRepository(); + ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateRepository repository = (ICertificateRepository)ca.getCertificateRepository(); ICertRecord record = null; try { record = repository.readCertificateRecord(revokeSerial); } catch (EBaseException ee) { - CMS.debug("CMCOutputTemplate: Exception: " - + ee.toString()); + CMS.debug("CMCOutputTemplate: Exception: "+ee.toString()); } if (record == null) { CMS.debug("CMCOutputTemplate: The certificate is not found"); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_CERT_ID), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_CERT_ID), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - failed_bpids, (String) null, otherInfo); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -924,12 +900,11 @@ public class CMCOutputTemplate { CMS.debug("CMCOutputTemplate: The certificate is already revoked."); SEQUENCE success_bpids = new SEQUENCE(); success_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo( - CMCStatusInfo.SUCCESS, success_bpids, - (String) null, null); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, + success_bpids, (String)null, null); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -938,58 +913,45 @@ public class CMCOutputTemplate { impls[0] = impl; ENUMERATED n = revRequest.getReason(); RevocationReason reason = toRevocationReason(n); - CRLReasonExtension crlReasonExtn = new CRLReasonExtension( - reason); + CRLReasonExtension crlReasonExtn = new CRLReasonExtension(reason); CRLExtensions entryExtn = new CRLExtensions(); GeneralizedTime t = revRequest.getInvalidityDate(); InvalidityDateExtension invalidityDateExtn = null; if (t != null) { - invalidityDateExtn = new InvalidityDateExtension( - t.toDate()); - entryExtn.set(invalidityDateExtn.getName(), - invalidityDateExtn); + invalidityDateExtn = new InvalidityDateExtension(t.toDate()); + entryExtn.set(invalidityDateExtn.getName(), invalidityDateExtn); } if (crlReasonExtn != null) { entryExtn.set(crlReasonExtn.getName(), crlReasonExtn); } - RevokedCertImpl revCertImpl = new RevokedCertImpl( - impl.getSerialNumber(), CMS.getCurrentDate(), - entryExtn); + RevokedCertImpl revCertImpl = new RevokedCertImpl(impl.getSerialNumber(), CMS.getCurrentDate(), entryExtn); RevokedCertImpl[] revCertImpls = new RevokedCertImpl[1]; revCertImpls[0] = revCertImpl; - IRequestQueue queue = ca.getRequestQueue(); - IRequest revReq = queue - .newRequest(IRequest.REVOCATION_REQUEST); + IRequestQueue queue = ca.getRequestQueue(); + IRequest revReq = queue.newRequest(IRequest.REVOCATION_REQUEST); revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REVOKED_REASON, Integer.valueOf(reason.toInt())); UTF8String utfstr = revRequest.getComment(); if (utfstr != null) - revReq.setExtData(IRequest.REQUESTOR_COMMENTS, - utfstr.toString()); - revReq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_AGENT); + revReq.setExtData(IRequest.REQUESTOR_COMMENTS, utfstr.toString()); + revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT); queue.processRequest(revReq); RequestStatus stat = revReq.getRequestStatus(); if (stat == RequestStatus.COMPLETE) { - Integer result = revReq - .getExtDataInInteger(IRequest.RESULT); - CMS.debug("CMCOutputTemplate: revReq result = " - + result); + Integer result = revReq.getExtDataInInteger(IRequest.RESULT); + CMS.debug("CMCOutputTemplate: revReq result = "+result); if (result.equals(IRequest.RES_ERROR)) { - CMS.debug("CMCOutputTemplate: revReq exception: " - + revReq.getExtDataInString(IRequest.ERROR)); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_REQUEST), null); + CMS.debug("CMCOutputTemplate: revReq exception: " + + revReq.getExtDataInString(IRequest.ERROR)); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_REQUEST), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo( - CMCStatusInfo.FAILED, failed_bpids, - (String) null, otherInfo); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -997,42 +959,37 @@ public class CMCOutputTemplate { ILogger logger = CMS.getLogger(); String initiative = AuditFormat.FROMUSER; - logger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { revReq.getRequestId(), initiative, - "completed", impl.getSubjectDN(), - impl.getSerialNumber().toString(16), - reason.toString() }); + logger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, new Object[] { + revReq.getRequestId(), initiative, "completed", + impl.getSubjectDN(), + impl.getSerialNumber().toString(16), + reason.toString()}); CMS.debug("CMCOutputTemplate: Certificate get revoked."); SEQUENCE success_bpids = new SEQUENCE(); success_bpids.addElement(attrbpid); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, - success_bpids, (String) null, null); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + success_bpids, (String)null, null); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } else { - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - failed_bpids, (String) null, otherInfo); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } } } - return bpid; + return bpid; } private RevocationReason toRevocationReason(ENUMERATED n) { @@ -1041,7 +998,7 @@ public class CMCOutputTemplate { return RevocationReason.UNSPECIFIED; else if (code == RevRequest.affiliationChanged.getValue()) return RevocationReason.AFFILIATION_CHANGED; - else if (code == RevRequest.cACompromise.getValue()) + else if (code == RevRequest.cACompromise.getValue()) return RevocationReason.CA_COMPROMISE; else if (code == RevRequest.certificateHold.getValue()) return RevocationReason.CERTIFICATE_HOLD; @@ -1064,34 +1021,34 @@ public class CMCOutputTemplate { try { EncapsulatedContentInfo ci = msgData.getContentInfo(); OCTET_STRING content = ci.getContent(); - ByteArrayInputStream s = new ByteArrayInputStream( - content.toByteArray()); - TaggedAttribute tattr = (TaggedAttribute) (new TaggedAttribute.Template()) - .decode(s); + ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); + TaggedAttribute tattr = (TaggedAttribute)(new TaggedAttribute.Template()).decode(s); SET values = tattr.getValues(); RevRequest revRequest = null; if (values != null && values.size() > 0) - revRequest = (RevRequest) (ASN1Util.decode( - new RevRequest.Template(), - ASN1Util.encode(values.elementAt(0)))); + revRequest = + (RevRequest)(ASN1Util.decode(new RevRequest.Template(), + ASN1Util.encode(values.elementAt(0)))); SET dias = msgData.getDigestAlgorithmIdentifiers(); int numDig = dias.size(); Hashtable digs = new Hashtable(); - for (int i = 0; i < numDig; i++) { - AlgorithmIdentifier dai = (AlgorithmIdentifier) dias - .elementAt(i); - String name = DigestAlgorithm.fromOID(dai.getOID()).toString(); - MessageDigest md = MessageDigest.getInstance(name); + for (int i=0; i<numDig; i++) { + AlgorithmIdentifier dai = + (AlgorithmIdentifier) dias.elementAt(i); + String name = + DigestAlgorithm.fromOID(dai.getOID()).toString(); + MessageDigest md = + MessageDigest.getInstance(name); byte[] digest = md.digest(content.toByteArray()); digs.put(name, digest); } SET sis = msgData.getSignerInfos(); - int numSis = sis.size(); - for (int i = 0; i < numSis; i++) { - org.mozilla.jss.pkix.cms.SignerInfo si = (org.mozilla.jss.pkix.cms.SignerInfo) sis - .elementAt(i); + int numSis = sis.size(); + for (int i=0; i<numSis; i++) { + org.mozilla.jss.pkix.cms.SignerInfo si = + (org.mozilla.jss.pkix.cms.SignerInfo)sis.elementAt(i); String name = si.getDigestAlgorithm().toString(); byte[] digest = (byte[]) digs.get(name); if (digest == null) { @@ -1101,30 +1058,23 @@ public class CMCOutputTemplate { digest = md.digest(ostream.toByteArray()); } SignerIdentifier sid = si.getSignerIdentifier(); - if (sid.getType().equals( - SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { - org.mozilla.jss.pkix.cms.IssuerAndSerialNumber issuerAndSerialNumber = sid - .getIssuerAndSerialNumber(); + if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { + org.mozilla.jss.pkix.cms.IssuerAndSerialNumber issuerAndSerialNumber = + sid.getIssuerAndSerialNumber(); java.security.cert.X509Certificate cert = null; if (msgData.hasCertificates()) { SET certs = msgData.getCertificates(); int numCerts = certs.size(); - for (int j = 0; j < numCerts; j++) { - org.mozilla.jss.pkix.cert.Certificate certJss = (Certificate) certs - .elementAt(j); - org.mozilla.jss.pkix.cert.CertificateInfo certI = certJss - .getInfo(); + for (int j=0; j<numCerts; j++) { + org.mozilla.jss.pkix.cert.Certificate certJss = + (Certificate) certs.elementAt(j); + org.mozilla.jss.pkix.cert.CertificateInfo certI = + certJss.getInfo(); Name issuer = certI.getIssuer(); byte[] issuerB = ASN1Util.encode(issuer); INTEGER sn = certI.getSerialNumber(); - if (new String(issuerB) - .equalsIgnoreCase(new String(ASN1Util - .encode(issuerAndSerialNumber - .getIssuer()))) - && sn.toString().equals( - issuerAndSerialNumber - .getSerialNumber() - .toString())) { + if (new String(issuerB).equalsIgnoreCase(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) && + sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { ByteArrayOutputStream os = new ByteArrayOutputStream(); certJss.encode(os); cert = new X509CertImpl(os.toByteArray()); @@ -1132,25 +1082,23 @@ public class CMCOutputTemplate { } } } - + if (cert != null) { PublicKey pbKey = cert.getPublicKey(); - String type = ((X509Key) pbKey).getAlgorithm(); + String type = ((X509Key)pbKey).getAlgorithm(); PrivateKey.Type kType = PrivateKey.RSA; if (type.equals("DSA")) kType = PrivateKey.DSA; - PK11PubKey pubK = PK11PubKey.fromRaw(kType, - ((X509Key) pbKey).getKey()); + PK11PubKey pubK = PK11PubKey.fromRaw(kType, ((X509Key)pbKey).getKey()); si.verify(digest, ci.getContentType(), pubK); return true; } - } - } - + } + } + return false; } catch (Exception e) { - CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: " - + e.toString()); + CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: "+e.toString()); return false; } } |