diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java | 494 |
1 files changed, 227 insertions, 267 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java index a096963cb..0e6a507a2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.security.KeyPair; import java.security.NoSuchAlgorithmException; @@ -53,14 +54,13 @@ public class SizePanel extends WizardPanelBase { private String default_rsa_key_size; private boolean mShowSigning = false; - public SizePanel() { - } + public SizePanel() {} /** * Initializes this panel. */ - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Key Pairs"); setId(id); @@ -69,30 +69,25 @@ public class SizePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor choiceDesc = new Descriptor( - IDescriptor.CHOICE, - "default,custom", - null, /* no default parameter */ + + Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, + "default,custom", null, /* no default parameter */ "If 'default', the key size will be configured automatically. If 'custom', the key size will be set to the value of the parameter 'custom_size'."); set.add("choice", choiceDesc); - - Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* no default parameter */ - "Custom Key Size"); + + Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* no default parameter */ + "Custom Key Size"); set.add("custom_size", customSizeDesc); - + return set; } public void cleanUp() throws IOException { IConfigStore cs = CMS.getConfigStore(); - /* clean up if necessary */ + /* clean up if necessary*/ try { boolean done = cs.getBoolean("preop.SizePanel.done"); cs.putBoolean("preop.SizePanel.done", false); @@ -110,8 +105,7 @@ public class SizePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } @@ -120,10 +114,11 @@ public class SizePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("SizePanel: display()"); try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } @@ -139,14 +134,12 @@ public class SizePanel extends WizardPanelBase { } try { - default_ecc_curve_name = config.getString("keys.ecc.curve.default", - "nistp256"); + default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256"); } catch (Exception e) { } try { - default_rsa_key_size = config.getString("keys.rsa.keysize.default", - "2048"); + default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048"); } catch (Exception e) { } @@ -159,12 +152,12 @@ public class SizePanel extends WizardPanelBase { while (st.hasMoreTokens()) { String certTag = st.nextToken(); - String nn = config.getString(PCERT_PREFIX + certTag - + ".nickname"); + String nn = config.getString( + PCERT_PREFIX + certTag + ".nickname"); Cert c = new Cert(token, nn, certTag); - String s = config.getString(PCERT_PREFIX + certTag - + ".keysize.select", "default"); + String s = config.getString( + PCERT_PREFIX + certTag + ".keysize.select", "default"); if (s.equals("default")) { c.setKeyOption("default"); @@ -173,25 +166,26 @@ public class SizePanel extends WizardPanelBase { c.setKeyOption("custom"); } - s = config.getString(PCERT_PREFIX + certTag - + ".keysize.custom_size", default_rsa_key_size); + s = config.getString( + PCERT_PREFIX + certTag + ".keysize.custom_size", + default_rsa_key_size); c.setCustomKeysize(s); - s = config.getString(PCERT_PREFIX + certTag - + ".curvename.custom_name", default_ecc_curve_name); + s = config.getString( + PCERT_PREFIX + certTag + ".curvename.custom_name", + default_ecc_curve_name); c.setCustomCurvename(s); - boolean signingRequired = config.getBoolean(PCERT_PREFIX - + certTag + ".signing.required", false); + boolean signingRequired = config.getBoolean( + PCERT_PREFIX + certTag + ".signing.required", + false); c.setSigningRequired(signingRequired); - if (signingRequired) - mShowSigning = true; + if (signingRequired) mShowSigning = true; - String userfriendlyname = config.getString(PCERT_PREFIX - + certTag + ".userfriendlyname"); + String userfriendlyname = config.getString( + PCERT_PREFIX + certTag + ".userfriendlyname"); c.setUserFriendlyName(userfriendlyname); - boolean enable = config.getBoolean(PCERT_PREFIX + certTag - + ".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); c.setEnable(enable); mCerts.addElement(c); }// while @@ -212,15 +206,16 @@ public class SizePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException, - NumberFormatException { + HttpServletResponse response, + Context context) throws IOException, NumberFormatException { CMS.debug("SizePanel: update()"); boolean hasErr = false; IConfigStore config = CMS.getConfigStore(); @@ -241,15 +236,13 @@ public class SizePanel extends WizardPanelBase { if (select1.equals("clone")) { // preset the sslserver dn for cloning case try { - String val = config - .getString("preop.cert.sslserver.dn", ""); - config.putString("preop.cert.sslserver.dn", val - + ",o=clone"); + String val = config.getString("preop.cert.sslserver.dn", ""); + config.putString("preop.cert.sslserver.dn", val+",o=clone"); } catch (Exception ee) { } } } - + String token = ""; try { token = config.getString(PRE_CONF_CA_TOKEN, ""); @@ -258,17 +251,13 @@ public class SizePanel extends WizardPanelBase { while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); String ct = cert.getCertTag(); - boolean enable = config.getBoolean(PCERT_PREFIX + ct - + ".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); if (!enable) continue; - String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa - // or - // ecc + String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa or ecc - String keyalgorithm = HttpInput.getString(request, ct - + "_keyalgorithm"); + String keyalgorithm = HttpInput.getString(request, ct + "_keyalgorithm"); if (keyalgorithm == null) { if (keytype != null && keytype.equals("ecc")) { keyalgorithm = "SHA256withEC"; @@ -277,8 +266,7 @@ public class SizePanel extends WizardPanelBase { } } - String signingalgorithm = HttpInput.getString(request, ct - + "_signingalgorithm"); + String signingalgorithm = HttpInput.getString(request, ct + "_signingalgorithm"); if (signingalgorithm == null) { signingalgorithm = keyalgorithm; } @@ -287,136 +275,114 @@ public class SizePanel extends WizardPanelBase { if (select == null) { CMS.debug("SizePanel: " + ct + "_choice not found"); - throw new IOException("SizePanel: " + ct - + "_choice not found"); + throw new IOException( + "SizePanel: " + ct + "_choice not found"); } - CMS.debug("SizePanel: update() keysize choice selected:" - + select); - String oldkeysize = config.getString(PCERT_PREFIX + ct - + ".keysize.size", ""); - String oldkeytype = config.getString(PCERT_PREFIX + ct - + ".keytype", ""); - String oldkeyalgorithm = config.getString(PCERT_PREFIX + ct - + ".keyalgorithm", ""); - String oldsigningalgorithm = config.getString(PCERT_PREFIX + ct - + ".signingalgorithm", ""); - String oldcurvename = config.getString(PCERT_PREFIX + ct - + ".curvename.name", ""); + CMS.debug( + "SizePanel: update() keysize choice selected:" + select); + String oldkeysize = + config.getString(PCERT_PREFIX+ct+".keysize.size", ""); + String oldkeytype = + config.getString(PCERT_PREFIX + ct + ".keytype", ""); + String oldkeyalgorithm = + config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); + String oldsigningalgorithm = + config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); + String oldcurvename = + config.getString(PCERT_PREFIX + ct + ".curvename.name", ""); if (select.equals("default")) { // XXXrenaming these...keep for now just in case config.putString("preop.keysize.select", "default"); if (keytype != null && keytype.equals("ecc")) { - config.putString("preop.curvename.custom_name", - default_ecc_curve_name); - config.putString("preop.curvename.name", - default_ecc_curve_name); + config.putString("preop.curvename.custom_name", + default_ecc_curve_name); + config.putString("preop.curvename.name", default_ecc_curve_name); } else { - config.putString("preop.keysize.custom_size", - default_rsa_key_size); - config.putString("preop.keysize.size", - default_rsa_key_size); + config.putString("preop.keysize.custom_size", + default_rsa_key_size); + config.putString("preop.keysize.size", default_rsa_key_size); } config.putString(PCERT_PREFIX + ct + ".keytype", keytype); - config.putString(PCERT_PREFIX + ct + ".keyalgorithm", - keyalgorithm); - config.putString(PCERT_PREFIX + ct + ".signingalgorithm", - signingalgorithm); + config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm); + config.putString(PCERT_PREFIX + ct + ".signingalgorithm", signingalgorithm); config.putString(PCERT_PREFIX + ct + ".keysize.select", "default"); if (keytype != null && keytype.equals("ecc")) { - config.putString(PCERT_PREFIX + ct - + ".curvename.custom_name", - default_ecc_curve_name); - config.putString(PCERT_PREFIX + ct + ".curvename.name", - default_ecc_curve_name); + config.putString(PCERT_PREFIX + ct + + ".curvename.custom_name", + default_ecc_curve_name); + config.putString(PCERT_PREFIX + ct + ".curvename.name", + default_ecc_curve_name); } else { - config.putString(PCERT_PREFIX + ct - + ".keysize.custom_size", default_rsa_key_size); - config.putString(PCERT_PREFIX + ct + ".keysize.size", - default_rsa_key_size); + config.putString(PCERT_PREFIX + ct + + ".keysize.custom_size", + default_rsa_key_size); + config.putString(PCERT_PREFIX + ct + ".keysize.size", + default_rsa_key_size); } } else if (select.equals("custom")) { // XXXrenaming these...keep for now just in case config.putString("preop.keysize.select", "custom"); if (keytype != null && keytype.equals("ecc")) { - config.putString( - "preop.curvename.name", - HttpInput.getString(request, ct - + "_custom_curvename")); - config.putString( - "preop.curvename.custom_name", - HttpInput.getString(request, ct - + "_custom_curvename")); + config.putString("preop.curvename.name", + HttpInput.getString(request, ct + "_custom_curvename")); + config.putString("preop.curvename.custom_name", + HttpInput.getString(request, ct + "_custom_curvename")); } else { - config.putString( - "preop.keysize.size", - HttpInput.getKeySize(request, ct - + "_custom_size", keytype)); - config.putString( - "preop.keysize.custom_size", - HttpInput.getKeySize(request, ct - + "_custom_size", keytype)); + config.putString("preop.keysize.size", + HttpInput.getKeySize(request, ct + "_custom_size", keytype)); + config.putString("preop.keysize.custom_size", + HttpInput.getKeySize(request, ct + "_custom_size", keytype)); } config.putString(PCERT_PREFIX + ct + ".keytype", keytype); - config.putString(PCERT_PREFIX + ct + ".keyalgorithm", - keyalgorithm); - config.putString(PCERT_PREFIX + ct + ".signingalgorithm", - signingalgorithm); + config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm); + config.putString(PCERT_PREFIX + ct + ".signingalgorithm", signingalgorithm); config.putString(PCERT_PREFIX + ct + ".keysize.select", "custom"); if (keytype != null && keytype.equals("ecc")) { - config.putString( - PCERT_PREFIX + ct + ".curvename.custom_name", - HttpInput.getString(request, ct - + "_custom_curvename")); - config.putString( - PCERT_PREFIX + ct + ".curvename.name", - HttpInput.getString(request, ct - + "_custom_curvename")); + config.putString(PCERT_PREFIX + ct + ".curvename.custom_name", + HttpInput.getString(request, ct + "_custom_curvename")); + config.putString(PCERT_PREFIX + ct + ".curvename.name", + HttpInput.getString(request, ct + "_custom_curvename")); } else { - config.putString( - PCERT_PREFIX + ct + ".keysize.custom_size", - HttpInput.getKeySize(request, ct - + "_custom_size")); - config.putString( - PCERT_PREFIX + ct + ".keysize.size", - HttpInput.getKeySize(request, ct - + "_custom_size")); + config.putString(PCERT_PREFIX + ct + ".keysize.custom_size", + HttpInput.getKeySize(request, ct + "_custom_size")); + config.putString(PCERT_PREFIX + ct + ".keysize.size", + HttpInput.getKeySize(request, ct + "_custom_size")); } } else { CMS.debug("SizePanel: invalid choice " + select); throw new IOException("invalid choice " + select); } - String newkeysize = config.getString(PCERT_PREFIX + ct - + ".keysize.size", ""); - String newkeytype = config.getString(PCERT_PREFIX + ct - + ".keytype", ""); - String newkeyalgorithm = config.getString(PCERT_PREFIX + ct - + ".keyalgorithm", ""); - String newsigningalgorithm = config.getString(PCERT_PREFIX + ct - + ".signingalgorithm", ""); - String newcurvename = config.getString(PCERT_PREFIX + ct - + ".curvename.name", ""); - - if (!oldkeysize.equals(newkeysize) - || !oldkeytype.equals(newkeytype) - || !oldkeyalgorithm.equals(newkeyalgorithm) - || !oldsigningalgorithm.equals(newsigningalgorithm) - || !oldcurvename.equals(newcurvename)) + String newkeysize = + config.getString(PCERT_PREFIX+ct+".keysize.size", ""); + String newkeytype = + config.getString(PCERT_PREFIX + ct + ".keytype", ""); + String newkeyalgorithm = + config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); + String newsigningalgorithm = + config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); + String newcurvename = + config.getString(PCERT_PREFIX+ct+".curvename.name", ""); + + if (!oldkeysize.equals(newkeysize) || + !oldkeytype.equals(newkeytype) || + !oldkeyalgorithm.equals(newkeyalgorithm) || + !oldsigningalgorithm.equals(newsigningalgorithm) || + !oldcurvename.equals(newcurvename)) hasChanged = true; }// while try { config.commit(false); - } catch (EBaseException e) { - CMS.debug("SizePanel: update() Exception caught at config commit: " - + e.toString()); + } catch (EBaseException e) { + CMS.debug("SizePanel: update() Exception caught at config commit: " + e.toString()); } val1 = HttpInput.getID(request, "generateKeyPair"); @@ -427,20 +393,19 @@ public class SizePanel extends WizardPanelBase { context.put("updateStatus", "success"); return; } - } catch (IOException e) { + } catch (IOException e) { CMS.debug("SizePanel: update() IOException caught: " + e.toString()); context.put("updateStatus", "failure"); throw e; } catch (NumberFormatException e) { - CMS.debug("SizePanel: update() NumberFormatException caught: " - + e.toString()); + CMS.debug("SizePanel: update() NumberFormatException caught: " + e.toString()); context.put("updateStatus", "failure"); throw e; - } catch (Exception e) { + } catch (Exception e) { CMS.debug("SizePanel: update() Exception caught: " + e.toString()); } - // generate key pair + // generate key pair Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { @@ -449,9 +414,8 @@ public class SizePanel extends WizardPanelBase { String friendlyName = ct; boolean enable = true; try { - enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true); - friendlyName = config.getString(PCERT_PREFIX + ct - + ".userfriendlyname", ct); + enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + friendlyName = config.getString(PCERT_PREFIX + ct + ".userfriendlyname", ct); } catch (Exception e) { } @@ -459,19 +423,17 @@ public class SizePanel extends WizardPanelBase { continue; try { - String keytype = config.getString(PCERT_PREFIX + ct - + ".keytype"); - String keyalgorithm = config.getString(PCERT_PREFIX + ct - + ".keyalgorithm"); - + String keytype = config.getString(PCERT_PREFIX + ct + ".keytype"); + String keyalgorithm = config.getString(PCERT_PREFIX + ct + ".keyalgorithm"); + if (keytype.equals("rsa")) { - int keysize = config.getInteger(PCERT_PREFIX + ct - + ".keysize.size"); + int keysize = config.getInteger( + PCERT_PREFIX + ct + ".keysize.size"); createRSAKeyPair(token, keysize, config, ct); } else { - String curveName = config.getString(PCERT_PREFIX + ct - + ".curvename.name", default_ecc_curve_name); + String curveName = config.getString( + PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name); createECCKeyPair(token, curveName, config, ct); } config.commit(false); @@ -479,41 +441,40 @@ public class SizePanel extends WizardPanelBase { CMS.debug(e); CMS.debug("SizePanel: key generation failure: " + e.toString()); context.put("updateStatus", "failure"); - throw new IOException( - "key generation failure for the certificate: " - + friendlyName + ". See the logs for details."); + throw new IOException("key generation failure for the certificate: " + friendlyName + + ". See the logs for details."); } } // while if (hasErr == false) { - config.putBoolean("preop.SizePanel.done", true); - try { - config.commit(false); - } catch (EBaseException e) { - CMS.debug("SizePanel: update() Exception caught at config commit: " - + e.toString()); - } - } + config.putBoolean("preop.SizePanel.done", true); + try { + config.commit(false); + } catch (EBaseException e) { + CMS.debug( + "SizePanel: update() Exception caught at config commit: " + + e.toString()); + } + } CMS.debug("SizePanel: update() done"); context.put("updateStatus", "success"); } - public void createECCKeyPair(String token, String curveName, - IConfigStore config, String ct) throws NoSuchAlgorithmException, - NoSuchTokenException, TokenException, - CryptoManager.NotInitializedException { - CMS.debug("Generating ECC key pair with curvename=" + curveName - + ", token=" + token); + public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct) + throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException + { + CMS.debug("Generating ECC key pair with curvename="+ curveName + + ", token="+token); KeyPair pair = null; /* - * default ssl server cert to ECDHE unless stated otherwise note: IE - * only supports "ECDHE", but "ECDH" is more efficient - * + * default ssl server cert to ECDHE unless stated otherwise + * note: IE only supports "ECDHE", but "ECDH" is more efficient + * * for "ECDHE", server.xml should have the following for ciphers: * +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, * -TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * + * * for "ECDH", server.xml should have the following for ciphers: * -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, * +TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA @@ -526,45 +487,49 @@ public class SizePanel extends WizardPanelBase { } // ECDHE needs "SIGN" but no "DERIVE" - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE }; + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE + }; // ECDH needs "DERIVE" but no any kind of "SIGN" org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, }; + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, + }; do { - if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) { - CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); - pair = CryptoUtil.generateECCKeyPair(token, curveName, null, - ECDH_usages_mask); - } else { - if (ct.equals("sslserver")) { - CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); - } - pair = CryptoUtil.generateECCKeyPair(token, curveName, null, - usages_mask); - } - - // XXX - store curve , w - byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()) - .getUniqueID(); - String kid = CryptoUtil.byte2string(id); - config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); - - // try to locate the private key - org.mozilla.jss.crypto.PrivateKey privk = CryptoUtil - .findPrivateKeyFromID(CryptoUtil.string2byte(kid)); - if (privk == null) { - CMS.debug("Found bad ECC key id " + kid); - pair = null; + if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) { + CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); + pair = CryptoUtil.generateECCKeyPair(token, curveName, + null, + ECDH_usages_mask); + } else { + if (ct.equals("sslserver")) { + CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); + } + pair = CryptoUtil.generateECCKeyPair(token, curveName, + null, + usages_mask); + } + + // XXX - store curve , w + byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); + String kid = CryptoUtil.byte2string(id); + config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); + + // try to locate the private key + org.mozilla.jss.crypto.PrivateKey privk = + CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); + if (privk == null) { + CMS.debug("Found bad ECC key id " + kid); + pair = null; } } while (pair == null); - CMS.debug("Public key class " + pair.getPublic().getClass().getName()); + CMS.debug("Public key class " + pair.getPublic().getClass().getName()); byte encoded[] = pair.getPublic().getEncoded(); config.putString(PCERT_PREFIX + ct + ".pubkey.encoded", - CryptoUtil.byte2string(encoded)); + CryptoUtil.byte2string(encoded)); String keyAlgo = ""; try { @@ -572,39 +537,35 @@ public class SizePanel extends WizardPanelBase { } catch (Exception e1) { } - setSigningAlgorithm(ct, keyAlgo, config); + setSigningAlgorithm(ct, keyAlgo, config); } - public void createRSAKeyPair(String token, int keysize, - IConfigStore config, String ct) throws NoSuchAlgorithmException, - NoSuchTokenException, TokenException, - CryptoManager.NotInitializedException { + public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct) + throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException + { /* generate key pair */ KeyPair pair = null; do { - pair = CryptoUtil.generateRSAKeyPair(token, keysize); - byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()) - .getUniqueID(); - String kid = CryptoUtil.byte2string(id); - config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); - // try to locate the private key - org.mozilla.jss.crypto.PrivateKey privk = CryptoUtil - .findPrivateKeyFromID(CryptoUtil.string2byte(kid)); - if (privk == null) { - CMS.debug("Found bad RSA key id " + kid); - pair = null; + pair = CryptoUtil.generateRSAKeyPair(token, keysize); + byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); + String kid = CryptoUtil.byte2string(id); + config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); + // try to locate the private key + org.mozilla.jss.crypto.PrivateKey privk = + CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); + if (privk == null) { + CMS.debug("Found bad RSA key id " + kid); + pair = null; } } while (pair == null); - byte modulus[] = ((RSAPublicKey) pair.getPublic()).getModulus() - .toByteArray(); - byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent() - .toByteArray(); + byte modulus[] = ((RSAPublicKey) pair.getPublic()).getModulus().toByteArray(); + byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent().toByteArray(); config.putString(PCERT_PREFIX + ct + ".pubkey.modulus", - CryptoUtil.byte2string(modulus)); + CryptoUtil.byte2string(modulus)); config.putString(PCERT_PREFIX + ct + ".pubkey.exponent", - CryptoUtil.byte2string(exponent)); + CryptoUtil.byte2string(exponent)); String keyAlgo = ""; try { @@ -612,39 +573,41 @@ public class SizePanel extends WizardPanelBase { } catch (Exception e1) { } - setSigningAlgorithm(ct, keyAlgo, config); + setSigningAlgorithm(ct, keyAlgo, config); } - public void setSigningAlgorithm(String ct, String keyAlgo, - IConfigStore config) { + public void setSigningAlgorithm(String ct, String keyAlgo, IConfigStore config) { String systemType = ""; try { - systemType = config.getString("preop.system.name"); + systemType = config.getString("preop.system.name"); } catch (Exception e1) { } if (systemType.equalsIgnoreCase("CA")) { - if (ct.equals("signing")) { - config.putString("ca.signing.defaultSigningAlgorithm", keyAlgo); - config.putString("ca.crl.MasterCRL.signingAlgorithm", keyAlgo); - } else if (ct.equals("ocsp_signing")) { - config.putString("ca.ocsp_signing.defaultSigningAlgorithm", - keyAlgo); - } + if (ct.equals("signing")) { + config.putString("ca.signing.defaultSigningAlgorithm", + keyAlgo); + config.putString("ca.crl.MasterCRL.signingAlgorithm", + keyAlgo); + } else if (ct.equals("ocsp_signing")) { + config.putString("ca.ocsp_signing.defaultSigningAlgorithm", + keyAlgo); + } } else if (systemType.equalsIgnoreCase("OCSP")) { - if (ct.equals("signing")) { - config.putString("ocsp.signing.defaultSigningAlgorithm", - keyAlgo); - } - } else if (systemType.equalsIgnoreCase("KRA") - || systemType.equalsIgnoreCase("DRM")) { - if (ct.equals("transport")) { + if (ct.equals("signing")) { + config.putString("ocsp.signing.defaultSigningAlgorithm", + keyAlgo); + } + } else if (systemType.equalsIgnoreCase("KRA") || + systemType.equalsIgnoreCase("DRM")) { + if (ct.equals("transport")) { config.putString("kra.transportUnit.signingAlgorithm", keyAlgo); - } + } } } public void initParams(HttpServletRequest request, Context context) - throws IOException { + throws IOException + { IConfigStore config = CMS.getConfigStore(); String s = ""; try { @@ -656,13 +619,10 @@ public class SizePanel extends WizardPanelBase { s = config.getString("preop.hierarchy.select", "root"); context.put("hselect", s); - s = config.getString("preop.ecc.algorithm.list", - "SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC"); + s = config.getString("preop.ecc.algorithm.list", "SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC"); context.put("ecclist", s); - s = config - .getString("preop.rsa.algorithm.list", - "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA"); + s = config.getString("preop.rsa.algorithm.list", "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA"); context.put("rsalist", s); s = config.getString("keys.ecc.curve.list", "nistp256"); @@ -675,8 +635,7 @@ public class SizePanel extends WizardPanelBase { context.put("subsystemtype", s); } catch (Exception e) { - CMS.debug("SizePanel(): initParams: unable to set all initial parameters:" - + e); + CMS.debug("SizePanel(): initParams: unable to set all initial parameters:" + e); } } @@ -684,9 +643,10 @@ public class SizePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } |