diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/csadmin')
63 files changed, 4347 insertions, 3921 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java index a25092878..4bb96f145 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.StringTokenizer; @@ -41,19 +40,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AdminAuthenticatePanel extends WizardPanelBase { - public AdminAuthenticatePanel() {} + public AdminAuthenticatePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Admin Authentication"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Admin Authentication"); setId(id); @@ -62,24 +61,24 @@ public class AdminAuthenticatePanel extends WizardPanelBase { public boolean isSubPanel() { return true; } - + /** * Should we skip this panel for the configuration. */ public boolean shouldSkip() { CMS.debug("AdminAuthenticatePanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("preop.subsystem.select",""); + String select = cs.getString("preop.subsystem.select", ""); if (select.equals("new")) { return true; } } catch (EBaseException e) { } - + return false; } @@ -103,15 +102,16 @@ public class AdminAuthenticatePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -119,18 +119,17 @@ public class AdminAuthenticatePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Admin Authentication"); IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.master.admin.uid", ""); String type = config.getString("preop.subsystem.select", ""); if (type.equals("clone")) - context.put("uid", s); + context.put("uid", s); else context.put("uid", ""); } catch (Exception e) { @@ -149,16 +148,14 @@ public class AdminAuthenticatePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String subsystemtype = ""; String cstype = ""; @@ -170,7 +167,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { cstype = toLowerCaseSubsystemType(cstype); if (subsystemtype.equals("clone")) { - CMS.debug("AdminAuthenticatePanel: this is the clone subsystem"); + CMS.debug("AdminAuthenticatePanel: this is the clone subsystem"); String uid = HttpInput.getUID(request, "uid"); if (uid == null) { context.put("errorString", "Uid is empty"); @@ -185,7 +182,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.master.hostname"); } catch (Exception e) { - CMS.debug("AdminAuthenticatePanel update: "+e.toString()); + CMS.debug("AdminAuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing hostname for master"); throw new IOException("Missing hostname"); } @@ -193,7 +190,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { try { httpsport = config.getInteger("preop.master.httpsadminport"); } catch (Exception e) { - CMS.debug("AdminAuthenticatePanel update: "+e.toString()); + CMS.debug("AdminAuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing port for master"); throw new IOException("Missing port"); } @@ -235,10 +232,10 @@ public class AdminAuthenticatePanel extends WizardPanelBase { c1.append("cloning."); c1.append(t1); c1.append(".pubkey.encoded"); - - if (s1.length()!=0) + + if (s1.length() != 0) s1.append(","); - + s1.append(cstype); s1.append("."); s1.append(t1); @@ -248,11 +245,16 @@ public class AdminAuthenticatePanel extends WizardPanelBase { c1.append(",preop.ca.hostname,preop.ca.httpport,preop.ca.httpsport,preop.ca.list,preop.ca.pkcs7,preop.ca.type"); } - String content = "uid="+uid+"&pwd="+pwd+"&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString(); + String content = "uid=" + + uid + + "&pwd=" + + pwd + + "&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + + c1.toString() + "&substores=" + s1.toString(); - boolean success = updateConfigEntries(host, httpsport, true, - "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config, - response); + boolean success = updateConfigEntries(host, httpsport, true, "/" + + cstype + "/admin/" + cstype + "/getConfigEntries", + content, config, response); try { config.commit(false); @@ -260,13 +262,16 @@ public class AdminAuthenticatePanel extends WizardPanelBase { } if (!success) { - context.put("errorString", "Failed to get configuration entries from the master"); - throw new IOException("Failed to get configuration entries from the master"); + context.put("errorString", + "Failed to get configuration entries from the master"); + throw new IOException( + "Failed to get configuration entries from the master"); } else { boolean cloneReady = isCertdbCloned(request, context); if (!cloneReady) { CMS.debug("AdminAuthenticatePanel update: clone does not have all the certificates."); - context.put("errorString", "Make sure you have copied the certificate database over to the clone"); + context.put("errorString", + "Make sure you have copied the certificate database over to the clone"); throw new IOException("Clone is not ready"); } } @@ -285,16 +290,13 @@ public class AdminAuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, Context context) { context.put("title", "Admin Authentication"); context.put("password", ""); context.put("panel", "admin/console/config/adminauthenticatepanel.vm"); } - private boolean isCertdbCloned(HttpServletRequest request, - Context context) { + private boolean isCertdbCloned(HttpServletRequest request, Context context) { IConfigStore config = CMS.getConfigStore(); String certList = ""; try { @@ -306,13 +308,13 @@ public class AdminAuthenticatePanel extends WizardPanelBase { String tokenname = config.getString("preop.module.token", ""); CryptoToken tok = cm.getTokenByName(tokenname); CryptoStore store = tok.getCryptoStore(); - String name1 = "preop.master."+token+".nickname"; + String name1 = "preop.master." + token + ".nickname"; String nickname = config.getString(name1, ""); - if (!tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) - nickname = tokenname+":"+nickname; + if (!tokenname.equals("Internal Key Storage Token") + && !tokenname.equals("internal")) + nickname = tokenname + ":" + nickname; - CMS.debug("AdminAuthenticatePanel isCertdbCloned: "+nickname); + CMS.debug("AdminAuthenticatePanel isCertdbCloned: " + nickname); X509Certificate cert = cm.findCertByNickname(nickname); if (cert == null) return false; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java index 78bb94854..1265fb87d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; @@ -70,18 +69,19 @@ public class AdminPanel extends WizardPanelBase { private static final String ADMIN_UID = "admin"; private final static String CERT_TAG = "admin"; - public AdminPanel() {} + public AdminPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Administrator"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) { setPanelNo(panelno); setName("Administrator"); setId(id); @@ -101,29 +101,39 @@ public class AdminPanel extends WizardPanelBase { } else { return true; } - } catch (Exception e) {} + } catch (Exception e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor emailDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "Email address for an administrator"); + + Descriptor emailDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ + "Email address for an administrator"); set.add("admin_email", emailDesc); - Descriptor pwdDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "Administrator's password"); + Descriptor pwdDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ + "Administrator's password"); set.add("pwd", pwdDesc); - Descriptor pwdAgainDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "Administrator's password again"); + Descriptor pwdAgainDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ + "Administrator's password again"); set.add("admin_password_again", pwdAgainDesc); return set; @@ -133,8 +143,7 @@ public class AdminPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("AdminPanel: display"); IConfigStore cs = CMS.getConfigStore(); @@ -152,7 +161,8 @@ public class AdminPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); subsystemtype = cs.getString("cs.type", ""); - } catch (Exception e) {} + } catch (Exception e) { + } if (isPanelDone()) { try { @@ -161,11 +171,14 @@ public class AdminPanel extends WizardPanelBase { context.put("admin_pwd", ""); context.put("admin_pwd_again", ""); context.put("admin_uid", cs.getString("preop.admin.uid")); - } catch (Exception e) {} + } catch (Exception e) { + } } else { String def_admin_name = ""; try { - def_admin_name = cs.getString("cs.type") + " Administrator of Instance " + cs.getString("instanceId"); + def_admin_name = cs.getString("cs.type") + + " Administrator of Instance " + + cs.getString("instanceId"); } catch (EBaseException e) { } context.put("admin_name", def_admin_name); @@ -176,7 +189,7 @@ public class AdminPanel extends WizardPanelBase { } ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -186,24 +199,24 @@ public class AdminPanel extends WizardPanelBase { String domainname = ""; try { domainname = cs.getString("securitydomain.name", ""); - } catch (EBaseException e1) {} + } catch (EBaseException e1) { + } context.put("securityDomain", domainname); context.put("title", "Administrator"); context.put("panel", "admin/console/config/adminpanel.vm"); context.put("errorString", ""); context.put("info", info); - + } /** * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException - { + HttpServletResponse response, Context context) throws IOException { String pwd = HttpInput.getPassword(request, "__pwd"); - String pwd_again = HttpInput.getPassword(request, "__admin_password_again"); + String pwd_again = HttpInput.getPassword(request, + "__admin_password_again"); String email = HttpInput.getEmail(request, "email"); String name = HttpInput.getName(request, "name"); String uid = HttpInput.getUID(request, "uid"); @@ -230,7 +243,8 @@ public class AdminPanel extends WizardPanelBase { if (!pwd.equals(pwd_again)) { context.put("updateStatus", "validate-failure"); - throw new IOException("Password and password again are not the same."); + throw new IOException( + "Password and password again are not the same."); } if (email == null || email.length() == 0) { @@ -243,8 +257,7 @@ public class AdminPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); context.put("info", ""); context.put("import", "true"); @@ -256,13 +269,15 @@ public class AdminPanel extends WizardPanelBase { try { type = config.getString(PRE_CA_TYPE, ""); subsystemtype = config.getString("cs.type", ""); - security_domain_type = config.getString("securitydomain.select",""); + security_domain_type = config + .getString("securitydomain.select", ""); selected_hierarchy = config.getString("preop.hierarchy.select", ""); - } catch (Exception e) {} + } catch (Exception e) { + } ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -286,14 +301,12 @@ public class AdminPanel extends WizardPanelBase { throw e; } - // REMINDER: This panel is NOT used by "clones" - if( ca != null ) { - if( selected_hierarchy.equals( "root" ) ) { - CMS.debug( "AdminPanel update: " - + "Root CA subsystem"); + // REMINDER: This panel is NOT used by "clones" + if (ca != null) { + if (selected_hierarchy.equals("root")) { + CMS.debug("AdminPanel update: " + "Root CA subsystem"); } else { - CMS.debug( "AdminPanel update: " - + "Subordinate CA subsystem"); + CMS.debug("AdminPanel update: " + "Subordinate CA subsystem"); } try { @@ -309,10 +322,8 @@ public class AdminPanel extends WizardPanelBase { String ca_hostname = null; int ca_port = -1; - // REMINDER: This panel is NOT used by "clones" - CMS.debug( "AdminPanel update: " - + subsystemtype - + " subsystem" ); + // REMINDER: This panel is NOT used by "clones" + CMS.debug("AdminPanel update: " + subsystemtype + " subsystem"); if (type.equals("sdca")) { try { @@ -339,10 +350,11 @@ public class AdminPanel extends WizardPanelBase { try { config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } context.put("updateStatus", "success"); - + } private void createAdmin(HttpServletRequest request) throws IOException { @@ -402,7 +414,8 @@ public class AdminPanel extends WizardPanelBase { String select = config.getString("securitydomain.select", ""); if (select.equals("new")) { - group = system.getGroupFromName("Security Domain Administrators"); + group = system + .getGroupFromName("Security Domain Administrators"); if (!group.isMember(uid)) { group.addMemberName(uid); system.modifyGroup(group); @@ -414,7 +427,8 @@ public class AdminPanel extends WizardPanelBase { system.modifyGroup(group); } - group = system.getGroupFromName("Enterprise KRA Administrators"); + group = system + .getGroupFromName("Enterprise KRA Administrators"); if (!group.isMember(uid)) { group.addMemberName(uid); system.modifyGroup(group); @@ -426,19 +440,22 @@ public class AdminPanel extends WizardPanelBase { system.modifyGroup(group); } - group = system.getGroupFromName("Enterprise TKS Administrators"); + group = system + .getGroupFromName("Enterprise TKS Administrators"); if (!group.isMember(uid)) { group.addMemberName(uid); system.modifyGroup(group); } - group = system.getGroupFromName("Enterprise OCSP Administrators"); + group = system + .getGroupFromName("Enterprise OCSP Administrators"); if (!group.isMember(uid)) { group.addMemberName(uid); system.modifyGroup(group); } - group = system.getGroupFromName("Enterprise TPS Administrators"); + group = system + .getGroupFromName("Enterprise TPS Administrators"); if (!group.isMember(uid)) { group.addMemberName(uid); system.modifyGroup(group); @@ -450,8 +467,9 @@ public class AdminPanel extends WizardPanelBase { } } - private void submitRequest(String ca_hostname, int ca_port, HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + private void submitRequest(String ca_hostname, int ca_port, + HttpServletRequest request, HttpServletResponse response, + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String sd_hostname = null; int sd_port = -1; @@ -459,22 +477,29 @@ public class AdminPanel extends WizardPanelBase { try { sd_hostname = config.getString("securitydomain.host", ""); sd_port = config.getInteger("securitydomain.httpseeport"); - } catch (Exception e) {} + } catch (Exception e) { + } String profileId = HttpInput.getID(request, "profileId"); if (profileId == null) { try { - profileId = config.getString("preop.admincert.profile", "caAdminCert"); - } catch (Exception e) {} + profileId = config.getString("preop.admincert.profile", + "caAdminCert"); + } catch (Exception e) { + } } - String cert_request_type = HttpInput.getID(request, "cert_request_type"); + String cert_request_type = HttpInput + .getID(request, "cert_request_type"); String cert_request = HttpInput.getCertRequest(request, "cert_request"); cert_request = URLEncoder.encode(cert_request, "UTF-8"); String session_id = CMS.getConfigSDSessionId(); String subjectDN = HttpInput.getString(request, "subject"); - String content = "profileId="+profileId+"&cert_request_type="+cert_request_type+"&cert_request="+cert_request+"&xmlOutput=true&sessionID="+session_id+"&subject="+subjectDN; + String content = "profileId=" + profileId + "&cert_request_type=" + + cert_request_type + "&cert_request=" + cert_request + + "&xmlOutput=true&sessionID=" + session_id + "&subject=" + + subjectDN; HttpClient httpclient = new HttpClient(); String c = null; @@ -497,7 +522,7 @@ public class AdminPanel extends WizardPanelBase { c = httpresponse.getContent(); CMS.debug("AdminPanel submitRequest: content=" + c); - + // retrieve the request Id ad admin certificate if (c != null) { try { @@ -508,15 +533,15 @@ public class AdminPanel extends WizardPanelBase { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "AdminPanel::submitRequest() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("AdminPanel::submitRequest() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); CMS.debug("AdminPanel update: status=" + status); if (status.equals("2")) { - //relogin to the security domain + // relogin to the security domain reloginSecurityDomain(response); return; } else if (!status.equals("0")) { @@ -525,7 +550,7 @@ public class AdminPanel extends WizardPanelBase { context.put("errorString", error); throw new IOException(error); } - + IConfigStore cs = CMS.getConfigStore(); String id = parser.getValue("Id"); @@ -539,7 +564,7 @@ public class AdminPanel extends WizardPanelBase { + File.separator + "admin.b64"; cs.putString("preop.admincert.b64", dir); - PrintStream ps = new PrintStream(new FileOutputStream(dir)); + PrintStream ps = new PrintStream(new FileOutputStream(dir)); ps.println(b64); ps.flush(); @@ -561,12 +586,13 @@ public class AdminPanel extends WizardPanelBase { HttpServletResponse response, Context context) throws IOException { String cert_request = HttpInput.getCertRequest(request, "cert_request"); - String cert_request_type = HttpInput.getID(request, "cert_request_type"); + String cert_request_type = HttpInput + .getID(request, "cert_request_type"); IConfigStore cs = CMS.getConfigStore(); - if( cs == null ) { - CMS.debug( "AdminPanel::createAdminCertificate() - cs is null!" ); - throw new IOException( "cs is null" ); + if (cs == null) { + CMS.debug("AdminPanel::createAdminCertificate() - cs is null!"); + throw new IOException("cs is null"); } String subject = ""; @@ -578,14 +604,13 @@ public class AdminPanel extends WizardPanelBase { subject = CryptoUtil.getSubjectName(crmfMsgs); x509key = CryptoUtil.getX509KeyFromCRMFMsgs(crmfMsgs); } catch (Exception e) { - CMS.debug( - "AdminPanel createAdminCertificate: Exception=" - + e.toString()); + CMS.debug("AdminPanel createAdminCertificate: Exception=" + + e.toString()); } - // this request is from IE. The VBScript has problem of generating - // certificate request if the subject name has E and UID components. - // For now, we always hardcoded the subject DN to be cn=NAME in - // the IE browser. + // this request is from IE. The VBScript has problem of generating + // certificate request if the subject name has E and UID components. + // For now, we always hardcoded the subject DN to be cn=NAME in + // the IE browser. } else if (cert_request_type.equals("pkcs10")) { try { byte[] b = CMS.AtoB(cert_request); @@ -594,33 +619,35 @@ public class AdminPanel extends WizardPanelBase { x509key = pkcs10.getSubjectPublicKeyInfo(); } catch (Exception e) { CMS.debug("AdminPanel createAdminCertificate: Exception=" - + e.toString()); + + e.toString()); } } - if( x509key == null ) { - CMS.debug( "AdminPanel::createAdminCertificate() - x509key is null!" ); - throw new IOException( "x509key is null" ); + if (x509key == null) { + CMS.debug("AdminPanel::createAdminCertificate() - x509key is null!"); + throw new IOException("x509key is null"); } try { cs.putString(PCERT_PREFIX + CERT_TAG + ".dn", subject); - String caType = cs.getString(PCERT_PREFIX + CERT_TAG + ".type", "local"); + String caType = cs.getString(PCERT_PREFIX + CERT_TAG + ".type", + "local"); X509CertImpl impl = CertUtil.createLocalCert(cs, x509key, - PCERT_PREFIX, CERT_TAG, caType, context); + PCERT_PREFIX, CERT_TAG, caType, context); // update the locally created request for renewal - CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request,cert_request_type, subject); + CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request, + cert_request_type, subject); ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); if (ca != null) { createPKCS7(impl); } - cs.putString("preop.admincert.serialno.0", - impl.getSerialNumber().toString(16)); + cs.putString("preop.admincert.serialno.0", impl.getSerialNumber() + .toString(16)); } catch (Exception e) { CMS.debug("AdminPanel createAdminCertificate: Exception=" - + e.toString()); + + e.toString()); } } @@ -628,8 +655,7 @@ public class AdminPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Administrator"); context.put("panel", "admin/console/config/adminpanel.vm"); @@ -640,8 +666,9 @@ public class AdminPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); - } catch (Exception e) {} - if (ca == null && type.equals("otherca")) { + } catch (Exception e) { + } + if (ca == null && type.equals("otherca")) { info = "Since you do not join the Redhat CA network, the administrator's certificate will not be generated automatically."; } context.put("info", info); @@ -655,7 +682,7 @@ public class AdminPanel extends WizardPanelBase { public boolean shouldSkip() { try { IConfigStore c = CMS.getConfigStore(); - String s = c.getString("preop.subsystem.select",null); + String s = c.getString("preop.subsystem.select", null); if (s != null && s.equals("clone")) { return true; } @@ -665,11 +692,11 @@ public class AdminPanel extends WizardPanelBase { return false; } - private void createPKCS7(X509CertImpl cert) { try { IConfigStore cs = CMS.getConfigStore(); - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem("ca"); CertificateChain cachain = ca.getCACertChain(); X509Certificate[] cacerts = cachain.getChain(); X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; @@ -680,16 +707,18 @@ public class AdminPanel extends WizardPanelBase { } userChain[0] = cert; - PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), userChain, new SignerInfo[0]); + PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo( + new byte[0]), userChain, new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); p7.encodeSignedData(bos); byte[] p7Bytes = bos.toByteArray(); String p7Str = CMS.BtoA(p7Bytes); - cs.putString("preop.admincert.pkcs7", CryptoUtil.normalizeCertStr(p7Str)); + cs.putString("preop.admincert.pkcs7", + CryptoUtil.normalizeCertStr(p7Str)); } catch (Exception e) { - CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: "+e.toString()); + CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: " + + e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java index a62b22b7b..b5f74fd0e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -36,19 +35,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AgentAuthenticatePanel extends WizardPanelBase { - public AgentAuthenticatePanel() {} + public AgentAuthenticatePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Agent Authentication"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Agent Authentication"); setId(id); @@ -57,18 +56,18 @@ public class AgentAuthenticatePanel extends WizardPanelBase { public boolean isSubPanel() { return true; } - + /** * Should we skip this panel for the configuration. */ public boolean shouldSkip() { CMS.debug("DisplayCertChainPanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("securitydomain.select",""); + String select = cs.getString("securitydomain.select", ""); if (select.equals("new")) { return true; } @@ -78,7 +77,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase { return true; } catch (EBaseException e) { } - + return false; } @@ -96,15 +95,16 @@ public class AgentAuthenticatePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -112,20 +112,19 @@ public class AgentAuthenticatePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Agent Authentication"); IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.ca.agent.uid", ""); String type = config.getString("preop.hierarchy.select", ""); if (type.equals("root")) context.put("uid", ""); else - context.put("uid", s); + context.put("uid", s); } catch (Exception e) { CMS.debug(e.toString()); } @@ -142,17 +141,14 @@ public class AgentAuthenticatePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException - { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); context.put("panel", "admin/console/config/agentauthenticatepanel.vm"); context.put("title", "Agent Authentication"); @@ -182,34 +178,34 @@ public class AgentAuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.ca.hostname"); } catch (Exception e) { - CMS.debug("AgentAuthenticatePanel update: "+e.toString()); + CMS.debug("AgentAuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing hostname"); throw new IOException("Missing hostname"); } - + try { httpsport = config.getInteger("preop.ca.httpsport"); } catch (Exception e) { - CMS.debug("AgentAuthenticatePanel update: "+e.toString()); + CMS.debug("AgentAuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing port"); throw new IOException("Missing port"); } -/* - // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from - // web.xml as part of CC interface review - boolean authenticated = authenticate(host, httpsport, true, - "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd); - - if (!authenticated) { - context.put("errorString", "Wrong user id or password"); - throw new IOException("Wrong user id or password"); - } -*/ + /* + * // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed + * from // web.xml as part of CC interface review boolean + * authenticated = authenticate(host, httpsport, true, + * "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd); + * + * if (!authenticated) { context.put("errorString", + * "Wrong user id or password"); throw new + * IOException("Wrong user id or password"); } + */ try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } } @@ -217,9 +213,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, Context context) { context.put("password", ""); context.put("title", "Agent Authentication"); context.put("panel", "admin/console/config/agentauthenticatepanel.vm"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java index ceab1d8d1..b4f29a436 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -36,19 +35,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AuthenticatePanel extends WizardPanelBase { - public AuthenticatePanel() {} + public AuthenticatePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Authentication"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Authentication"); setId(id); @@ -62,21 +61,22 @@ public class AuthenticatePanel extends WizardPanelBase { public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - String s = cs.getString("preop.ca.agent.uid",""); + String s = cs.getString("preop.ca.agent.uid", ""); if (s == null || s.equals("")) { return false; } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -84,20 +84,19 @@ public class AuthenticatePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Authentication"); IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.ca.agent.uid", ""); String type = config.getString("preop.hierarchy.select", ""); if (type.equals("root")) context.put("uid", ""); else - context.put("uid", s); + context.put("uid", s); } catch (Exception e) { CMS.debug(e.toString()); } @@ -114,16 +113,14 @@ public class AuthenticatePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String type = ""; String catype = ""; @@ -151,30 +148,31 @@ public class AuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.ca.hostname"); } catch (Exception e) { - CMS.debug("AuthenticatePanel update: "+e.toString()); + CMS.debug("AuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing hostname"); throw new IOException("Missing hostname"); } - + try { httpsport = config.getInteger("preop.ca.httpsport"); } catch (Exception e) { - CMS.debug("AuthenticatePanel update: "+e.toString()); + CMS.debug("AuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing port"); throw new IOException("Missing port"); } - boolean authenticated = authenticate(host, httpsport, true, - "/ca/ee/ca/configSubsystem", "uid="+uid+"&pwd="+pwd); + boolean authenticated = authenticate(host, httpsport, true, + "/ca/ee/ca/configSubsystem", "uid=" + uid + "&pwd=" + pwd); - if (!authenticated) { - context.put("errorString", "Wrong user id or password"); - throw new IOException("Wrong user id or password"); - } + if (!authenticated) { + context.put("errorString", "Wrong user id or password"); + throw new IOException("Wrong user id or password"); + } try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } } @@ -182,9 +180,7 @@ public class AuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, Context context) { context.put("password", ""); context.put("panel", "admin/console/config/authenticatepanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java index 779778081..38bbbc64b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayOutputStream; import java.io.CharConversionException; import java.io.IOException; @@ -71,19 +70,19 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class BackupKeyCertPanel extends WizardPanelBase { - public BackupKeyCertPanel() {} + public BackupKeyCertPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Export Keys and Certificates"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Export Keys and Certificates"); setId(id); @@ -105,11 +104,11 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { String s = cs.getString("preop.module.token", ""); - if (s.equals("Internal Key Storage Token")) + if (s.equals("Internal Key Storage Token")) return false; } catch (Exception e) { } - + return true; } @@ -122,15 +121,16 @@ public class BackupKeyCertPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -138,8 +138,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Export Keys and Certificates"); IConfigStore config = CMS.getConfigStore(); @@ -170,12 +169,13 @@ public class BackupKeyCertPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { String select = HttpInput.getID(request, "choice"); if (select.equals("backupkey")) { String pwd = request.getParameter("__pwd"); String pwdAgain = request.getParameter("__pwdagain"); - if (pwd == null || pwdAgain == null || pwd.equals("") || pwdAgain.equals("")) { + if (pwd == null || pwdAgain == null || pwd.equals("") + || pwdAgain.equals("")) { CMS.debug("BackupKeyCertPanel validate: Password is null"); context.put("updateStatus", "validate-failure"); throw new IOException("PK12 password is empty."); @@ -184,7 +184,8 @@ public class BackupKeyCertPanel extends WizardPanelBase { if (!pwd.equals(pwdAgain)) { CMS.debug("BackupKeyCertPanel validate: Password and password again are not the same."); context.put("updateStatus", "validate-failure"); - throw new IOException("PK12 password is different from the PK12 password again."); + throw new IOException( + "PK12 password is different from the PK12 password again."); } } } @@ -193,8 +194,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String select = HttpInput.getID(request, "choice"); @@ -219,9 +219,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, Context context) { String select = ""; try { select = HttpInput.getID(request, "choice"); @@ -242,8 +240,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { context.put("panel", "admin/console/config/backupkeycertpanel.vm"); } - public void backupKeysCerts(HttpServletRequest request) - throws IOException { + public void backupKeysCerts(HttpServletRequest request) throws IOException { CMS.debug("BackupKeyCertPanel backupKeysCerts: start"); IConfigStore cs = CMS.getConfigStore(); String certlist = ""; @@ -257,9 +254,9 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { cm = CryptoManager.getInstance(); } catch (Exception e) { - CMS.debug( "BackupKeyCertPanel::backupKeysCerts() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("BackupKeyCertPanel::backupKeysCerts() - " + "Exception=" + + e.toString()); + throw new IOException(e.toString()); } String pwd = request.getParameter("__pwd"); @@ -273,12 +270,12 @@ public class BackupKeyCertPanel extends WizardPanelBase { String nickname = ""; String modname = ""; try { - nickname = cs.getString("preop.cert."+t+".nickname"); + nickname = cs.getString("preop.cert." + t + ".nickname"); modname = cs.getString("preop.module.token"); } catch (Exception e) { } if (!modname.equals("Internal Key Storage Token")) - nickname = modname+":"+nickname; + nickname = modname + ":" + nickname; X509Certificate x509cert = null; byte localKeyId[] = null; @@ -288,7 +285,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { } catch (IOException e) { throw e; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel: Exception=" + e.toString()); throw new IOException("Failed to create pkcs12 file."); } @@ -296,22 +293,24 @@ public class BackupKeyCertPanel extends WizardPanelBase { PrivateKey pkey = cm.findPrivKeyByCert(x509cert); addKeyBag(pkey, x509cert, pass, localKeyId, encSafeContents); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel: Exception=" + e.toString()); throw new IOException("Failed to create pkcs12 file."); } - } //while loop - + } // while loop + X509Certificate[] cacerts = cm.getCACerts(); - for (int i=0; i<cacerts.length; i++) { - //String nickname = cacerts[i].getSubjectDN().toString(); + for (int i = 0; i < cacerts.length; i++) { + // String nickname = cacerts[i].getSubjectDN().toString(); String nickname = null; try { - byte[] localKeyId = addCertBag(cacerts[i], nickname, safeContents); + byte[] localKeyId = addCertBag(cacerts[i], nickname, + safeContents); } catch (IOException e) { throw e; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel backKeysCerts: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel backKeysCerts: Exception=" + + e.toString()); throw new IOException("Failed to create pkcs12 file."); } } @@ -319,9 +318,9 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { AuthenticatedSafes authSafes = new AuthenticatedSafes(); authSafes.addSafeContents(safeContents); - authSafes.addSafeContents(encSafeContents); + authSafes.addSafeContents(encSafeContents); PFX pfx = new PFX(authSafes); - pfx.computeMacData(pass, null, 5); + pfx.computeMacData(pass, null, 5); ByteArrayOutputStream bos = new ByteArrayOutputStream(); pfx.encode(bos); byte[] output = bos.toByteArray(); @@ -329,13 +328,14 @@ public class BackupKeyCertPanel extends WizardPanelBase { pass.clear(); cs.commit(false); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception=" + + e.toString()); } } private void addKeyBag(PrivateKey pkey, X509Certificate x509cert, - Password pass, byte[] localKeyId, SEQUENCE safeContents) - throws IOException { + Password pass, byte[] localKeyId, SEQUENCE safeContents) + throws IOException { try { PasswordConverter passConverter = new PasswordConverter(); @@ -343,24 +343,24 @@ public class BackupKeyCertPanel extends WizardPanelBase { byte salt[] = random.generateSeed(4); // 4 bytes salt byte[] priData = getEncodedKey(pkey); - PrivateKeyInfo pki = (PrivateKeyInfo) - ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData); + PrivateKeyInfo pki = (PrivateKeyInfo) ASN1Util.decode( + PrivateKeyInfo.getTemplate(), priData); ASN1Value key = EncryptedPrivateKeyInfo.createPBE( - PBEAlgorithm.PBE_SHA1_DES3_CBC, - pass, salt, 1, passConverter, pki); - SET keyAttrs = createBagAttrs( - x509cert.getSubjectDN().toString(), localKeyId); - SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, - key, keyAttrs); + PBEAlgorithm.PBE_SHA1_DES3_CBC, pass, salt, 1, + passConverter, pki); + SET keyAttrs = createBagAttrs(x509cert.getSubjectDN().toString(), + localKeyId); + SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, key, + keyAttrs); safeContents.addElement(keyBag); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel getKeyBag: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel getKeyBag: Exception=" + e.toString()); throw new IOException("Failed to create pk12 file."); } } - private byte[] addCertBag(X509Certificate x509cert, String nickname, - SEQUENCE safeContents) throws IOException { + private byte[] addCertBag(X509Certificate x509cert, String nickname, + SEQUENCE safeContents) throws IOException { byte[] localKeyId = null; try { ASN1Value cert = new OCTET_STRING(x509cert.getEncoded()); @@ -368,11 +368,11 @@ public class BackupKeyCertPanel extends WizardPanelBase { SET certAttrs = null; if (nickname != null) certAttrs = createBagAttrs(nickname, localKeyId); - SafeBag certBag = new SafeBag(SafeBag.CERT_BAG, - new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs); + SafeBag certBag = new SafeBag(SafeBag.CERT_BAG, new CertBag( + CertBag.X509_CERT_TYPE, cert), certAttrs); safeContents.addElement(certBag); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel addCertBag: "+e.toString()); + CMS.debug("BackupKeyCertPanel addCertBag: " + e.toString()); throw new IOException("Failed to create pk12 file."); } @@ -385,8 +385,9 @@ public class BackupKeyCertPanel extends WizardPanelBase { CryptoToken token = cm.getInternalKeyStorageToken(); KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey sk = kg.generate(); - KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); - byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; + KeyWrapper wrapper = token + .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); + byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; IVParameterSpec param = new IVParameterSpec(iv); wrapper.initWrap(sk, param); byte[] enckey = wrapper.wrap(pkey); @@ -395,14 +396,14 @@ public class BackupKeyCertPanel extends WizardPanelBase { byte[] recovered = c.doFinal(enckey); return recovered; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel getEncodedKey: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel getEncodedKey: Exception=" + + e.toString()); } return null; } - private byte[] createLocalKeyId(X509Certificate cert) - throws IOException { + private byte[] createLocalKeyId(X509Certificate cert) throws IOException { try { // SHA1 hash of the X509Cert der encoding byte certDer[] = cert.getEncoded(); @@ -412,16 +413,18 @@ public class BackupKeyCertPanel extends WizardPanelBase { md.update(certDer); return md.digest(); } catch (CertificateEncodingException e) { - CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString()); + CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " + + e.toString()); throw new IOException("Failed to encode certificate."); } catch (NoSuchAlgorithmException e) { - CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString()); + CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " + + e.toString()); throw new IOException("No such algorithm supported."); } } private SET createBagAttrs(String nickName, byte localKeyId[]) - throws IOException { + throws IOException { try { SET attrs = new SET(); SEQUENCE nickNameAttr = new SEQUENCE(); @@ -442,7 +445,8 @@ public class BackupKeyCertPanel extends WizardPanelBase { attrs.addElement(localKeyAttr); return attrs; } catch (CharConversionException e) { - CMS.debug("BackupKeyCertPanel createBagAttrs: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel createBagAttrs: Exception=" + + e.toString()); throw new IOException("Failed to create PKCS12 file."); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java index 01d06631d..74961c496 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Enumeration; @@ -30,7 +29,6 @@ import org.apache.velocity.servlet.VelocityServlet; import com.netscape.certsrv.apps.CMS; - public class BaseServlet extends VelocityServlet { /** @@ -46,14 +44,14 @@ public class BaseServlet extends VelocityServlet { } public boolean authenticate(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { String pin = (String) request.getSession().getAttribute("pin"); if (pin == null) { try { response.sendRedirect("login"); - } catch (IOException e) {} + } catch (IOException e) { + } return false; } return true; @@ -66,29 +64,26 @@ public class BaseServlet extends VelocityServlet { while (paramNames.hasMoreElements()) { String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("BaseServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || pn.endsWith("password") + || pn.endsWith("passwd") || pn.endsWith("pwd") + || pn.equalsIgnoreCase("admin_password_again") + || pn.equalsIgnoreCase("directoryManagerPwd") + || pn.equalsIgnoreCase("bindpassword") + || pn.equalsIgnoreCase("bindpwd") + || pn.equalsIgnoreCase("passwd") + || pn.equalsIgnoreCase("password") + || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd") + || pn.equalsIgnoreCase("pwdagain") + || pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("BaseServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } @@ -97,14 +92,12 @@ public class BaseServlet extends VelocityServlet { * Processes request. */ public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { return null; } public Template handleRequest(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { if (CMS.debugOn()) { outputHttpParameters(request); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java index 33a0ff693..5e4c015e8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.net.URL; import java.util.StringTokenizer; @@ -39,19 +38,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class CAInfoPanel extends WizardPanelBase { - public CAInfoPanel() {} + public CAInfoPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("CA Information"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("CA Information"); setId(id); @@ -82,14 +81,15 @@ public class CAInfoPanel extends WizardPanelBase { } else { return true; } - } catch (Exception e) {} + } catch (Exception e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -97,8 +97,7 @@ public class CAInfoPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("CAInfoPanel: display"); IConfigStore cs = CMS.getConfigStore(); @@ -118,15 +117,18 @@ public class CAInfoPanel extends WizardPanelBase { try { hostname = cs.getString("preop.ca.hostname"); - } catch (Exception e) {} + } catch (Exception e) { + } try { httpport = cs.getString("preop.ca.httpport"); - } catch (Exception e) {} + } catch (Exception e) { + } try { httpsport = cs.getString("preop.ca.httpsport"); - } catch (Exception e) {} + } catch (Exception e) { + } if (type.equals("sdca")) { context.put("check_sdca", "checked"); @@ -143,12 +145,11 @@ public class CAInfoPanel extends WizardPanelBase { String cstype = "CA"; String portType = "SecurePort"; -/* - try { - cstype = cs.getString("cs.type", ""); - } catch (EBaseException e) {} -*/ - + /* + * try { cstype = cs.getString("cs.type", ""); } catch (EBaseException + * e) {} + */ + CMS.debug("CAInfoPanel: Ready to get url"); Vector v = getUrlListFromSecurityDomain(cs, cstype, portType); v.addElement("External CA"); @@ -163,12 +164,13 @@ public class CAInfoPanel extends WizardPanelBase { list.append(","); } } - + try { cs.putString("preop.ca.list", list.toString()); cs.commit(false); - } catch (Exception e) {} - + } catch (Exception e) { + } + context.put("urls", v); context.put("sdcaHostname", hostname); @@ -183,8 +185,7 @@ public class CAInfoPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); } @@ -192,20 +193,18 @@ public class CAInfoPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { /* - String select = request.getParameter("choice"); - if (select == null) { - CMS.debug("CAInfoPanel: choice not found"); - throw new IOException("choice not found"); - } + * String select = request.getParameter("choice"); if (select == null) { + * CMS.debug("CAInfoPanel: choice not found"); throw new + * IOException("choice not found"); } */ IConfigStore config = CMS.getConfigStore(); try { - String subsystemselect = config.getString("preop.subsystem.select", ""); + String subsystemselect = config.getString("preop.subsystem.select", + ""); if (subsystemselect.equals("clone")) return; } catch (Exception e) { @@ -213,25 +212,26 @@ public class CAInfoPanel extends WizardPanelBase { String select = null; String index = request.getParameter("urls"); - String url = ""; + String url = ""; if (index.startsWith("http")) { - // user may submit url directlry - url = index; + // user may submit url directlry + url = index; } else { - try { - int x = Integer.parseInt(index); - String list = config.getString("preop.ca.list", ""); - StringTokenizer tokenizer = new StringTokenizer(list, ","); - int counter = 0; - - while (tokenizer.hasMoreTokens()) { - url = tokenizer.nextToken(); - if (counter == x) { - break; + try { + int x = Integer.parseInt(index); + String list = config.getString("preop.ca.list", ""); + StringTokenizer tokenizer = new StringTokenizer(list, ","); + int counter = 0; + + while (tokenizer.hasMoreTokens()) { + url = tokenizer.nextToken(); + if (counter == x) { + break; + } + counter++; } - counter++; + } catch (Exception e) { } - } catch (Exception e) {} } URL urlx = null; @@ -240,7 +240,7 @@ public class CAInfoPanel extends WizardPanelBase { select = "otherca"; config.putString("preop.ca.pkcs7", ""); config.putInteger("preop.ca.certchain.size", 0); - } else { + } else { select = "sdca"; // parse URL (CA1 - https://...) @@ -272,10 +272,12 @@ public class CAInfoPanel extends WizardPanelBase { try { config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } } - private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { + private void sdca(HttpServletRequest request, Context context, + String hostname, String httpsPortStr) throws IOException { CMS.debug("CAInfoPanel update: this is the CA in the security domain."); IConfigStore config = CMS.getConfigStore(); @@ -292,26 +294,23 @@ public class CAInfoPanel extends WizardPanelBase { try { httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { - CMS.debug( - "CAInfoPanel update: Https port is not valid. Exception: " - + e.toString()); + CMS.debug("CAInfoPanel update: Https port is not valid. Exception: " + + e.toString()); throw new IOException("Http Port is not valid."); } config.putString("preop.ca.hostname", hostname); config.putString("preop.ca.httpsport", httpsPortStr); ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChainUsingSecureEEPort( config, "ca", hostname, - httpsport, true, context, - certApprovalCallback ); + updateCertChainUsingSecureEEPort(config, "ca", hostname, httpsport, + true, context, certApprovalCallback); } /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { /* This should never be called */ context.put("title", "CA Information"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java index fb8c2d9cc..0aedded83 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java @@ -17,9 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - - - public class Cert { private String mNickname = ""; private String mTokenname = ""; @@ -116,8 +113,8 @@ public class Cert { } public String escapeForHTML(String s) { - s = s.replaceAll("\"", """); - return s; + s = s.replaceAll("\"", """); + return s; } public String getEscapedDN() { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java index 30bcc78de..15059d081 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; import java.util.StringTokenizer; @@ -42,19 +41,19 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class CertPrettyPrintPanel extends WizardPanelBase { private Vector mCerts = null; - public CertPrettyPrintPanel() {} + public CertPrettyPrintPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Certificates"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Certificates"); setId(id); @@ -63,7 +62,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase { public PropertySet getUsage() { // expects no input from client PropertySet set = new PropertySet(); - + return set; } @@ -75,15 +74,15 @@ public class CertPrettyPrintPanel extends WizardPanelBase { public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - boolean s = cs.getBoolean("preop.CertPrettyPrintPanel.done", - false); + boolean s = cs.getBoolean("preop.CertPrettyPrintPanel.done", false); if (s != true) { return false; } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -93,8 +92,10 @@ public class CertPrettyPrintPanel extends WizardPanelBase { CMS.debug("CertPrettyPrintPanel: in getCert()"); try { // String cert = config.getString(CONF_CA_CERT); - String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem"); - String certs = config.getString(subsystem + "." + certTag + ".cert"); + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); + String certs = config + .getString(subsystem + "." + certTag + ".cert"); byte[] certb = CryptoUtil.base64Decode(certs); if (cert != null) { @@ -116,8 +117,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("CertPrettyPrintPanel: display()"); context.put("title", "Certificates Pretty Print"); @@ -134,32 +134,30 @@ public class CertPrettyPrintPanel extends WizardPanelBase { String certTag = st.nextToken(); try { - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); - String nickname = config.getString( - subsystem + "." + certTag + ".nickname"); - String tokenname = config.getString( - subsystem + "." + certTag + ".tokenname"); + String nickname = config.getString(subsystem + "." + + certTag + ".nickname"); + String tokenname = config.getString(subsystem + "." + + certTag + ".tokenname"); Cert c = new Cert(tokenname, nickname, certTag); - String type = config.getString( - PCERT_PREFIX + certTag + ".type"); + String type = config.getString(PCERT_PREFIX + certTag + + ".type"); c.setType(type); getCert(request, config, context, certTag, c); mCerts.addElement(c); } catch (Exception e) { - CMS.debug( - "CertPrettyPrintPanel: display() certTag " + certTag - + " Exception caught: " + e.toString()); + CMS.debug("CertPrettyPrintPanel: display() certTag " + + certTag + " Exception caught: " + e.toString()); } } } catch (Exception e) { - CMS.debug( - "CertPrettyPrintPanel:display() Exception caught: " - + e.toString()); + CMS.debug("CertPrettyPrintPanel:display() Exception caught: " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } // try @@ -175,25 +173,22 @@ public class CertPrettyPrintPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { CMS.debug("CertPrettyPrintPanel: in update()"); IConfigStore config = CMS.getConfigStore(); config.putBoolean("preop.CertPrettyPrintPanel.done", true); try { config.commit(false); } catch (EBaseException e) { - CMS.debug( - "CertPrettyPrintPanel: update() Exception caught at config commit: " - + e.toString()); + CMS.debug("CertPrettyPrintPanel: update() Exception caught at config commit: " + + e.toString()); } } @@ -201,8 +196,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Certificates Pretty Print"); context.put("panel", "admin/console/config/certprettyprintpanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java index 5e783b1a1..962c9080a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.math.BigInteger; import java.security.Principal; @@ -58,35 +57,38 @@ public class CertRequestPanel extends WizardPanelBase { private Vector mCerts = null; private WizardServlet mServlet = null; - public CertRequestPanel() {} + public CertRequestPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Requests & Certificates"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Requests and Certificates"); mServlet = servlet; setId(id); } - // XXX how do you do this? There could be multiple certs. + // XXX how do you do this? There could be multiple certs. public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameters */ - null); + + Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameters */ + null); set.add("cert", certDesc); - + return set; } @@ -95,13 +97,13 @@ public class CertRequestPanel extends WizardPanelBase { */ public boolean showApplyButton() { if (isPanelDone()) - return false; + return false; else - return true; + return true; } - private boolean findCertificate(String tokenname, String nickname) - throws IOException { + private boolean findCertificate(String tokenname, String nickname) + throws IOException { IConfigStore cs = CMS.getConfigStore(); CryptoManager cm = null; try { @@ -112,9 +114,10 @@ public class CertRequestPanel extends WizardPanelBase { String fullnickname = nickname; boolean hardware = false; - if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) { + if (!tokenname.equals("internal") + && !tokenname.equals("Internal Key Storage Token")) { hardware = true; - fullnickname = tokenname+":"+nickname; + fullnickname = tokenname + ":" + nickname; } try { @@ -126,16 +129,23 @@ public class CertRequestPanel extends WizardPanelBase { return true; } catch (Exception ee) { if (hardware) { - CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding."); - throw new IOException("The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding."); + CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: " + + fullnickname + + " has been found on HSM. Please remove it before proceeding."); + throw new IOException( + "The certificate with the same nickname: " + + fullnickname + + " has been found on HSM. Please remove it before proceeding."); } return true; } } catch (IOException e) { - CMS.debug("CertRequestPanel findCertificate: throw exception:"+e.toString()); + CMS.debug("CertRequestPanel findCertificate: throw exception:" + + e.toString()); throw e; } catch (Exception e) { - CMS.debug("CertRequestPanel findCertificate: Exception="+e.toString()); + CMS.debug("CertRequestPanel findCertificate: Exception=" + + e.toString()); return false; } } @@ -148,13 +158,13 @@ public class CertRequestPanel extends WizardPanelBase { try { select = cs.getString("preop.subsystem.select", ""); list = cs.getString("preop.cert.list", ""); - tokenname = cs.getString("preop.module.token", ""); + tokenname = cs.getString("preop.module.token", ""); } catch (Exception e) { } - ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( - ICertificateAuthority.ID); - + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(ICertificateAuthority.ID); + if (ca != null) { CMS.debug("CertRequestPanel cleanup: get certificate repository"); BigInteger beginS = null; @@ -176,27 +186,28 @@ public class CertRequestPanel extends WizardPanelBase { try { cr.removeCertRecords(beginS, endS); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanUp exception in removing all objects: "+e.toString()); + CMS.debug("CertRequestPanel cleanUp exception in removing all objects: " + + e.toString()); } - + try { - cr.resetSerialNumber(new BigInteger(beginNum,16)); + cr.resetSerialNumber(new BigInteger(beginNum, 16)); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: "+e.toString()); + CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: " + + e.toString()); } } } - StringTokenizer st = new StringTokenizer(list, ","); String nickname = ""; boolean enable = false; while (st.hasMoreTokens()) { String t = st.nextToken(); - + try { - enable = cs.getBoolean(PCERT_PREFIX+t+".enable", true); - nickname = cs.getString(PCERT_PREFIX +t+".nickname", ""); + enable = cs.getBoolean(PCERT_PREFIX + t + ".enable", true); + nickname = cs.getString(PCERT_PREFIX + t + ".nickname", ""); } catch (Exception e) { } @@ -208,10 +219,12 @@ public class CertRequestPanel extends WizardPanelBase { if (findCertificate(tokenname, nickname)) { try { - CMS.debug("CertRequestPanel cleanup: deleting certificate ("+nickname+")."); - deleteCert(tokenname, nickname); + CMS.debug("CertRequestPanel cleanup: deleting certificate (" + + nickname + ")."); + deleteCert(tokenname, nickname); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" +nickname+"). Exception: " +e.toString()); + CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" + + nickname + "). Exception: " + e.toString()); } } } @@ -227,50 +240,50 @@ public class CertRequestPanel extends WizardPanelBase { public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - boolean s = cs.getBoolean("preop.CertRequestPanel.done", - false); + boolean s = cs.getBoolean("preop.CertRequestPanel.done", false); if (s != true) { return false; } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } - public void getCert(IConfigStore config, - Context context, String certTag, Cert cert) { + public void getCert(IConfigStore config, Context context, String certTag, + Cert cert) { try { - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); - String certs = config.getString(subsystem + "." + certTag + ".cert", ""); + String certs = config.getString( + subsystem + "." + certTag + ".cert", ""); if (cert != null) { String certf = certs; - CMS.debug( - "CertRequestPanel getCert: certTag=" + certTag + CMS.debug("CertRequestPanel getCert: certTag=" + certTag + " cert=" + certs); - //get and set formated cert - if (!certs.startsWith("...")) { + // get and set formated cert + if (!certs.startsWith("...")) { certf = CryptoUtil.certFormat(certs); } cert.setCert(certf); - //get and set cert pretty print + // get and set cert pretty print byte[] certb = CryptoUtil.base64Decode(certs); CertPrettyPrint pp = new CertPrettyPrint(certb); cert.setCertpp(pp.toString(Locale.getDefault())); } else { - CMS.debug( "CertRequestPanel::getCert() - cert is null!" ); + CMS.debug("CertRequestPanel::getCert() - cert is null!"); return; } - String userfriendlyname = config.getString( - PCERT_PREFIX + certTag + ".userfriendlyname"); + String userfriendlyname = config.getString(PCERT_PREFIX + certTag + + ".userfriendlyname"); cert.setUserFriendlyName(userfriendlyname); String type = config.getString(PCERT_PREFIX + certTag + ".type"); @@ -285,46 +298,45 @@ public class CertRequestPanel extends WizardPanelBase { } public X509Key getECCX509Key(IConfigStore config, String certTag) - throws Exception - { + throws Exception { X509Key pubk = null; - String pubKeyEncoded = config.getString( - PCERT_PREFIX + certTag + ".pubkey.encoded"); - pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); + String pubKeyEncoded = config.getString(PCERT_PREFIX + certTag + + ".pubkey.encoded"); + pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil + .string2byte(pubKeyEncoded)); return pubk; } public X509Key getRSAX509Key(IConfigStore config, String certTag) - throws Exception - { + throws Exception { X509Key pubk = null; - String pubKeyModulus = config.getString( - PCERT_PREFIX + certTag + ".pubkey.modulus"); - String pubKeyPublicExponent = config.getString( - PCERT_PREFIX + certTag + ".pubkey.exponent"); + String pubKeyModulus = config.getString(PCERT_PREFIX + certTag + + ".pubkey.modulus"); + String pubKeyPublicExponent = config.getString(PCERT_PREFIX + certTag + + ".pubkey.exponent"); pubk = CryptoUtil.getPublicX509Key( - CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); + CryptoUtil.string2byte(pubKeyModulus), + CryptoUtil.string2byte(pubKeyPublicExponent)); return pubk; } - public void handleCertRequest(IConfigStore config, - Context context, String certTag, Cert cert) { + public void handleCertRequest(IConfigStore config, Context context, + String certTag, Cert cert) { try { // get public key - String pubKeyType = config.getString( - PCERT_PREFIX + certTag + ".keytype"); - String algorithm = config.getString( - PCERT_PREFIX + certTag + ".keyalgorithm"); + String pubKeyType = config.getString(PCERT_PREFIX + certTag + + ".keytype"); + String algorithm = config.getString(PCERT_PREFIX + certTag + + ".keyalgorithm"); X509Key pubk = null; if (pubKeyType.equals("rsa")) { pubk = getRSAX509Key(config, certTag); } else if (pubKeyType.equals("ecc")) { pubk = getECCX509Key(config, certTag); } else { - CMS.debug( "CertRequestPanel::handleCertRequest() - " - + "pubKeyType " + pubKeyType + " is unsupported!" ); + CMS.debug("CertRequestPanel::handleCertRequest() - " + + "pubKeyType " + pubKeyType + " is unsupported!"); return; } @@ -337,11 +349,11 @@ public class CertRequestPanel extends WizardPanelBase { } // get private key - String privKeyID = config.getString( - PCERT_PREFIX + certTag + ".privkey.id"); + String privKeyID = config.getString(PCERT_PREFIX + certTag + + ".privkey.id"); CMS.debug("CertRequestPanel: privKeyID=" + privKeyID); byte[] keyIDb = CryptoUtil.string2byte(privKeyID); - + PrivateKey privk = CryptoUtil.findPrivateKeyFromID(keyIDb); if (privk != null) { @@ -349,7 +361,7 @@ public class CertRequestPanel extends WizardPanelBase { } else { CMS.debug("CertRequestPanel: error getting private key null"); } - + // construct cert request String caDN = config.getString(PCERT_PREFIX + certTag + ".dn"); @@ -361,9 +373,9 @@ public class CertRequestPanel extends WizardPanelBase { byte[] certReqb = certReq.toByteArray(); String certReqs = CryptoUtil.base64Encode(certReqb); String certReqf = CryptoUtil.reqFormat(certReqs); - - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); + + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); config.putString(subsystem + "." + certTag + ".certreq", certReqs); config.commit(false); cert.setRequest(certReqf); @@ -378,8 +390,7 @@ public class CertRequestPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("CertRequestPanel: display()"); context.put("title", "Requests and Certificates"); @@ -396,36 +407,35 @@ public class CertRequestPanel extends WizardPanelBase { String certTag = st.nextToken(); try { - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); - String nickname = config.getString( - subsystem + "." + certTag + ".nickname"); - String tokenname = config.getString( - subsystem + "." + certTag + ".tokenname"); + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); + String nickname = config.getString(subsystem + "." + + certTag + ".nickname"); + String tokenname = config.getString(subsystem + "." + + certTag + ".tokenname"); Cert c = new Cert(tokenname, nickname, certTag); handleCertRequest(config, context, certTag, c); - String type = config.getString( - PCERT_PREFIX + certTag + ".type"); + String type = config.getString(PCERT_PREFIX + certTag + + ".type"); c.setType(type); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + + ".enable", true); c.setEnable(enable); getCert(config, context, certTag, c); c.setSubsystem(subsystem); mCerts.addElement(c); } catch (Exception e) { - CMS.debug( - "CertRequestPanel:display() Exception caught: " - + e.toString() + " for certTag " + certTag); + CMS.debug("CertRequestPanel:display() Exception caught: " + + e.toString() + " for certTag " + certTag); } } } catch (Exception e) { - CMS.debug( - "CertRequestPanel:display() Exception caught: " - + e.toString()); + CMS.debug("CertRequestPanel:display() Exception caught: " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } // try @@ -441,8 +451,7 @@ public class CertRequestPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } private boolean findBootstrapServerCert() { @@ -458,7 +467,8 @@ public class CertRequestPanel extends WizardPanelBase { if (issuerDN.equals(subjectDN)) return true; } catch (Exception e) { - CMS.debug("CertRequestPanel findBootstrapServerCert Exception="+e.toString()); + CMS.debug("CertRequestPanel findBootstrapServerCert Exception=" + + e.toString()); } return false; @@ -472,7 +482,8 @@ public class CertRequestPanel extends WizardPanelBase { deleteCert("Internal Key Storage Token", nickname); } catch (Exception e) { - CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception="+e.toString()); + CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception=" + + e.toString()); } } @@ -480,8 +491,7 @@ public class CertRequestPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { CMS.debug("CertRequestPanel: in update()"); boolean hasErr = false; IConfigStore config = CMS.getConfigStore(); @@ -502,7 +512,7 @@ public class CertRequestPanel extends WizardPanelBase { String tokenname = ""; try { - tokenname = config.getString("preop.module.token", ""); + tokenname = config.getString("preop.module.token", ""); } catch (Exception e) { } @@ -510,202 +520,216 @@ public class CertRequestPanel extends WizardPanelBase { Cert cert = (Cert) c.nextElement(); String certTag = cert.getCertTag(); String subsystem = cert.getSubsystem(); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + + ".enable", true); if (!enable) continue; - if (hasErr) + if (hasErr) continue; String nickname = cert.getNickname(); - CMS.debug( - "CertRequestPanel: update() for cert tag " - + cert.getCertTag()); - // String b64 = config.getString(CERT_PREFIX+ certTag +".cert", ""); + CMS.debug("CertRequestPanel: update() for cert tag " + + cert.getCertTag()); + // String b64 = config.getString(CERT_PREFIX+ certTag +".cert", + // ""); String b64 = HttpInput.getCert(request, certTag); if (cert.getType().equals("local") - && b64.equals( - "...certificate be generated internally...")) { + && b64.equals("...certificate be generated internally...")) { - String pubKeyType = config.getString( - PCERT_PREFIX + certTag + ".keytype"); + String pubKeyType = config.getString(PCERT_PREFIX + certTag + + ".keytype"); X509Key x509key = null; if (pubKeyType.equals("rsa")) { - x509key = getRSAX509Key(config, certTag); + x509key = getRSAX509Key(config, certTag); } else if (pubKeyType.equals("ecc")) { - x509key = getECCX509Key(config, certTag); + x509key = getECCX509Key(config, certTag); } - + if (findCertificate(tokenname, nickname)) { if (!certTag.equals("sslserver")) - continue; + continue; } - X509CertImpl impl = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, cert.getType(), context); + X509CertImpl impl = CertUtil.createLocalCert(config, + x509key, PCERT_PREFIX, certTag, cert.getType(), + context); if (impl != null) { - byte[] certb = impl.getEncoded(); + byte[] certb = impl.getEncoded(); String certs = CryptoUtil.base64Encode(certb); cert.setCert(certs); - config.putString(subsystem + "." + certTag + ".cert", certs); + config.putString(subsystem + "." + certTag + ".cert", + certs); /* import certificate */ - CMS.debug( - "CertRequestPanel configCert: nickname=" - + nickname); + CMS.debug("CertRequestPanel configCert: nickname=" + + nickname); try { - if (certTag.equals("sslserver") && findBootstrapServerCert()) + if (certTag.equals("sslserver") + && findBootstrapServerCert()) deleteBootstrapServerCert(); if (findCertificate(tokenname, nickname)) deleteCert(tokenname, nickname); - if (certTag.equals("signing") && subsystem.equals("ca")) - CryptoUtil.importUserCertificate(impl, nickname); + if (certTag.equals("signing") + && subsystem.equals("ca")) + CryptoUtil + .importUserCertificate(impl, nickname); else - CryptoUtil.importUserCertificate(impl, nickname, false); - CMS.debug( - "CertRequestPanel configCert: cert imported for certTag " - + certTag); + CryptoUtil.importUserCertificate(impl, + nickname, false); + CMS.debug("CertRequestPanel configCert: cert imported for certTag " + + certTag); } catch (Exception ee) { - CMS.debug( - "CertRequestPanel configCert: import certificate for certTag=" - + certTag + " Exception: " - + ee.toString()); + CMS.debug("CertRequestPanel configCert: import certificate for certTag=" + + certTag + " Exception: " + ee.toString()); CMS.debug("ok"); -// hasErr = true; + // hasErr = true; } } } else if (cert.getType().equals("remote")) { if (b64 != null && b64.length() > 0 && !b64.startsWith("...")) { - String b64chain = HttpInput.getCertChain(request, certTag+"_cc"); - CMS.debug( - "CertRequestPanel: in update() process remote...import cert"); + String b64chain = HttpInput.getCertChain(request, + certTag + "_cc"); + CMS.debug("CertRequestPanel: in update() process remote...import cert"); - String input = HttpInput.getCert(request, cert.getCertTag()); + String input = HttpInput.getCert(request, + cert.getCertTag()); if (input != null) { try { - if (certTag.equals("sslserver") && findBootstrapServerCert()) + if (certTag.equals("sslserver") + && findBootstrapServerCert()) deleteBootstrapServerCert(); - if (findCertificate(tokenname, nickname)) { - deleteCert(tokenname, nickname); + if (findCertificate(tokenname, nickname)) { + deleteCert(tokenname, nickname); } } catch (Exception e) { - CMS.debug("CertRequestPanel update (remote): deleteCert Exception="+e.toString()); + CMS.debug("CertRequestPanel update (remote): deleteCert Exception=" + + e.toString()); } input = CryptoUtil.stripCertBrackets(input.trim()); String certs = CryptoUtil.normalizeCertStr(input); byte[] certb = CryptoUtil.base64Decode(certs); - config.putString(subsystem + "." + certTag + ".cert", - certs); + config.putString(subsystem + "." + certTag + + ".cert", certs); try { CryptoManager cm = CryptoManager.getInstance(); - X509Certificate x509cert = cm.importCertPackage( - certb, nickname); + X509Certificate x509cert = cm + .importCertPackage(certb, nickname); CryptoUtil.trustCertByNickname(nickname); - X509Certificate[] certchains = cm.buildCertificateChain( - x509cert); + X509Certificate[] certchains = cm + .buildCertificateChain(x509cert); X509Certificate leaf = null; if (certchains != null) { - CMS.debug( - "CertRequestPanel certchains length=" - + certchains.length); + CMS.debug("CertRequestPanel certchains length=" + + certchains.length); leaf = certchains[certchains.length - 1]; } - if( leaf == null ) { - CMS.debug( "CertRequestPanel::update() - " - + "leaf is null!" ); - throw new IOException( "leaf is null" ); + if (leaf == null) { + CMS.debug("CertRequestPanel::update() - " + + "leaf is null!"); + throw new IOException("leaf is null"); } - if (/*(certchains.length <= 1) &&*/ - (b64chain != null && b64chain.length() != 0)) { - CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + b64chain); - try { - CryptoUtil.importCertificateChain( - CryptoUtil.normalizeCertAndReq(b64chain)); - } catch (Exception e) { - CMS.debug("CertRequestPanel: importCertChain: Exception: "+e.toString()); - } + if (/* (certchains.length <= 1) && */ + (b64chain != null && b64chain.length() != 0)) { + CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + + b64chain); + try { + CryptoUtil + .importCertificateChain(CryptoUtil + .normalizeCertAndReq(b64chain)); + } catch (Exception e) { + CMS.debug("CertRequestPanel: importCertChain: Exception: " + + e.toString()); + } } InternalCertificate icert = (InternalCertificate) leaf; - icert.setSSLTrust( - InternalCertificate.TRUSTED_CA - | InternalCertificate.TRUSTED_CLIENT_CA - | InternalCertificate.VALID_CA); - CMS.debug( - "CertRequestPanel configCert: import certificate successfully, certTag=" - + certTag); + icert.setSSLTrust(InternalCertificate.TRUSTED_CA + | InternalCertificate.TRUSTED_CLIENT_CA + | InternalCertificate.VALID_CA); + CMS.debug("CertRequestPanel configCert: import certificate successfully, certTag=" + + certTag); } catch (Exception ee) { - CMS.debug( - "CertRequestPanel configCert: import certificate for certTag=" - + certTag + " Exception: " - + ee.toString()); + CMS.debug("CertRequestPanel configCert: import certificate for certTag=" + + certTag + + " Exception: " + + ee.toString()); CMS.debug("ok"); -// hasErr=true; + // hasErr=true; } } else { CMS.debug("CertRequestPanel: in update() input null"); hasErr = true; } } else { - CMS.debug("CertRequestPanel: in update() b64 not set"); - hasErr=true; + CMS.debug("CertRequestPanel: in update() b64 not set"); + hasErr = true; } - + } else { b64 = CryptoUtil.stripCertBrackets(b64.trim()); String certs = CryptoUtil.normalizeCertStr(b64); byte[] certb = CryptoUtil.base64Decode(certs); X509CertImpl impl = new X509CertImpl(certb); try { - if (certTag.equals("sslserver") && findBootstrapServerCert()) + if (certTag.equals("sslserver") + && findBootstrapServerCert()) deleteBootstrapServerCert(); if (findCertificate(tokenname, nickname)) { - deleteCert(tokenname, nickname); + deleteCert(tokenname, nickname); } } catch (Exception ee) { - CMS.debug("CertRequestPanel update: deleteCert Exception="+ee.toString()); + CMS.debug("CertRequestPanel update: deleteCert Exception=" + + ee.toString()); } try { if (certTag.equals("signing") && subsystem.equals("ca")) CryptoUtil.importUserCertificate(impl, nickname); else - CryptoUtil.importUserCertificate(impl, nickname, false); + CryptoUtil.importUserCertificate(impl, nickname, + false); } catch (Exception ee) { - CMS.debug("CertRequestPanel: Failed to import user certificate."+ee.toString()); - hasErr=true; + CMS.debug("CertRequestPanel: Failed to import user certificate." + + ee.toString()); + hasErr = true; } } - //update requests in request queue for local certs to allow renewal - if ((cert.getType().equals("local")) || (cert.getType().equals("selfsign"))) { - CertUtil.updateLocalRequest(config, certTag, cert.getRequest(), "pkcs10", null); + // update requests in request queue for local certs to allow + // renewal + if ((cert.getType().equals("local")) + || (cert.getType().equals("selfsign"))) { + CertUtil.updateLocalRequest(config, certTag, + cert.getRequest(), "pkcs10", null); } if (certTag.equals("signing") && subsystem.equals("ca")) { String NickName = nickname; - if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) - NickName = tokenname+ ":"+ nickname; + if (!tokenname.equals("internal") + && !tokenname.equals("Internal Key Storage Token")) + NickName = tokenname + ":" + nickname; - CMS.debug("CertRequestPanel update: set trust on CA signing cert "+NickName); + CMS.debug("CertRequestPanel update: set trust on CA signing cert " + + NickName); CryptoUtil.trustCertByNickname(NickName); CMS.reinit(ICertificateAuthority.ID); - } - } //while loop + } + } // while loop if (hasErr == false) { - config.putBoolean("preop.CertRequestPanel.done", true); + config.putBoolean("preop.CertRequestPanel.done", true); } config.commit(false); } catch (Exception e) { @@ -713,7 +737,7 @@ public class CertRequestPanel extends WizardPanelBase { System.err.println("Exception caught: " + e.toString()); } - //reset the attribute of the user certificate to u,u,u + // reset the attribute of the user certificate to u,u,u String certlist = ""; try { certlist = config.getString("preop.cert.list", ""); @@ -723,25 +747,28 @@ public class CertRequestPanel extends WizardPanelBase { String tag = tokenizer.nextToken(); if (tag.equals("signing")) continue; - String nickname = config.getString("preop.cert."+tag+".nickname", ""); + String nickname = config.getString("preop.cert." + tag + + ".nickname", ""); String tokenname = config.getString("preop.module.token", ""); if (!tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + nickname = tokenname + ":" + nickname; X509Certificate c = cm.findCertByNickname(nickname); if (c instanceof InternalCertificate) { - InternalCertificate ic = (InternalCertificate)c; + InternalCertificate ic = (InternalCertificate) c; ic.setSSLTrust(InternalCertificate.USER); ic.setEmailTrust(InternalCertificate.USER); if (tag.equals("audit_signing")) { - ic.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER); + ic.setObjectSigningTrust(InternalCertificate.USER + | InternalCertificate.VALID_PEER + | InternalCertificate.TRUSTED_PEER); } else { ic.setObjectSigningTrust(InternalCertificate.USER); } } - } + } } catch (Exception e) { } - if (!hasErr) { + if (!hasErr) { context.put("updateStatus", "success"); } else { context.put("updateStatus", "failure"); @@ -752,8 +779,7 @@ public class CertRequestPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Certificate Request"); context.put("panel", "admin/console/config/certrequestpanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java index 3725149d5..0a6d3c60c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -64,13 +64,12 @@ import com.netscape.cmsutil.http.HttpResponse; import com.netscape.cmsutil.http.JssSSLSocketFactory; import com.netscape.cmsutil.xml.XMLObject; - public class CertUtil { static final int LINE_COUNT = 76; - public static X509CertImpl createRemoteCert(String hostname, - int port, String content, HttpServletResponse response, WizardPanelBase panel) - throws IOException { + public static X509CertImpl createRemoteCert(String hostname, int port, + String content, HttpServletResponse response, WizardPanelBase panel) + throws IOException { HttpClient httpclient = new HttpClient(); String c = null; CMS.debug("CertUtil createRemoteCert: content " + content); @@ -98,21 +97,22 @@ public class CertUtil { if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "CertUtil::createRemoteCert() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("CertUtil::createRemoteCert() - " + "Exception=" + + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); CMS.debug("CertUtil createRemoteCert: status=" + status); if (status.equals("2")) { - //relogin to the security domain + // relogin to the security domain panel.reloginSecurityDomain(response); return null; } else if (!status.equals("0")) { @@ -136,43 +136,43 @@ public class CertUtil { return null; } - public static String getPKCS10(IConfigStore config, String prefix, + public static String getPKCS10(IConfigStore config, String prefix, Cert certObj, Context context) throws IOException { String certTag = certObj.getCertTag(); X509Key pubk = null; try { - String pubKeyType = config.getString( - prefix + certTag + ".keytype"); - String algorithm = config.getString( - prefix + certTag + ".keyalgorithm"); + String pubKeyType = config.getString(prefix + certTag + ".keytype"); + String algorithm = config.getString(prefix + certTag + + ".keyalgorithm"); if (pubKeyType.equals("rsa")) { - String pubKeyModulus = config.getString( - prefix + certTag + ".pubkey.modulus"); - String pubKeyPublicExponent = config.getString( - prefix + certTag + ".pubkey.exponent"); - pubk = CryptoUtil.getPublicX509Key( - CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); + String pubKeyModulus = config.getString(prefix + certTag + + ".pubkey.modulus"); + String pubKeyPublicExponent = config.getString(prefix + certTag + + ".pubkey.exponent"); + pubk = CryptoUtil.getPublicX509Key( + CryptoUtil.string2byte(pubKeyModulus), + CryptoUtil.string2byte(pubKeyPublicExponent)); } else if (pubKeyType.equals("ecc")) { - String pubKeyEncoded = config.getString( - prefix + certTag + ".pubkey.encoded"); - pubk = CryptoUtil.getPublicX509ECCKey( - CryptoUtil.string2byte(pubKeyEncoded)); + String pubKeyEncoded = config.getString(prefix + certTag + + ".pubkey.encoded"); + pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil + .string2byte(pubKeyEncoded)); } else { - CMS.debug( "CertRequestPanel::getPKCS10() - " - + "public key type is unsupported!" ); - throw new IOException( "public key type is unsupported" ); + CMS.debug("CertRequestPanel::getPKCS10() - " + + "public key type is unsupported!"); + throw new IOException("public key type is unsupported"); } if (pubk != null) { CMS.debug("CertRequestPanel: got public key"); } else { CMS.debug("CertRequestPanel: error getting public key null"); - throw new IOException( "public key is null" ); + throw new IOException("public key is null"); } // get private key - String privKeyID = config.getString(prefix + certTag + ".privkey.id"); + String privKeyID = config.getString(prefix + certTag + + ".privkey.id"); byte[] keyIDb = CryptoUtil.string2byte(privKeyID); PrivateKey privk = CryptoUtil.findPrivateKeyFromID(keyIDb); @@ -187,8 +187,8 @@ public class CertUtil { String dn = config.getString(prefix + certTag + ".dn"); PKCS10 certReq = null; - certReq = CryptoUtil.createCertificationRequest(dn, pubk, - privk, algorithm); + certReq = CryptoUtil.createCertificationRequest(dn, pubk, privk, + algorithm); byte[] certReqb = certReq.toByteArray(); String certReqs = CryptoUtil.base64Encode(certReqb); @@ -201,15 +201,15 @@ public class CertUtil { } } - -/* - * create requests so renewal can work on these initial certs - */ - public static IRequest createLocalRequest(IRequestQueue queue, String serialNum, X509CertInfo info) throws EBaseException { -// RequestId rid = new RequestId(serialNum); + /* + * create requests so renewal can work on these initial certs + */ + public static IRequest createLocalRequest(IRequestQueue queue, + String serialNum, X509CertInfo info) throws EBaseException { + // RequestId rid = new RequestId(serialNum); // just need a request, no need to get into a queue -// IRequest r = new EnrollmentRequest(rid); - CMS.debug("CertUtil: createLocalRequest for serial: "+ serialNum); + // IRequest r = new EnrollmentRequest(rid); + CMS.debug("CertUtil: createLocalRequest for serial: " + serialNum); IRequest req = queue.newRequest("enrollment"); CMS.debug("certUtil: newRequest called"); req.setExtData("profile", "true"); @@ -217,14 +217,14 @@ public class CertUtil { req.setExtData("req_seq_num", "0"); req.setExtData(IEnrollProfile.REQUEST_CERTINFO, info); req.setExtData(IEnrollProfile.REQUEST_EXTENSIONS, - new CertificateExtensions()); + new CertificateExtensions()); req.setExtData("requesttype", "enrollment"); req.setExtData("requestor_name", ""); req.setExtData("requestor_email", ""); req.setExtData("requestor_phone", ""); req.setExtData("profileRemoteHost", ""); req.setExtData("profileRemoteAddr", ""); - req.setExtData("requestnotes",""); + req.setExtData("requestnotes", ""); req.setExtData("isencryptioncert", "false"); req.setExtData("profileapprovedby", "system"); @@ -235,18 +235,19 @@ public class CertUtil { return req; } -/** - * update local cert request with the actual request - * called from CertRequestPanel.java - */ - public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, String subjectName) - { - try { + /** + * update local cert request with the actual request called from + * CertRequestPanel.java + */ + public static void updateLocalRequest(IConfigStore config, String certTag, + String certReq, String reqType, String subjectName) { + try { CMS.debug("Updating local request... certTag=" + certTag); - RequestId rid = new RequestId(config.getString("preop.cert." + certTag + ".reqId")); + RequestId rid = new RequestId(config.getString("preop.cert." + + certTag + ".reqId")); - ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( - ICertificateAuthority.ID); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(ICertificateAuthority.ID); IRequestQueue queue = ca.getRequestQueue(); if (queue != null) { @@ -262,76 +263,84 @@ public class CertUtil { } queue.updateRequest(req); } else { - CMS.debug("CertUtil:updateLocalRequest - request queue = null"); + CMS.debug("CertUtil:updateLocalRequest - request queue = null"); } } catch (Exception e) { CMS.debug("CertUtil:updateLocalRequest - Exception:" + e.toString()); } } -/** - * reads from the admin cert profile caAdminCert.profile and takes the first - * entry in the list of allowed algorithms. Users that wish a different algorithm - * can specify it in the profile using default.params.signingAlg - */ + /** + * reads from the admin cert profile caAdminCert.profile and takes the first + * entry in the list of allowed algorithms. Users that wish a different + * algorithm can specify it in the profile using default.params.signingAlg + */ public static String getAdminProfileAlgorithm(IConfigStore config) { String algorithm = "SHA256withRSA"; try { - String caSigningKeyType = config.getString("preop.cert.signing.keytype","rsa"); + String caSigningKeyType = config.getString( + "preop.cert.signing.keytype", "rsa"); String pfile = config.getString("profile.caAdminCert.config"); FileInputStream fis = new FileInputStream(pfile); DataInputStream in = new DataInputStream(fis); BufferedReader br = new BufferedReader(new InputStreamReader(in)); - String strLine; - while ((strLine = br.readLine()) != null) { - String marker2 = "default.params.signingAlg="; - int indx = strLine.indexOf(marker2); - if (indx != -1) { - String alg = strLine.substring(indx + marker2.length()); - if ((alg.length() > 0) && (!alg.equals("-"))) { - algorithm = alg; - break; - }; - }; - - String marker = "signingAlgsAllowed="; - indx = strLine.indexOf(marker); - if (indx != -1) { - String[] algs = strLine.substring(indx + marker.length()).split(","); - for (int i=0; i<algs.length; i++) { - if ((caSigningKeyType.equals("rsa") && (algs[i].indexOf("RSA") != -1)) || - (caSigningKeyType.equals("ecc") && (algs[i].indexOf("EC" ) != -1)) ) { - algorithm = algs[i]; - break; - } - } - } - } - in.close(); + String strLine; + while ((strLine = br.readLine()) != null) { + String marker2 = "default.params.signingAlg="; + int indx = strLine.indexOf(marker2); + if (indx != -1) { + String alg = strLine.substring(indx + marker2.length()); + if ((alg.length() > 0) && (!alg.equals("-"))) { + algorithm = alg; + break; + } + ; + } + ; + + String marker = "signingAlgsAllowed="; + indx = strLine.indexOf(marker); + if (indx != -1) { + String[] algs = strLine.substring(indx + marker.length()) + .split(","); + for (int i = 0; i < algs.length; i++) { + if ((caSigningKeyType.equals("rsa") && (algs[i] + .indexOf("RSA") != -1)) + || (caSigningKeyType.equals("ecc") && (algs[i] + .indexOf("EC") != -1))) { + algorithm = algs[i]; + break; + } + } + } + } + in.close(); } catch (Exception e) { CMS.debug("getAdminProfleAlgorithm: exception: " + e); } return algorithm; } - public static X509CertImpl createLocalCert(IConfigStore config, X509Key x509key, - String prefix, String certTag, String type, Context context) throws IOException { + public static X509CertImpl createLocalCert(IConfigStore config, + X509Key x509key, String prefix, String certTag, String type, + Context context) throws IOException { CMS.debug("Creating local certificate... certTag=" + certTag); String profile = null; try { profile = config.getString(prefix + certTag + ".profile"); - } catch (Exception e) {} + } catch (Exception e) { + } X509CertImpl cert = null; ICertificateAuthority ca = null; ICertificateRepository cr = null; RequestId reqId = null; String profileId = null; - IRequestQueue queue = null; + IRequestQueue queue = null; IRequest req = null; try { @@ -344,38 +353,40 @@ public class CertUtil { if (certTag.equals("admin")) { keyAlgorithm = getAdminProfileAlgorithm(config); } else { - keyAlgorithm = config.getString(prefix + certTag + ".keyalgorithm"); + keyAlgorithm = config.getString(prefix + certTag + + ".keyalgorithm"); } - ca = (ICertificateAuthority) CMS.getSubsystem( - ICertificateAuthority.ID); + ca = (ICertificateAuthority) CMS + .getSubsystem(ICertificateAuthority.ID); cr = (ICertificateRepository) ca.getCertificateRepository(); BigInteger serialNo = cr.getNextSerialNumber(); if (type.equals("selfsign")) { CMS.debug("Creating local certificate... issuerdn=" + dn); CMS.debug("Creating local certificate... dn=" + dn); - info = CryptoUtil.createX509CertInfo(x509key, serialNo.intValue(), dn, dn, date, - date, keyAlgorithm); - } else { + info = CryptoUtil.createX509CertInfo(x509key, + serialNo.intValue(), dn, dn, date, date, keyAlgorithm); + } else { String issuerdn = config.getString("preop.cert.signing.dn", ""); CMS.debug("Creating local certificate... issuerdn=" + issuerdn); CMS.debug("Creating local certificate... dn=" + dn); info = CryptoUtil.createX509CertInfo(x509key, - serialNo.intValue(), issuerdn, dn, date, date, keyAlgorithm); + serialNo.intValue(), issuerdn, dn, date, date, + keyAlgorithm); } CMS.debug("Cert Template: " + info.toString()); String instanceRoot = config.getString("instanceRoot"); - CertInfoProfile processor = new CertInfoProfile( - instanceRoot + "/conf/" + profile); + CertInfoProfile processor = new CertInfoProfile(instanceRoot + + "/conf/" + profile); // cfu - create request to enable renewal try { queue = ca.getRequestQueue(); if (queue != null) { req = createLocalRequest(queue, serialNo.toString(), info); - CMS.debug("CertUtil profile name= "+profile); + CMS.debug("CertUtil profile name= " + profile); req.setExtData("req_key", x509key.toString()); // store original profile id in cert request @@ -387,59 +398,60 @@ public class CertUtil { String name = profile.substring(0, idx); req.setExtData("origprofileid", name); } - + // store mapped profile ID for use in renewal profileId = processor.getProfileIDMapping(); req.setExtData("profileid", profileId); - req.setExtData("profilesetid", processor.getProfileSetIDMapping()); + req.setExtData("profilesetid", + processor.getProfileSetIDMapping()); reqId = req.getRequestId(); - config.putString("preop.cert." + certTag + ".reqId", reqId.toString()); + config.putString("preop.cert." + certTag + ".reqId", + reqId.toString()); } else { CMS.debug("certUtil: requestQueue null"); } } catch (Exception e) { - CMS.debug("Creating local request exception:"+e.toString()); + CMS.debug("Creating local request exception:" + e.toString()); } processor.populate(info); - String caPriKeyID = config.getString( - prefix + "signing" + ".privkey.id"); + String caPriKeyID = config.getString(prefix + "signing" + + ".privkey.id"); byte[] keyIDb = CryptoUtil.string2byte(caPriKeyID); - PrivateKey caPrik = CryptoUtil.findPrivateKeyFromID( - keyIDb); + PrivateKey caPrik = CryptoUtil.findPrivateKeyFromID(keyIDb); - if( caPrik == null ) { - CMS.debug( "CertUtil::createSelfSignedCert() - " - + "CA private key is null!" ); - throw new IOException( "CA private key is null" ); + if (caPrik == null) { + CMS.debug("CertUtil::createSelfSignedCert() - " + + "CA private key is null!"); + throw new IOException("CA private key is null"); } else { CMS.debug("CertUtil createSelfSignedCert: got CA private key"); } String keyAlgo = x509key.getAlgorithm(); CMS.debug("key algorithm is " + keyAlgo); - String caSigningKeyType = - config.getString("preop.cert.signing.keytype","rsa"); - String caSigningKeyAlgo = ""; - if (type.equals("selfsign")) { - caSigningKeyAlgo = config.getString("preop.cert.signing.keyalgorithm","SHA256withRSA"); + String caSigningKeyType = config.getString( + "preop.cert.signing.keytype", "rsa"); + String caSigningKeyAlgo = ""; + if (type.equals("selfsign")) { + caSigningKeyAlgo = config.getString( + "preop.cert.signing.keyalgorithm", "SHA256withRSA"); } else { - caSigningKeyAlgo = config.getString("preop.cert.signing.signingalgorithm","SHA256withRSA"); + caSigningKeyAlgo = config.getString( + "preop.cert.signing.signingalgorithm", "SHA256withRSA"); } CMS.debug("CA Signing Key type " + caSigningKeyType); CMS.debug("CA Signing Key algorithm " + caSigningKeyAlgo); if (caSigningKeyType.equals("ecc")) { - CMS.debug("CA signing cert is ECC"); - cert = CryptoUtil.signECCCert(caPrik, info, - caSigningKeyAlgo); + CMS.debug("CA signing cert is ECC"); + cert = CryptoUtil.signECCCert(caPrik, info, caSigningKeyAlgo); } else { - CMS.debug("CA signing cert is not ecc"); - cert = CryptoUtil.signCert(caPrik, info, - caSigningKeyAlgo); + CMS.debug("CA signing cert is not ecc"); + cert = CryptoUtil.signCert(caPrik, info, caSigningKeyAlgo); } if (cert != null) { @@ -453,7 +465,8 @@ public class CertUtil { if (cr == null) { context.put("errorString", "Ceritifcate Authority is not ready to serve."); - throw new IOException("Ceritifcate Authority is not ready to serve."); + throw new IOException( + "Ceritifcate Authority is not ready to serve."); } ICertRecord record = null; @@ -462,23 +475,21 @@ public class CertUtil { if (reqId != null) { meta.set(ICertRecord.META_REQUEST_ID, reqId.toString()); } - + meta.set(ICertRecord.META_PROFILE_ID, profileId); - record = (ICertRecord) cr.createCertRecord( - cert.getSerialNumber(), cert, meta); + record = (ICertRecord) cr.createCertRecord(cert.getSerialNumber(), + cert, meta); } catch (Exception e) { - CMS.debug( - "NamePanel configCert: failed to add metainfo. Exception: " + e.toString()); + CMS.debug("NamePanel configCert: failed to add metainfo. Exception: " + + e.toString()); } try { cr.addCertificateRecord(record); - CMS.debug( - "NamePanel configCert: finished adding certificate record."); + CMS.debug("NamePanel configCert: finished adding certificate record."); } catch (Exception e) { - CMS.debug( - "NamePanel configCert: failed to add certificate record. Exception: " - + e.toString()); + CMS.debug("NamePanel configCert: failed to add certificate record. Exception: " + + e.toString()); try { cr.deleteCertificateRecord(record.getSerialNumber()); cr.addCertificateRecord(record); @@ -488,10 +499,10 @@ public class CertUtil { } if (req != null) { - // update request with cert + // update request with cert req.setExtData(IEnrollProfile.REQUEST_ISSUED_CERT, cert); - // store request in db + // store request in db try { CMS.debug("certUtil: before updateRequest"); if (queue != null) { @@ -507,21 +518,21 @@ public class CertUtil { public static void addUserCertificate(X509CertImpl cert) { IConfigStore cs = CMS.getConfigStore(); - int num=0; + int num = 0; try { num = cs.getInteger("preop.subsystem.count", 0); } catch (Exception e) { } IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); - String id = "user"+num; + String id = "user" + num; - try { - String sysType = cs.getString("cs.type", ""); - String machineName = cs.getString("machineName", ""); - String securePort = cs.getString("service.securePort", ""); - id = sysType + "-" + machineName + "-" + securePort; + try { + String sysType = cs.getString("cs.type", ""); + String machineName = cs.getString("machineName", ""); + String securePort = cs.getString("service.securePort", ""); + id = sysType + "-" + machineName + "-" + securePort; } catch (Exception e1) { - // ignore + // ignore } num++; @@ -566,7 +577,7 @@ public class CertUtil { system.addUserCert(user); CMS.debug("CertUtil addUserCertificate: successfully add the user certificate"); } catch (Exception e) { - CMS.debug("CertUtil addUserCertificate exception="+e.toString()); + CMS.debug("CertUtil addUserCertificate exception=" + e.toString()); } IGroup group = null; @@ -580,7 +591,8 @@ public class CertUtil { CMS.debug("CertUtil addUserCertificate: update: successfully added the user to the group."); } } catch (Exception e) { - CMS.debug("CertUtil addUserCertificate update: modifyGroup " + e.toString()); + CMS.debug("CertUtil addUserCertificate update: modifyGroup " + + e.toString()); } } @@ -603,17 +615,17 @@ public class CertUtil { } if (content.length() > 0) result.append(content); - result.append("\n"); + result.append("\n"); return result.toString(); } public static boolean privateKeyExistsOnToken(String certTag, - String tokenname, String nickname) { + String tokenname, String nickname) { IConfigStore cs = CMS.getConfigStore(); String givenid = ""; try { - givenid = cs.getString("preop.cert."+certTag+".privkey.id"); + givenid = cs.getString("preop.cert." + certTag + ".privkey.id"); } catch (Exception e) { CMS.debug("CertUtil privateKeyExistsOnToken: we did not generate private key yet."); return false; @@ -622,9 +634,10 @@ public class CertUtil { String fullnickname = nickname; boolean hardware = false; - if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) { + if (!tokenname.equals("internal") + && !tokenname.equals("Internal Key Storage Token")) { hardware = true; - fullnickname = tokenname+":"+nickname; + fullnickname = tokenname + ":" + nickname; } X509Certificate cert = null; @@ -633,7 +646,8 @@ public class CertUtil { cm = CryptoManager.getInstance(); cert = cm.findCertByNickname(fullnickname); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: nickname="+fullnickname+" Exception:"+e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: nickname=" + + fullnickname + " Exception:" + e.toString()); return false; } @@ -641,19 +655,22 @@ public class CertUtil { try { privKey = cm.findPrivKeyByCert(cert); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+") exception: "+e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + + fullnickname + ") exception: " + e.toString()); return false; } if (privKey == null) { - CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+")"); + CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + + fullnickname + ")"); return false; } else { String str = ""; try { str = CryptoUtil.byte2string(privKey.getUniqueID()); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: "+e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: " + + e.toString()); } if (str.equals(givenid)) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java index b3c10b6e8..a28ae76b3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java @@ -36,7 +36,6 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; - public class CheckIdentity extends CMSServlet { /** @@ -52,6 +51,7 @@ public class CheckIdentity extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -61,7 +61,8 @@ public class CheckIdentity extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -74,12 +75,12 @@ public class CheckIdentity extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("CheckIdentity authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, "Error: Not authenticated"); return; - } + } try { XMLObject xmlObj = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java index f2587300b..e1d181407 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.util.Enumeration; import javax.servlet.http.HttpServletRequest; @@ -28,7 +27,6 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; - public abstract class ConfigBaseServlet extends BaseServlet { /** * @@ -36,8 +34,7 @@ public abstract class ConfigBaseServlet extends BaseServlet { private static final long serialVersionUID = 7692352201878710530L; public boolean isDisplayMode(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { String display = request.getParameter("display"); if (display == null) { @@ -50,43 +47,40 @@ public abstract class ConfigBaseServlet extends BaseServlet { public abstract void display(HttpServletRequest request, HttpServletResponse response, Context context); - public abstract void update(HttpServletRequest request, + public abstract void update(HttpServletRequest request, HttpServletResponse response, Context context); public abstract Template getTemplate(HttpServletRequest request, - HttpServletResponse response, - Context context); + HttpServletResponse response, Context context); public void outputHttpParameters(HttpServletRequest httpReq) { - CMS.debug("ConfigBaseServlet:service() uri = " + httpReq.getRequestURI()); + CMS.debug("ConfigBaseServlet:service() uri = " + + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("ConfigBaseServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || pn.endsWith("password") + || pn.endsWith("passwd") || pn.endsWith("pwd") + || pn.equalsIgnoreCase("admin_password_again") + || pn.equalsIgnoreCase("directoryManagerPwd") + || pn.equalsIgnoreCase("bindpassword") + || pn.equalsIgnoreCase("bindpwd") + || pn.equalsIgnoreCase("passwd") + || pn.equalsIgnoreCase("password") + || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd") + || pn.equalsIgnoreCase("pwdagain") + || pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("ConfigBaseServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("ConfigBaseServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("ConfigBaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } @@ -95,9 +89,8 @@ public abstract class ConfigBaseServlet extends BaseServlet { * Processes request. */ public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { - + HttpServletResponse response, Context context) { + if (CMS.debugOn()) { outputHttpParameters(request); } @@ -107,16 +100,16 @@ public abstract class ConfigBaseServlet extends BaseServlet { } else { update(request, response, context); } - + Template template = null; - + try { context.put("name", "Velocity Test"); template = getTemplate(request, response, context); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } - + return template; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java index d95c85d13..8216593ab 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java @@ -20,16 +20,14 @@ package com.netscape.cms.servlet.csadmin; import org.mozilla.jss.crypto.X509Certificate; import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; - -public class ConfigCertApprovalCallback - implements SSLCertificateApprovalCallback { +public class ConfigCertApprovalCallback implements + SSLCertificateApprovalCallback { public ConfigCertApprovalCallback() { } public boolean approve(X509Certificate cert, - SSLCertificateApprovalCallback.ValidityStatus status) { - return true; + SSLCertificateApprovalCallback.ValidityStatus status) { + return true; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java index 37493b6bb..536e953ad 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class ConfigCertReqServlet extends BaseServlet { /** @@ -34,15 +32,14 @@ public class ConfigCertReqServlet extends BaseServlet { private static final long serialVersionUID = 4489288758636916446L; public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; try { context.put("name", "Velocity Test"); - template = Velocity.getTemplate( - "admin/console/config/config_certreq.vm"); + template = Velocity + .getTemplate("admin/console/config/config_certreq.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java index e7d88a35a..ddd098bc9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class ConfigCloneServlet extends BaseServlet { /** @@ -34,15 +32,14 @@ public class ConfigCloneServlet extends BaseServlet { private static final long serialVersionUID = -9065299591659111350L; public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; try { context.put("name", "Velocity Test"); - template = Velocity.getTemplate( - "admin/console/config/config_clone.vm"); + template = Velocity + .getTemplate("admin/console/config/config_clone.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java index 08ebf08e3..05fc8936a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -28,7 +27,6 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; - public class ConfigDatabaseServlet extends ConfigBaseServlet { /** @@ -47,7 +45,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { try { modified = cs.getString("preop.configDatabase.modified", ""); - } catch (Exception e) {} + } catch (Exception e) { + } if (modified.equals("true")) { return true; @@ -57,8 +56,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { } public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { String hostname = null; String portStr = null; String basedn = null; @@ -75,7 +73,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { basedn = cs.getString("internaldb.basedn", ""); binddn = cs.getString("internaldb.ldapauth.bindDN", ""); database = cs.getString("internaldb.database", ""); - } catch (Exception e) {} + } catch (Exception e) { + } } else { hostname = HOST; portStr = PORT; @@ -95,8 +94,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { } public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { IConfigStore cs = CMS.getConfigStore(); String errorString = ""; String hostname = request.getParameter("host"); @@ -113,7 +111,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { int port = -1; try { - port = Integer.parseInt(portStr); + port = Integer.parseInt(portStr); cs.putInteger("internaldb.ldapconn.port", port); } catch (Exception e) { errorString = "Port is invalid"; @@ -159,7 +157,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { CMS.debug("ConfigDatabaseServlet update: " + e.toString()); return; } - psStore.putString("internaldb", bindpwd); + psStore.putString("internaldb", bindpwd); } else { errorString = "Bind password is empty string"; } @@ -185,11 +183,11 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { } public Template getTemplate(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { try { return Velocity.getTemplate("admin/console/config/config_db.vm"); - } catch (Exception e) {} + } catch (Exception e) { + } return null; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java index d04fbf2f1..c524e667a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.FileNotFoundException; import java.io.IOException; @@ -46,13 +45,13 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { private CryptoManager mCryptoManager = null; private String mPwdFilePath = ""; - public ConfigHSMLoginPanel() {} + public ConfigHSMLoginPanel() { + } public void init(ServletConfig config, int panelno) throws ServletException { try { mCryptoManager = CryptoManager.getInstance(); - mPwdFilePath = CMS.getConfigStore().getString( - "passwordFile"); + mPwdFilePath = CMS.getConfigStore().getString("passwordFile"); } catch (Exception e) { CMS.debug("ConfigHSMLoginPanel: " + e.toString()); } @@ -60,11 +59,11 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { setName("ConfigHSMLogin"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { try { mCryptoManager = CryptoManager.getInstance(); - mPwdFilePath = CMS.getConfigStore().getString( - "passwordFile"); + mPwdFilePath = CMS.getConfigStore().getString("passwordFile"); } catch (Exception e) { CMS.debug("ConfigHSMLoginPanel: " + e.toString()); } @@ -89,8 +88,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { } public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("ConfigHSMLoginPanel: in display()"); context.put("title", "Security Module Login"); @@ -115,9 +113,8 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { try { token = mCryptoManager.getTokenByName(tokName); } catch (Exception e) { - CMS.debug( - "ConfigHSMLoginPanel: getTokenByName() failed: " - + e.toString()); + CMS.debug("ConfigHSMLoginPanel: getTokenByName() failed: " + + e.toString()); context.put("error", "tokenNotFound:" + tokName); context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); return; @@ -132,7 +129,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { CMS.debug("ConfigHSMLoginPanel: passwrd file path: " + e.toString()); } CMS.debug("ConfigHSMLoginPanel: checking if passwd in cache"); - String tokPwd = pr.getPassword("hardware-"+tokName); + String tokPwd = pr.getPassword("hardware-" + tokName); boolean loggedIn = false; @@ -157,48 +154,47 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { password = new Password(tokPwd.toCharArray()); try { - if (token.passwordIsInitialized()) { - CMS.debug( - "ConfigHSMLoginPanel: loginToken():token password is initialized"); - if (!token.isLoggedIn()) { - CMS.debug( - "ConfigHSMLoginPanel: loginToken():Token is not logged in, try it"); - token.login(password); - context.put("status", "justLoggedIn"); - } else { - CMS.debug( - "ConfigHSMLoginPanel:Token has already logged on"); - context.put("status", "alreadyLoggedIn"); - } - } else { - CMS.debug( - "ConfigHSMLoginPanel: loginToken():Token password not initialized"); - context.put("status", "tokenPasswordNotInitialized"); - rv = false; - } - - } catch (IncorrectPasswordException e) { - context.put("status", "incorrectPassword"); - context.put("errorString", e.toString()); - CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); - rv = false; - } catch (Exception e) { - CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); - context.put("errorString", e.toString()); - rv = false; - } + if (token.passwordIsInitialized()) { + CMS.debug("ConfigHSMLoginPanel: loginToken():token password is initialized"); + if (!token.isLoggedIn()) { + CMS.debug("ConfigHSMLoginPanel: loginToken():Token is not logged in, try it"); + token.login(password); + context.put("status", "justLoggedIn"); + } else { + CMS.debug("ConfigHSMLoginPanel:Token has already logged on"); + context.put("status", "alreadyLoggedIn"); + } + } else { + CMS.debug("ConfigHSMLoginPanel: loginToken():Token password not initialized"); + context.put("status", "tokenPasswordNotInitialized"); + rv = false; + } + + } catch (IncorrectPasswordException e) { + context.put("status", "incorrectPassword"); + context.put("errorString", e.toString()); + CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); + rv = false; + } catch (Exception e) { + CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); + context.put("errorString", e.toString()); + rv = false; + } return rv; } // XXX how do you do this? public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /* no default parameters */ - set.add( - "choice", choiceDesc); - + Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /* + * no + * default + * parameters + */ + + set.add("choice", choiceDesc); + return set; } @@ -206,13 +202,11 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { IConfigStore cs = CMS.getConfigStore(); String select = ""; @@ -220,10 +214,10 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { select = cs.getString("preop.subsystem.select", ""); } catch (Exception e) { } - -// if (select.equals("clone")) - // return; - + + // if (select.equals("clone")) + // return; + CMS.debug("ConfigHSMLoginPanel: in update()"); String uTokName = null; @@ -233,7 +227,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { uPasswd = HttpInput.getPassword(request, "__uPasswd"); } catch (Exception e) { } - + if (uPasswd == null) { CMS.debug("ConfigHSMLoginPanel: password not found"); context.put("error", "no password"); @@ -248,47 +242,41 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { try { token = mCryptoManager.getTokenByName(uTokName); } catch (Exception e) { - CMS.debug( - "ConfigHSMLoginPanel: getTokenByName() failed: " - + e.toString()); + CMS.debug("ConfigHSMLoginPanel: getTokenByName() failed: " + + e.toString()); context.put("error", "tokenNotFound:" + uTokName); } try { if (loginToken(token, uPasswd, context) == false) { - CMS.debug( - "ConfigHSMLoginPanel:loginToken failed for " - + uTokName); + CMS.debug("ConfigHSMLoginPanel:loginToken failed for " + + uTokName); context.put("error", "tokenLoginFailed"); context.put("updateStatus", "login failed"); context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); return; } - CMS.debug( - "ConfigHSMLoginPanel: update(): just logged in successfully"); + CMS.debug("ConfigHSMLoginPanel: update(): just logged in successfully"); PlainPasswordWriter pw = new PlainPasswordWriter(); pw.init(mPwdFilePath); - pw.putPassword("hardware-"+uTokName, uPasswd); + pw.putPassword("hardware-" + uTokName, uPasswd); pw.commit(); } catch (FileNotFoundException e) { - CMS.debug( - "ConfigHSMLoginPanel: update(): Exception caught: " - + e.toString() + " writing to "+ mPwdFilePath); - CMS.debug( - "ConfigHSMLoginPanel: update(): password not written to cache"); + CMS.debug("ConfigHSMLoginPanel: update(): Exception caught: " + + e.toString() + " writing to " + mPwdFilePath); + CMS.debug("ConfigHSMLoginPanel: update(): password not written to cache"); System.err.println("Exception caught: " + e.toString()); context.put("error", "Exception:" + e.toString()); } catch (Exception e) { - CMS.debug( - "ConfigHSMLoginPanel: update(): Exception caught: " - + e.toString()); + CMS.debug("ConfigHSMLoginPanel: update(): Exception caught: " + + e.toString()); System.err.println("Exception caught: " + e.toString()); context.put("error", "Exception:" + e.toString()); } - + } // found password context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); @@ -302,10 +290,8 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Security Module Login"); context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java index bfc6e278f..814569ed7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; @@ -39,7 +38,6 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; import com.netscape.cmsutil.crypto.Module; - public class ConfigHSMServlet extends ConfigBaseServlet { /** * @@ -68,9 +66,8 @@ public class ConfigHSMServlet extends ConfigBaseServlet { mCurrModTable.put(mod.getName(), mod); } // while } catch (Exception e) { - CMS.debug( - "ConfigHSMServlet: Exception caught in loadCurrModTable: " - + e.toString()); + CMS.debug("ConfigHSMServlet: Exception caught in loadCurrModTable: " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } } @@ -119,21 +116,19 @@ public class ConfigHSMServlet extends ConfigBaseServlet { try { CryptoToken token = (CryptoToken) tokens.nextElement(); - CMS.debug("ConfigHSMServlet: token nick name=" + token.getName()); - CMS.debug( - "ConfigHSMServlet: token logged in?" - + token.isLoggedIn()); - CMS.debug( - "ConfigHSMServlet: token is present?" - + token.isPresent()); + CMS.debug("ConfigHSMServlet: token nick name=" + + token.getName()); + CMS.debug("ConfigHSMServlet: token logged in?" + + token.isLoggedIn()); + CMS.debug("ConfigHSMServlet: token is present?" + + token.isPresent()); if (!token.getName().equals("Internal Crypto Services Token")) { module.addToken(token); } else { - CMS.debug( - "ConfigHSMServlet: token " + token.getName() + CMS.debug("ConfigHSMServlet: token " + token.getName() + " not to be added"); } - + } catch (TokenException ex) { CMS.debug("ConfigHSMServlet:" + ex.toString()); } @@ -165,11 +160,11 @@ public class ConfigHSMServlet extends ConfigBaseServlet { if ((cn == null) || (cn.equals(""))) { break; } - + CMS.debug("ConfigHSMServlet: got from config module: " + cn); // create a Module object Module module = new Module(cn, pn, img); - + if (mCurrModTable.containsKey(cn)) { CMS.debug("ConfigHSMServlet: module found: " + cn); module.setFound(true); @@ -178,7 +173,7 @@ public class ConfigHSMServlet extends ConfigBaseServlet { loadModTokens(module, m); } - + CMS.debug("ConfigHSMServlet: adding module " + cn); // add module to set if (!mSupportedModules.contains(module)) { @@ -187,16 +182,14 @@ public class ConfigHSMServlet extends ConfigBaseServlet { }// for } catch (Exception e) { - CMS.debug( - "ConfigHSMServlet: Exception caught in loadSupportedModules(): " - + e.toString()); + CMS.debug("ConfigHSMServlet: Exception caught in loadSupportedModules(): " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } } public boolean isDisplayMode(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { String choice = request.getParameter("choice"); if (choice == null) { @@ -223,8 +216,7 @@ public class ConfigHSMServlet extends ConfigBaseServlet { } public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("ConfigHSMServlet: in display()"); loadCurrModTable(); @@ -252,8 +244,7 @@ public class ConfigHSMServlet extends ConfigBaseServlet { } public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { IConfigStore cs = CMS.getConfigStore(); @@ -286,12 +277,11 @@ public class ConfigHSMServlet extends ConfigBaseServlet { } public Template getTemplate(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { try { return Velocity.getTemplate("admin/console/config/config_hsm.vm"); - } catch (Exception e) {} + } catch (Exception e) { + } return null; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java index 3b3b8a648..6bf74af69 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class ConfigImportCertServlet extends BaseServlet { /** @@ -34,15 +32,14 @@ public class ConfigImportCertServlet extends BaseServlet { private static final long serialVersionUID = 1907102921734394118L; public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; try { context.put("name", "Velocity Test"); - template = Velocity.getTemplate( - "admin/console/config/config_importcert.vm"); + template = Velocity + .getTemplate("admin/console/config/config_importcert.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java index 019173039..4415fdbd8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -30,7 +29,6 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.cmsutil.crypto.CryptoUtil; - public class ConfigJoinServlet extends ConfigBaseServlet { /** @@ -39,8 +37,7 @@ public class ConfigJoinServlet extends ConfigBaseServlet { private static final long serialVersionUID = -5848083581083497909L; public boolean isDisplayMode(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { String cert = request.getParameter("cert"); if (cert == null) { @@ -52,12 +49,13 @@ public class ConfigJoinServlet extends ConfigBaseServlet { public boolean isPanelModified() { IConfigStore config = CMS.getConfigStore(); - + String cert = null; try { cert = config.getString("preop.join.cert", null); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } if (cert == null || cert.equals("")) { return false; } else { @@ -69,15 +67,14 @@ public class ConfigJoinServlet extends ConfigBaseServlet { * Displays panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { IConfigStore config = CMS.getConfigStore(); try { - String pubKeyModulus = config.getString( - "preop.keysize.pubKeyModulus"); - String pubKeyPublicExponent = config.getString( - "preop.keysize.pubKeyPublicExponent"); + String pubKeyModulus = config + .getString("preop.keysize.pubKeyModulus"); + String pubKeyPublicExponent = config + .getString("preop.keysize.pubKeyPublicExponent"); String dn = config.getString("preop.name.dn"); String priKeyID = config.getString("preop.keysize.priKeyID"); String pkcs10 = CryptoUtil.getPKCS10FromKey(dn, @@ -85,7 +82,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet { CryptoUtil.string2byte(pubKeyPublicExponent), CryptoUtil.string2byte(priKeyID)); context.put("certreq", pkcs10); - } catch (Exception e) {} + } catch (Exception e) { + } String select = "auto"; boolean select_manual = true; @@ -94,8 +92,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet { try { select = config.getString("preop.join.select", null); } catch (EBaseException e) { - CMS.debug( "ConfigJoinServlet::display() - " - + "Exception="+e.toString() ); + CMS.debug("ConfigJoinServlet::display() - " + "Exception=" + + e.toString()); return; } if (select.equals("auto")) { @@ -109,12 +107,13 @@ public class ConfigJoinServlet extends ConfigBaseServlet { String cert = config.getString("preop.join.cert", ""); context.put("cert", cert); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } } else { context.put("cert", ""); } - if (select_manual) { + if (select_manual) { context.put("check_manual", "checked"); context.put("check_auto", ""); } else { @@ -128,8 +127,7 @@ public class ConfigJoinServlet extends ConfigBaseServlet { * Updates panel. */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("JoinServlet: update"); IConfigStore config = CMS.getConfigStore(); String select = request.getParameter("choice"); @@ -155,22 +153,21 @@ public class ConfigJoinServlet extends ConfigBaseServlet { config.putString("preop.join.pwd", pwd); /* XXX - submit request to the CA, and import it automatically */ - config.putString( - "preop.join.cert", ""); /* store the chain */ + config.putString("preop.join.cert", ""); /* store the chain */ } config.putString("preop.join.select", select); config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } } - + public Template getTemplate(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; try { - template = Velocity.getTemplate( - "admin/console/config/config_join.vm"); + template = Velocity + .getTemplate("admin/console/config/config_join.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java index 895c75ac0..9926895b6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.util.Vector; import javax.servlet.http.HttpServletRequest; @@ -32,7 +31,6 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.profile.CertInfoProfile; - public class ConfigRootCAServlet extends ConfigBaseServlet { /** @@ -41,8 +39,7 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { private static final long serialVersionUID = 1128630821163059659L; public boolean isDisplayMode(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { String profile = request.getParameter("profile"); if (profile == null) { @@ -54,12 +51,13 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { public boolean isPanelModified() { IConfigStore config = CMS.getConfigStore(); - + String profile = null; try { profile = config.getString("preop.hierarchy.profile", null); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } if (profile == null || profile.equals("")) { return false; } else { @@ -73,29 +71,31 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { try { instancePath = config.getString("instanceRoot"); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } String p[] = { "caCert.profile" }; Vector profiles = new Vector(); for (int i = 0; i < p.length; i++) { try { - profiles.addElement( - new CertInfoProfile(instancePath + "/conf/" + p[i])); - } catch (Exception e) {} + profiles.addElement(new CertInfoProfile(instancePath + "/conf/" + + p[i])); + } catch (Exception e) { + } } return profiles; } public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { IConfigStore config = CMS.getConfigStore(); String profile = null; if (isPanelModified()) { try { profile = config.getString("preop.hierarchy.profile", null); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } if (profile == null) { profile = "caCert.profile"; @@ -108,15 +108,15 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { } public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { String profile = request.getParameter("profile"); IConfigStore config = CMS.getConfigStore(); config.putString("preop.hierarchy.profile", profile); try { - config.commit(false); - } catch (Exception e) {} + config.commit(false); + } catch (Exception e) { + } context.put("status", "update"); context.put("error", ""); Vector profiles = getProfiles(); @@ -124,15 +124,14 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { context.put("profiles", profiles); context.put("selected_profile_id", profile); } - + public Template getTemplate(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; try { - template = Velocity.getTemplate( - "admin/console/config/config_rootca.vm"); + template = Velocity + .getTemplate("admin/console/config/config_rootca.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java index daf14c9e2..febe8f9af 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.net.URL; import java.util.StringTokenizer; @@ -39,19 +38,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class CreateSubsystemPanel extends WizardPanelBase { - public CreateSubsystemPanel() {} + public CreateSubsystemPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Subsystem Selection"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Subsystem Type"); setId(id); @@ -72,15 +71,16 @@ public class CreateSubsystemPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -88,8 +88,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Subsystem Type"); IConfigStore config = CMS.getConfigStore(); String session_id = request.getParameter("session_id"); @@ -112,8 +111,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { context.put("check_newsubsystem", ""); context.put("check_clonesubsystem", "checked"); } - context.put("subsystemName", - config.getString("preop.subsystem.name")); + context.put("subsystemName", + config.getString("preop.subsystem.name")); } catch (Exception e) { CMS.debug(e.toString()); } @@ -121,8 +120,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { context.put("check_newsubsystem", "checked"); context.put("check_clonesubsystem", ""); try { - context.put("subsystemName", - config.getString("preop.system.fullname")); + context.put("subsystemName", + config.getString("preop.system.fullname")); } catch (Exception e) { CMS.debug(e.toString()); } @@ -135,7 +134,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { context.put("cstype", cstype); context.put("wizardname", config.getString("preop.wizard.name")); context.put("systemname", config.getString("preop.system.name")); - context.put("fullsystemname", config.getString("preop.system.fullname")); + context.put("fullsystemname", + config.getString("preop.system.fullname")); context.put("machineName", config.getString("machineName")); context.put("http_port", CMS.getEENonSSLPort()); context.put("https_agent_port", CMS.getAgentPort()); @@ -144,7 +144,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { } catch (EBaseException e) { } - Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort" ); + Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort"); StringBuffer list = new StringBuffer(); int size = v.size(); @@ -164,7 +164,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { errorString = "Internal error, cs.type is missing from CS.cfg"; } - if (list.length()==0) + if (list.length() == 0) context.put("disableClone", "true"); context.put("panel", "admin/console/config/createsubsystempanel.vm"); @@ -176,16 +176,14 @@ public class CreateSubsystemPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { String errorString = ""; IConfigStore config = CMS.getConfigStore(); String select = HttpInput.getID(request, "choice"); @@ -196,8 +194,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { throw new IOException("choice not found"); } - config.putString("preop.subsystem.name", - HttpInput.getName(request, "subsystemName")); + config.putString("preop.subsystem.name", + HttpInput.getName(request, "subsystemName")); if (select.equals("newsubsystem")) { config.putString("preop.subsystem.select", "new"); config.putString("subsystem.select", "New"); @@ -209,7 +207,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { } cstype = toLowerCaseSubsystemType(cstype); - + config.putString("preop.subsystem.select", "clone"); config.putString("subsystem.select", "Clone"); @@ -223,9 +221,9 @@ public class CreateSubsystemPanel extends WizardPanelBase { while (t.hasMoreTokens()) { String tag = t.nextToken(); if (tag.equals("sslserver")) - config.putBoolean(PCERT_PREFIX+tag+".enable", true); - else - config.putBoolean(PCERT_PREFIX+tag+".enable", false); + config.putBoolean(PCERT_PREFIX + tag + ".enable", true); + else + config.putBoolean(PCERT_PREFIX + tag + ".enable", false); } // get the master CA @@ -254,10 +252,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { String host = u.getHost(); int https_ee_port = u.getPort(); - String https_admin_port = getSecurityDomainAdminPort( config, - host, - String.valueOf(https_ee_port), - cstype ); + String https_admin_port = getSecurityDomainAdminPort(config, host, + String.valueOf(https_ee_port), cstype); config.putString("preop.master.hostname", host); config.putInteger("preop.master.httpsport", https_ee_port); @@ -265,12 +261,12 @@ public class CreateSubsystemPanel extends WizardPanelBase { ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); if (cstype.equals("ca")) { - updateCertChainUsingSecureEEPort( config, "clone", host, https_ee_port, - true, context, certApprovalCallback ); + updateCertChainUsingSecureEEPort(config, "clone", host, + https_ee_port, true, context, certApprovalCallback); } - getTokenInfo(config, cstype, host, https_ee_port, true, context, - certApprovalCallback); + getTokenInfo(config, cstype, host, https_ee_port, true, context, + certApprovalCallback); } else { CMS.debug("CreateSubsystemPanel: invalid choice " + select); errorString = "Invalid choice"; @@ -291,8 +287,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Subsystem Type"); context.put("panel", "admin/console/config/createsubsystempanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java index 17a4bae66..feb6ad280 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.BufferedReader; import java.io.File; import java.io.FileOutputStream; @@ -64,7 +63,7 @@ import com.netscape.cmsutil.ldap.LDAPUtil; public class DatabasePanel extends WizardPanelBase { private static final String HOST = "localhost"; - private static final String CLONE_HOST="Enter FQDN here"; + private static final String CLONE_HOST = "Enter FQDN here"; private static final String PORT = "389"; private static final String BASEDN = "o=netscapeCertificateServer"; private static final String BINDDN = "cn=Directory Manager"; @@ -74,19 +73,19 @@ public class DatabasePanel extends WizardPanelBase { private WizardServlet mServlet = null; - public DatabasePanel() {} + public DatabasePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Internal Database"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Internal Database"); setId(id); @@ -101,15 +100,15 @@ public class DatabasePanel extends WizardPanelBase { public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - boolean s = cs.getBoolean("preop.Database.done", - false); + boolean s = cs.getBoolean("preop.Database.done", false); if (s != true) { return false; } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -120,7 +119,7 @@ public class DatabasePanel extends WizardPanelBase { "Host name"); set.add("hostname", hostDesc); - + Descriptor portDesc = new Descriptor(IDescriptor.INTEGER, null, null, "Port"); @@ -130,19 +129,19 @@ public class DatabasePanel extends WizardPanelBase { "Base DN"); set.add("basedn", basednDesc); - + Descriptor binddnDesc = new Descriptor(IDescriptor.STRING, null, null, "Bind DN"); set.add("binddn", binddnDesc); - Descriptor bindpwdDesc = new Descriptor(IDescriptor.PASSWORD, null, null, - "Bind Password"); + Descriptor bindpwdDesc = new Descriptor(IDescriptor.PASSWORD, null, + null, "Bind Password"); set.add("bindpwd", bindpwdDesc); - Descriptor databaseDesc = new Descriptor(IDescriptor.STRING, null, null, - "Database"); + Descriptor databaseDesc = new Descriptor(IDescriptor.STRING, null, + null, "Database"); set.add("database", databaseDesc); @@ -153,8 +152,7 @@ public class DatabasePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("DatabasePanel: display()"); context.put("title", "Internal Database"); context.put("firsttime", "false"); @@ -187,8 +185,9 @@ public class DatabasePanel extends WizardPanelBase { basedn = cs.getString("internaldb.basedn", ""); binddn = cs.getString("internaldb.ldapauth.bindDN", ""); database = cs.getString("internaldb.database", ""); - secure = cs.getString("internaldb.ldapconn.secureConn", ""); - cloneStartTLS = cs.getString("internaldb.ldapconn.cloneStartTLS", ""); + secure = cs.getString("internaldb.ldapconn.secureConn", ""); + cloneStartTLS = cs.getString( + "internaldb.ldapconn.cloneStartTLS", ""); errorString = cs.getString("preop.database.errorString", ""); } catch (Exception e) { CMS.debug("DatabasePanel display: " + e.toString()); @@ -199,12 +198,12 @@ public class DatabasePanel extends WizardPanelBase { try { basedn = cs.getString("internaldb.basedn", ""); } catch (Exception e) { - CMS.debug( "DatabasePanel::display() - " - + "Exception="+e.toString() ); + CMS.debug("DatabasePanel::display() - " + "Exception=" + + e.toString()); return; } binddn = BINDDN; - database = basedn.substring(basedn.lastIndexOf('=')+1); + database = basedn.substring(basedn.lastIndexOf('=') + 1); CMS.debug("Clone: database=" + database); } else { hostname = HOST; @@ -223,11 +222,10 @@ public class DatabasePanel extends WizardPanelBase { boolean multipleEnable = false; try { multipleEnable = cs.getBoolean( - "internaldb.multipleSuffix.enable", false); + "internaldb.multipleSuffix.enable", false); } catch (Exception e) { } - - + if (multipleEnable) basedn = "ou=" + instanceId + "," + suffix; else @@ -243,15 +241,15 @@ public class DatabasePanel extends WizardPanelBase { context.put("binddn", binddn); context.put("bindpwd", bindpwd); context.put("database", database); - context.put("secureConn", (secure.equals("true")? "on":"off")); - context.put("cloneStartTLS", (cloneStartTLS.equals("true")? "on":"off")); + context.put("secureConn", (secure.equals("true") ? "on" : "off")); + context.put("cloneStartTLS", (cloneStartTLS.equals("true") ? "on" + : "off")); context.put("panel", "admin/console/config/databasepanel.vm"); context.put("errorString", errorString); } public void initParams(HttpServletRequest request, Context context) - throws IOException - { + throws IOException { IConfigStore config = CMS.getConfigStore(); String select = ""; try { @@ -271,8 +269,7 @@ public class DatabasePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); context.put("firsttime", "false"); @@ -317,13 +314,15 @@ public class DatabasePanel extends WizardPanelBase { String masterport = ""; String masterbasedn = ""; try { - masterhost = cs.getString("preop.internaldb.master.hostname", ""); + masterhost = cs.getString("preop.internaldb.master.hostname", + ""); masterport = cs.getString("preop.internaldb.master.port", ""); - masterbasedn = cs.getString("preop.internaldb.master.basedn", ""); + masterbasedn = cs.getString("preop.internaldb.master.basedn", + ""); } catch (Exception e) { } - //get the real host name + // get the real host name String realhostname = ""; if (hostname.equals("localhost")) { try { @@ -333,12 +332,14 @@ public class DatabasePanel extends WizardPanelBase { } if (masterhost.equals(realhostname) && masterport.equals(portStr)) { context.put("updateStatus", "validate-failure"); - throw new IOException("Master and clone must not share the same internal database"); + throw new IOException( + "Master and clone must not share the same internal database"); } if (!masterbasedn.equals(basedn)) { context.put("updateStatus", "validate-failure"); - throw new IOException("Master and clone should have the same base DN"); + throw new IOException( + "Master and clone should have the same base DN"); } } @@ -365,13 +366,15 @@ public class DatabasePanel extends WizardPanelBase { } if (basedn == null || basedn.length() == 0) { - cs.putString("preop.database.errorString", "Base DN is empty string"); + cs.putString("preop.database.errorString", + "Base DN is empty string"); context.put("updateStatus", "validate-failure"); throw new IOException("Base DN is empty string"); } if (binddn == null || binddn.length() == 0) { - cs.putString("preop.database.errorString", "Bind DN is empty string"); + cs.putString("preop.database.errorString", + "Bind DN is empty string"); context.put("updateStatus", "validate-failure"); throw new IOException("Bind DN is empty string"); } @@ -395,8 +398,7 @@ public class DatabasePanel extends WizardPanelBase { } private LDAPConnection getLocalLDAPConn(Context context, String secure) - throws IOException - { + throws IOException { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -409,7 +411,7 @@ public class DatabasePanel extends WizardPanelBase { host = cs.getString("internaldb.ldapconn.host"); port = cs.getString("internaldb.ldapconn.port"); binddn = cs.getString("internaldb.ldapauth.bindDN"); - pwd = (String) context.get("bindpwd"); + pwd = (String) context.get("bindpwd"); security = cs.getString("internaldb.ldapconn.secureConn"); } catch (Exception e) { CMS.debug("DatabasePanel populateDB: " + e.toString()); @@ -428,12 +430,12 @@ public class DatabasePanel extends WizardPanelBase { LDAPConnection conn = null; if (security.equals("true")) { - CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - } else { - CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); - } + CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + } else { + CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); + } CMS.debug("DatabasePanel connecting to " + host + ":" + p); try { @@ -443,81 +445,80 @@ public class DatabasePanel extends WizardPanelBase { throw new IOException("Failed to connect to the internal database."); } - return conn; + return conn; } - private boolean deleteDir(File dir) - { + private boolean deleteDir(File dir) { if (dir.isDirectory()) { String[] children = dir.list(); - for (int i=0; i<children.length; i++) { + for (int i = 0; i < children.length; i++) { boolean success = deleteDir(new File(dir, children[i])); if (!success) { return false; } } } - + // The directory is now empty so delete it return dir.delete(); - } + } - private void cleanupDB(LDAPConnection conn, String baseDN, String database) - { + private void cleanupDB(LDAPConnection conn, String baseDN, String database) { String[] entries = {}; String filter = "objectclass=*"; LDAPSearchConstraints cons = null; String[] attrs = null; - String dn=""; + String dn = ""; try { CMS.debug("Deleting baseDN: " + baseDN); - LDAPSearchResults res = conn.search(baseDN, LDAPConnection.SCOPE_BASE, filter, - attrs, true, cons); - if (res != null) - deleteEntries(res, conn, baseDN, entries); + LDAPSearchResults res = conn.search(baseDN, + LDAPConnection.SCOPE_BASE, filter, attrs, true, cons); + if (res != null) + deleteEntries(res, conn, baseDN, entries); + } catch (LDAPException e) { } - catch (LDAPException e) {} - + try { - dn="cn=mapping tree, cn=config"; - filter = "nsslapd-backend=" + database; - LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, - attrs, true, cons); - if (res != null) { - while (res.hasMoreElements()) { - dn = res.next().getDN(); - filter = "objectclass=*"; - LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, - attrs, true, cons); - if (res2 != null) - deleteEntries(res2, conn, dn, entries); - } - } - } - catch (LDAPException e) {} + dn = "cn=mapping tree, cn=config"; + filter = "nsslapd-backend=" + database; + LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, + filter, attrs, true, cons); + if (res != null) { + while (res.hasMoreElements()) { + dn = res.next().getDN(); + filter = "objectclass=*"; + LDAPSearchResults res2 = conn.search(dn, + LDAPConnection.SCOPE_BASE, filter, attrs, true, + cons); + if (res2 != null) + deleteEntries(res2, conn, dn, entries); + } + } + } catch (LDAPException e) { + } try { dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config"; - LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, - attrs, true, cons); + LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_BASE, + filter, attrs, true, cons); if (res != null) { deleteEntries(res, conn, dn, entries); - String dbdir = getInstanceDir(conn) + "/db/" + database; - if (dbdir != null) { - CMS.debug(" Deleting dbdir " + dbdir); + String dbdir = getInstanceDir(conn) + "/db/" + database; + if (dbdir != null) { + CMS.debug(" Deleting dbdir " + dbdir); boolean success = deleteDir(new File(dbdir)); if (!success) { - CMS.debug("Unable to delete database directory " + dbdir); + CMS.debug("Unable to delete database directory " + + dbdir); } } } + } catch (LDAPException e) { } - catch (LDAPException e) {} } - - private void populateDB(HttpServletRequest request, Context context, String secure) - throws IOException { + private void populateDB(HttpServletRequest request, Context context, + String secure) throws IOException { IConfigStore cs = CMS.getConfigStore(); String baseDN = ""; @@ -542,50 +543,53 @@ public class DatabasePanel extends WizardPanelBase { boolean foundDatabase = false; try { LDAPEntry entry = conn.read(baseDN); - if (entry != null) foundBaseDN = true; + if (entry != null) + foundBaseDN = true; } catch (LDAPException e) { - switch( e.getLDAPResultCode() ) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch (e.getLDAPResultCode()) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } try { dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config"; LDAPEntry entry = conn.read(dn); - if (entry != null) foundDatabase = true; + if (entry != null) + foundDatabase = true; } catch (LDAPException e) { - switch( e.getLDAPResultCode() ) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch (e.getLDAPResultCode()) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } try { dn = "cn=\"" + baseDN + "\",cn=mapping tree, cn=config"; LDAPEntry entry = conn.read(dn); - if (entry != null) foundDatabase = true; + if (entry != null) + foundDatabase = true; } catch (LDAPException e) { - switch( e.getLDAPResultCode() ) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch (e.getLDAPResultCode()) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } if (foundDatabase) { CMS.debug("DatabasePanel update: This database has already been used."); if (remove == null) { - throw new IOException("This database has already been used. Select the checkbox below to remove all data and reuse this database"); - } - else { + throw new IOException( + "This database has already been used. Select the checkbox below to remove all data and reuse this database"); + } else { CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN"); cleanupDB(conn, baseDN, database); foundBaseDN = false; @@ -596,9 +600,11 @@ public class DatabasePanel extends WizardPanelBase { if (foundBaseDN) { CMS.debug("DatabasePanel update: This base DN has already been used."); if (remove == null) { - throw new IOException("This base DN ("+baseDN+") has already been used. Select the checkbox below to remove all data and reuse this base DN"); - } - else { + throw new IOException( + "This base DN (" + + baseDN + + ") has already been used. Select the checkbox below to remove all data and reuse this base DN"); + } else { CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN"); cleanupDB(conn, baseDN, database); foundBaseDN = false; @@ -609,7 +615,7 @@ public class DatabasePanel extends WizardPanelBase { // create database try { LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc[] = { "top", "extensibleObject", "nsBackendInstance"}; + String oc[] = { "top", "extensibleObject", "nsBackendInstance" }; attrs.add(new LDAPAttribute("objectClass", oc)); attrs.add(new LDAPAttribute("cn", database)); attrs.add(new LDAPAttribute("nsslapd-suffix", baseDN)); @@ -623,7 +629,7 @@ public class DatabasePanel extends WizardPanelBase { try { LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc2[] = { "top", "extensibleObject", "nsMappingTree"}; + String oc2[] = { "top", "extensibleObject", "nsMappingTree" }; attrs.add(new LDAPAttribute("objectClass", oc2)); attrs.add(new LDAPAttribute("cn", baseDN)); attrs.add(new LDAPAttribute("nsslapd-backend", database)); @@ -632,7 +638,8 @@ public class DatabasePanel extends WizardPanelBase { LDAPEntry entry = new LDAPEntry(dn, attrs); conn.add(entry); } catch (Exception e) { - CMS.debug("Warning: database mapping tree creation error - " + e.toString()); + CMS.debug("Warning: database mapping tree creation error - " + + e.toString()); throw new IOException("Failed to create the database."); } @@ -644,19 +651,19 @@ public class DatabasePanel extends WizardPanelBase { String n = st.nextToken(); String v = st.nextToken(); LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc3[] = { "top", "domain"}; + String oc3[] = { "top", "domain" }; if (n.equals("o")) { - oc3[1] = "organization"; + oc3[1] = "organization"; } else if (n.equals("ou")) { - oc3[1] = "organizationalUnit"; - } + oc3[1] = "organizationalUnit"; + } attrs.add(new LDAPAttribute("objectClass", oc3)); attrs.add(new LDAPAttribute(n, v)); LDAPEntry entry = new LDAPEntry(baseDN, attrs); conn.add(entry); } catch (Exception e) { CMS.debug("Warning: suffix creation error - " + e.toString()); - throw new IOException("Failed to create the base DN: "+baseDN); + throw new IOException("Failed to create the base DN: " + baseDN); } // check to see if the base dn exists @@ -666,19 +673,23 @@ public class DatabasePanel extends WizardPanelBase { LDAPEntry entry = conn.read(baseDN); if (entry != null) { - foundBaseDN = true; + foundBaseDN = true; } - } catch (LDAPException e) {} + } catch (LDAPException e) { + } boolean createBaseDN = true; boolean testing = false; try { testing = cs.getBoolean("internaldb.multipleSuffix.enable", false); - } catch (Exception e) {} + } catch (Exception e) { + } if (!foundBaseDN) { if (!testing) { - context.put("errorString", "Base DN was not found. Please make sure to create the suffix in the internal database."); + context.put( + "errorString", + "Base DN was not found. Please make sure to create the suffix in the internal database."); throw new IOException("Base DN not found"); } @@ -697,7 +708,7 @@ public class DatabasePanel extends WizardPanelBase { // support only one level creation - create new entry // right under the suffix LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc[] = { "top", "organizationalUnit"}; + String oc[] = { "top", "organizationalUnit" }; attrs.add(new LDAPAttribute("objectClass", oc)); attrs.add(new LDAPAttribute("ou", dns2[0])); @@ -705,7 +716,7 @@ public class DatabasePanel extends WizardPanelBase { try { conn.add(entry); - foundBaseDN = true; + foundBaseDN = true; CMS.debug("DatabasePanel added " + baseDN); } catch (LDAPException e) { throw new IOException("Failed to create " + baseDN); @@ -723,39 +734,41 @@ public class DatabasePanel extends WizardPanelBase { } if (select.equals("clone")) { - // if this is clone, add index before replication - // don't put in the schema or bad things will happen - - importLDIFS("preop.internaldb.ldif", conn); - importLDIFS("preop.internaldb.index_ldif", conn); + // if this is clone, add index before replication + // don't put in the schema or bad things will happen + + importLDIFS("preop.internaldb.ldif", conn); + importLDIFS("preop.internaldb.index_ldif", conn); } else { - // data will be replicated from the master to the clone - // so clone does not need the data - // + // data will be replicated from the master to the clone + // so clone does not need the data + // - importLDIFS("preop.internaldb.schema.ldif", conn); - importLDIFS("preop.internaldb.ldif", conn); - importLDIFS("preop.internaldb.data_ldif", conn); - importLDIFS("preop.internaldb.index_ldif", conn); + importLDIFS("preop.internaldb.schema.ldif", conn); + importLDIFS("preop.internaldb.ldif", conn); + importLDIFS("preop.internaldb.data_ldif", conn); + importLDIFS("preop.internaldb.index_ldif", conn); } try { conn.disconnect(); - } catch (LDAPException e) {} + } catch (LDAPException e) { + } } - private void importLDIFS(String param, LDAPConnection conn) throws IOException { + private void importLDIFS(String param, LDAPConnection conn) + throws IOException { IConfigStore cs = CMS.getConfigStore(); String v = null; CMS.debug("DatabasePanel populateDB param=" + param); try { v = cs.getString(param); - } catch (EBaseException e) { + } catch (EBaseException e) { CMS.debug("DatabasePanel populateDB: " + e.toString()); throw new IOException("Cant find ldif files."); } - + StringTokenizer tokenizer = new StringTokenizer(v, ","); String baseDN = null; String database = null; @@ -770,9 +783,8 @@ public class DatabasePanel extends WizardPanelBase { database = cs.getString("internaldb.database"); CMS.debug("DatabasePanel update: database=" + database); } catch (EBaseException e) { - CMS.debug( - "DatabasePanel update: Failed to get database name. Exception: " - + e.toString()); + CMS.debug("DatabasePanel update: Failed to get database name. Exception: " + + e.toString()); database = "userRoot"; } @@ -787,13 +799,12 @@ public class DatabasePanel extends WizardPanelBase { String instanceId = null; try { - instanceId = cs.getString("instanceId"); + instanceId = cs.getString("instanceId"); } catch (EBaseException e) { throw new IOException("instanceId is missing"); } - - String configDir = instancePath + File.separator + "conf"; + String configDir = instancePath + File.separator + "conf"; while (tokenizer.hasMoreTokens()) { String token = tokenizer.nextToken().trim(); @@ -807,7 +818,8 @@ public class DatabasePanel extends WizardPanelBase { CMS.debug("DatabasePanel importLDIFS: ldif file = " + token); String filename = configDir + File.separator + name; - CMS.debug("DatabasePanel importLDIFS: ldif file copy to " + filename); + CMS.debug("DatabasePanel importLDIFS: ldif file copy to " + + filename); PrintStream ps = null; BufferedReader in = null; @@ -846,14 +858,14 @@ public class DatabasePanel extends WizardPanelBase { if (!endOfline) { ps.println(s); } - } + } } in.close(); ps.close(); - } catch (Exception e) { + } catch (Exception e) { CMS.debug("DBSubsystem popuateDB: " + e.toString()); - throw new IOException( - "Problem of copying ldif file: " + filename); + throw new IOException("Problem of copying ldif file: " + + filename); } LDAPUtil.importLDIF(conn, filename); @@ -864,10 +876,9 @@ public class DatabasePanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); - boolean hasErr = false; + boolean hasErr = false; boolean firsttime = false; context.put("firsttime", "false"); @@ -903,17 +914,20 @@ public class DatabasePanel extends WizardPanelBase { cs.putString("internaldb.ldapauth.bindDN", binddn); cs.putString("internaldb.database", database2); String secure = HttpInput.getCheckbox(request, "secureConn"); - cs.putString("internaldb.ldapconn.secureConn", (secure.equals("on")?"true":"false")); + cs.putString("internaldb.ldapconn.secureConn", + (secure.equals("on") ? "true" : "false")); String cloneStartTLS = HttpInput.getCheckbox(request, "cloneStartTLS"); - cs.putString("internaldb.ldapconn.cloneStartTLS", (cloneStartTLS.equals("on")?"true":"false")); + cs.putString("internaldb.ldapconn.cloneStartTLS", + (cloneStartTLS.equals("on") ? "true" : "false")); String remove = HttpInput.getID(request, "removeData"); if (isPanelDone() && (remove == null || remove.equals(""))) { - /* if user submits the same data, they just want to skip - to the next panel, no database population is required. */ - if (hostname1.equals(hostname2) && - portStr1.equals(portStr2) && - database1.equals(database2)) { + /* + * if user submits the same data, they just want to skip to the next + * panel, no database population is required. + */ + if (hostname1.equals(hostname2) && portStr1.equals(portStr2) + && database1.equals(database2)) { context.put("updateStatus", "success"); return; } @@ -921,15 +935,17 @@ public class DatabasePanel extends WizardPanelBase { mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); - try { - populateDB(request, context, (secure.equals("on")?"true":"false")); + populateDB(request, context, (secure.equals("on") ? "true" + : "false")); } catch (IOException e) { - CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString()); + CMS.debug("DatabasePanel update: populateDB Exception: " + + e.toString()); context.put("updateStatus", "failure"); throw e; } catch (Exception e) { - CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString()); + CMS.debug("DatabasePanel update: populateDB Exception: " + + e.toString()); context.put("errorString", e.toString()); cs.putString("preop.database.errorString", e.toString()); context.put("updateStatus", "failure"); @@ -950,11 +966,11 @@ public class DatabasePanel extends WizardPanelBase { } catch (Exception e) { CMS.debug("ConfigDatabaseServlet update: " + e.toString()); context.put("updateStatus", "failure"); - throw new IOException( e.toString() ); + throw new IOException(e.toString()); } psStore.putString("internaldb", bindpwd); psStore.putString("replicationdb", replicationpwd); - cs.putString("preop.internaldb.replicationpwd" , replicationpwd); + cs.putString("preop.internaldb.replicationpwd", replicationpwd); cs.putString("preop.database.removeData", "false"); try { @@ -983,57 +999,65 @@ public class DatabasePanel extends WizardPanelBase { // always populate the index the last try { - CMS.debug("Populating local indexes"); - LDAPConnection conn = getLocalLDAPConn(context, - (secure.equals("on")?"true":"false")); - importLDIFS("preop.internaldb.post_ldif", conn); - - /* For vlvtask, we need to check if the task has - been completed or not. Presence of nsTaskExitCode means task is complete - */ - String wait_dn = cs.getString("preop.internaldb.wait_dn", ""); - if (!wait_dn.equals("")) { - int i = 0; - LDAPEntry task = null; - boolean taskComplete = false; - CMS.debug("Checking wait_dn " + wait_dn); - do { - Thread.sleep(1000); - try { - task = conn.read(wait_dn, (String[])null); - if (task != null) { - LDAPAttribute attr = task.getAttribute("nsTaskExitCode"); - if (attr != null) { - taskComplete = true; - String val = (String) attr.getStringValues().nextElement(); - if (val.compareTo("0") != 0) { - CMS.debug("Error in populating local indexes: nsTaskExitCode=" + val); - } - } + CMS.debug("Populating local indexes"); + LDAPConnection conn = getLocalLDAPConn(context, + (secure.equals("on") ? "true" : "false")); + importLDIFS("preop.internaldb.post_ldif", conn); + + /* + * For vlvtask, we need to check if the task has been completed or + * not. Presence of nsTaskExitCode means task is complete + */ + String wait_dn = cs.getString("preop.internaldb.wait_dn", ""); + if (!wait_dn.equals("")) { + int i = 0; + LDAPEntry task = null; + boolean taskComplete = false; + CMS.debug("Checking wait_dn " + wait_dn); + do { + Thread.sleep(1000); + try { + task = conn.read(wait_dn, (String[]) null); + if (task != null) { + LDAPAttribute attr = task + .getAttribute("nsTaskExitCode"); + if (attr != null) { + taskComplete = true; + String val = (String) attr.getStringValues() + .nextElement(); + if (val.compareTo("0") != 0) { + CMS.debug("Error in populating local indexes: nsTaskExitCode=" + + val); + } + } + } + } catch (LDAPException le) { + CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + + le.toString() + ")"); + } catch (Exception e) { + CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + + e.toString() + ")."); + } + } while ((!taskComplete) && (i < 20)); + if (i < 20) { + CMS.debug("Done checking wait_dn " + wait_dn); + } else { + CMS.debug("Done checking wait_dn " + wait_dn + + " due to timeout."); } - } catch (LDAPException le) { - CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + le.toString() + ")"); - } catch (Exception e) { - CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + e.toString() + ")."); - } - } while ((!taskComplete) && (i < 20)); - if (i < 20) { - CMS.debug("Done checking wait_dn " + wait_dn); - } else { - CMS.debug("Done checking wait_dn " + wait_dn + " due to timeout."); } - } - conn.disconnect(); - CMS.debug("Done populating local indexes"); + conn.disconnect(); + CMS.debug("Done populating local indexes"); } catch (Exception e) { - CMS.debug("Populating index failure - " + e); + CMS.debug("Populating index failure - " + e); } // setup replication after indexes have been created if (select.equals("clone")) { CMS.debug("Start setting up replication."); - setupReplication(request, context, (secure.equals("on")?"true":"false"), (cloneStartTLS.equals("on")?"true":"false")); + setupReplication(request, context, (secure.equals("on") ? "true" + : "false"), (cloneStartTLS.equals("on") ? "true" : "false")); CMS.debug("Finish setting up replication."); try { @@ -1048,25 +1072,23 @@ public class DatabasePanel extends WizardPanelBase { } } - if (hasErr == false) { - cs.putBoolean("preop.Database.done", true); - try { - cs.commit(false); - } catch (EBaseException e) { - CMS.debug( - "DatabasePanel: update() Exception caught at config commit: " - + e.toString()); - } - } + cs.putBoolean("preop.Database.done", true); + try { + cs.commit(false); + } catch (EBaseException e) { + CMS.debug("DatabasePanel: update() Exception caught at config commit: " + + e.toString()); + } + } context.put("updateStatus", "success"); } - private void setupReplication(HttpServletRequest request, - Context context, String secure, String cloneStartTLS) throws IOException { + private void setupReplication(HttpServletRequest request, Context context, + String secure, String cloneStartTLS) throws IOException { String bindpwd = HttpInput.getPassword(request, "__bindpwd"); IConfigStore cs = CMS.getConfigStore(); - + String cstype = ""; String machinename = ""; String instanceId = ""; @@ -1078,13 +1100,14 @@ public class DatabasePanel extends WizardPanelBase { } catch (Exception e) { } - - //setup replication agreement - String masterAgreementName = "masterAgreement1-"+machinename+"-"+instanceId; + // setup replication agreement + String masterAgreementName = "masterAgreement1-" + machinename + "-" + + instanceId; cs.putString("internaldb.replication.master", masterAgreementName); - String cloneAgreementName = "cloneAgreement1-"+machinename+"-"+instanceId; + String cloneAgreementName = "cloneAgreement1-" + machinename + "-" + + instanceId; cs.putString("internaldb.replication.consumer", cloneAgreementName); - + try { cs.commit(false); } catch (Exception e) { @@ -1097,11 +1120,14 @@ public class DatabasePanel extends WizardPanelBase { String master1_replicationpwd = ""; try { - master1_hostname = cs.getString("preop.internaldb.master.hostname", ""); + master1_hostname = cs.getString("preop.internaldb.master.hostname", + ""); master1_port = cs.getInteger("preop.internaldb.master.port", -1); master1_binddn = cs.getString("preop.internaldb.master.binddn", ""); - master1_bindpwd = cs.getString("preop.internaldb.master.bindpwd", ""); - master1_replicationpwd = cs.getString("preop.internaldb.master.replicationpwd", ""); + master1_bindpwd = cs.getString("preop.internaldb.master.bindpwd", + ""); + master1_replicationpwd = cs.getString( + "preop.internaldb.master.replicationpwd", ""); } catch (Exception e) { } @@ -1116,21 +1142,22 @@ public class DatabasePanel extends WizardPanelBase { master2_port = cs.getInteger("internaldb.ldapconn.port", -1); master2_binddn = cs.getString("internaldb.ldapauth.bindDN", ""); master2_bindpwd = bindpwd; - master2_replicationpwd = cs.getString("preop.internaldb.replicationpwd", ""); + master2_replicationpwd = cs.getString( + "preop.internaldb.replicationpwd", ""); } catch (Exception e) { } - + LDAPConnection conn1 = null; LDAPConnection conn2 = null; if (secure.equals("true")) { - CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap"); - conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - } else { - CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap"); - conn1 = new LDAPConnection(); - conn2 = new LDAPConnection(); - } + CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap"); + conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + } else { + CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap"); + conn1 = new LDAPConnection(); + conn2 = new LDAPConnection(); + } String basedn = ""; try { @@ -1140,19 +1167,23 @@ public class DatabasePanel extends WizardPanelBase { try { conn1.connect(master1_hostname, master1_port, master1_binddn, - master1_bindpwd); + master1_bindpwd); conn2.connect(master2_hostname, master2_port, master2_binddn, - master2_bindpwd); + master2_bindpwd); String suffix = cs.getString("internaldb.basedn", ""); - String replicadn = "cn=replica,cn=\""+suffix+"\",cn=mapping tree,cn=config"; - CMS.debug("DatabasePanel setupReplication: replicadn="+replicadn); + String replicadn = "cn=replica,cn=\"" + suffix + + "\",cn=mapping tree,cn=config"; + CMS.debug("DatabasePanel setupReplication: replicadn=" + replicadn); - String masterBindUser = "Replication Manager " + masterAgreementName; + String masterBindUser = "Replication Manager " + + masterAgreementName; String cloneBindUser = "Replication Manager " + cloneAgreementName; - createReplicationManager(conn1, masterBindUser, master1_replicationpwd); - createReplicationManager(conn2, cloneBindUser, master2_replicationpwd); + createReplicationManager(conn1, masterBindUser, + master1_replicationpwd); + createReplicationManager(conn2, cloneBindUser, + master2_replicationpwd); String dir1 = getInstanceDir(conn1); createChangeLog(conn1, dir1 + "/changelogs"); @@ -1162,36 +1193,43 @@ public class DatabasePanel extends WizardPanelBase { int replicaId = cs.getInteger("dbs.beginReplicaNumber", 1); - replicaId = enableReplication(replicadn, conn1, masterBindUser, basedn, replicaId); - replicaId = enableReplication(replicadn, conn2, cloneBindUser, basedn, replicaId); + replicaId = enableReplication(replicadn, conn1, masterBindUser, + basedn, replicaId); + replicaId = enableReplication(replicadn, conn2, cloneBindUser, + basedn, replicaId); cs.putString("dbs.beginReplicaNumber", Integer.toString(replicaId)); CMS.debug("DatabasePanel setupReplication: Finished enabling replication"); - createReplicationAgreement(replicadn, conn1, masterAgreementName, - master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS); + createReplicationAgreement(replicadn, conn1, masterAgreementName, + master2_hostname, master2_port, master2_replicationpwd, + basedn, cloneBindUser, secure, cloneStartTLS); - createReplicationAgreement(replicadn, conn2, cloneAgreementName, - master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS); + createReplicationAgreement(replicadn, conn2, cloneAgreementName, + master1_hostname, master1_port, master1_replicationpwd, + basedn, masterBindUser, secure, cloneStartTLS); // initialize consumer initializeConsumer(replicadn, conn1, masterAgreementName); - while (! replicationDone(replicadn, conn1, masterAgreementName)) { + while (!replicationDone(replicadn, conn1, masterAgreementName)) { CMS.debug("DatabasePanel setupReplication: Waiting for replication to complete"); Thread.sleep(1000); } - String status = replicationStatus(replicadn, conn1, masterAgreementName); + String status = replicationStatus(replicadn, conn1, + masterAgreementName); if (!status.startsWith("0 ")) { - CMS.debug("DatabasePanel setupReplication: consumer initialization failed. " + - status); - throw new IOException("consumer initialization failed. " + status); - } + CMS.debug("DatabasePanel setupReplication: consumer initialization failed. " + + status); + throw new IOException("consumer initialization failed. " + + status); + } } catch (Exception e) { - CMS.debug("DatabasePanel setupReplication: "+e.toString()); - throw new IOException("Failed to setup the replication for cloning."); + CMS.debug("DatabasePanel setupReplication: " + e.toString()); + throw new IOException( + "Failed to setup the replication for cloning."); } } @@ -1199,27 +1237,26 @@ public class DatabasePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { try { - initParams(request, context); - } catch (IOException e) { + initParams(request, context); + } catch (IOException e) { } context.put("title", "Database"); context.put("panel", "admin/console/config/databasepanel.vm"); } private boolean isAgreementExist(String replicadn, LDAPConnection conn, - String name) { - String dn = "cn="+name+","+replicadn; - String filter = "(cn="+name+")"; - String[] attrs = {"cn"}; + String name) { + String dn = "cn=" + name + "," + replicadn; + String filter = "(cn=" + name + ")"; + String[] attrs = { "cn" }; try { LDAPSearchResults results = conn.search(dn, LDAPv3.SCOPE_SUB, - filter, attrs, false); + filter, attrs, false); while (results.hasMoreElements()) - return true; + return true; } catch (LDAPException e) { return false; } @@ -1227,8 +1264,8 @@ public class DatabasePanel extends WizardPanelBase { return false; } - private void createReplicationManager(LDAPConnection conn, String bindUser, String pwd) - throws LDAPException { + private void createReplicationManager(LDAPConnection conn, String bindUser, + String pwd) throws LDAPException { LDAPAttributeSet attrs = null; LDAPEntry entry = null; String dn = "cn=" + bindUser + ",cn=config"; @@ -1248,11 +1285,13 @@ public class DatabasePanel extends WizardPanelBase { conn.delete(dn); conn.add(entry); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationManager: "+ee.toString()); + CMS.debug("DatabasePanel createReplicationManager: " + + ee.toString()); } return; } else { - CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: "+e.toString()); + CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: " + + e.toString()); throw e; } } @@ -1261,7 +1300,7 @@ public class DatabasePanel extends WizardPanelBase { } private void createChangeLog(LDAPConnection conn, String dir) - throws LDAPException { + throws LDAPException { LDAPAttributeSet attrs = null; LDAPEntry entry = null; String dn = "cn=changelog5,cn=config"; @@ -1276,17 +1315,16 @@ public class DatabasePanel extends WizardPanelBase { } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { CMS.debug("DatabasePanel createChangeLog: Changelog entry has already used"); -/* leave it, dont delete it because it will have operation error - try { - conn.delete(dn); - conn.add(entry); - } catch (LDAPException ee) { - CMS.debug("DatabasePanel createChangeLog: "+ee.toString()); - } -*/ + /* + * leave it, dont delete it because it will have operation error + * try { conn.delete(dn); conn.add(entry); } catch + * (LDAPException ee) { + * CMS.debug("DatabasePanel createChangeLog: "+ee.toString()); } + */ return; } else { - CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: " + + e.toString()); throw e; } } @@ -1294,9 +1332,9 @@ public class DatabasePanel extends WizardPanelBase { CMS.debug("DatabasePanel createChangeLog: Successfully create change log entry"); } - private int enableReplication(String replicadn, LDAPConnection conn, String bindUser, String basedn, int id) - throws LDAPException { - CMS.debug("DatabasePanel enableReplication: replicadn: "+replicadn); + private int enableReplication(String replicadn, LDAPConnection conn, + String bindUser, String basedn, int id) throws LDAPException { + CMS.debug("DatabasePanel enableReplication: replicadn: " + replicadn); LDAPAttributeSet attrs = null; LDAPEntry entry = null; try { @@ -1306,8 +1344,8 @@ public class DatabasePanel extends WizardPanelBase { attrs.add(new LDAPAttribute("objectclass", "extensibleobject")); attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn)); attrs.add(new LDAPAttribute("nsDS5ReplicaType", "3")); - attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", - "cn=" + bindUser + ",cn=config")); + attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", "cn=" + bindUser + + ",cn=config")); attrs.add(new LDAPAttribute("cn", "replica")); attrs.add(new LDAPAttribute("nsDS5ReplicaId", Integer.toString(id))); attrs.add(new LDAPAttribute("nsds5flags", "1")); @@ -1315,49 +1353,57 @@ public class DatabasePanel extends WizardPanelBase { conn.add(entry); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { - /* BZ 470918 -we cant just add the new dn. We need to do a replace instead - * until the DS code is fixed */ - CMS.debug("DatabasePanel enableReplication: "+replicadn+" has already been used"); - + /* + * BZ 470918 -we cant just add the new dn. We need to do a + * replace instead until the DS code is fixed + */ + CMS.debug("DatabasePanel enableReplication: " + replicadn + + " has already been used"); + try { entry = conn.read(replicadn); - LDAPAttribute attr = entry.getAttribute("nsDS5ReplicaBindDN"); - attr.addValue( "cn=" + bindUser + ",cn=config"); - LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr); + LDAPAttribute attr = entry + .getAttribute("nsDS5ReplicaBindDN"); + attr.addValue("cn=" + bindUser + ",cn=config"); + LDAPModification mod = new LDAPModification( + LDAPModification.REPLACE, attr); conn.modify(replicadn, mod); } catch (LDAPException ee) { - CMS.debug("DatabasePanel enableReplication: Failed to modify " - +replicadn+" entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel enableReplication: Failed to modify " + + replicadn + " entry. Exception: " + e.toString()); } return id; } else { - CMS.debug("DatabasePanel enableReplication: Failed to create "+replicadn+" entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel enableReplication: Failed to create " + + replicadn + " entry. Exception: " + e.toString()); return id; } } - CMS.debug("DatabasePanel enableReplication: Successfully create "+replicadn+" entry."); + CMS.debug("DatabasePanel enableReplication: Successfully create " + + replicadn + " entry."); return id + 1; } - private void createReplicationAgreement(String replicadn, - LDAPConnection conn, String name, String replicahost, int replicaport, - String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) throws LDAPException { - String dn = "cn="+name+","+replicadn; - CMS.debug("DatabasePanel createReplicationAgreement: dn: "+dn); + private void createReplicationAgreement(String replicadn, + LDAPConnection conn, String name, String replicahost, + int replicaport, String replicapwd, String basedn, String bindUser, + String secure, String cloneStartTLS) throws LDAPException { + String dn = "cn=" + name + "," + replicadn; + CMS.debug("DatabasePanel createReplicationAgreement: dn: " + dn); LDAPEntry entry = null; LDAPAttributeSet attrs = null; try { attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); attrs.add(new LDAPAttribute("objectclass", - "nsds5replicationagreement")); + "nsds5replicationagreement")); attrs.add(new LDAPAttribute("cn", name)); attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn)); attrs.add(new LDAPAttribute("nsDS5ReplicaHost", replicahost)); - attrs.add(new LDAPAttribute("nsDS5ReplicaPort", ""+replicaport)); - attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", - "cn=" + bindUser + ",cn=config")); + attrs.add(new LDAPAttribute("nsDS5ReplicaPort", "" + replicaport)); + attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", "cn=" + bindUser + + ",cn=config")); attrs.add(new LDAPAttribute("nsDS5ReplicaBindMethod", "Simple")); attrs.add(new LDAPAttribute("nsds5replicacredentials", replicapwd)); @@ -1368,50 +1414,58 @@ public class DatabasePanel extends WizardPanelBase { } CMS.debug("About to set description attr to " + name); - attrs.add(new LDAPAttribute("description",name)); + attrs.add(new LDAPAttribute("description", name)); entry = new LDAPEntry(dn, attrs); conn.add(entry); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { - CMS.debug("DatabasePanel createReplicationAgreement: "+dn+" has already used"); + CMS.debug("DatabasePanel createReplicationAgreement: " + dn + + " has already used"); try { conn.delete(dn); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: " + + ee.toString()); throw ee; } try { conn.add(entry); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: " + + ee.toString()); throw ee; } } else { - CMS.debug("DatabasePanel createReplicationAgreement: Failed to create "+dn+" entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: Failed to create " + + dn + " entry. Exception: " + e.toString()); throw e; } } - CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement "+name); + CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement " + + name); } - private void initializeConsumer(String replicadn, LDAPConnection conn, - String name) { - String dn = "cn="+name+","+replicadn; - CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: "+dn); - CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: "+conn.getHost() + " port: " + conn.getPort()); + private void initializeConsumer(String replicadn, LDAPConnection conn, + String name) { + String dn = "cn=" + name + "," + replicadn; + CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: " + + dn); + CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: " + + conn.getHost() + " port: " + conn.getPort()); try { LDAPAttribute attr = new LDAPAttribute("nsds5beginreplicarefresh", - "start"); + "start"); LDAPModification mod = new LDAPModification( - LDAPModification.REPLACE, attr); + LDAPModification.REPLACE, attr); CMS.debug("DatabasePanel initializeConsumer: start modifying"); conn.modify(dn, mod); CMS.debug("DatabasePanel initializeConsumer: Finish modification."); } catch (LDAPException e) { - CMS.debug("DatabasePanel initializeConsumer: Failed to modify "+dn+" entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel initializeConsumer: Failed to modify " + + dn + " entry. Exception: " + e.toString()); return; } catch (Exception e) { CMS.debug("DatabasePanel initializeConsumer: exception " + e); @@ -1422,33 +1476,35 @@ public class DatabasePanel extends WizardPanelBase { Thread.sleep(5000); CMS.debug("DatabasePanel initializeConsumer: finish sleeping."); } catch (InterruptedException ee) { - CMS.debug("DatabasePanel initializeConsumer: exception: "+ee.toString()); + CMS.debug("DatabasePanel initializeConsumer: exception: " + + ee.toString()); } CMS.debug("DatabasePanel initializeConsumer: Successfully initialize consumer"); } - private boolean replicationDone(String replicadn, LDAPConnection conn, String name) - throws IOException { - String dn = "cn="+name+","+replicadn; + private boolean replicationDone(String replicadn, LDAPConnection conn, + String name) throws IOException { + String dn = "cn=" + name + "," + replicadn; String filter = "(objectclass=*)"; - String[] attrs = {"nsds5beginreplicarefresh"}; + String[] attrs = { "nsds5beginreplicarefresh" }; - CMS.debug("DatabasePanel replicationDone: dn: "+dn); + CMS.debug("DatabasePanel replicationDone: dn: " + dn); try { - LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, - attrs, true); + LDAPSearchResults results = conn.search(dn, + LDAPConnection.SCOPE_BASE, filter, attrs, true); int count = results.getCount(); if (count < 1) { throw new IOException("Replication entry not found"); - } - + } + LDAPEntry entry = results.next(); - LDAPAttribute refresh = entry.getAttribute("nsds5beginreplicarefresh"); + LDAPAttribute refresh = entry + .getAttribute("nsds5beginreplicarefresh"); if (refresh == null) { return true; - } + } return false; } catch (Exception e) { CMS.debug("DatabasePanel replicationDone: exception " + e); @@ -1456,31 +1512,33 @@ public class DatabasePanel extends WizardPanelBase { } } - private String replicationStatus(String replicadn, LDAPConnection conn, String name) - throws IOException { - String dn = "cn="+name+","+replicadn; + private String replicationStatus(String replicadn, LDAPConnection conn, + String name) throws IOException { + String dn = "cn=" + name + "," + replicadn; String filter = "(objectclass=*)"; - String[] attrs = {"nsds5replicalastinitstatus"}; + String[] attrs = { "nsds5replicalastinitstatus" }; String status = null; - CMS.debug("DatabasePanel replicationStatus: dn: "+dn); + CMS.debug("DatabasePanel replicationStatus: dn: " + dn); try { - LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, - attrs, false); + LDAPSearchResults results = conn.search(dn, + LDAPConnection.SCOPE_BASE, filter, attrs, false); int count = results.getCount(); if (count < 1) { throw new IOException("Replication entry not found"); - } + } LDAPEntry entry = results.next(); - LDAPAttribute attr = entry.getAttribute("nsds5replicalastinitstatus"); + LDAPAttribute attr = entry + .getAttribute("nsds5replicalastinitstatus"); if (attr != null) { Enumeration valsInAttr = attr.getStringValues(); if (valsInAttr.hasMoreElements()) { - return (String)valsInAttr.nextElement(); + return (String) valsInAttr.nextElement(); } else { - throw new IOException("No value returned for nsds5replicalastinitstatus"); + throw new IOException( + "No value returned for nsds5replicalastinitstatus"); } } else { throw new IOException("nsDS5ReplicaLastInitStatus is null."); @@ -1492,35 +1550,42 @@ public class DatabasePanel extends WizardPanelBase { } private String getInstanceDir(LDAPConnection conn) { - String instancedir=""; + String instancedir = ""; try { String filter = "(objectclass=*)"; - String[] attrs = {"nsslapd-directory"}; - LDAPSearchResults results = conn.search("cn=config,cn=ldbm database,cn=plugins,cn=config", LDAPv3.SCOPE_SUB, - filter, attrs, false); + String[] attrs = { "nsslapd-directory" }; + LDAPSearchResults results = conn.search( + "cn=config,cn=ldbm database,cn=plugins,cn=config", + LDAPv3.SCOPE_SUB, filter, attrs, false); while (results.hasMoreElements()) { LDAPEntry entry = results.next(); String dn = entry.getDN(); - CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: "+dn); + CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: " + + dn); LDAPAttributeSet entryAttrs = entry.getAttributeSet(); Enumeration attrsInSet = entryAttrs.getAttributes(); while (attrsInSet.hasMoreElements()) { - LDAPAttribute nextAttr = (LDAPAttribute)attrsInSet.nextElement(); + LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet + .nextElement(); String attrName = nextAttr.getName(); - CMS.debug("DatabasePanel getInstanceDir: attribute name: "+attrName); + CMS.debug("DatabasePanel getInstanceDir: attribute name: " + + attrName); Enumeration valsInAttr = nextAttr.getStringValues(); - while ( valsInAttr.hasMoreElements() ) { - String nextValue = (String)valsInAttr.nextElement(); + while (valsInAttr.hasMoreElements()) { + String nextValue = (String) valsInAttr.nextElement(); if (attrName.equalsIgnoreCase("nsslapd-directory")) { - CMS.debug("DatabasePanel getInstanceDir: instanceDir="+nextValue); - return nextValue.substring(0,nextValue.lastIndexOf("/db")); + CMS.debug("DatabasePanel getInstanceDir: instanceDir=" + + nextValue); + return nextValue.substring(0, + nextValue.lastIndexOf("/db")); } } } } } catch (LDAPException e) { - CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: "+e.toString()); + CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: " + + e.toString()); } return instancedir; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java index d8fd7526d..127e233c5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class DatabaseServlet extends BaseServlet { /** @@ -34,8 +32,7 @@ public class DatabaseServlet extends BaseServlet { private static final long serialVersionUID = 6474664942834474385L; public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java index 1e1b6dec2..b2365eb79 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.net.URLEncoder; import java.util.Locale; @@ -42,25 +41,25 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class DisplayCertChainPanel extends WizardPanelBase { - public DisplayCertChainPanel() {} + public DisplayCertChainPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Display Certificate Chain"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Display Certificate Chain"); setId(id); } - - public boolean isSubPanel() { + + public boolean isSubPanel() { return true; } @@ -70,7 +69,7 @@ public class DisplayCertChainPanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -86,8 +85,8 @@ public class DisplayCertChainPanel extends WizardPanelBase { IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - try { - String select = cs.getString("securitydomain.select",""); + try { + String select = cs.getString("securitydomain.select", ""); String type = cs.getString("preop.subsystem.select", ""); String hierarchy = cs.getString("preop.hierarchy.select", ""); @@ -113,11 +112,10 @@ public class DisplayCertChainPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("DisplayCertChainPanel: display"); - // update session id + // update session id String session_id = request.getParameter("session_id"); if (session_id != null) { CMS.debug("DisplayCertChainPanel setting session id."); @@ -132,7 +130,8 @@ public class DisplayCertChainPanel extends WizardPanelBase { try { certchain_size = cs.getString(certChainConfigName, ""); - } catch (Exception e) {} + } catch (Exception e) { + } int size = 0; Vector v = new Vector(); @@ -140,20 +139,22 @@ public class DisplayCertChainPanel extends WizardPanelBase { if (!certchain_size.equals("")) { try { size = Integer.parseInt(certchain_size); - } catch (Exception e) {} + } catch (Exception e) { + } for (int i = 0; i < size; i++) { certChainConfigName = "preop." + type + ".certchain." + i; try { String c = cs.getString(certChainConfigName, ""); byte[] b_c = CryptoUtil.base64Decode(c); - CertPrettyPrint pp = new CertPrettyPrint( - new X509CertImpl(b_c)); + CertPrettyPrint pp = new CertPrettyPrint(new X509CertImpl( + b_c)); v.addElement(pp.toString(Locale.getDefault())); - } catch (Exception e) {} + } catch (Exception e) { + } } } - + if (getId().equals("securitydomain")) { context.put("panelid", "securitydomain"); context.put("panelname", "Security Domain Trust Verification"); @@ -171,44 +172,48 @@ public class DisplayCertChainPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { importCertChain(getId()); if (getId().equals("securitydomain")) { - int panel = getPanelNo()+1; + int panel = getPanelNo() + 1; IConfigStore cs = CMS.getConfigStore(); try { String sd_hostname = cs.getString("securitydomain.host", ""); - int sd_port = cs.getInteger("securitydomain.httpsadminport", -1); + int sd_port = cs + .getInteger("securitydomain.httpsadminport", -1); String cs_hostname = cs.getString("machineName", ""); int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1); String subsystem = cs.getString("cs.type", ""); - String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem; + String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + + toLowerCaseSubsystemType(subsystem) + + "/admin/console/config/wizard?p=" + panel + + "&subsystem=" + subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); - String sdurl = "https://"+sd_hostname+":"+sd_port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue; + String sdurl = "https://" + sd_hostname + ":" + sd_port + + "/ca/admin/ca/securityDomainLogin?url=" + + encodedValue; response.sendRedirect(sdurl); // The user previously specified the CA Security Domain's // SSL Admin port in the "Security Domain Panel"; // now retrieve this specified CA Security Domain's // non-SSL EE, SSL Agent, and SSL EE ports: - cs.putString( "securitydomain.httpport", - getSecurityDomainPort( cs, "UnSecurePort" ) ); - cs.putString("securitydomain.httpsagentport", - getSecurityDomainPort( cs, "SecureAgentPort" ) ); - cs.putString("securitydomain.httpseeport", - getSecurityDomainPort( cs, "SecurePort" ) ); + cs.putString("securitydomain.httpport", + getSecurityDomainPort(cs, "UnSecurePort")); + cs.putString("securitydomain.httpsagentport", + getSecurityDomainPort(cs, "SecureAgentPort")); + cs.putString("securitydomain.httpseeport", + getSecurityDomainPort(cs, "SecurePort")); } catch (Exception ee) { - CMS.debug("DisplayCertChainPanel Exception="+ee.toString()); + CMS.debug("DisplayCertChainPanel Exception=" + ee.toString()); } } context.put("updateStatus", "success"); @@ -218,8 +223,7 @@ public class DisplayCertChainPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { /* This should never be called */ context.put("title", "Display Certificate Chain"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java index 008719217..cdcc8a47f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class DisplayServlet extends BaseServlet { /** @@ -34,8 +32,7 @@ public class DisplayServlet extends BaseServlet { private static final long serialVersionUID = -8753831516572779596L; public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; try { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java index 9669ddb1f..c8c4d56c8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.math.BigInteger; import java.net.URLEncoder; @@ -57,23 +56,22 @@ public class DonePanel extends WizardPanelBase { public static final BigInteger BIG_ZERO = new BigInteger("0"); public static final Long MINUS_ONE = Long.valueOf(-1); - public static final String RESTART_SERVER_AFTER_CONFIGURATION = - "restart_server_after_configuration"; + public static final String RESTART_SERVER_AFTER_CONFIGURATION = "restart_server_after_configuration"; public static final String PKI_SECURITY_DOMAIN = "pki_security_domain"; - public DonePanel() {} + public DonePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Done"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Done"); setId(id); @@ -88,15 +86,13 @@ public class DonePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } - private LDAPConnection getLDAPConn(Context context) - throws IOException - { + private LDAPConnection getLDAPConn(Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -112,8 +108,9 @@ public class DonePanel extends WizardPanelBase { pwd = pwdStore.getPassword("internaldb"); } - if ( pwd == null) { - throw new IOException("DonePanel: Failed to obtain password from password store"); + if (pwd == null) { + throw new IOException( + "DonePanel: Failed to obtain password from password store"); } try { @@ -138,11 +135,11 @@ public class DonePanel extends WizardPanelBase { LDAPConnection conn = null; if (security.equals("true")) { - CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); } else { - CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); + CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); } CMS.debug("DonePanel connecting to " + host + ":" + p); @@ -153,19 +150,17 @@ public class DonePanel extends WizardPanelBase { throw new IOException("Failed to connect to the internal database."); } - return conn; + return conn; } - /** * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("DonePanel: display()"); - // update session id + // update session id String session_id = request.getParameter("session_id"); if (session_id != null) { CMS.debug("NamePanel setting session id."); @@ -193,31 +188,32 @@ public class DonePanel extends WizardPanelBase { instanceRoot = cs.getString("instanceRoot"); select = cs.getString("preop.subsystem.select", ""); systemdService = cs.getString("pkicreate.systemd.servicename", ""); - } catch (Exception e) {} + } catch (Exception e) { + } String initDaemon = ""; if (type.equals("CA")) { - initDaemon = "pki-cad"; + initDaemon = "pki-cad"; } else if (type.equals("KRA")) { - initDaemon = "pki-krad"; + initDaemon = "pki-krad"; } else if (type.equals("OCSP")) { - initDaemon = "pki-ocspd"; + initDaemon = "pki-ocspd"; } else if (type.equals("TKS")) { - initDaemon = "pki-tksd"; + initDaemon = "pki-tksd"; } - String os = System.getProperty( "os.name" ); - if( os.equalsIgnoreCase( "Linux" ) ) { - if (! systemdService.equals("")) { - context.put( "initCommand", "/bin/systemctl"); - context.put( "instanceId", systemdService ); + String os = System.getProperty("os.name"); + if (os.equalsIgnoreCase("Linux")) { + if (!systemdService.equals("")) { + context.put("initCommand", "/bin/systemctl"); + context.put("instanceId", systemdService); } else { - context.put( "initCommand", "/sbin/service " + initDaemon ); - context.put( "instanceId", instanceId ); + context.put("initCommand", "/sbin/service " + initDaemon); + context.put("instanceId", instanceId); } } else { - /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put( "initCommand", "/etc/init.d/" + initDaemon ); - context.put( "instanceId", instanceId ); + /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ + context.put("initCommand", "/etc/init.d/" + initDaemon); + context.put("instanceId", instanceId); } context.put("title", "Done"); context.put("panel", "admin/console/config/donepanel.vm"); @@ -233,7 +229,7 @@ public class DonePanel extends WizardPanelBase { return; } else context.put("csstate", "0"); - + } catch (Exception e) { } @@ -267,7 +263,8 @@ public class DonePanel extends WizardPanelBase { boolean cloneMaster = false; - if (select.equals("clone") && type.equalsIgnoreCase("CA") && isSDHostDomainMaster(cs)) { + if (select.equals("clone") && type.equalsIgnoreCase("CA") + && isSDHostDomainMaster(cs)) { cloneMaster = true; CMS.debug("Cloning a domain master"); } @@ -280,20 +277,22 @@ public class DonePanel extends WizardPanelBase { String basedn = cs.getString("internaldb.basedn"); String secdomain = cs.getString("securitydomain.name"); - try { + try { // Create security domain ldap entry String dn = "ou=Security Domain," + basedn; CMS.debug("DonePanel: creating ldap entry : " + dn); - + LDAPEntry entry = null; LDAPAttributeSet attrs = null; attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); - attrs.add(new LDAPAttribute("objectclass", "pkiSecurityDomain")); + attrs.add(new LDAPAttribute("objectclass", + "pkiSecurityDomain")); if (secdomain.equals("")) { // this should not happen - just in case CMS.debug("DonePanel display(): Security domain is an empty string!"); - throw new IOException("Security domain is an empty string!"); + throw new IOException( + "Security domain is an empty string!"); } else { attrs.add(new LDAPAttribute("name", secdomain)); } @@ -305,29 +304,33 @@ public class DonePanel extends WizardPanelBase { throw e; } - try { + try { // create list containers - String clist[] = {"CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList"}; - for (int i=0; i< clist.length; i++) { + String clist[] = { "CAList", "OCSPList", "KRAList", + "RAList", "TKSList", "TPSList" }; + for (int i = 0; i < clist.length; i++) { LDAPEntry entry = null; LDAPAttributeSet attrs = null; - String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn; + String dn = "cn=" + clist[i] + ",ou=Security Domain," + + basedn; attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); - attrs.add(new LDAPAttribute("objectclass", "pkiSecurityGroup")); + attrs.add(new LDAPAttribute("objectclass", + "pkiSecurityGroup")); attrs.add(new LDAPAttribute("cn", clist[i])); entry = new LDAPEntry(dn, attrs); conn.add(entry); } } catch (Exception e) { - CMS.debug("Unable to create security domain list groups" ); + CMS.debug("Unable to create security domain list groups"); throw e; - } + } try { - // Add this host (only CA can create new domain) + // Add this host (only CA can create new domain) String cn = ownhost + ":" + ownadminsport; - String dn = "cn=" + cn + ",cn=CAList,ou=Security Domain," + basedn; + String dn = "cn=" + cn + ",cn=CAList,ou=Security Domain," + + basedn; LDAPEntry entry = null; LDAPAttributeSet attrs = null; attrs = new LDAPAttributeSet(); @@ -336,12 +339,12 @@ public class DonePanel extends WizardPanelBase { attrs.add(new LDAPAttribute("Host", ownhost)); attrs.add(new LDAPAttribute("SecurePort", ownsport)); attrs.add(new LDAPAttribute("SecureAgentPort", - ownagentsport)); + ownagentsport)); attrs.add(new LDAPAttribute("SecureAdminPort", - ownadminsport)); + ownadminsport)); if (owneeclientauthsport != null) { - attrs.add(new LDAPAttribute("SecureEEClientAuthPort", - owneeclientauthsport)); + attrs.add(new LDAPAttribute("SecureEEClientAuthPort", + owneeclientauthsport)); } attrs.add(new LDAPAttribute("UnSecurePort", ownport)); attrs.add(new LDAPAttribute("Clone", "FALSE")); @@ -357,31 +360,32 @@ public class DonePanel extends WizardPanelBase { CMS.debug("DonePanel display: finish updating domain info"); conn.disconnect(); } catch (Exception e) { - CMS.debug("DonePanel display: "+e.toString()); + CMS.debug("DonePanel display: " + e.toString()); } int sd_admin_port_int = -1; try { - sd_admin_port_int = Integer.parseInt( sd_admin_port ); + sd_admin_port_int = Integer.parseInt(sd_admin_port); } catch (Exception e) { } try { // Fetch the "new" security domain and display it - CMS.debug( "Dump contents of new Security Domain . . ." ); - String c = getDomainXML( sd_host, sd_admin_port_int, true ); - } catch( Exception e ) {} + CMS.debug("Dump contents of new Security Domain . . ."); + String c = getDomainXML(sd_host, sd_admin_port_int, true); + } catch (Exception e) { + } // Since this instance is a new Security Domain, // create an empty file to designate this fact. String security_domain = instanceRoot + "/conf/" - + PKI_SECURITY_DOMAIN; - if( !Utils.isNT() ) { - Utils.exec( "touch " + security_domain ); - Utils.exec( "chmod 00660 " + security_domain ); + + PKI_SECURITY_DOMAIN; + if (!Utils.isNT()) { + Utils.exec("touch " + security_domain); + Utils.exec("chmod 00660 " + security_domain); } - } else { //existing domain + } else { // existing domain int sd_agent_port_int = -1; int sd_admin_port_int = -1; try { @@ -398,34 +402,30 @@ public class DonePanel extends WizardPanelBase { cloneStr = "&clone=false"; String domainMasterStr = ""; - if (cloneMaster) + if (cloneMaster) domainMasterStr = "&dm=true"; - else - domainMasterStr = "&dm=false"; + else + domainMasterStr = "&dm=false"; String eecaStr = ""; - if (owneeclientauthsport != null) - eecaStr="&eeclientauthsport=" + owneeclientauthsport; - - updateDomainXML( sd_host, sd_agent_port_int, true, - "/ca/agent/ca/updateDomainXML", - "list=" + s - + "&type=" + type - + "&host=" + ownhost - + "&name=" + subsystemName - + "&sport=" + ownsport - + domainMasterStr - + cloneStr - + "&agentsport=" + ownagentsport - + "&adminsport=" + ownadminsport - + eecaStr - + "&httpport=" + ownport ); + if (owneeclientauthsport != null) + eecaStr = "&eeclientauthsport=" + owneeclientauthsport; + + updateDomainXML(sd_host, sd_agent_port_int, true, + "/ca/agent/ca/updateDomainXML", "list=" + s + "&type=" + + type + "&host=" + ownhost + "&name=" + + subsystemName + "&sport=" + ownsport + + domainMasterStr + cloneStr + "&agentsport=" + + ownagentsport + "&adminsport=" + + ownadminsport + eecaStr + "&httpport=" + + ownport); // Fetch the "updated" security domain and display it - CMS.debug( "Dump contents of updated Security Domain . . ." ); - String c = getDomainXML( sd_host, sd_admin_port_int, true ); + CMS.debug("Dump contents of updated Security Domain . . ."); + String c = getDomainXML(sd_host, sd_admin_port_int, true); } catch (Exception e) { - context.put("errorString", "Failed to update the security domain on the domain master."); - //return; + context.put("errorString", + "Failed to update the security domain on the domain master."); + // return; } } @@ -436,16 +436,17 @@ public class DonePanel extends WizardPanelBase { cs.putString("securitydomain.store", "ldap"); cs.commit(false); } catch (Exception e) { - CMS.debug("DonePanel: exception in adding service.securityDomainPort to CS.cfg" + e); + CMS.debug("DonePanel: exception in adding service.securityDomainPort to CS.cfg" + + e); } - // need to push connector information to the CA if (type.equals("KRA") && !ca_host.equals("")) { try { updateConnectorInfo(ownagenthost, ownagentsport); } catch (IOException e) { - context.put("errorString", "Failed to update connector information."); + context.put("errorString", + "Failed to update connector information."); return; } setupClientAuthUser(); @@ -469,7 +470,7 @@ public class DonePanel extends WizardPanelBase { setupClientAuthUser(); } - + if (!select.equals("clone")) { if (type.equals("CA") || type.equals("KRA")) { String beginRequestNumStr = ""; @@ -478,7 +479,7 @@ public class DonePanel extends WizardPanelBase { String endSerialNumStr = ""; String requestIncStr = ""; String serialIncStr = ""; - + try { endRequestNumStr = cs.getString("dbs.endRequestNumber", ""); endSerialNumStr = cs.getString("dbs.endSerialNumber", ""); @@ -492,28 +493,37 @@ public class DonePanel extends WizardPanelBase { String serialdn = ""; if (type.equals("CA")) { - serialdn = "ou=certificateRepository,ou=" + type.toLowerCase() + "," + basedn; + serialdn = "ou=certificateRepository,ou=" + + type.toLowerCase() + "," + basedn; } else { - serialdn = "ou=keyRepository,ou=" + type.toLowerCase() + "," + basedn; - } - LDAPAttribute attrSerialNextRange = new LDAPAttribute( "nextRange", endSerialNum.add(oneNum).toString()); - LDAPModification serialmod = new LDAPModification( LDAPModification.REPLACE, attrSerialNextRange ); - conn.modify( serialdn, serialmod ); - - String requestdn = "ou=" + type.toLowerCase() + ",ou=requests," + basedn; - LDAPAttribute attrRequestNextRange = new LDAPAttribute( "nextRange", endRequestNum.add(oneNum).toString()); - LDAPModification requestmod = new LDAPModification( LDAPModification.REPLACE, attrRequestNextRange ); - conn.modify( requestdn, requestmod ); - - conn.disconnect(); + serialdn = "ou=keyRepository,ou=" + type.toLowerCase() + + "," + basedn; + } + LDAPAttribute attrSerialNextRange = new LDAPAttribute( + "nextRange", endSerialNum.add(oneNum).toString()); + LDAPModification serialmod = new LDAPModification( + LDAPModification.REPLACE, attrSerialNextRange); + conn.modify(serialdn, serialmod); + + String requestdn = "ou=" + type.toLowerCase() + + ",ou=requests," + basedn; + LDAPAttribute attrRequestNextRange = new LDAPAttribute( + "nextRange", endRequestNum.add(oneNum).toString()); + LDAPModification requestmod = new LDAPModification( + LDAPModification.REPLACE, attrRequestNextRange); + conn.modify(requestdn, requestmod); + + conn.disconnect(); } catch (Exception e) { - CMS.debug("Unable to update global next range numbers: " + e); - } + CMS.debug("Unable to update global next range numbers: " + + e); + } } - } + } if (cloneMaster) { - // cloning a domain master CA, the clone is also master of its domain + // cloning a domain master CA, the clone is also master of its + // domain try { cs.putString("securitydomain.host", ownhost); cs.putString("securitydomain.httpport", ownport); @@ -536,42 +546,58 @@ public class DonePanel extends WizardPanelBase { String ss = st.nextToken(); if (ss.equals("sslserver")) continue; - cs.putString("cloning." + ss + ".nickname", cs.getString("preop.cert." + ss + ".nickname", "")); - cs.putString("cloning." + ss + ".dn", cs.getString("preop.cert." + ss + ".dn", "")); - cs.putString("cloning." + ss + ".keytype", cs.getString("preop.cert." + ss + ".keytype", "")); - cs.putString("cloning." + ss + ".keyalgorithm", cs.getString("preop.cert." + ss + ".keyalgorithm", "")); - cs.putString("cloning." + ss + ".privkey.id", cs.getString("preop.cert." + ss + ".privkey.id", "")); - cs.putString("cloning." + ss + ".pubkey.exponent", cs.getString("preop.cert." + ss + ".pubkey.exponent", "")); - cs.putString("cloning." + ss + ".pubkey.modulus", cs.getString("preop.cert." + ss + ".pubkey.modulus", "")); - cs.putString("cloning." + ss + ".pubkey.encoded", cs.getString("preop.cert." + ss + ".pubkey.encoded", "")); + cs.putString("cloning." + ss + ".nickname", + cs.getString("preop.cert." + ss + ".nickname", "")); + cs.putString("cloning." + ss + ".dn", + cs.getString("preop.cert." + ss + ".dn", "")); + cs.putString("cloning." + ss + ".keytype", + cs.getString("preop.cert." + ss + ".keytype", "")); + cs.putString("cloning." + ss + ".keyalgorithm", + cs.getString("preop.cert." + ss + ".keyalgorithm", "")); + cs.putString("cloning." + ss + ".privkey.id", + cs.getString("preop.cert." + ss + ".privkey.id", "")); + cs.putString("cloning." + ss + ".pubkey.exponent", cs + .getString("preop.cert." + ss + ".pubkey.exponent", "")); + cs.putString("cloning." + ss + ".pubkey.modulus", cs.getString( + "preop.cert." + ss + ".pubkey.modulus", "")); + cs.putString("cloning." + ss + ".pubkey.encoded", cs.getString( + "preop.cert." + ss + ".pubkey.encoded", "")); } - cs.putString("cloning.module.token", cs.getString("preop.module.token", "")); + cs.putString("cloning.module.token", + cs.getString("preop.module.token", "")); cs.putString("cloning.list", list); // more cloning variables needed for non-ca clones - if (! type.equals("CA")) { + if (!type.equals("CA")) { String val = cs.getString("preop.ca.hostname", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.hostname", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.hostname", val); val = cs.getString("preop.ca.httpport", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.httpport", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.httpport", val); - val = cs.getString("preop.ca.httpsport", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.httpsport", val); + val = cs.getString("preop.ca.httpsport", ""); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.httpsport", val); val = cs.getString("preop.ca.list", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.list", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.list", val); val = cs.getString("preop.ca.pkcs7", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.pkcs7", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.pkcs7", val); val = cs.getString("preop.ca.type", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.type", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.type", val); } // save EC type for sslserver cert (if present) - cs.putString("jss.ssl.sslserver.ectype", cs.getString("preop.cert.sslserver.ec.type", "ECDHE")); + cs.putString("jss.ssl.sslserver.ectype", + cs.getString("preop.cert.sslserver.ec.type", "ECDHE")); cs.removeSubStore("preop"); cs.commit(false); @@ -580,10 +606,10 @@ public class DonePanel extends WizardPanelBase { // this server instance has been configured, it has NOT yet // been restarted! String restart_server = instanceRoot + "/conf/" - + RESTART_SERVER_AFTER_CONFIGURATION; - if( !Utils.isNT() ) { - Utils.exec( "touch " + restart_server ); - Utils.exec( "chmod 00660 " + restart_server ); + + RESTART_SERVER_AFTER_CONFIGURATION; + if (!Utils.isNT()) { + Utils.exec("touch " + restart_server); + Utils.exec("chmod 00660 " + restart_server); } } catch (Exception e) { @@ -593,13 +619,11 @@ public class DonePanel extends WizardPanelBase { context.put("csstate", "1"); } - private void setupClientAuthUser() - { + private void setupClientAuthUser() { IConfigStore cs = CMS.getConfigStore(); // retrieve CA subsystem certificate from the CA - IUGSubsystem system = - (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); + IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); String id = ""; try { String b64 = getCASubsystemCert(); @@ -640,9 +664,8 @@ public class DonePanel extends WizardPanelBase { } } - - private void updateOCSPConfig(HttpServletResponse response) - throws IOException { + private void updateOCSPConfig(HttpServletResponse response) + throws IOException { IConfigStore config = CMS.getConfigStore(); String cahost = ""; int caport = -1; @@ -661,7 +684,8 @@ public class DonePanel extends WizardPanelBase { int ocspport = Integer.parseInt(CMS.getAgentPort()); int ocspagentport = Integer.parseInt(CMS.getAgentPort()); String session_id = CMS.getConfigSDSessionId(); - String content = "xmlOutput=true&sessionID="+session_id+"&ocsp_host="+ocsphost+"&ocsp_port="+ocspport; + String content = "xmlOutput=true&sessionID=" + session_id + + "&ocsp_host=" + ocsphost + "&ocsp_port=" + ocspport; updateOCSPConfig(cahost, caport, true, content, response); } @@ -675,38 +699,43 @@ public class DonePanel extends WizardPanelBase { if (b64.equals("")) throw new IOException("Failed to get certificate chain."); - + try { // this could be a chain X509Certificate[] certs = Cert.mapCertFromPKCS7(b64); X509Certificate leafCert = null; if (certs != null && certs.length > 0) { - if (certs[0].getSubjectDN().getName().equals(certs[0].getIssuerDN().getName())) { + if (certs[0].getSubjectDN().getName() + .equals(certs[0].getIssuerDN().getName())) { leafCert = certs[certs.length - 1]; } else { leafCert = certs[0]; } - - IOCSPAuthority ocsp = - (IOCSPAuthority)CMS.getSubsystem(IOCSPAuthority.ID); + + IOCSPAuthority ocsp = (IOCSPAuthority) CMS + .getSubsystem(IOCSPAuthority.ID); IDefStore defStore = ocsp.getDefaultStore(); // (1) need to normalize (sort) the chain // (2) store certificate (and certificate chain) into // database - ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord( - leafCert.getSubjectDN().getName(), - BIG_ZERO, - MINUS_ONE, null, null); + ICRLIssuingPointRecord rec = defStore + .createCRLIssuingPointRecord(leafCert + .getSubjectDN().getName(), BIG_ZERO, + MINUS_ONE, null, null); try { - rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded()); + rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, + leafCert.getEncoded()); } catch (Exception e) { // error } - defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec); - //log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + leafCert.getSubjectDN().getName()); + defStore.addCRLIssuingPoint(leafCert.getSubjectDN() + .getName(), rec); + // log(ILogger.EV_AUDIT, AuditFormat.LEVEL, + // "Added CA certificate " + + // leafCert.getSubjectDN().getName()); CMS.debug("DonePanel importCACertToOCSP: Added CA certificate."); } @@ -717,7 +746,8 @@ public class DonePanel extends WizardPanelBase { throw e; } catch (Exception e) { CMS.debug("DonePanel importCACertToOCSP: Failed to import the certificate chain into the OCSP"); - throw new IOException("Failed to import the certificate chain into the OCSP"); + throw new IOException( + "Failed to import the certificate chain into the OCSP"); } } @@ -748,7 +778,7 @@ public class DonePanel extends WizardPanelBase { } private void updateConnectorInfo(String ownagenthost, String ownagentsport) - throws IOException { + throws IOException { IConfigStore cs = CMS.getConfigStore(); int port = -1; String url = ""; @@ -757,21 +787,29 @@ public class DonePanel extends WizardPanelBase { try { url = cs.getString("preop.ca.url", ""); if (!url.equals("")) { - host = cs.getString("preop.ca.hostname", ""); - port = cs.getInteger("preop.ca.httpsadminport", -1); - transportCert = cs.getString("kra.transport.cert", ""); + host = cs.getString("preop.ca.hostname", ""); + port = cs.getInteger("preop.ca.httpsadminport", -1); + transportCert = cs.getString("kra.transport.cert", ""); } } catch (Exception e) { } if (host == null) { - CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required"); + CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required"); } else { - CMS.debug("DonePanel: Transport certificate is being setup in " + url); - String session_id = CMS.getConfigSDSessionId(); - String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host="+ownagenthost+"&ca.connector.KRA.port="+ownagentsport+"&ca.connector.KRA.transportCert="+URLEncoder.encode(transportCert)+"&sessionID="+session_id; - - updateConnectorInfo(host, port, true, content); + CMS.debug("DonePanel: Transport certificate is being setup in " + + url); + String session_id = CMS.getConfigSDSessionId(); + String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host=" + + ownagenthost + + "&ca.connector.KRA.port=" + + ownagentsport + + "&ca.connector.KRA.transportCert=" + + URLEncoder.encode(transportCert) + + "&sessionID=" + + session_id; + + updateConnectorInfo(host, port, true, content); } } @@ -793,21 +831,23 @@ public class DonePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException {} + HttpServletResponse response, Context context) throws IOException { + } /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) {/* This should never be called */} + HttpServletResponse response, Context context) {/* + * This should never + * be called + */ + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java index 9d7fc22a6..561fbcf60 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java @@ -50,6 +50,7 @@ public class DownloadPKCS12 extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -59,7 +60,7 @@ public class DownloadPKCS12 extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("DownloadPKCS12: processing..."); @@ -70,7 +71,7 @@ public class DownloadPKCS12 extends CMSServlet { mRenderResult = false; // check the pin from the session - String pin = (String)httpReq.getSession().getAttribute("pin"); + String pin = (String) httpReq.getSession().getAttribute("pin"); if (pin == null) { CMS.debug("DownloadPKCS12 process: Failed to get the pin from the cookie."); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); @@ -101,18 +102,26 @@ public class DownloadPKCS12 extends CMSServlet { httpResp.getOutputStream().write(pkcs12); return; } catch (Exception e) { - CMS.debug("DownloadPKCS12 process: Exception="+e.toString()); + CMS.debug("DownloadPKCS12 process: Exception=" + e.toString()); } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } - protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + protected void renderTemplate(CMSRequest cmsReq, String templateName, + ICMSTemplateFiller filler) throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java index 87cb7a7c4..57af9f9a3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayOutputStream; import java.io.IOException; import java.util.Locale; @@ -40,7 +39,6 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; - public class GetCertChain extends CMSServlet { /** @@ -56,6 +54,7 @@ public class GetCertChain extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -63,11 +62,13 @@ public class GetCertChain extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -76,11 +77,11 @@ public class GetCertChain extends CMSServlet { String outputString = null; - CertificateChain certChain = ((ICertAuthority) mAuthority).getCACertChain(); + CertificateChain certChain = ((ICertAuthority) mAuthority) + .getCACertChain(); if (certChain == null) { - CMS.debug( - "GetCertChain displayChain: cannot get the certificate chain."); + CMS.debug("GetCertChain displayChain: cannot get the certificate chain."); outputError(httpResp, "Error: Failed to get certificate chain."); return; } @@ -95,7 +96,7 @@ public class GetCertChain extends CMSServlet { } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", - e.toString())); + e.toString())); outputError(httpResp, "Error: Failed to encode the certificate chain"); } @@ -121,7 +122,15 @@ public class GetCertChain extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java index c1010b461..456bf6c16 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java @@ -59,6 +59,7 @@ public class GetConfigEntries extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -67,11 +68,13 @@ public class GetConfigEntries extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -84,12 +87,12 @@ public class GetConfigEntries extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("GetConfigEntries authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; - } + } // Construct an ArgBlock IArgBlock args = cmsReq.getHttpParams(); @@ -104,32 +107,32 @@ public class GetConfigEntries extends CMSServlet { try { xmlObj = new XMLObject(); } catch (Exception e) { - CMS.debug("GetConfigEntries process: Exception: "+e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("GetConfigEntries process: Exception: " + e.toString()); + throw new EBaseException(e.toString()); } Node root = xmlObj.createRoot("XMLResponse"); AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - outputError(httpResp, "Error: Not authorized"); - return; + outputError(httpResp, "Error: Not authorized"); + return; } catch (Exception e) { - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - outputError(httpResp, + outputError(httpResp, "Error: Encountered problem during authorization."); - return; + return; } if (authzToken == null) { - outputError(httpResp, "Error: Not authorized"); - return; + outputError(httpResp, "Error: Not authorized"); + return; } if (op != null) { @@ -140,9 +143,9 @@ public class GetConfigEntries extends CMSServlet { String name1 = t.nextToken(); IConfigStore cs = config.getSubStore(name1); Enumeration enum1 = cs.getPropertyNames(); - + while (enum1.hasMoreElements()) { - String name = name1+"."+enum1.nextElement(); + String name = name1 + "." + enum1.nextElement(); try { String value = config.getString(name); Node container = xmlObj.createContainer(root, "Config"); @@ -171,10 +174,10 @@ public class GetConfigEntries extends CMSServlet { value = getLDAPPassword(); } else if (name.equals("internaldb.replication.password")) { value = getReplicationPassword(); - } else + } else continue; } - + Node container = xmlObj.createContainer(root, "Config"); xmlObj.addItemToContainer(container, "name", name); xmlObj.addItemToContainer(container, "value", value); @@ -208,7 +211,15 @@ public class GetConfigEntries extends CMSServlet { return locale; } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } private String getLDAPPassword() { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java index 74edda79a..1e59bf71d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java @@ -45,7 +45,6 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - public class GetCookie extends CMSServlet { /** @@ -57,10 +56,8 @@ public class GetCookie extends CMSServlet { private String mErrorFormPath = null; private String mFormPath = null; - private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = - "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; - private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = - "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; + private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; public GetCookie() { super(); @@ -68,6 +65,7 @@ public class GetCookie extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -78,12 +76,13 @@ public class GetCookie extends CMSServlet { mRandom = new Random(); mErrorFormPath = sc.getInitParameter("errorTemplatePath"); if (mOutputTemplatePath != null) { - mFormPath = mOutputTemplatePath; + mFormPath = mOutputTemplatePath; } } /** - * Process the HTTP request. + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -100,28 +99,27 @@ public class GetCookie extends CMSServlet { } IArgBlock header = CMS.createArgBlock(); - IArgBlock ctx = CMS.createArgBlock(); + IArgBlock ctx = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); CMSTemplate form = null; Locale[] locale = new Locale[1]; String url = httpReq.getParameter("url"); - CMS.debug("GetCookie before auth, url ="+url); + CMS.debug("GetCookie before auth, url =" + url); String url_e = ""; URL u = null; try { url_e = URLDecoder.decode(url, "UTF-8"); u = new URL(url_e); } catch (Exception eee) { - throw new ECMSGWException( - "GetCookie missing parameter: url"); + throw new ECMSGWException("GetCookie missing parameter: url"); } int index2 = url_e.indexOf("subsystem="); String subsystem = ""; if (index2 > 0) { - subsystem = url.substring(index2+10); + subsystem = url.substring(index2 + 10); int index1 = subsystem.indexOf("&"); if (index1 > 0) subsystem = subsystem.substring(0, index1); @@ -131,9 +129,9 @@ public class GetCookie extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("GetCookie authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); header.addStringValue("sd_uid", ""); header.addStringValue("sd_pwd", ""); header.addStringValue("host", u.getHost()); @@ -149,17 +147,17 @@ public class GetCookie extends CMSServlet { form = getTemplate(mErrorFormPath, httpReq, locale); } catch (IOException eee) { CMS.debug("GetCookie process: cant locate the form"); -/* - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); -*/ - } + /* + * log(ILogger.LL_FAILURE, + * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + * throw new ECMSGWException( + * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + */ + } - if( form == null ) { + if (form == null) { CMS.debug("GetCookie::process() - form is null!"); - throw new EBaseException( "form is null" ); + throw new EBaseException("form is null"); } try { @@ -170,16 +168,17 @@ public class GetCookie extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException ee) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", ee.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", + ee.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; - } + } String cookie = ""; String auditMessage = ""; - + if (authToken != null) { String uid = authToken.getInString("uid"); String groupname = getGroupName(uid, subsystem); @@ -187,16 +186,15 @@ public class GetCookie extends CMSServlet { if (groupname != null) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - uid, - ILogger.SUCCESS, - groupname); + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, uid, ILogger.SUCCESS, + groupname); audit(auditMessage); // assign cookie long num = mRandom.nextLong(); - cookie = num+""; - ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable(); + cookie = num + ""; + ISecurityDomainSessionTable ctable = CMS + .getSecurityDomainSessionTable(); String addr = ""; try { addr = u.getHost(); @@ -207,43 +205,42 @@ public class GetCookie extends CMSServlet { ip = InetAddress.getByName(addr).toString(); int index = ip.indexOf("/"); if (index > 0) - ip = ip.substring(index+1); + ip = ip.substring(index + 1); } catch (Exception e) { } - String auditParams = "operation;;issue_token+token;;"+ cookie + "+ip;;" + ip + - "+uid;;" + uid + "+groupname;;" + groupname; + String auditParams = "operation;;issue_token+token;;" + cookie + + "+ip;;" + ip + "+uid;;" + uid + "+groupname;;" + + groupname; int status = ctable.addEntry(cookie, ip, uid, groupname); if (status == ISecurityDomainSessionTable.SUCCESS) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, - uid, - ILogger.SUCCESS, - auditParams); + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, uid, + ILogger.SUCCESS, auditParams); audit(auditMessage); } else { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, - uid, - ILogger.FAILURE, - auditParams); + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, uid, + ILogger.FAILURE, auditParams); audit(auditMessage); } try { - String sd_url = "https://"+CMS.getEESSLHost()+":"+CMS.getEESSLPort(); + String sd_url = "https://" + CMS.getEESSLHost() + ":" + + CMS.getEESSLPort(); if (!url.startsWith("$")) { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { CMS.debug("GetCookie process: cant locate the form"); -/* - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); -*/ + /* + * log(ILogger.LL_FAILURE, + * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", + * e.toString())); throw new ECMSGWException( + * CMS.getUserMessage + * ("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + */ } header.addStringValue("url", url); @@ -251,26 +248,26 @@ public class GetCookie extends CMSServlet { EBaseException error = null; try { - ServletOutputStream out = httpResp.getOutputStream(); + ServletOutputStream out = httpResp + .getOutputStream(); cmsReq.setStatus(CMSRequest.SUCCESS); - httpResp.setContentType("text/html"); - form.renderOutput(out, argSet); + httpResp.setContentType("text/html"); + form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_OUT_STREAM_TEMPLATE", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } catch (Exception e) { } } else { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - uid, - ILogger.FAILURE, - "Enterprise " + subsystem + " Administrators"); + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, uid, ILogger.FAILURE, + "Enterprise " + subsystem + " Administrators"); audit(auditMessage); } } @@ -278,25 +275,25 @@ public class GetCookie extends CMSServlet { private String getGroupName(String uid, String subsystemname) { String groupname = ""; - IUGSubsystem subsystem = - (IUGSubsystem)(CMS.getSubsystem(IUGSubsystem.ID)); - if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") && - subsystemname.equals("CA")) { + IUGSubsystem subsystem = (IUGSubsystem) (CMS + .getSubsystem(IUGSubsystem.ID)); + if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") + && subsystemname.equals("CA")) { return "Enterprise CA Administrators"; - } else if (subsystem.isMemberOf(uid, "Enterprise KRA Administrators") && - subsystemname.equals("KRA")) { + } else if (subsystem.isMemberOf(uid, "Enterprise KRA Administrators") + && subsystemname.equals("KRA")) { return "Enterprise KRA Administrators"; - } else if (subsystem.isMemberOf(uid, "Enterprise OCSP Administrators") && - subsystemname.equals("OCSP")) { + } else if (subsystem.isMemberOf(uid, "Enterprise OCSP Administrators") + && subsystemname.equals("OCSP")) { return "Enterprise OCSP Administrators"; - } else if (subsystem.isMemberOf(uid, "Enterprise TKS Administrators") && - subsystemname.equals("TKS")) { + } else if (subsystem.isMemberOf(uid, "Enterprise TKS Administrators") + && subsystemname.equals("TKS")) { return "Enterprise TKS Administrators"; - } else if (subsystem.isMemberOf(uid, "Enterprise RA Administrators") && - subsystemname.equals("RA")) { + } else if (subsystem.isMemberOf(uid, "Enterprise RA Administrators") + && subsystemname.equals("RA")) { return "Enterprise RA Administrators"; - } else if (subsystem.isMemberOf(uid, "Enterprise TPS Administrators") && - subsystemname.equals("TPS")) { + } else if (subsystem.isMemberOf(uid, "Enterprise TPS Administrators") + && subsystemname.equals("TPS")) { return "Enterprise TPS Administrators"; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java index f9e6c70e2..b3d9470d2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.FileInputStream; import java.io.IOException; import java.util.Enumeration; @@ -48,7 +47,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class GetDomainXML extends CMSServlet { /** @@ -64,6 +62,7 @@ public class GetDomainXML extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -73,11 +72,13 @@ public class GetDomainXML extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -95,8 +96,7 @@ public class GetDomainXML extends CMSServlet { try { secstore = cs.getString("securitydomain.store"); basedn = cs.getString("internaldb.basedn"); - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Unable to determine the security domain name or internal basedn. Please run the domaininfo migration script"); } @@ -104,7 +104,8 @@ public class GetDomainXML extends CMSServlet { XMLObject response = new XMLObject(); Node root = response.createRoot("XMLResponse"); - if ((secstore != null) && (basedn != null) && (secstore.equals("ldap"))) { + if ((secstore != null) && (basedn != null) + && (secstore.equals("ldap"))) { ILdapConnFactory connFactory = null; LDAPConnection conn = null; try { @@ -120,64 +121,77 @@ public class GetDomainXML extends CMSServlet { connFactory.init(ldapConfig); conn = connFactory.getConn(); - // get the security domain name - String secdomain = (String) conn.read(dn).getAttribute("name").getStringValues().nextElement(); + // get the security domain name + String secdomain = (String) conn.read(dn) + .getAttribute("name").getStringValues() + .nextElement(); XMLObject xmlObj = new XMLObject(); Node domainInfo = xmlObj.createRoot("DomainInfo"); xmlObj.addItemToContainer(domainInfo, "Name", secdomain); - // this should return CAList, KRAList etc. - LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, - attrs, true, cons); + // this should return CAList, KRAList etc. + LDAPSearchResults res = conn + .search(dn, LDAPConnection.SCOPE_ONE, filter, + attrs, true, cons); while (res.hasMoreElements()) { int count = 0; dn = res.next().getDN(); String listName = dn.substring(3, dn.indexOf(",")); - String subType = listName.substring(0, listName.indexOf("List")); - Node listNode = xmlObj.createContainer(domainInfo, listName); - + String subType = listName.substring(0, + listName.indexOf("List")); + Node listNode = xmlObj.createContainer(domainInfo, + listName); + filter = "objectclass=pkiSubsystem"; - LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, - attrs, false, cons); + LDAPSearchResults res2 = conn.search(dn, + LDAPConnection.SCOPE_ONE, filter, attrs, false, + cons); while (res2.hasMoreElements()) { - Node node = xmlObj.createContainer(listNode, subType); + Node node = xmlObj.createContainer(listNode, + subType); LDAPEntry entry = res2.next(); - LDAPAttributeSet entryAttrs = entry.getAttributeSet(); + LDAPAttributeSet entryAttrs = entry + .getAttributeSet(); Enumeration attrsInSet = entryAttrs.getAttributes(); while (attrsInSet.hasMoreElements()) { - LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet.nextElement(); + LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet + .nextElement(); String attrName = nextAttr.getName(); - if ((! attrName.equals("cn")) && (! attrName.equals("objectClass"))) { - String attrValue = (String) nextAttr.getStringValues().nextElement(); - xmlObj.addItemToContainer(node, securityDomainLDAPtoXML(attrName), attrValue); + if ((!attrName.equals("cn")) + && (!attrName.equals("objectClass"))) { + String attrValue = (String) nextAttr + .getStringValues().nextElement(); + xmlObj.addItemToContainer(node, + securityDomainLDAPtoXML(attrName), + attrValue); } } - count ++; - } - xmlObj.addItemToContainer(listNode, "SubsystemCount", Integer.toString(count)); + count++; + } + xmlObj.addItemToContainer(listNode, "SubsystemCount", + Integer.toString(count)); } // Add new xml object as string to response. - response.addItemToContainer(root, "DomainInfo", xmlObj.toXMLString()); - } - catch (Exception e) { - CMS.debug("GetDomainXML: Failed to read domain.xml from ldap " + e.toString()); + response.addItemToContainer(root, "DomainInfo", + xmlObj.toXMLString()); + } catch (Exception e) { + CMS.debug("GetDomainXML: Failed to read domain.xml from ldap " + + e.toString()); status = FAILED; - } - finally { - if ((conn != null) && (connFactory!= null)) { + } finally { + if ((conn != null) && (connFactory != null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } } - } - else { - // get data from file store + } else { + // get data from file store - String path = CMS.getConfigStore().getString("instanceRoot", "") - + "/conf/domain.xml"; + String path = CMS.getConfigStore() + .getString("instanceRoot", "") + "/conf/domain.xml"; CMS.debug("GetDomainXML: got path=" + path); @@ -193,11 +207,12 @@ public class GetDomainXML extends CMSServlet { fis.close(); CMS.debug("GetDomainXML: Done Reading domain.xml..."); - response.addItemToContainer(root, "DomainInfo", new String(buf)); - } - catch (Exception e) { - CMS.debug("Failed to read domain.xml from file" + e.toString()); - status = FAILED; + response.addItemToContainer(root, "DomainInfo", new String( + buf)); + } catch (Exception e) { + CMS.debug("Failed to read domain.xml from file" + + e.toString()); + status = FAILED; } } @@ -206,23 +221,34 @@ public class GetDomainXML extends CMSServlet { outputResult(httpResp, "application/xml", cb); } catch (Exception e) { - CMS.debug("GetDomainXML: Failed to send the XML output" + e.toString()); + CMS.debug("GetDomainXML: Failed to send the XML output" + + e.toString()); } } protected String securityDomainLDAPtoXML(String attribute) { - if (attribute.equals("host")) return "Host"; - else return attribute; + if (attribute.equals("host")) + return "Host"; + else + return attribute; } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } - protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + protected void renderTemplate(CMSRequest cmsReq, String templateName, + ICMSTemplateFiller filler) throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java index 02fe36c1c..623acf9a2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; @@ -36,7 +35,6 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; - public class GetStatus extends CMSServlet { /** @@ -52,6 +50,7 @@ public class GetStatus extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -59,18 +58,19 @@ public class GetStatus extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String outputString = null; - String state = config.getString("cs.state", ""); - String type = config.getString("cs.type", ""); + String state = config.getString("cs.state", ""); + String type = config.getString("cs.type", ""); try { XMLObject xmlObj = null; @@ -89,7 +89,15 @@ public class GetStatus extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java index 0a6c5ec36..93d7e9229 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; @@ -39,7 +38,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.xml.XMLObject; - public class GetSubsystemCert extends CMSServlet { /** @@ -55,6 +53,7 @@ public class GetSubsystemCert extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -62,7 +61,7 @@ public class GetSubsystemCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); @@ -75,27 +74,29 @@ public class GetSubsystemCert extends CMSServlet { try { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + if (!tokenname.equals("internal") + && !tokenname.equals("Internal Key Storage Token")) + nickname = tokenname + ":" + nickname; } catch (Exception e) { } - CMS.debug("GetSubsystemCert process: nickname="+nickname); + CMS.debug("GetSubsystemCert process: nickname=" + nickname); String s = ""; try { CryptoManager cm = CryptoManager.getInstance(); X509Certificate cert = cm.findCertByNickname(nickname); - + if (cert == null) { CMS.debug("GetSubsystemCert process: subsystem cert is null"); - outputError(httpResp, "Error: Failed to get subsystem certificate."); + outputError(httpResp, + "Error: Failed to get subsystem certificate."); return; } byte[] bytes = cert.getEncoded(); s = CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bytes)); } catch (Exception e) { - CMS.debug("GetSubsystemCert process: exception: "+e.toString()); + CMS.debug("GetSubsystemCert process: exception: " + e.toString()); } try { @@ -111,7 +112,15 @@ public class GetSubsystemCert extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java index d7af07409..f4d68392c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java @@ -52,6 +52,7 @@ public class GetTokenInfo extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -60,11 +61,13 @@ public class GetTokenInfo extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -78,8 +81,8 @@ public class GetTokenInfo extends CMSServlet { try { xmlObj = new XMLObject(); } catch (Exception e) { - CMS.debug("GetTokenInfo process: Exception: "+e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("GetTokenInfo process: Exception: " + e.toString()); + throw new EBaseException(e.toString()); } Node root = xmlObj.createRoot("XMLResponse"); @@ -97,7 +100,7 @@ public class GetTokenInfo extends CMSServlet { String name = t1.nextToken(); if (name.equals("sslserver")) continue; - name = "cloning."+name+".nickname"; + name = "cloning." + name + ".nickname"; String value = ""; try { @@ -105,7 +108,7 @@ public class GetTokenInfo extends CMSServlet { } catch (Exception ee) { continue; } - + Node container = xmlObj.createContainer(root, "Config"); xmlObj.addItemToContainer(container, "name", name); xmlObj.addItemToContainer(container, "value", value); @@ -149,6 +152,14 @@ public class GetTokenInfo extends CMSServlet { return locale; } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java index bc29b34a6..8d8747b9b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.security.cert.CertificateEncodingException; import java.util.Locale; @@ -63,6 +62,7 @@ public class GetTransportCert extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -72,7 +72,7 @@ public class GetTransportCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -86,9 +86,9 @@ public class GetTransportCert extends CMSServlet { CMS.debug("GetTransportCert authentication successful."); } catch (Exception e) { CMS.debug("GetTransportCert: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -101,19 +101,19 @@ public class GetTransportCert extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); CMS.debug("GetTransportCert authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -124,19 +124,19 @@ public class GetTransportCert extends CMSServlet { IConfigStore cs = CMS.getConfigStore(); - IKeyRecoveryAuthority kra = - (IKeyRecoveryAuthority) mAuthority; - ITransportKeyUnit tu = kra.getTransportKeyUnit(); - org.mozilla.jss.crypto.X509Certificate transportCert = - tu.getCertificate(); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) mAuthority; + ITransportKeyUnit tu = kra.getTransportKeyUnit(); + org.mozilla.jss.crypto.X509Certificate transportCert = tu + .getCertificate(); - String mime64 = ""; + String mime64 = ""; try { mime64 = CMS.BtoA(transportCert.getEncoded()); - mime64 = com.netscape.cmsutil.util.Cert.normalizeCertStrAndReq(mime64); - } catch (CertificateEncodingException eee) { + mime64 = com.netscape.cmsutil.util.Cert + .normalizeCertStrAndReq(mime64); + } catch (CertificateEncodingException eee) { CMS.debug("GetTransportCert: Failed to encode certificate"); - } + } // send success status back to the requestor try { @@ -154,14 +154,22 @@ public class GetTransportCert extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } - protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + protected void renderTemplate(CMSRequest cmsReq, String templateName, + ICMSTemplateFiller filler) throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java index a00b0fb71..02a2c21a6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -36,19 +35,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class HierarchyPanel extends WizardPanelBase { - public HierarchyPanel() {} + public HierarchyPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("PKI Hierarchy"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("PKI Hierarchy"); setId(id); @@ -56,16 +55,15 @@ public class HierarchyPanel extends WizardPanelBase { public boolean shouldSkip() { - // we dont need to ask the hierachy if we are + // we dont need to ask the hierachy if we are // setting up a clone try { IConfigStore c = CMS.getConfigStore(); - String s = c.getString("preop.subsystem.select", - null); + String s = c.getString("preop.subsystem.select", null); if (s != null && s.equals("clone")) { // mark this panel as done - c.putString("preop.hierarchy.select","root"); - c.putString("hierarchy.select","Clone"); + c.putString("preop.hierarchy.select", "root"); + c.putString("hierarchy.select", "Clone"); return true; } } catch (EBaseException e) { @@ -89,15 +87,16 @@ public class HierarchyPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -105,8 +104,7 @@ public class HierarchyPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "PKI Hierarchy"); IConfigStore config = CMS.getConfigStore(); @@ -117,7 +115,7 @@ public class HierarchyPanel extends WizardPanelBase { if (s.equals("root")) { context.put("check_root", "checked"); } else if (s.equals("join")) { - context.put("check_join", "checked"); + context.put("check_join", "checked"); } } catch (Exception e) { CMS.debug(e.toString()); @@ -134,16 +132,14 @@ public class HierarchyPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); try { String cstype = config.getString("preop.subsystem.select", ""); @@ -163,16 +159,17 @@ public class HierarchyPanel extends WizardPanelBase { } if (select.equals("root")) { - config.putString("preop.hierarchy.select", "root"); - config.putString("hierarchy.select", "Root"); + config.putString("preop.hierarchy.select", "root"); + config.putString("hierarchy.select", "Root"); config.putString("preop.ca.type", "sdca"); try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } else if (select.equals("join")) { config.putString(PCERT_PREFIX + "signing.type", "remote"); config.putString("preop.hierarchy.select", "join"); - config.putString("hierarchy.select", "Subordinate"); + config.putString("hierarchy.select", "Subordinate"); } else { config.putString(PCERT_PREFIX + "signing.type", "remote"); CMS.debug("HierarchyPanel: invalid choice " + select); @@ -186,6 +183,6 @@ public class HierarchyPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) {} + HttpServletResponse response, Context context) { + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java index d4f93a9b6..ce5e9795f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.BufferedReader; import java.io.FileReader; import java.io.IOException; @@ -47,19 +46,19 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class ImportAdminCertPanel extends WizardPanelBase { - public ImportAdminCertPanel() {} + public ImportAdminCertPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Import Administrator's Certificate"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Import Administrator's Certificate"); setId(id); @@ -86,8 +85,7 @@ public class ImportAdminCertPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("ImportAdminCertPanel: display"); context.put("errorString", ""); context.put("title", "Import Administrator's Certificate"); @@ -102,11 +100,12 @@ public class ImportAdminCertPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); subsystemtype = cs.getString("cs.type", ""); - } catch (Exception e) {} + } catch (Exception e) { + } try { String serialno = cs.getString("preop.admincert.serialno.0"); - + context.put("serialNumber", serialno); } catch (Exception e) { context.put("errorString", "Failed to get serial number."); @@ -129,21 +128,26 @@ public class ImportAdminCertPanel extends WizardPanelBase { if (ca == null) { if (type.equals("otherca")) { try { - // this is a non-CA system that has elected to have its certificates + // this is a non-CA system that has elected to have its + // certificates // signed by a CA outside of the security domain. - // in this case, we submitted the cert request for the admin cert to + // in this case, we submitted the cert request for the admin + // cert to // to security domain host. caHost = cs.getString("securitydomain.host", ""); caPort = cs.getString("securitydomain.httpsadminport", ""); - } catch (Exception e) {} + } catch (Exception e) { + } } else if (type.equals("sdca")) { try { // this is a non-CA system that submitted its certs to a CA - // within the security domain. In this case, we submitted the cert + // within the security domain. In this case, we submitted + // the cert // request for the admin cert to this CA caHost = cs.getString("preop.ca.hostname", ""); caPort = cs.getString("preop.ca.httpsadminport", ""); - } catch (Exception e) {} + } catch (Exception e) { + } } } else { // for CAs, we always generate our own admin certs @@ -151,7 +155,8 @@ public class ImportAdminCertPanel extends WizardPanelBase { try { caHost = cs.getString("service.machineName", ""); caPort = cs.getString("pkicreate.admin_secure_port", ""); - } catch (Exception e) {} + } catch (Exception e) { + } } String pkcs7 = ""; @@ -170,16 +175,14 @@ public class ImportAdminCertPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); String type = ""; @@ -192,12 +195,13 @@ public class ImportAdminCertPanel extends WizardPanelBase { subsystemtype = cs.getString("cs.type", ""); security_domain_type = cs.getString("securitydomain.select", ""); selected_hierarchy = cs.getString("preop.hierarchy.select", ""); - } catch (Exception e) {} + } catch (Exception e) { + } - ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( - ICertificateAuthority.ID); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(ICertificateAuthority.ID); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -206,25 +210,23 @@ public class ImportAdminCertPanel extends WizardPanelBase { X509CertImpl certs[] = new X509CertImpl[1]; - // REMINDER: This panel is NOT used by "clones" - if( ca != null ) { + // REMINDER: This panel is NOT used by "clones" + if (ca != null) { String serialno = null; - if( selected_hierarchy.equals( "root" ) ) { - CMS.debug( "ImportAdminCertPanel update: " - + "Root CA subsystem - " - + "(new Security Domain)" ); + if (selected_hierarchy.equals("root")) { + CMS.debug("ImportAdminCertPanel update: " + + "Root CA subsystem - " + "(new Security Domain)"); } else { - CMS.debug( "ImportAdminCertPanel update: " - + "Subordinate CA subsystem - " - + "(new Security Domain)" ); + CMS.debug("ImportAdminCertPanel update: " + + "Subordinate CA subsystem - " + + "(new Security Domain)"); } try { serialno = cs.getString("preop.admincert.serialno.0"); } catch (Exception e) { - CMS.debug( - "ImportAdminCertPanel update: Failed to get request id."); + CMS.debug("ImportAdminCertPanel update: Failed to get request id."); context.put("updateStatus", "failure"); throw new IOException("Failed to get request id."); } @@ -232,37 +234,37 @@ public class ImportAdminCertPanel extends WizardPanelBase { ICertificateRepository repost = ca.getCertificateRepository(); try { - certs[0] = repost.getX509Certificate( - new BigInteger(serialno, 16)); - } catch (Exception ee) {} + certs[0] = repost.getX509Certificate(new BigInteger(serialno, + 16)); + } catch (Exception ee) { + } } else { String dir = null; - // REMINDER: This panel is NOT used by "clones" - if( subsystemtype.equals( "CA" ) ) { - if( selected_hierarchy.equals( "root" ) ) { - CMS.debug( "ImportAdminCertPanel update: " - + "Root CA subsystem - " - + "(existing Security Domain)" ); + // REMINDER: This panel is NOT used by "clones" + if (subsystemtype.equals("CA")) { + if (selected_hierarchy.equals("root")) { + CMS.debug("ImportAdminCertPanel update: " + + "Root CA subsystem - " + + "(existing Security Domain)"); } else { - CMS.debug( "ImportAdminCertPanel update: " - + "Subordinate CA subsystem - " - + "(existing Security Domain)" ); + CMS.debug("ImportAdminCertPanel update: " + + "Subordinate CA subsystem - " + + "(existing Security Domain)"); } } else { - CMS.debug( "ImportAdminCertPanel update: " - + subsystemtype - + " subsystem" ); + CMS.debug("ImportAdminCertPanel update: " + subsystemtype + + " subsystem"); } try { - dir = cs.getString("preop.admincert.b64", ""); + dir = cs.getString("preop.admincert.b64", ""); CMS.debug("ImportAdminCertPanel update: dir=" + dir); - } catch (Exception ee) {} + } catch (Exception ee) { + } try { - BufferedReader reader = new BufferedReader( - new FileReader(dir)); + BufferedReader reader = new BufferedReader(new FileReader(dir)); String b64 = ""; StringBuffer sb = new StringBuffer(); @@ -289,15 +291,15 @@ public class ImportAdminCertPanel extends WizardPanelBase { user.setX509Certificates(certs); ug.addUserCert(user); } catch (LDAPException e) { - CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: "+e.toString()); + CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: " + + e.toString()); if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { context.put("updateStatus", "failure"); throw new IOException(e.toString()); } } catch (Exception e) { - CMS.debug( - "ImportAdminCertPanel update: failed to add certificate. Exception: " - + e.toString()); + CMS.debug("ImportAdminCertPanel update: failed to add certificate. Exception: " + + e.toString()); context.put("updateStatus", "failure"); throw new IOException(e.toString()); } @@ -312,7 +314,7 @@ public class ImportAdminCertPanel extends WizardPanelBase { public boolean shouldSkip() { try { IConfigStore c = CMS.getConfigStore(); - String s = c.getString("preop.subsystem.select",null); + String s = c.getString("preop.subsystem.select", null); if (s != null && s.equals("clone")) { return true; } @@ -322,13 +324,11 @@ public class ImportAdminCertPanel extends WizardPanelBase { return false; } - /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { /* This should never be called */ context.put("title", "Import Administrator Certificate"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java index 0c2e7fa0a..8b0ccc0cb 100755 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -36,19 +35,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class ImportCAChainPanel extends WizardPanelBase { - public ImportCAChainPanel() {} + public ImportCAChainPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Import CA's Certificate Chain"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Import CA's Certificate Chain"); setId(id); @@ -75,8 +74,7 @@ public class ImportCAChainPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("ImportCACertChain: display"); context.put("errorString", ""); context.put("title", "Import CA's Certificate Chain"); @@ -89,8 +87,9 @@ public class ImportCAChainPanel extends WizardPanelBase { context.put("https_port", cs.getString("pkicreate.ee_secure_port")); context.put("http_port", cs.getString("pkicreate.unsecure_port")); } catch (EBaseException e) { - CMS.debug("ImportCACertChain:display: Exception: " + e.toString()); - context.put("errorString", "Error loading values for Import CA Certificate Panel"); + CMS.debug("ImportCACertChain:display: Exception: " + e.toString()); + context.put("errorString", + "Error loading values for Import CA Certificate Panel"); } ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); @@ -107,19 +106,16 @@ public class ImportCAChainPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); - context.put("errorString", ""); context.put("title", "Import CA's Certificate Chain"); context.put("panel", "admin/console/config/importcachainpanel.vm"); @@ -130,8 +126,7 @@ public class ImportCAChainPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { /* This should never be called */ IConfigStore cs = CMS.getConfigStore(); @@ -141,6 +136,7 @@ public class ImportCAChainPanel extends WizardPanelBase { context.put("http_port", cs.getString("pkicreate.unsecure_port")); context.put("title", "Import CA's Certificate Chain"); context.put("panel", "admin/console/config/importcachainpanel.vm"); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java index 3f54ec1c8..a5efbbfe7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; @@ -61,6 +60,7 @@ public class ImportTransportCert extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -70,7 +70,7 @@ public class ImportTransportCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -84,9 +84,9 @@ public class ImportTransportCert extends CMSServlet { CMS.debug("ImportTransportCert authentication successful."); } catch (Exception e) { CMS.debug("ImportTransportCert: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -99,19 +99,19 @@ public class ImportTransportCert extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("ImportTransportCert authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -126,17 +126,17 @@ public class ImportTransportCert extends CMSServlet { String certsString = httpReq.getParameter("certificate"); try { - CryptoManager cm = CryptoManager.getInstance(); - CMS.debug("ImportTransportCert: Importing certificate"); - org.mozilla.jss.crypto.X509Certificate cert = - cm.importCACertPackage(CMS.AtoB(certsString)); - String nickName = cert.getNickname(); - CMS.debug("ImportTransportCert: nickname " + nickName); - cs.putString("tks.drm_transport_cert_nickname", nickName); - CMS.debug("ImportTransportCert: Commiting configuration"); - cs.commit(false); - - // send success status back to the requestor + CryptoManager cm = CryptoManager.getInstance(); + CMS.debug("ImportTransportCert: Importing certificate"); + org.mozilla.jss.crypto.X509Certificate cert = cm + .importCACertPackage(CMS.AtoB(certsString)); + String nickName = cert.getNickname(); + CMS.debug("ImportTransportCert: nickname " + nickName); + cs.putString("tks.drm_transport_cert_nickname", nickName); + CMS.debug("ImportTransportCert: Commiting configuration"); + cs.commit(false); + + // send success status back to the requestor CMS.debug("ImportTransportCert: Sending response"); XMLObject xmlObj = new XMLObject(); Node root = xmlObj.createRoot("XMLResponse"); @@ -150,14 +150,22 @@ public class ImportTransportCert extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } - protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + protected void renderTemplate(CMSRequest cmsReq, String templateName, + ICMSTemplateFiller filler) throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java index da2a3ccbd..b7b521293 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java @@ -36,11 +36,11 @@ import com.netscape.certsrv.base.ISecurityDomainSessionTable; import com.netscape.cmsutil.password.IPasswordStore; /** - * This object stores the values for IP, uid and group based on the cookie id in LDAP. - * Entries are stored under ou=Security Domain, ou=sessions, $basedn + * This object stores the values for IP, uid and group based on the cookie id in + * LDAP. Entries are stored under ou=Security Domain, ou=sessions, $basedn */ -public class LDAPSecurityDomainSessionTable - implements ISecurityDomainSessionTable { +public class LDAPSecurityDomainSessionTable implements + ISecurityDomainSessionTable { private long m_timeToLive; @@ -48,8 +48,7 @@ public class LDAPSecurityDomainSessionTable m_timeToLive = timeToLive; } - public int addEntry(String sessionId, String ip, - String uid, String group) { + public int addEntry(String sessionId, String ip, String uid, String group) { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; boolean sessions_exists = true; @@ -61,7 +60,8 @@ public class LDAPSecurityDomainSessionTable basedn = cs.getString("internaldb.basedn"); sessionsdn = "ou=sessions,ou=Security Domain," + basedn; } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: addEntry: failed to read basedn" + e); + CMS.debug("SecurityDomainSessionTable: addEntry: failed to read basedn" + + e); return status; } @@ -77,14 +77,16 @@ public class LDAPSecurityDomainSessionTable attrs.add(new LDAPAttribute("ou", "sessions")); entry = new LDAPEntry(sessionsdn, attrs); conn.add(entry); - } catch (Exception e) { - if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) { + } catch (Exception e) { + if ((e instanceof LDAPException) + && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) { // continue } else { - CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" + e); + CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" + + e); sessions_exists = false; } - } + } // add new entry try { @@ -93,27 +95,32 @@ public class LDAPSecurityDomainSessionTable String entrydn = "cn=" + sessionId + "," + sessionsdn; attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); - attrs.add(new LDAPAttribute("objectclass", "securityDomainSessionEntry")); + attrs.add(new LDAPAttribute("objectclass", + "securityDomainSessionEntry")); attrs.add(new LDAPAttribute("cn", sessionId)); attrs.add(new LDAPAttribute("host", ip)); attrs.add(new LDAPAttribute("uid", uid)); attrs.add(new LDAPAttribute("cmsUserGroup", group)); - attrs.add(new LDAPAttribute("dateOfCreate", Long.toString((new Date()).getTime()))); + attrs.add(new LDAPAttribute("dateOfCreate", Long + .toString((new Date()).getTime()))); entry = new LDAPEntry(entrydn, attrs); if (sessions_exists) { conn.add(entry); - CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId); + CMS.debug("SecurityDomainSessionTable: added session entry" + + sessionId); status = SUCCESS; } - } catch(Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to create session entry" + sessionId + ": " + e); - } + } catch (Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to create session entry" + + sessionId + ": " + e); + } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable:addEntry: Error in disconnecting from database: " + e); + CMS.debug("SecurityDomainSessionTable:addEntry: Error in disconnecting from database: " + + e); } return status; } @@ -124,21 +131,25 @@ public class LDAPSecurityDomainSessionTable int status = FAILURE; try { String basedn = cs.getString("internaldb.basedn"); - String dn = "cn=" + sessionId + ",ou=sessions,ou=Security Domain," + basedn; + String dn = "cn=" + sessionId + ",ou=sessions,ou=Security Domain," + + basedn; conn = getLDAPConn(); conn.delete(dn); status = SUCCESS; } catch (Exception e) { - if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) { + if ((e instanceof LDAPException) + && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) { // continue } else { - CMS.debug("SecurityDomainSessionTable: unable to delete session " + sessionId + ": " + e); + CMS.debug("SecurityDomainSessionTable: unable to delete session " + + sessionId + ": " + e); } } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: removeEntry: Error in disconnecting from database: " + e); + CMS.debug("SecurityDomainSessionTable: removeEntry: Error in disconnecting from database: " + + e); } return status; } @@ -154,21 +165,24 @@ public class LDAPSecurityDomainSessionTable String[] attrs = { "cn" }; conn = getLDAPConn(); - LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); - if (res.getCount() > 0) ret = true; - } catch(Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e); + LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, + filter, attrs, false); + if (res.getCount() > 0) + ret = true; + } catch (Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to query session " + + sessionId + ": " + e); } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + e); + CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + + e); } return ret; } - public Enumeration getSessionIds() { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; @@ -181,27 +195,31 @@ public class LDAPSecurityDomainSessionTable String[] attrs = { "cn" }; conn = getLDAPConn(); - LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); + LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, + filter, attrs, false); while (res.hasMoreElements()) { LDAPEntry entry = res.next(); ret.add(entry.getAttribute("cn").getStringValueArray()[0]); } } catch (LDAPException e) { switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - CMS.debug("SecurityDomainSessionTable: getSessionIds(): no sessions have been created"); - break; - default: - CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + e); + case LDAPException.NO_SUCH_OBJECT: + CMS.debug("SecurityDomainSessionTable: getSessionIds(): no sessions have been created"); + break; + default: + CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + + e); } - } catch(Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e); + } catch (Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + + e); } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + e); + CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + + e); } return ret.elements(); @@ -211,25 +229,28 @@ public class LDAPSecurityDomainSessionTable IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; String ret = null; - try { + try { String basedn = cs.getString("internaldb.basedn"); String sessionsdn = "ou=sessions,ou=Security Domain," + basedn; String filter = "(cn=" + sessionId + ")"; String[] attrs = { attr }; conn = getLDAPConn(); - LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); - if (res.getCount() > 0) { + LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, + filter, attrs, false); + if (res.getCount() > 0) { LDAPEntry entry = res.next(); ret = entry.getAttribute(attr).getStringValueArray()[0]; } - } catch(Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e); + } catch (Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to query session " + + sessionId + ": " + e); } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + e); + CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + + e); } return ret; } @@ -261,7 +282,7 @@ public class LDAPSecurityDomainSessionTable public int getSize() { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; - int ret =0; + int ret = 0; try { String basedn = cs.getString("internaldb.basedn"); @@ -270,24 +291,25 @@ public class LDAPSecurityDomainSessionTable String[] attrs = { "cn" }; conn = getLDAPConn(); - LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); + LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, + filter, attrs, false); ret = res.getCount(); - } catch(Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e); + } catch (Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + + e); } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + e); + CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + + e); } return ret; } - private LDAPConnection getLDAPConn() - throws IOException - { + private LDAPConnection getLDAPConn() throws IOException { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -299,12 +321,13 @@ public class LDAPSecurityDomainSessionTable IPasswordStore pwdStore = CMS.getPasswordStore(); if (pwdStore != null) { - //CMS.debug("SecurityDomainSessionTable: getLDAPConn: password store available"); + // CMS.debug("SecurityDomainSessionTable: getLDAPConn: password store available"); pwd = pwdStore.getPassword("internaldb"); } - if ( pwd == null) { - throw new IOException("SecurityDomainSessionTable: Failed to obtain password from password store"); + if (pwd == null) { + throw new IOException( + "SecurityDomainSessionTable: Failed to obtain password from password store"); } try { @@ -329,14 +352,15 @@ public class LDAPSecurityDomainSessionTable LDAPConnection conn = null; if (security.equals("true")) { - //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + // CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); } else { - //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); + // CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); } - //CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" + p); + // CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" + + // p); try { conn.connect(host, p, binddn, pwd); } catch (LDAPException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java index e7fdbe3f9..844a5a364 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -27,7 +26,6 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; - public class LoginServlet extends BaseServlet { /** @@ -36,14 +34,12 @@ public class LoginServlet extends BaseServlet { private static final long serialVersionUID = -4766622132710080340L; public boolean authenticate(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { return true; } public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; try { @@ -52,7 +48,7 @@ public class LoginServlet extends BaseServlet { if (pin == null) { context.put("error", ""); } else { - String cspin = CMS.getConfigStore().getString("preop.pin"); + String cspin = CMS.getConfigStore().getString("preop.pin"); if (cspin != null && cspin.equals(pin)) { // create session @@ -62,7 +58,7 @@ public class LoginServlet extends BaseServlet { return null; } else { context.put("error", "Login Failed"); - } + } } template = Velocity.getTemplate("admin/console/config/login.vm"); } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java index a91ca979b..2fcb1f2f6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; @@ -43,7 +42,7 @@ public class MainPageServlet extends CMSServlet { * */ private static final long serialVersionUID = 2425301522251239666L; - private static final String PROP_AUTHORITY_ID="authorityId"; + private static final String PROP_AUTHORITY_ID = "authorityId"; private String mAuthorityId = null; private String mFormPath = null; @@ -75,12 +74,12 @@ public class MainPageServlet extends CMSServlet { form = getTemplate(mFormPath, request, locale); } catch (IOException e) { CMS.debug("MainPageServlet process: cant locate the form"); -/* - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); -*/ + /* + * log(ILogger.LL_FAILURE, + * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw + * new ECMSGWException( + * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + */ } process(argSet, header, ctx, request, response); @@ -90,21 +89,22 @@ public class MainPageServlet extends CMSServlet { ServletOutputStream out = response.getOutputStream(); cmsReq.setStatus(CMSRequest.SUCCESS); - response.setContentType("text/html"); - form.renderOutput(out, argSet); + response.setContentType("text/html"); + form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp) - throws EBaseException { + IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp) + throws EBaseException { - int num = 0; + int num = 0; IArgBlock rarg = null; IConfigStore cs = CMS.getConfigStore(); int state = 0; @@ -125,8 +125,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "admin"); rarg.addStringValue("prefix", "http"); - rarg.addIntegerValue("port", - Integer.valueOf(CMS.getEENonSSLPort()).intValue()); + rarg.addIntegerValue("port", Integer.valueOf(CMS.getEENonSSLPort()) + .intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", adminInterface); argSet.addRepeatRecord(rarg); @@ -136,8 +136,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "ee"); rarg.addStringValue("prefix", "https"); - rarg.addIntegerValue("port", - Integer.valueOf(CMS.getEESSLPort()).intValue()); + rarg.addIntegerValue("port", Integer + .valueOf(CMS.getEESSLPort()).intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", eeInterface); argSet.addRepeatRecord(rarg); @@ -147,8 +147,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "agent"); rarg.addStringValue("prefix", "https"); - rarg.addIntegerValue("port", - Integer.valueOf(CMS.getAgentPort()).intValue()); + rarg.addIntegerValue("port", Integer + .valueOf(CMS.getAgentPort()).intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", agentInterface); argSet.addRepeatRecord(rarg); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java index 38185a33b..ef9255f30 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -50,19 +49,20 @@ public class ModulePanel extends WizardPanelBase { private Vector mOtherModules = null; private Hashtable mCurrModTable = new Hashtable(); private WizardServlet mServlet = null; - public ModulePanel() {} + + public ModulePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Key Store"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Key Store"); setId(id); @@ -71,7 +71,7 @@ public class ModulePanel extends WizardPanelBase { public void cleanUp() throws IOException { IConfigStore cs = CMS.getConfigStore(); - cs.putBoolean("preop.ModulePanel.done",false); + cs.putBoolean("preop.ModulePanel.done", false); } public void loadCurrModTable() { @@ -87,9 +87,8 @@ public class ModulePanel extends WizardPanelBase { mCurrModTable.put(mod.getName(), mod); } // while } catch (Exception e) { - CMS.debug( - "ModulePanel: Exception caught in loadCurrModTable: " - + e.toString()); + CMS.debug("ModulePanel: Exception caught in loadCurrModTable: " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } } @@ -141,15 +140,15 @@ public class ModulePanel extends WizardPanelBase { CMS.debug("ModulePanel: token nick name=" + token.getName()); CMS.debug("ModulePanel: token logged in?" + token.isLoggedIn()); CMS.debug("ModulePanel: token is present?" + token.isPresent()); - if (!token.getName().equals("Internal Crypto Services Token") && - !token.getName().equals("NSS Generic Crypto Services")) { + if (!token.getName().equals("Internal Crypto Services Token") + && !token.getName().equals( + "NSS Generic Crypto Services")) { module.addToken(token); } else { - CMS.debug( - "ModulePanel: token " + token.getName() + CMS.debug("ModulePanel: token " + token.getName() + " not to be added"); } - + } catch (TokenException ex) { CMS.debug("ModulePanel:" + ex.toString()); } @@ -181,11 +180,11 @@ public class ModulePanel extends WizardPanelBase { if ((cn == null) || (cn.equals(""))) { break; } - + CMS.debug("ModulePanel: got from config module: " + cn); // create a Module object Module module = new Module(cn, pn, img); - + if (mCurrModTable.containsKey(cn)) { CMS.debug("ModulePanel: module found: " + cn); module.setFound(true); @@ -194,7 +193,7 @@ public class ModulePanel extends WizardPanelBase { loadModTokens(module, m); } - + CMS.debug("ModulePanel: adding module " + cn); // add module to set if (!mSupportedModules.contains(module)) { @@ -203,39 +202,41 @@ public class ModulePanel extends WizardPanelBase { }// for } catch (Exception e) { - CMS.debug( - "ModulePanel: Exception caught in loadSupportedModules(): " - + e.toString()); + CMS.debug("ModulePanel: Exception caught in loadSupportedModules(): " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } } public PropertySet getUsage() { - // it a token choice. Available tokens are discovered dynamically so + // it a token choice. Available tokens are discovered dynamically so // can't be a real CHOICE PropertySet set = new PropertySet(); - - Descriptor tokenDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* default parameter */ - "module token selection"); + + Descriptor tokenDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* default parameter */ + "module token selection"); set.add("choice", tokenDesc); - + return set; } public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - boolean s = cs.getBoolean("preop.ModulePanel.done", - false); + boolean s = cs.getBoolean("preop.ModulePanel.done", false); if (s != true) { return false; } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -248,8 +249,7 @@ public class ModulePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("ModulePanel: display()"); context.put("title", "Key Store"); @@ -272,8 +272,8 @@ public class ModulePanel extends WizardPanelBase { context.put("oms", mOtherModules); context.put("sms", mSupportedModules); // context.put("status_token", "None"); - String subpanelno = String.valueOf(getPanelNo()+1); - CMS.debug("ModulePanel subpanelno =" +subpanelno); + String subpanelno = String.valueOf(getPanelNo() + 1); + CMS.debug("ModulePanel subpanelno =" + subpanelno); context.put("subpanelno", subpanelno); context.put("panel", "admin/console/config/modulepanel.vm"); } @@ -282,17 +282,15 @@ public class ModulePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { - boolean hasErr = false; + HttpServletResponse response, Context context) throws IOException { + boolean hasErr = false; try { // get the value of the choice @@ -306,13 +304,13 @@ public class ModulePanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); String oldtokenname = config.getString("preop.module.token", ""); - if (!oldtokenname.equals(select)) + if (!oldtokenname.equals(select)) mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); - if (hasErr == false) { - config.putString("preop.module.token", select); - config.putBoolean("preop.ModulePanel.done", true); - } + if (hasErr == false) { + config.putString("preop.module.token", select); + config.putBoolean("preop.ModulePanel.done", true); + } config.commit(false); context.put("updateStatus", "success"); } catch (Exception e) { @@ -326,8 +324,7 @@ public class ModulePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Security Module"); context.put("panel", "admin/console/config/modulepanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java index a0a627eef..861eee167 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -27,7 +26,6 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; - public class ModuleServlet extends BaseServlet { /** @@ -36,19 +34,16 @@ public class ModuleServlet extends BaseServlet { private static final long serialVersionUID = 6518965840466227888L; /** - * Collect information on where keys are to be generated. - * Once collected, write to CS.cfg: - * "preop.module=soft" - * or - * "preop.module=hard" - * + * Collect information on where keys are to be generated. Once collected, + * write to CS.cfg: "preop.module=soft" or "preop.module=hard" + * * <ul> - * <li>http.param selection "soft" or "hard" for software token or hardware token + * <li>http.param selection "soft" or "hard" for software token or hardware + * token * </ul> */ public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; @@ -76,7 +71,7 @@ public class ModuleServlet extends BaseServlet { CMS.debug("ModuleServlet: illegal selection: " + selection); context.put("error", "failed selection"); } - + } else { CMS.debug("ModuleServlet: no selection"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java index ec3686e92..1f680b644 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.File; import java.io.FileOutputStream; import java.io.IOException; @@ -54,19 +53,19 @@ public class NamePanel extends WizardPanelBase { private Vector mCerts = null; private WizardServlet mServlet = null; - public NamePanel() {} + public NamePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Subject Names"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Subject Names"); setId(id); @@ -79,27 +78,39 @@ public class NamePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "CA Signing Certificate's DN"); + Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ + "CA Signing Certificate's DN"); set.add("caDN", caDN); - Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "SSL Server Certificate's DN"); + Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ + "SSL Server Certificate's DN"); set.add("sslDN", sslDN); - Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "CA Subsystem Certificate's DN"); + Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ + "CA Subsystem Certificate's DN"); set.add("subsystemDN", subsystemDN); - Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "OCSP Signing Certificate's DN"); + Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ + "OCSP Signing Certificate's DN"); set.add("ocspDN", ocspDN); @@ -124,7 +135,7 @@ public class NamePanel extends WizardPanelBase { StringTokenizer st = new StringTokenizer(list, ","); while (st.hasMoreTokens()) { String t = st.nextToken(); - cs.remove("preop.cert."+t+".done"); + cs.remove("preop.cert." + t + ".done"); } try { @@ -142,7 +153,8 @@ public class NamePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -159,12 +171,11 @@ public class NamePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("NamePanel: display()"); context.put("title", "Subject Names"); - // update session id + // update session id String session_id = request.getParameter("session_id"); if (session_id != null) { CMS.debug("NamePanel setting session id."); @@ -179,16 +190,16 @@ public class NamePanel extends WizardPanelBase { String hselect = ""; String cstype = ""; try { - //if CA, at the hierarchy panel, was it root or subord? + // if CA, at the hierarchy panel, was it root or subord? hselect = config.getString("preop.hierarchy.select", ""); select = config.getString("preop.subsystem.select", ""); cstype = config.getString("cs.type", ""); context.put("select", select); if (cstype.equals("CA") && hselect.equals("root")) { - CMS.debug("NamePanel ca is root"); + CMS.debug("NamePanel ca is root"); context.put("isRoot", "true"); } else { - CMS.debug("NamePanel not ca or not root"); + CMS.debug("NamePanel not ca or not root"); context.put("isRoot", "false"); } } catch (Exception e) { @@ -207,47 +218,53 @@ public class NamePanel extends WizardPanelBase { int sd_admin_port = -1; if (domaintype.equals("existing")) { host = config.getString("securitydomain.host", ""); - sd_admin_port = config.getInteger("securitydomain.httpsadminport", -1); + sd_admin_port = config.getInteger( + "securitydomain.httpsadminport", -1); count = getSubsystemCount(host, sd_admin_port, true, cstype); } while (st.hasMoreTokens()) { String certTag = st.nextToken(); - CMS.debug("NamePanel: display() about to process certTag :" + certTag); - String nn = config.getString( - PCERT_PREFIX + certTag + ".nickname"); + CMS.debug("NamePanel: display() about to process certTag :" + + certTag); + String nn = config.getString(PCERT_PREFIX + certTag + + ".nickname"); Cert c = new Cert(token, nn, certTag); - String userfriendlyname = config.getString( - PCERT_PREFIX + certTag + ".userfriendlyname"); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); + String userfriendlyname = config.getString(PCERT_PREFIX + + certTag + ".userfriendlyname"); + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); c.setUserFriendlyName(userfriendlyname); - String type = config.getString(PCERT_PREFIX + certTag + ".type"); + String type = config + .getString(PCERT_PREFIX + certTag + ".type"); c.setType(type); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + + ".enable", true); c.setEnable(enable); - String cert = config.getString(subsystem +"."+certTag +".cert", ""); - String certreq = - config.getString(subsystem + "." +certTag +".certreq", ""); + String cert = config.getString(subsystem + "." + certTag + + ".cert", ""); + String certreq = config.getString(subsystem + "." + certTag + + ".certreq", ""); String dn = config.getString(PCERT_PREFIX + certTag + ".dn"); - boolean override = config.getBoolean(PCERT_PREFIX + certTag + - ".cncomponent.override", true); - //o_sd is to add o=secritydomainname - boolean o_sd = config.getBoolean(PCERT_PREFIX + certTag + - "o_securitydomain", true); - domainname = config.getString("securitydomain.name", ""); - CMS.debug("NamePanel: display() override is "+override); - CMS.debug("NamePanel: display() o_securitydomain is "+o_sd); - CMS.debug("NamePanel: display() domainname is "+domainname); + boolean override = config.getBoolean(PCERT_PREFIX + certTag + + ".cncomponent.override", true); + // o_sd is to add o=secritydomainname + boolean o_sd = config.getBoolean(PCERT_PREFIX + certTag + + "o_securitydomain", true); + domainname = config.getString("securitydomain.name", ""); + CMS.debug("NamePanel: display() override is " + override); + CMS.debug("NamePanel: display() o_securitydomain is " + o_sd); + CMS.debug("NamePanel: display() domainname is " + domainname); boolean dnUpdated = false; try { - dnUpdated = config.getBoolean(PCERT_PREFIX+certTag+".updatedDN"); + dnUpdated = config.getBoolean(PCERT_PREFIX + certTag + + ".updatedDN"); } catch (Exception e) { } @@ -255,28 +272,36 @@ public class NamePanel extends WizardPanelBase { boolean done = config.getBoolean("preop.NamePanel.done"); c.setDN(dn); } catch (Exception e) { - String instanceId = config.getString("service.instanceID", ""); + String instanceId = config.getString("service.instanceID", + ""); if (select.equals("clone") || dnUpdated) { c.setDN(dn); - } else if (count != 0 && override && (cert.equals("") || certreq.equals(""))) { - CMS.debug("NamePanel subsystemCount = "+count); - c.setDN(dn + " "+count+ - ((!instanceId.equals(""))? (",OU=" + instanceId):"") + - ((o_sd)? (",O=" + domainname):"")); - config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true); + } else if (count != 0 && override + && (cert.equals("") || certreq.equals(""))) { + CMS.debug("NamePanel subsystemCount = " + count); + c.setDN(dn + + " " + + count + + ((!instanceId.equals("")) ? (",OU=" + instanceId) + : "") + + ((o_sd) ? (",O=" + domainname) : "")); + config.putBoolean( + PCERT_PREFIX + certTag + ".updatedDN", true); } else { - c.setDN(dn + - ((!instanceId.equals(""))? (",OU=" + instanceId):"") + - ((o_sd)? (",O=" + domainname):"")); - config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true); + c.setDN(dn + + ((!instanceId.equals("")) ? (",OU=" + instanceId) + : "") + + ((o_sd) ? (",O=" + domainname) : "")); + config.putBoolean( + PCERT_PREFIX + certTag + ".updatedDN", true); } } mCerts.addElement(c); - CMS.debug( - "NamePanel: display() added cert to mCerts: certTag " - + certTag); - config.putString(PCERT_PREFIX + c.getCertTag() + ".dn", c.getDN()); + CMS.debug("NamePanel: display() added cert to mCerts: certTag " + + certTag); + config.putString(PCERT_PREFIX + c.getCertTag() + ".dn", + c.getDN()); }// while } catch (EBaseException e) { CMS.debug("NamePanel: display() exception caught:" + e.toString()); @@ -302,7 +327,8 @@ public class NamePanel extends WizardPanelBase { try { config.putString("preop.ca.list", list.toString()); config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } context.put("urls", v); @@ -316,8 +342,7 @@ public class NamePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { @@ -328,30 +353,34 @@ public class NamePanel extends WizardPanelBase { if (dn == null || dn.length() == 0) { context.put("updateStatus", "validate-failure"); - throw new IOException("Empty DN for " + cert.getUserFriendlyName()); + throw new IOException("Empty DN for " + + cert.getUserFriendlyName()); } } } // while } - /* + /* * update some parameters for clones */ - public void updateCloneConfig(IConfigStore config) - throws EBaseException, IOException { + public void updateCloneConfig(IConfigStore config) throws EBaseException, + IOException { String cstype = config.getString("cs.type", null); cstype = toLowerCaseSubsystemType(cstype); if (cstype.equals("kra")) { String token = config.getString(PRE_CONF_CA_TOKEN); if (!token.equals("Internal Key Storage Token")) { - CMS.debug("NamePanel: updating configuration for KRA clone with hardware token"); - String subsystem = config.getString(PCERT_PREFIX + "storage.subsystem"); + CMS.debug("NamePanel: updating configuration for KRA clone with hardware token"); + String subsystem = config.getString(PCERT_PREFIX + + "storage.subsystem"); String storageNickname = getNickname(config, "storage"); String transportNickname = getNickname(config, "transport"); config.putString(subsystem + ".storageUnit.hardware", token); - config.putString(subsystem + ".storageUnit.nickName", token+":"+storageNickname); - config.putString(subsystem + ".transportUnit.nickName", token+":"+transportNickname); + config.putString(subsystem + ".storageUnit.nickName", token + + ":" + storageNickname); + config.putString(subsystem + ".transportUnit.nickName", token + + ":" + transportNickname); config.commit(false); } else { // software token // parameters already set @@ -359,14 +388,19 @@ public class NamePanel extends WizardPanelBase { } // audit signing cert - String audit_nn = config.getString(cstype + ".audit_signing" + ".nickname", ""); - String audit_tk = config.getString(cstype + ".audit_signing" + ".tokenname", ""); - if (!audit_tk.equals("Internal Key Storage Token") && !audit_tk.equals("")) { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - audit_tk + ":" + audit_nn); + String audit_nn = config.getString(cstype + ".audit_signing" + + ".nickname", ""); + String audit_tk = config.getString(cstype + ".audit_signing" + + ".tokenname", ""); + if (!audit_tk.equals("Internal Key Storage Token") + && !audit_tk.equals("")) { + config.putString( + "log.instance.SignedAudit.signedAuditCertNickname", + audit_tk + ":" + audit_nn); } else { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - audit_nn); + config.putString( + "log.instance.SignedAudit.signedAuditCertNickname", + audit_nn); } } @@ -374,9 +408,10 @@ public class NamePanel extends WizardPanelBase { * get some of the "preop" parameters to persisting parameters */ public void updateConfig(IConfigStore config, String certTag) - throws EBaseException, IOException { + throws EBaseException, IOException { String token = config.getString(PRE_CONF_CA_TOKEN); - String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem"); + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); CMS.debug("NamePanel: subsystem " + subsystem); String nickname = getNickname(config, certTag); @@ -385,38 +420,46 @@ public class NamePanel extends WizardPanelBase { // should change the entire system to use the uniformed names later if (certTag.equals("signing") || certTag.equals("ocsp_signing")) { CMS.debug("NamePanel: setting signing nickname=" + nickname); - config.putString(subsystem + "." + certTag + ".cacertnickname", nickname); - config.putString(subsystem + "." + certTag + ".certnickname", nickname); + config.putString(subsystem + "." + certTag + ".cacertnickname", + nickname); + config.putString(subsystem + "." + certTag + ".certnickname", + nickname); } - // if KRA, hardware token needs param "kra.storageUnit.hardware" in CS.cfg + // if KRA, hardware token needs param "kra.storageUnit.hardware" in + // CS.cfg String cstype = config.getString("cs.type", null); cstype = toLowerCaseSubsystemType(cstype); if (cstype.equals("kra")) { - if (!token.equals("Internal Key Storage Token")) { - if (certTag.equals("storage")) { - config.putString(subsystem + ".storageUnit.hardware", token); - config.putString(subsystem + ".storageUnit.nickName", token+":"+nickname); - } else if (certTag.equals("transport")) { - config.putString(subsystem + ".transportUnit.nickName", token+":"+nickname); - } - } else { // software token - if (certTag.equals("storage")) { - config.putString(subsystem + ".storageUnit.nickName", nickname); - } else if (certTag.equals("transport")) { - config.putString(subsystem + ".transportUnit.nickName", nickname); - } - } + if (!token.equals("Internal Key Storage Token")) { + if (certTag.equals("storage")) { + config.putString(subsystem + ".storageUnit.hardware", token); + config.putString(subsystem + ".storageUnit.nickName", token + + ":" + nickname); + } else if (certTag.equals("transport")) { + config.putString(subsystem + ".transportUnit.nickName", + token + ":" + nickname); + } + } else { // software token + if (certTag.equals("storage")) { + config.putString(subsystem + ".storageUnit.nickName", + nickname); + } else if (certTag.equals("transport")) { + config.putString(subsystem + ".transportUnit.nickName", + nickname); + } + } } String serverCertNickname = nickname; String path = CMS.getConfigStore().getString("instanceRoot", ""); if (certTag.equals("sslserver")) { - if (!token.equals("Internal Key Storage Token")) { - serverCertNickname = token+":"+nickname; + if (!token.equals("Internal Key Storage Token")) { + serverCertNickname = token + ":" + nickname; } - File file = new File(path+"/conf/serverCertNick.conf"); - PrintStream ps = new PrintStream(new FileOutputStream(path+"/conf/serverCertNick.conf")); + File file = new File(path + "/conf/serverCertNick.conf"); + PrintStream ps = new PrintStream(new FileOutputStream(path + + "/conf/serverCertNick.conf")); ps.println(serverCertNickname); ps.close(); } @@ -424,25 +467,29 @@ public class NamePanel extends WizardPanelBase { config.putString(subsystem + "." + certTag + ".nickname", nickname); config.putString(subsystem + "." + certTag + ".tokenname", token); if (certTag.equals("audit_signing")) { - if (!token.equals("Internal Key Storage Token") && !token.equals("")) { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - token + ":" + nickname); - } else { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - nickname); - } + if (!token.equals("Internal Key Storage Token") + && !token.equals("")) { + config.putString( + "log.instance.SignedAudit.signedAuditCertNickname", + token + ":" + nickname); + } else { + config.putString( + "log.instance.SignedAudit.signedAuditCertNickname", + nickname); + } } /* - config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm", - "SHA1withRSA"); + * config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm", + * "SHA1withRSA"); */ // for system certs verification - if (!token.equals("Internal Key Storage Token") && !token.equals("")) { + if (!token.equals("Internal Key Storage Token") && !token.equals("")) { config.putString(subsystem + ".cert." + certTag + ".nickname", - token + ":" + nickname); + token + ":" + nickname); } else { - config.putString(subsystem + ".cert." + certTag + ".nickname", nickname); + config.putString(subsystem + ".cert." + certTag + ".nickname", + nickname); } config.commit(false); @@ -453,13 +500,13 @@ public class NamePanel extends WizardPanelBase { * create and sign a cert locally (handles both "selfsign" and "local") */ public void configCert(HttpServletRequest request, - HttpServletResponse response, - Context context, Cert certObj) throws IOException { + HttpServletResponse response, Context context, Cert certObj) + throws IOException { CMS.debug("NamePanel: configCert called"); IConfigStore config = CMS.getConfigStore(); String caType = certObj.getType(); - CMS.debug("NamePanel: in configCert caType is "+ caType); + CMS.debug("NamePanel: in configCert caType is " + caType); X509CertImpl cert = null; String certTag = certObj.getCertTag(); @@ -469,31 +516,40 @@ public class NamePanel extends WizardPanelBase { String v = config.getString("preop.ca.type", ""); CMS.debug("NamePanel configCert: remote CA"); - String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX, - certObj, context); + String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX, + certObj, context); certObj.setRequest(pkcs10); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); config.putString(subsystem + "." + certTag + ".certreq", pkcs10); - String profileId = config.getString(PCERT_PREFIX+certTag+".profile"); + String profileId = config.getString(PCERT_PREFIX + certTag + + ".profile"); String session_id = CMS.getConfigSDSessionId(); String sd_hostname = ""; int sd_ee_port = -1; try { sd_hostname = config.getString("securitydomain.host", ""); - sd_ee_port = config.getInteger("securitydomain.httpseeport", -1); + sd_ee_port = config.getInteger( + "securitydomain.httpseeport", -1); } catch (Exception ee) { - CMS.debug("NamePanel: configCert() exception caught:"+ee.toString()); + CMS.debug("NamePanel: configCert() exception caught:" + + ee.toString()); } String sysType = config.getString("cs.type", ""); String machineName = config.getString("machineName", ""); String securePort = config.getString("service.securePort", ""); if (certTag.equals("subsystem")) { - String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id; - cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port, - content, response, this); + String content = "requestor_name=" + sysType + "-" + + machineName + "-" + securePort + "&profileId=" + + profileId + + "&cert_request_type=pkcs10&cert_request=" + + URLEncoder.encode(pkcs10, "UTF-8") + + "&xmlOutput=true&sessionID=" + session_id; + cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port, + content, response, this); if (cert == null) { - throw new IOException("Error: remote certificate is null"); + throw new IOException( + "Error: remote certificate is null"); } } else if (v.equals("sdca")) { String ca_hostname = ""; @@ -504,96 +560,105 @@ public class NamePanel extends WizardPanelBase { } catch (Exception ee) { } - String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id; - cert = CertUtil.createRemoteCert(ca_hostname, ca_port, - content, response, this); + String content = "requestor_name=" + sysType + "-" + + machineName + "-" + securePort + "&profileId=" + + profileId + + "&cert_request_type=pkcs10&cert_request=" + + URLEncoder.encode(pkcs10, "UTF-8") + + "&xmlOutput=true&sessionID=" + session_id; + cert = CertUtil.createRemoteCert(ca_hostname, ca_port, + content, response, this); if (cert == null) { - throw new IOException("Error: remote certificate is null"); + throw new IOException( + "Error: remote certificate is null"); } } else if (v.equals("otherca")) { config.putString(subsystem + "." + certTag + ".cert", "...paste certificate here..."); - } else { + } else { CMS.debug("NamePanel: no preop.ca.type is provided"); - } + } } else { // not remote CA, ie, self-signed or local ISubsystem ca = CMS.getSubsystem(ICertificateAuthority.ID); if (ca == null) { String s = PCERT_PREFIX + certTag + ".type"; - CMS.debug( - "The value for " + s + CMS.debug("The value for " + s + " should be remote, nothing else."); - throw new IOException( - "The value for " + s + " should be remote"); - } - - String pubKeyType = config.getString( - PCERT_PREFIX + certTag + ".keytype"); + throw new IOException("The value for " + s + + " should be remote"); + } + + String pubKeyType = config.getString(PCERT_PREFIX + certTag + + ".keytype"); if (pubKeyType.equals("rsa")) { - String pubKeyModulus = config.getString( - PCERT_PREFIX + certTag + ".pubkey.modulus"); - String pubKeyPublicExponent = config.getString( - PCERT_PREFIX + certTag + ".pubkey.exponent"); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); - - if (certTag.equals("signing")) { - X509Key x509key = CryptoUtil.getPublicX509Key( - CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); - - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); - } else { - String cacert = config.getString("ca.signing.cert", ""); - - if (cacert.equals("") || cacert.startsWith("...")) { - certObj.setCert( - "...certificate be generated internally..."); - config.putString(subsystem + "." + certTag + ".cert", - "...certificate be generated internally..."); - } else { + String pubKeyModulus = config.getString(PCERT_PREFIX + + certTag + ".pubkey.modulus"); + String pubKeyPublicExponent = config.getString(PCERT_PREFIX + + certTag + ".pubkey.exponent"); + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); + + if (certTag.equals("signing")) { X509Key x509key = CryptoUtil.getPublicX509Key( CryptoUtil.string2byte(pubKeyModulus), CryptoUtil.string2byte(pubKeyPublicExponent)); cert = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, caType, context); + } else { + String cacert = config.getString("ca.signing.cert", ""); + + if (cacert.equals("") || cacert.startsWith("...")) { + certObj.setCert("...certificate be generated internally..."); + config.putString(subsystem + "." + certTag + + ".cert", + "...certificate be generated internally..."); + } else { + X509Key x509key = CryptoUtil.getPublicX509Key( + CryptoUtil.string2byte(pubKeyModulus), + CryptoUtil + .string2byte(pubKeyPublicExponent)); + + cert = CertUtil.createLocalCert(config, x509key, + PCERT_PREFIX, certTag, caType, context); + } } - } } else if (pubKeyType.equals("ecc")) { - String pubKeyEncoded = config.getString( - PCERT_PREFIX + certTag + ".pubkey.encoded"); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); - - if (certTag.equals("signing")) { - - X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); - } else { - String cacert = config.getString("ca.signing.cert", ""); - - if (cacert.equals("") || cacert.startsWith("...")) { - certObj.setCert( - "...certificate be generated internally..."); - config.putString(subsystem + "." + certTag + ".cert", - "...certificate be generated internally..."); - } else { - X509Key x509key = CryptoUtil.getPublicX509ECCKey( - CryptoUtil.string2byte(pubKeyEncoded)); + String pubKeyEncoded = config.getString(PCERT_PREFIX + + certTag + ".pubkey.encoded"); + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); + + if (certTag.equals("signing")) { + X509Key x509key = CryptoUtil + .getPublicX509ECCKey(CryptoUtil + .string2byte(pubKeyEncoded)); cert = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, caType, context); + } else { + String cacert = config.getString("ca.signing.cert", ""); + + if (cacert.equals("") || cacert.startsWith("...")) { + certObj.setCert("...certificate be generated internally..."); + config.putString(subsystem + "." + certTag + + ".cert", + "...certificate be generated internally..."); + } else { + X509Key x509key = CryptoUtil + .getPublicX509ECCKey(CryptoUtil + .string2byte(pubKeyEncoded)); + + cert = CertUtil.createLocalCert(config, x509key, + PCERT_PREFIX, certTag, caType, context); + } } - } } else { - // invalid key type - CMS.debug("Invalid key type " + pubKeyType); + // invalid key type + CMS.debug("Invalid key type " + pubKeyType); } if (cert != null) { if (certTag.equals("subsystem")) @@ -605,9 +670,9 @@ public class NamePanel extends WizardPanelBase { byte[] certb = cert.getEncoded(); String certs = CryptoUtil.base64Encode(certb); - // certObj.setCert(certs); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); + // certObj.setCert(certs); + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); config.putString(subsystem + "." + certTag + ".cert", certs); } config.commit(false); @@ -617,72 +682,76 @@ public class NamePanel extends WizardPanelBase { CMS.debug("NamePanel configCert() exception caught:" + e.toString()); } } - + public void configCertWithTag(HttpServletRequest request, - HttpServletResponse response, - Context context, String tag) throws IOException - { - CMS.debug("NamePanel: configCertWithTag start"); - Enumeration c = mCerts.elements(); - IConfigStore config = CMS.getConfigStore(); - - while (c.hasMoreElements()) { - Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); - CMS.debug("NamePanel: configCertWithTag ct=" + ct + - " tag=" +tag); - if (ct.equals(tag)) { - try { - String nickname = HttpInput.getNickname(request, ct + "_nick"); - if (nickname != null) { - CMS.debug("configCertWithTag: Setting nickname for " + ct + " to " + nickname); - config.putString(PCERT_PREFIX + ct + ".nickname", nickname); - cert.setNickname(nickname); - config.commit(false); - } - String dn = HttpInput.getDN(request, ct); - if (dn != null) { - config.putString(PCERT_PREFIX + ct + ".dn", dn); - config.commit(false); - } - } catch (Exception e) { - CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + e.toString()); - } + HttpServletResponse response, Context context, String tag) + throws IOException { + CMS.debug("NamePanel: configCertWithTag start"); + Enumeration c = mCerts.elements(); + IConfigStore config = CMS.getConfigStore(); - configCert(request, response, context, cert); - CMS.debug("NamePanel: configCertWithTag done with tag=" + tag); - return; + while (c.hasMoreElements()) { + Cert cert = (Cert) c.nextElement(); + String ct = cert.getCertTag(); + CMS.debug("NamePanel: configCertWithTag ct=" + ct + " tag=" + tag); + if (ct.equals(tag)) { + try { + String nickname = HttpInput.getNickname(request, ct + + "_nick"); + if (nickname != null) { + CMS.debug("configCertWithTag: Setting nickname for " + + ct + " to " + nickname); + config.putString(PCERT_PREFIX + ct + ".nickname", + nickname); + cert.setNickname(nickname); + config.commit(false); + } + String dn = HttpInput.getDN(request, ct); + if (dn != null) { + config.putString(PCERT_PREFIX + ct + ".dn", dn); + config.commit(false); + } + } catch (Exception e) { + CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + + ct + ": " + e.toString()); } - } - CMS.debug("NamePanel: configCertWithTag done"); + + configCert(request, response, context, cert); + CMS.debug("NamePanel: configCertWithTag done with tag=" + tag); + return; + } + } + CMS.debug("NamePanel: configCertWithTag done"); } - private boolean inputChanged(HttpServletRequest request) - throws IOException { - IConfigStore config = CMS.getConfigStore(); - + private boolean inputChanged(HttpServletRequest request) throws IOException { + IConfigStore config = CMS.getConfigStore(); + boolean hasChanged = false; try { Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); - boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + String ct = cert.getCertTag(); + boolean enable = config.getBoolean(PCERT_PREFIX + ct + + ".enable", true); if (!enable) continue; - String olddn = config.getString(PCERT_PREFIX + cert.getCertTag() + ".dn", ""); + String olddn = config.getString( + PCERT_PREFIX + cert.getCertTag() + ".dn", ""); // get the dn's and put in config String dn = HttpInput.getDN(request, cert.getCertTag()); if (!olddn.equals(dn)) hasChanged = true; - String oldnick = config.getString(PCERT_PREFIX + ct + ".nickname"); - String nick = HttpInput.getNickname(request, ct + "_nick"); - if (!oldnick.equals(nick)) - hasChanged = true; + String oldnick = config.getString(PCERT_PREFIX + ct + + ".nickname"); + String nick = HttpInput.getNickname(request, ct + "_nick"); + if (!oldnick.equals(nick)) + hasChanged = true; } } catch (Exception e) { @@ -690,44 +759,43 @@ public class NamePanel extends WizardPanelBase { return hasChanged; } - - public String getURL(HttpServletRequest request, IConfigStore config) - { + + public String getURL(HttpServletRequest request, IConfigStore config) { String index = request.getParameter("urls"); - if (index == null){ - return null; + if (index == null) { + return null; } String url = ""; if (index.startsWith("http")) { - // user may submit url directlry - url = index; + // user may submit url directlry + url = index; } else { - try { - int x = Integer.parseInt(index); - String list = config.getString("preop.ca.list", ""); - StringTokenizer tokenizer = new StringTokenizer(list, ","); - int counter = 0; - - while (tokenizer.hasMoreTokens()) { - url = tokenizer.nextToken(); - if (counter == x) { - break; + try { + int x = Integer.parseInt(index); + String list = config.getString("preop.ca.list", ""); + StringTokenizer tokenizer = new StringTokenizer(list, ","); + int counter = 0; + + while (tokenizer.hasMoreTokens()) { + url = tokenizer.nextToken(); + if (counter == x) { + break; + } + counter++; } - counter++; + } catch (Exception e) { } - } catch (Exception e) {} } - return url; + return url; } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { CMS.debug("NamePanel: in update()"); - boolean hasErr = false; + boolean hasErr = false; if (inputChanged(request)) { mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); @@ -736,12 +804,12 @@ public class NamePanel extends WizardPanelBase { return; } - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String hselect = ""; ISubsystem subsystem = CMS.getSubsystem(ICertificateAuthority.ID); try { - //if CA, at the hierarchy panel, was it root or subord? + // if CA, at the hierarchy panel, was it root or subord? hselect = config.getString("preop.hierarchy.select", ""); String cstype = config.getString("preop.subsystem.select", ""); if (cstype.equals("clone")) { @@ -750,13 +818,14 @@ public class NamePanel extends WizardPanelBase { configCertWithTag(request, response, context, "sslserver"); String url = getURL(request, config); if (url != null && !url.equals("External CA")) { - // preop.ca.url and admin port are required for setting KRA connector - url = url.substring(url.indexOf("https")); - config.putString("preop.ca.url", url); + // preop.ca.url and admin port are required for setting KRA + // connector + url = url.substring(url.indexOf("https")); + config.putString("preop.ca.url", url); - URL urlx = new URL(url); - updateCloneSDCAInfo(request, context, urlx.getHost(), - Integer.toString(urlx.getPort())); + URL urlx = new URL(url); + updateCloneSDCAInfo(request, context, urlx.getHost(), + Integer.toString(urlx.getPort())); } updateCloneConfig(config); @@ -770,50 +839,51 @@ public class NamePanel extends WizardPanelBase { return; } - //if no hselect, then not CA - if (hselect.equals("") || hselect.equals("join")) { - String select = null; - String url = getURL(request, config); + // if no hselect, then not CA + if (hselect.equals("") || hselect.equals("join")) { + String select = null; + String url = getURL(request, config); - URL urlx = null; + URL urlx = null; - if (url.equals("External CA")) { - CMS.debug("NamePanel: external CA selected"); - select = "otherca"; - config.putString("preop.ca.type", "otherca"); - if (subsystem != null) { - config.putString(PCERT_PREFIX+"signing.type", "remote"); - } + if (url.equals("External CA")) { + CMS.debug("NamePanel: external CA selected"); + select = "otherca"; + config.putString("preop.ca.type", "otherca"); + if (subsystem != null) { + config.putString(PCERT_PREFIX + "signing.type", "remote"); + } - config.putString("preop.ca.pkcs7", ""); - config.putInteger("preop.ca.certchain.size", 0); - context.put("check_otherca", "checked"); - CMS.debug("NamePanel: update: this is the external CA."); - } else { - CMS.debug("NamePanel: local CA selected"); - select = "sdca"; - // parse URL (CA1 - https://...) - url = url.substring(url.indexOf("https")); - config.putString("preop.ca.url", url); - - urlx = new URL(url); - config.putString("preop.ca.type", "sdca"); - CMS.debug("NamePanel: update: this is a CA in the security domain."); - context.put("check_sdca", "checked"); - sdca(request, context, urlx.getHost(), - Integer.toString(urlx.getPort())); - if (subsystem != null) { - config.putString(PCERT_PREFIX + "signing.type", "remote"); - config.putString(PCERT_PREFIX + "signing.profile", - "caInstallCACert"); + config.putString("preop.ca.pkcs7", ""); + config.putInteger("preop.ca.certchain.size", 0); + context.put("check_otherca", "checked"); + CMS.debug("NamePanel: update: this is the external CA."); + } else { + CMS.debug("NamePanel: local CA selected"); + select = "sdca"; + // parse URL (CA1 - https://...) + url = url.substring(url.indexOf("https")); + config.putString("preop.ca.url", url); + + urlx = new URL(url); + config.putString("preop.ca.type", "sdca"); + CMS.debug("NamePanel: update: this is a CA in the security domain."); + context.put("check_sdca", "checked"); + sdca(request, context, urlx.getHost(), + Integer.toString(urlx.getPort())); + if (subsystem != null) { + config.putString(PCERT_PREFIX + "signing.type", "remote"); + config.putString(PCERT_PREFIX + "signing.profile", + "caInstallCACert"); + } } - } - try { - config.commit(false); - } catch (Exception e) {} + try { + config.commit(false); + } catch (Exception e) { + } - } + } try { @@ -821,20 +891,23 @@ public class NamePanel extends WizardPanelBase { while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); + String ct = cert.getCertTag(); String tokenname = cert.getTokenname(); - boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + ct + + ".enable", true); if (!enable) continue; - boolean certDone = config.getBoolean(PCERT_PREFIX+ct+".done", false); + boolean certDone = config.getBoolean(PCERT_PREFIX + ct + + ".done", false); if (certDone) continue; // get the nicknames and put in config String nickname = HttpInput.getNickname(request, ct + "_nick"); if (nickname != null) { - CMS.debug("NamePanel: update: Setting nickname for " + ct + " to " + nickname); + CMS.debug("NamePanel: update: Setting nickname for " + ct + + " to " + nickname); config.putString(PCERT_PREFIX + ct + ".nickname", nickname); cert.setNickname(nickname); } else { @@ -850,32 +923,31 @@ public class NamePanel extends WizardPanelBase { try { configCert(request, response, context, cert); - config.putBoolean("preop.cert."+cert.getCertTag()+".done", - true); + config.putBoolean("preop.cert." + cert.getCertTag() + + ".done", true); config.commit(false); } catch (Exception e) { - CMS.debug( - "NamePanel: update() exception caught:" - + e.toString()); - hasErr = true; + CMS.debug("NamePanel: update() exception caught:" + + e.toString()); + hasErr = true; System.err.println("Exception caught: " + e.toString()); } - } // while - if (hasErr == false) { - config.putBoolean("preop.NamePanel.done", true); - config.commit(false); - } + } // while + if (hasErr == false) { + config.putBoolean("preop.NamePanel.done", true); + config.commit(false); + } } catch (Exception e) { CMS.debug("NamePanel: Exception caught: " + e.toString()); System.err.println("Exception caught: " + e.toString()); }// try - try { config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } if (!hasErr) { context.put("updateStatus", "success"); @@ -885,8 +957,11 @@ public class NamePanel extends WizardPanelBase { CMS.debug("NamePanel: update() done"); } - private void updateCloneSDCAInfo(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { - CMS.debug("NamePanel updateCloneSDCAInfo: selected CA hostname=" + hostname + " port=" + httpsPortStr); + private void updateCloneSDCAInfo(HttpServletRequest request, + Context context, String hostname, String httpsPortStr) + throws IOException { + CMS.debug("NamePanel updateCloneSDCAInfo: selected CA hostname=" + + hostname + " port=" + httpsPortStr); String https_admin_port = ""; IConfigStore config = CMS.getConfigStore(); @@ -897,19 +972,16 @@ public class NamePanel extends WizardPanelBase { // Retrieve the associated HTTPS Admin port so that it // may be stored for use with ImportAdminCertPanel - https_admin_port = getSecurityDomainAdminPort( config, - hostname, - httpsPortStr, - "CA" ); + https_admin_port = getSecurityDomainAdminPort(config, hostname, + httpsPortStr, "CA"); int httpsport = -1; try { - httpsport = Integer.parseInt(httpsPortStr); + httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { - CMS.debug( - "NamePanel update: Https port is not valid. Exception: " - + e.toString()); + CMS.debug("NamePanel update: Https port is not valid. Exception: " + + e.toString()); throw new IOException("Https Port is not valid."); } @@ -918,9 +990,11 @@ public class NamePanel extends WizardPanelBase { config.putString("preop.ca.httpsadminport", https_admin_port); } - private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { + private void sdca(HttpServletRequest request, Context context, + String hostname, String httpsPortStr) throws IOException { CMS.debug("NamePanel update: this is the CA in the security domain."); - CMS.debug("NamePanel update: selected CA hostname=" + hostname + " port=" + httpsPortStr); + CMS.debug("NamePanel update: selected CA hostname=" + hostname + + " port=" + httpsPortStr); String https_admin_port = ""; IConfigStore config = CMS.getConfigStore(); @@ -934,19 +1008,16 @@ public class NamePanel extends WizardPanelBase { // Retrieve the associated HTTPS Admin port so that it // may be stored for use with ImportAdminCertPanel - https_admin_port = getSecurityDomainAdminPort( config, - hostname, - httpsPortStr, - "CA" ); + https_admin_port = getSecurityDomainAdminPort(config, hostname, + httpsPortStr, "CA"); int httpsport = -1; try { - httpsport = Integer.parseInt(httpsPortStr); + httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { - CMS.debug( - "NamePanel update: Https port is not valid. Exception: " - + e.toString()); + CMS.debug("NamePanel update: Https port is not valid. Exception: " + + e.toString()); throw new IOException("Https Port is not valid."); } @@ -954,21 +1025,18 @@ public class NamePanel extends WizardPanelBase { config.putString("preop.ca.httpsport", httpsPortStr); config.putString("preop.ca.httpsadminport", https_admin_port); ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChainUsingSecureEEPort( config, "ca", hostname, - httpsport, true, context, - certApprovalCallback ); + updateCertChainUsingSecureEEPort(config, "ca", hostname, httpsport, + true, context, certApprovalCallback); try { - CMS.debug("Importing CA chain"); - importCertChain("ca"); + CMS.debug("Importing CA chain"); + importCertChain("ca"); } catch (Exception e1) { - CMS.debug("Failed in importing CA chain"); + CMS.debug("Failed in importing CA chain"); } } - public void initParams(HttpServletRequest request, Context context) - throws IOException - { + throws IOException { context.put("certs", mCerts); } @@ -976,11 +1044,9 @@ public class NamePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, Context context) { try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } context.put("title", "Subject Names"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java index cf37fdff9..8d484f4ee 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Enumeration; @@ -50,11 +49,9 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; /** - * This servlet creates a TPS user in the CA, - * and it associates TPS's server certificate to - * the user. Finally, it addes the user to the - * administrator group. This procedure will - * allows TPS to connect to the CA for certificate + * This servlet creates a TPS user in the CA, and it associates TPS's server + * certificate to the user. Finally, it addes the user to the administrator + * group. This procedure will allows TPS to connect to the CA for certificate * issuance. */ public class RegisterUser extends CMSServlet { @@ -67,9 +64,7 @@ public class RegisterUser extends CMSServlet { private final static String FAILED = "1"; private final static String AUTH_FAILURE = "2"; private String mGroupName = null; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = - "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; - + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; public RegisterUser() { super(); @@ -77,6 +72,7 @@ public class RegisterUser extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -88,7 +84,7 @@ public class RegisterUser extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -102,9 +98,9 @@ public class RegisterUser extends CMSServlet { CMS.debug("RegisterUser authentication successful."); } catch (Exception e) { CMS.debug("RegisterUser: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -117,19 +113,19 @@ public class RegisterUser extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("RegisterUser authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -150,119 +146,112 @@ public class RegisterUser extends CMSServlet { String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" + - "+Resource;;"+ uid + - "+fullname;;"+ name + - "+state;;1" + - "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>"; + String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;" + + uid + + "+fullname;;" + + name + + "+state;;1" + + "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>"; - IUGSubsystem ugsys = (IUGSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_UG); + IUGSubsystem ugsys = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); IUser user = null; boolean foundByCert = false; X509Certificate certs[] = new X509Certificate[1]; try { - byte bCert[] = null; - X509CertImpl cert = null; - bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString)); - cert = new X509CertImpl(bCert); - certs[0] = (X509Certificate)cert; - - // test to see if the cert already belongs to a user - ICertUserLocator cul = ugsys.getCertUserLocator(); - com.netscape.certsrv.usrgrp.Certificates c = - new com.netscape.certsrv.usrgrp.Certificates(certs); - user = (IUser) cul.locateUser(c); + byte bCert[] = null; + X509CertImpl cert = null; + bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString)); + cert = new X509CertImpl(bCert); + certs[0] = (X509Certificate) cert; + + // test to see if the cert already belongs to a user + ICertUserLocator cul = ugsys.getCertUserLocator(); + com.netscape.certsrv.usrgrp.Certificates c = new com.netscape.certsrv.usrgrp.Certificates( + certs); + user = (IUser) cul.locateUser(c); } catch (Exception ec) { - CMS.debug("RegisterUser: exception thrown: "+ec.toString()); + CMS.debug("RegisterUser: exception thrown: " + ec.toString()); } if (user == null) { - CMS.debug("RegisterUser NOT found user by cert"); - try { - user = ugsys.getUser(uid); - CMS.debug("RegisterUser found user by uid "+uid); - } catch (Exception eee) { - } + CMS.debug("RegisterUser NOT found user by cert"); + try { + user = ugsys.getUser(uid); + CMS.debug("RegisterUser found user by uid " + uid); + } catch (Exception eee) { + } } else { - foundByCert = true; - CMS.debug("RegisterUser found user by cert"); + foundByCert = true; + CMS.debug("RegisterUser found user by cert"); } - - try { - - if (user == null) { - // create user only if such user does not exist - user = ugsys.createUser(uid); - user.setFullName(name); - user.setState("1"); - user.setUserType(""); - user.setEmail(""); - user.setPhone(""); - user.setPassword(""); - - ugsys.addUser(user); - CMS.debug("RegisterUser created user " + uid); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams); - audit(auditMessage); - } - - // extract all line separators - StringBuffer sb = new StringBuffer(); - for (int i = 0; i < certsString.length(); i++) { - if (!Character.isWhitespace(certsString.charAt(i))) { - sb.append(certsString.charAt(i)); - } - } - certsString = sb.toString(); - - auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" + - "+Resource;;"+ uid + - "+cert;;"+certsString; - - user.setX509Certificates(certs); - if (!foundByCert) { - ugsys.addUserCert(user); - CMS.debug("RegisterUser added user certificate"); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams); - audit(auditMessage); - } else - CMS.debug("RegisterUser no need to add user certificate"); - } catch (Exception eee) { + + try { + + if (user == null) { + // create user only if such user does not exist + user = ugsys.createUser(uid); + user.setFullName(name); + user.setState("1"); + user.setUserType(""); + user.setEmail(""); + user.setPhone(""); + user.setPassword(""); + + ugsys.addUser(user); + CMS.debug("RegisterUser created user " + uid); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.SUCCESS, auditParams); + audit(auditMessage); + } + + // extract all line separators + StringBuffer sb = new StringBuffer(); + for (int i = 0; i < certsString.length(); i++) { + if (!Character.isWhitespace(certsString.charAt(i))) { + sb.append(certsString.charAt(i)); + } + } + certsString = sb.toString(); + + auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;" + uid + "+cert;;" + certsString; + + user.setX509Certificates(certs); + if (!foundByCert) { + ugsys.addUserCert(user); + CMS.debug("RegisterUser added user certificate"); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.SUCCESS, auditParams); + audit(auditMessage); + } else + CMS.debug("RegisterUser no need to add user certificate"); + } catch (Exception eee) { CMS.debug("RegisterUser error " + eee.toString()); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, auditParams); audit(auditMessage); outputError(httpResp, "Error: Certificate malformed"); return; } - // add user to the group - auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" + - "+Resource;;"+ mGroupName; + auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" + + "+Resource;;" + mGroupName; try { Enumeration groups = ugsys.findGroups(mGroupName); - IGroup group = (IGroup)groups.nextElement(); + IGroup group = (IGroup) groups.nextElement(); auditParams += "+user;;"; Enumeration members = group.getMemberNames(); while (members.hasMoreElements()) { auditParams += (String) members.nextElement(); if (members.hasMoreElements()) { - auditParams +=","; + auditParams += ","; } } @@ -273,22 +262,17 @@ public class RegisterUser extends CMSServlet { CMS.debug("RegisterUser modified group"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.SUCCESS, auditParams); audit(auditMessage); } - } catch (Exception e) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams); + } catch (Exception e) { + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, auditParams); - audit(auditMessage); - } + audit(auditMessage); + } // send success status back to the requestor try { @@ -305,14 +289,22 @@ public class RegisterUser extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } - protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + protected void renderTemplate(CMSRequest cmsReq, String templateName, + ICMSTemplateFiller filler) throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java index 76f5a7495..d03bc3132 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FileInputStream; @@ -76,19 +75,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class RestoreKeyCertPanel extends WizardPanelBase { - public RestoreKeyCertPanel() {} + public RestoreKeyCertPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Import Keys and Certificates"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Import Keys and Certificates"); setId(id); @@ -99,18 +98,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase { */ public boolean shouldSkip() { CMS.debug("RestoreKeyCertPanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("preop.subsystem.select",""); + String select = cs.getString("preop.subsystem.select", ""); if (select.equals("clone")) { return false; } } catch (EBaseException e) { } - + return true; } @@ -138,15 +137,16 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -154,13 +154,12 @@ public class RestoreKeyCertPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Import Keys and Certificates"); IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.pk12.path", ""); String type = config.getString("preop.subsystem.select", ""); @@ -181,8 +180,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String tokenname = ""; try { @@ -193,15 +191,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase { if (!tokenname.equals("Internal Key Storage Token")) return; - // Path can be empty. If this case, we just want to + // Path can be empty. If this case, we just want to // get to the next panel. Customer has HSM. String s = HttpInput.getString(request, "path"); // if (s == null || s.equals("")) { - // CMS.debug("RestoreKeyCertPanel validate: path is empty"); - // throw new IOException("Path is empty"); + // CMS.debug("RestoreKeyCertPanel validate: path is empty"); + // throw new IOException("Path is empty"); // } - if (s != null && !s.equals("")) { s = HttpInput.getPassword(request, "__password"); if (s == null || s.equals("")) { @@ -216,16 +213,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException - { + HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String path = HttpInput.getString(request, "path"); if (path == null || path.equals("")) { - // skip to next panel + // skip to next panel config.putBoolean("preop.restorekeycert.done", true); try { - config.commit(false); + config.commit(false); } catch (EBaseException e) { } getConfigEntriesFromMaster(request, response, context); @@ -233,7 +228,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { return; } String pwd = HttpInput.getPassword(request, "__password"); - + String tokenn = ""; String instanceRoot = ""; @@ -245,8 +240,9 @@ public class RestoreKeyCertPanel extends WizardPanelBase { if (tokenn.equals("Internal Key Storage Token")) { byte b[] = new byte[1000000]; - FileInputStream fis = new FileInputStream(instanceRoot + "/alias/" + path); - while (fis.available() > 0) + FileInputStream fis = new FileInputStream(instanceRoot + "/alias/" + + path); + while (fis.available() > 0) fis.read(b); fis.close(); @@ -256,10 +252,11 @@ public class RestoreKeyCertPanel extends WizardPanelBase { PFX pfx = null; boolean verifypfx = false; try { - pfx = (PFX)(new PFX.Template()).decode(bis); - verifypfx = pfx.verifyAuthSafes(password, reason); + pfx = (PFX) (new PFX.Template()).decode(bis); + verifypfx = pfx.verifyAuthSafes(password, reason); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel update: Exception=" + + e.toString()); } if (verifypfx) { @@ -267,50 +264,60 @@ public class RestoreKeyCertPanel extends WizardPanelBase { AuthenticatedSafes safes = pfx.getAuthSafes(); Vector pkeyinfo_collection = new Vector(); Vector cert_collection = new Vector(); - for (int i=0; i<safes.getSize(); i++) { + for (int i = 0; i < safes.getSize(); i++) { try { - SEQUENCE scontent = safes.getSafeContentsAt(null, i); - for (int j=0; j<scontent.size(); j++) { - SafeBag bag = (SafeBag)scontent.elementAt(j); + SEQUENCE scontent = safes.getSafeContentsAt(null, i); + for (int j = 0; j < scontent.size(); j++) { + SafeBag bag = (SafeBag) scontent.elementAt(j); OBJECT_IDENTIFIER oid = bag.getBagType(); if (oid.equals(SafeBag.PKCS8_SHROUDED_KEY_BAG)) { - EncryptedPrivateKeyInfo privkeyinfo = - (EncryptedPrivateKeyInfo)bag.getInterpretedBagContent(); + EncryptedPrivateKeyInfo privkeyinfo = (EncryptedPrivateKeyInfo) bag + .getInterpretedBagContent(); PasswordConverter passConverter = new PasswordConverter(); - PrivateKeyInfo pkeyinfo = privkeyinfo.decrypt(password, new PasswordConverter()); + PrivateKeyInfo pkeyinfo = privkeyinfo.decrypt( + password, new PasswordConverter()); Vector pkeyinfo_v = new Vector(); pkeyinfo_v.addElement(pkeyinfo); SET bagAttrs = bag.getBagAttributes(); - for (int k=0; k<bagAttrs.size(); k++) { - Attribute attrs = (Attribute)bagAttrs.elementAt(k); + for (int k = 0; k < bagAttrs.size(); k++) { + Attribute attrs = (Attribute) bagAttrs + .elementAt(k); OBJECT_IDENTIFIER aoid = attrs.getType(); if (aoid.equals(SafeBag.FRIENDLY_NAME)) { SET val = attrs.getValues(); - ANY ss = (ANY)val.elementAt(0); - ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded()); - BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis); + ANY ss = (ANY) val.elementAt(0); + ByteArrayInputStream bbis = new ByteArrayInputStream( + ss.getEncoded()); + BMPString sss = (BMPString) (new BMPString.Template()) + .decode(bbis); String s = sss.toString(); pkeyinfo_v.addElement(s); } } pkeyinfo_collection.addElement(pkeyinfo_v); } else if (oid.equals(SafeBag.CERT_BAG)) { - CertBag cbag = (CertBag)bag.getInterpretedBagContent(); - OCTET_STRING str = (OCTET_STRING)cbag.getInterpretedCert(); + CertBag cbag = (CertBag) bag + .getInterpretedBagContent(); + OCTET_STRING str = (OCTET_STRING) cbag + .getInterpretedCert(); byte[] x509cert = str.toByteArray(); Vector cert_v = new Vector(); cert_v.addElement(x509cert); SET bagAttrs = bag.getBagAttributes(); - + if (bagAttrs != null) { - for (int k=0; k<bagAttrs.size(); k++) { - Attribute attrs = (Attribute)bagAttrs.elementAt(k); - OBJECT_IDENTIFIER aoid = attrs.getType(); + for (int k = 0; k < bagAttrs.size(); k++) { + Attribute attrs = (Attribute) bagAttrs + .elementAt(k); + OBJECT_IDENTIFIER aoid = attrs + .getType(); if (aoid.equals(SafeBag.FRIENDLY_NAME)) { SET val = attrs.getValues(); - ANY ss = (ANY)val.elementAt(0); - ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded()); - BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis); + ANY ss = (ANY) val.elementAt(0); + ByteArrayInputStream bbis = new ByteArrayInputStream( + ss.getEncoded()); + BMPString sss = (BMPString) (new BMPString.Template()) + .decode(bbis); String s = sss.toString(); cert_v.addElement(s); } @@ -321,10 +328,11 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel update: Exception=" + + e.toString()); } } - + importkeycert(pkeyinfo_collection, cert_collection); } else { context.put("updateStatus", "failure"); @@ -342,11 +350,12 @@ public class RestoreKeyCertPanel extends WizardPanelBase { cstype = toLowerCaseSubsystemType(cstype); if (subsystemtype.equals("clone")) { - CMS.debug("RestoreKeyCertPanel: this is the clone subsystem"); + CMS.debug("RestoreKeyCertPanel: this is the clone subsystem"); boolean cloneReady = isCertdbCloned(request, context); if (!cloneReady) { CMS.debug("RestoreKeyCertPanel update: clone does not have all the certificates."); - context.put("errorString", "Make sure you have copied the certificate database over to the clone"); + context.put("errorString", + "Make sure you have copied the certificate database over to the clone"); context.put("updateStatus", "failure"); throw new IOException("Clone is not ready"); } @@ -363,7 +372,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } private void getConfigEntriesFromMaster(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { try { IConfigStore config = CMS.getConfigStore(); String cstype = ""; @@ -381,22 +390,31 @@ public class RestoreKeyCertPanel extends WizardPanelBase { int master_ee_port = -1; try { sd_hostname = config.getString("securitydomain.host", ""); - sd_port = config.getInteger("securitydomain.httpsadminport", -1); + sd_port = config + .getInteger("securitydomain.httpsadminport", -1); master_hostname = config.getString("preop.master.hostname", ""); - master_port = config.getInteger("preop.master.httpsadminport", -1); - master_ee_port = config.getInteger("preop.master.httpsport", -1); + master_port = config.getInteger("preop.master.httpsadminport", + -1); + master_ee_port = config + .getInteger("preop.master.httpsport", -1); String content = ""; if (cstype.equals("ca") || cstype.equals("kra")) { - content = "type=request&xmlOutput=true&sessionID="+session_id; + content = "type=request&xmlOutput=true&sessionID=" + + session_id; CMS.debug("http content=" + content); - updateNumberRange(master_hostname, master_ee_port, true, content, "request", response); - - content = "type=serialNo&xmlOutput=true&sessionID="+session_id; - updateNumberRange(master_hostname, master_ee_port, true, content, "serialNo", response); - - content = "type=replicaId&xmlOutput=true&sessionID="+session_id; - updateNumberRange(master_hostname, master_ee_port, true, content, "replicaId", response); + updateNumberRange(master_hostname, master_ee_port, true, + content, "request", response); + + content = "type=serialNo&xmlOutput=true&sessionID=" + + session_id; + updateNumberRange(master_hostname, master_ee_port, true, + content, "serialNo", response); + + content = "type=replicaId&xmlOutput=true&sessionID=" + + session_id; + updateNumberRange(master_hostname, master_ee_port, true, + content, "replicaId", response); } String list = ""; @@ -406,7 +424,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } StringBuffer c1 = new StringBuffer(); - StringBuffer s1 = new StringBuffer(); + StringBuffer s1 = new StringBuffer(); StringTokenizer tok = new StringTokenizer(list, ","); while (tok.hasMoreTokens()) { String t1 = tok.nextToken(); @@ -438,8 +456,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { c1.append(t1); c1.append(".pubkey.encoded"); - - if (s1.length()!=0) + if (s1.length() != 0) s1.append(","); s1.append(cstype); @@ -449,21 +466,29 @@ public class RestoreKeyCertPanel extends WizardPanelBase { if (!cstype.equals("ca")) { c1.append(",cloning.ca.hostname,cloning.ca.httpport,cloning.ca.httpsport,cloning.ca.list,cloning.ca.pkcs7,cloning.ca.type"); - } + } if (cstype.equals("ca")) { /* get ca connector details */ - if (s1.length()!=0) + if (s1.length() != 0) s1.append(","); s1.append("ca.connector.KRA"); } - content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString()+"&xmlOutput=true&sessionID="+session_id; - boolean success = updateConfigEntries(master_hostname, master_port, true, - "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config, response); + content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + + c1.toString() + + "&substores=" + + s1.toString() + + "&xmlOutput=true&sessionID=" + session_id; + boolean success = updateConfigEntries(master_hostname, + master_port, true, "/" + cstype + "/admin/" + cstype + + "/getConfigEntries", content, config, + response); if (!success) { - context.put("errorString", "Failed to get configuration entries from the master"); - throw new IOException("Failed to get configuration entries from the master"); + context.put("errorString", + "Failed to get configuration entries from the master"); + throw new IOException( + "Failed to get configuration entries from the master"); } config.putString("preop.clone.configuration", "true"); try { @@ -473,7 +498,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } catch (IOException eee) { throw eee; } catch (Exception eee) { - CMS.debug("RestoreKeyCertPanel: update exception caught:"+eee.toString()); + CMS.debug("RestoreKeyCertPanel: update exception caught:" + + eee.toString()); } } catch (IOException ee) { @@ -491,38 +517,42 @@ public class RestoreKeyCertPanel extends WizardPanelBase { String s = st.nextToken(); if (s.equals("sslserver")) continue; - String name = "preop.master."+s+".nickname"; + String name = "preop.master." + s + ".nickname"; String nickname = cs.getString(name, ""); CryptoManager cm = CryptoManager.getInstance(); X509Certificate xcert = null; try { xcert = cm.findCertByNickname(nickname); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString()); + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + + ee.toString()); } CryptoToken ct = cm.getInternalKeyStorageToken(); CryptoStore store = ct.getCryptoStore(); try { store.deleteCert(xcert); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString()); + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + + ee.toString()); } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+e.toString()); - } + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + + e.toString()); + } } - private org.mozilla.jss.crypto.PrivateKey.Type getPrivateKeyType(PublicKey pubkey) { - CMS.debug("Key Algorithm '"+pubkey.getAlgorithm()+"'"); - if (pubkey.getAlgorithm().equals("EC")) { - return org.mozilla.jss.crypto.PrivateKey.Type.EC; - } - return org.mozilla.jss.crypto.PrivateKey.Type.RSA; + private org.mozilla.jss.crypto.PrivateKey.Type getPrivateKeyType( + PublicKey pubkey) { + CMS.debug("Key Algorithm '" + pubkey.getAlgorithm() + "'"); + if (pubkey.getAlgorithm().equals("EC")) { + return org.mozilla.jss.crypto.PrivateKey.Type.EC; + } + return org.mozilla.jss.crypto.PrivateKey.Type.RSA; } - private void importkeycert(Vector pkeyinfo_collection, - Vector cert_collection) throws IOException { + private void importkeycert(Vector pkeyinfo_collection, + Vector cert_collection) throws IOException { CryptoManager cm = null; try { cm = CryptoManager.getInstance(); @@ -532,12 +562,13 @@ public class RestoreKeyCertPanel extends WizardPanelBase { // delete all existing certificates first deleteExistingCerts(); - for (int i=0; i<pkeyinfo_collection.size(); i++) { + for (int i = 0; i < pkeyinfo_collection.size(); i++) { try { - Vector pkeyinfo_v = (Vector)pkeyinfo_collection.elementAt(i); - PrivateKeyInfo pkeyinfo = (PrivateKeyInfo)pkeyinfo_v.elementAt(0); - String nickname = (String)pkeyinfo_v.elementAt(1); - byte[] x509cert = getX509Cert(nickname, cert_collection); + Vector pkeyinfo_v = (Vector) pkeyinfo_collection.elementAt(i); + PrivateKeyInfo pkeyinfo = (PrivateKeyInfo) pkeyinfo_v + .elementAt(0); + String nickname = (String) pkeyinfo_v.elementAt(1); + byte[] x509cert = getX509Cert(nickname, cert_collection); X509Certificate cert = cm.importCACertPackage(x509cert); ByteArrayOutputStream bos = new ByteArrayOutputStream(); pkeyinfo.encode(bos); @@ -550,32 +581,37 @@ public class RestoreKeyCertPanel extends WizardPanelBase { try { store.deleteCert(cert); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString()); + CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" + + ee.toString()); } KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey sk = kg.generate(); - byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; + byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; IVParameterSpec param = new IVParameterSpec(iv); - Cipher c = token.getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD); + Cipher c = token + .getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD); c.initEncrypt(sk, param); byte[] encpkey = c.doFinal(pkey); - - KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); + + KeyWrapper wrapper = token + .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); wrapper.initUnwrap(sk, param); - org.mozilla.jss.crypto.PrivateKey pp = wrapper.unwrapPrivate(encpkey, getPrivateKeyType(publickey), publickey); + org.mozilla.jss.crypto.PrivateKey pp = wrapper.unwrapPrivate( + encpkey, getPrivateKeyType(publickey), publickey); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" + + e.toString()); } } - for (int i=0; i<cert_collection.size(); i++) { + for (int i = 0; i < cert_collection.size(); i++) { try { - Vector cert_v = (Vector)cert_collection.elementAt(i); - byte[] cert = (byte[])cert_v.elementAt(0); + Vector cert_v = (Vector) cert_collection.elementAt(i); + byte[] cert = (byte[]) cert_v.elementAt(0); if (cert_v.size() > 1) { - String name = (String)cert_v.elementAt(1); + String name = (String) cert_v.elementAt(1); // we need to delete the trusted CA certificate if it is // the same as the ca signing certificate if (isCASigningCert(name)) { @@ -586,30 +622,35 @@ public class RestoreKeyCertPanel extends WizardPanelBase { CMS.debug("RestoreKeyCertPanel deleteCert: this is pk11store"); if (store instanceof PK11Store) { try { - PK11Store pk11store = (PK11Store)store; + PK11Store pk11store = (PK11Store) store; pk11store.deleteCertOnly(certchain); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString()); + CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" + + ee.toString()); } } } } - X509Certificate xcert = cm.importUserCACertPackage(cert, name); + X509Certificate xcert = cm.importUserCACertPackage(cert, + name); if (name.startsWith("caSigningCert")) { // we need to change the trust attribute to CT - InternalCertificate icert = (InternalCertificate)xcert; - icert.setSSLTrust(InternalCertificate.TRUSTED_CA - | InternalCertificate.TRUSTED_CLIENT_CA - | InternalCertificate.VALID_CA); + InternalCertificate icert = (InternalCertificate) xcert; + icert.setSSLTrust(InternalCertificate.TRUSTED_CA + | InternalCertificate.TRUSTED_CLIENT_CA + | InternalCertificate.VALID_CA); } else if (name.startsWith("auditSigningCert")) { - InternalCertificate icert = (InternalCertificate)xcert; - icert.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER); + InternalCertificate icert = (InternalCertificate) xcert; + icert.setObjectSigningTrust(InternalCertificate.USER + | InternalCertificate.VALID_PEER + | InternalCertificate.TRUSTED_PEER); } } else cm.importCACertPackage(cert); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" + + e.toString()); } } } @@ -628,41 +669,44 @@ public class RestoreKeyCertPanel extends WizardPanelBase { return false; } - private X509Certificate getX509CertFromToken(byte[] cert) - throws IOException { + private X509Certificate getX509CertFromToken(byte[] cert) + throws IOException { try { X509CertImpl impl = new X509CertImpl(cert); String issuer_impl = impl.getIssuerDN().toString(); BigInteger serial_impl = impl.getSerialNumber(); CryptoManager cm = CryptoManager.getInstance(); X509Certificate[] permcerts = cm.getPermCerts(); - for (int i=0; i<permcerts.length; i++) { + for (int i = 0; i < permcerts.length; i++) { String issuer_p = permcerts[i].getSubjectDN().toString(); BigInteger serial_p = permcerts[i].getSerialNumber(); - if (issuer_p.equals(issuer_impl) && serial_p.compareTo(serial_impl) == 0) { + if (issuer_p.equals(issuer_impl) + && serial_p.compareTo(serial_impl) == 0) { return permcerts[i]; } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception=" + + e.toString()); } return null; } - private byte[] getX509Cert(String nickname, Vector cert_collection) - throws IOException { - for (int i=0; i<cert_collection.size(); i++) { - Vector v = (Vector)cert_collection.elementAt(i); - byte[] b = (byte[])v.elementAt(0); + private byte[] getX509Cert(String nickname, Vector cert_collection) + throws IOException { + for (int i = 0; i < cert_collection.size(); i++) { + Vector v = (Vector) cert_collection.elementAt(i); + byte[] b = (byte[]) v.elementAt(0); X509CertImpl impl = null; try { impl = new X509CertImpl(b); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel getX509Cert: Exception="+e.toString()); - throw new IOException( e.toString() ); + CMS.debug("RestoreKeyCertPanel getX509Cert: Exception=" + + e.toString()); + throw new IOException(e.toString()); } - Principal subjectdn = impl.getSubjectDN(); + Principal subjectdn = impl.getSubjectDN(); if (LDAPDN.equals(subjectdn.toString(), nickname)) return b; } @@ -674,17 +718,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, Context context) { context.put("title", "Import Keys and Certificates"); context.put("password", ""); context.put("path", ""); context.put("panel", "admin/console/config/restorekeycertpanel.vm"); } - private boolean isCertdbCloned(HttpServletRequest request, - Context context) { + private boolean isCertdbCloned(HttpServletRequest request, Context context) { IConfigStore config = CMS.getConfigStore(); String certList = ""; try { @@ -698,13 +739,13 @@ public class RestoreKeyCertPanel extends WizardPanelBase { String tokenname = config.getString("preop.module.token", ""); CryptoToken tok = cm.getTokenByName(tokenname); CryptoStore store = tok.getCryptoStore(); - String name1 = "preop.master."+token+".nickname"; + String name1 = "preop.master." + token + ".nickname"; String nickname = config.getString(name1, ""); - if (!tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) - nickname = tokenname+":"+nickname; + if (!tokenname.equals("Internal Key Storage Token") + && !tokenname.equals("internal")) + nickname = tokenname + ":" + nickname; - CMS.debug("RestoreKeyCertPanel isCertdbCloned: "+nickname); + CMS.debug("RestoreKeyCertPanel isCertdbCloned: " + nickname); X509Certificate cert = cm.findCertByNickname(nickname); if (cert == null) return false; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java index 854e8f10e..83d8413ed 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java @@ -34,19 +34,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class SavePKCS12Panel extends WizardPanelBase { - public SavePKCS12Panel() {} + public SavePKCS12Panel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Save Keys and Certificates"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Save Keys and Certificates"); setId(id); @@ -60,11 +60,11 @@ public class SavePKCS12Panel extends WizardPanelBase { try { boolean enable = cs.getBoolean("preop.backupkeys.enable", false); - if (!enable) + if (!enable) return true; } catch (Exception e) { } - + return false; } @@ -77,13 +77,14 @@ public class SavePKCS12Panel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -95,8 +96,7 @@ public class SavePKCS12Panel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Save Keys and Certificates"); IConfigStore config = CMS.getConfigStore(); String subsystemtype = ""; @@ -116,15 +116,14 @@ public class SavePKCS12Panel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { context.put("title", "Save Keys and Certificates"); context.put("panel", "admin/console/config/savepkcs12panel.vm"); context.put("updateStatus", "success"); @@ -134,9 +133,7 @@ public class SavePKCS12Panel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, Context context) { context.put("title", "Save Keys and Certificates"); context.put("panel", "admin/console/config/savepkcs12panel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java index 3a5d82d1d..14e52a38c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.net.URL; import java.net.URLDecoder; @@ -39,14 +38,12 @@ public class SecurityDomainLogin extends BaseServlet { private static final long serialVersionUID = -1616344299101179396L; public boolean authenticate(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { return true; } public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; try { @@ -59,9 +56,9 @@ public class SecurityDomainLogin extends BaseServlet { int index = url.indexOf("subsystem="); String subsystem = ""; if (index > 0) { - subsystem = url.substring(index+10); + subsystem = url.substring(index + 10); int index1 = subsystem.indexOf("&"); - if (index1 > 0) + if (index1 > 0) subsystem = subsystem.substring(0, index1); } context.put("sd_uid", ""); @@ -70,15 +67,16 @@ public class SecurityDomainLogin extends BaseServlet { context.put("host", u.getHost()); context.put("sdhost", CMS.getEESSLHost()); if (subsystem.equals("KRA")) { - subsystem = "DRM"; + subsystem = "DRM"; } context.put("subsystem", subsystem); // The "securitydomain.name" property ONLY resides in the "CS.cfg" // associated with the CS subsystem hosting the security domain. IConfigStore cs = CMS.getConfigStore(); String sdname = cs.getString("securitydomain.name", ""); - context.put("name", sdname); - template = Velocity.getTemplate("admin/console/config/securitydomainloginpanel.vm"); + context.put("name", sdname); + template = Velocity + .getTemplate("admin/console/config/securitydomainloginpanel.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java index 90a6aeb07..e43fa913e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; @@ -39,19 +38,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class SecurityDomainPanel extends WizardPanelBase { - public SecurityDomainPanel() {} + public SecurityDomainPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Security Domain"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Security Domain"); setId(id); @@ -72,15 +71,16 @@ public class SecurityDomainPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -88,8 +88,7 @@ public class SecurityDomainPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Security Domain"); IConfigStore config = CMS.getConfigStore(); String errorString = ""; @@ -99,10 +98,12 @@ public class SecurityDomainPanel extends WizardPanelBase { String systemdService = ""; try { - default_admin_url = config.getString("preop.securitydomain.admin_url", ""); + default_admin_url = config.getString( + "preop.securitydomain.admin_url", ""); name = config.getString("preop.securitydomain.name", ""); cstype = config.getString("cs.type", ""); - systemdService = config.getString("pkicreate.systemd.servicename", ""); + systemdService = config.getString("pkicreate.systemd.servicename", + ""); } catch (Exception e) { CMS.debug(e.toString()); } @@ -136,7 +137,8 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("https_ee_port", CMS.getEESSLPort()); context.put("https_admin_port", CMS.getAdminPort()); context.put("sdomainAdminURL", default_admin_url); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } context.put("panel", "admin/console/config/securitydomainpanel.vm"); context.put("errorString", errorString); @@ -157,18 +159,19 @@ public class SecurityDomainPanel extends WizardPanelBase { while (st.hasMoreTokens()) { count++; String n = st.nextToken(); - if (first) { //skip the hostname + if (first) { // skip the hostname first = false; continue; } if (count == numTokens) // skip the last element (e.g. com) continue; - sb.append((defaultDomain.length()==0)? "":" "); + sb.append((defaultDomain.length() == 0) ? "" : " "); sb.append(capitalize(n)); } - defaultDomain = sb.toString() + " "+ "Domain"; + defaultDomain = sb.toString() + " " + "Domain"; name = defaultDomain; - CMS.debug("SecurityDomainPanel: defaultDomain generated:"+ name); + CMS.debug("SecurityDomainPanel: defaultDomain generated:" + + name); } catch (MalformedURLException e) { errorString = "Malformed URL"; // not being able to come up with default domain name is ok @@ -176,54 +179,53 @@ public class SecurityDomainPanel extends WizardPanelBase { } context.put("sdomainName", name); - if( default_admin_url != null ) { + if (default_admin_url != null) { String r = null; try { // check to see if "default" security domain exists // on local machine - URL u = new URL( default_admin_url ); + URL u = new URL(default_admin_url); String hostname = u.getHost(); int port = u.getPort(); - ConfigCertApprovalCallback - certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS( hostname, port, true, certApprovalCallback ); + ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS(hostname, port, true, certApprovalCallback); } catch (Exception e) { - CMS.debug( "SecurityDomainPanel: exception caught: " - + e.toString() ); + CMS.debug("SecurityDomainPanel: exception caught: " + + e.toString()); } - - if( r != null ) { + + if (r != null) { // "default" security domain exists on local machine; // fill "sdomainURL" in with "default" security domain // as an initial "guess" - CMS.debug( "SecurityDomainPanel: pingCS returns: "+r ); - context.put( "sdomainURL", default_admin_url ); + CMS.debug("SecurityDomainPanel: pingCS returns: " + r); + context.put("sdomainURL", default_admin_url); } else { // "default" security domain does NOT exist on local machine; // leave "sdomainURL" blank - CMS.debug( "SecurityDomainPanel: pingCS no successful response" ); - context.put( "sdomainURL", "" ); + CMS.debug("SecurityDomainPanel: pingCS no successful response"); + context.put("sdomainURL", ""); } } // Information for "existing" Security Domain CAs String initDaemon = "pki-cad"; String instanceId = "<security_domain_instance_name>"; - String os = System.getProperty( "os.name" ); - if( os.equalsIgnoreCase( "Linux" ) ) { - if (! systemdService.equals("")) { - context.put( "initCommand", "/usr/bin/pkicontrol" ); - context.put( "instanceId", "ca " + systemdService ); + String os = System.getProperty("os.name"); + if (os.equalsIgnoreCase("Linux")) { + if (!systemdService.equals("")) { + context.put("initCommand", "/usr/bin/pkicontrol"); + context.put("instanceId", "ca " + systemdService); } else { - context.put( "initCommand", "/sbin/service " + initDaemon ); - context.put( "instanceId", instanceId ); + context.put("initCommand", "/sbin/service " + initDaemon); + context.put("instanceId", instanceId); } } else { - /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put( "initCommand", "/etc/init.d/" + initDaemon ); - context.put( "instanceId", instanceId ); + /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ + context.put("initCommand", "/etc/init.d/" + initDaemon); + context.put("instanceId", instanceId); } } @@ -231,7 +233,7 @@ public class SecurityDomainPanel extends WizardPanelBase { if (s.length() == 0) { return s; } else { - return s.substring(0,1).toUpperCase() + s.substring(1); + return s.substring(0, 1).toUpperCase() + s.substring(1); } } @@ -239,62 +241,59 @@ public class SecurityDomainPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { - + HttpServletResponse response, Context context) throws IOException { + String select = HttpInput.getID(request, "choice"); if (select.equals("newdomain")) { - String name = HttpInput.getSecurityDomainName(request, "sdomainName"); + String name = HttpInput.getSecurityDomainName(request, + "sdomainName"); if (name == null || name.equals("")) { initParams(request, context); context.put("updateStatus", "validate-failure"); - throw new IOException("Missing name value for the security domain"); + throw new IOException( + "Missing name value for the security domain"); } } else if (select.equals("existingdomain")) { - CMS.debug( "SecurityDomainPanel: validating " - + "SSL Admin HTTPS . . ." ); - String admin_url = HttpInput.getURL( request, "sdomainURL" ); - if( admin_url == null || admin_url.equals("") ) { - initParams( request, context ); + CMS.debug("SecurityDomainPanel: validating " + + "SSL Admin HTTPS . . ."); + String admin_url = HttpInput.getURL(request, "sdomainURL"); + if (admin_url == null || admin_url.equals("")) { + initParams(request, context); context.put("updateStatus", "validate-failure"); - throw new IOException( "Missing SSL Admin HTTPS url value " - + "for the security domain" ); + throw new IOException("Missing SSL Admin HTTPS url value " + + "for the security domain"); } else { String r = null; try { - URL u = new URL( admin_url ); + URL u = new URL(admin_url); String hostname = u.getHost(); int admin_port = u.getPort(); - ConfigCertApprovalCallback - certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS( hostname, admin_port, true, - certApprovalCallback ); - } catch( Exception e ) { - CMS.debug( "SecurityDomainPanel: exception caught: " - + e.toString() ); + ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS(hostname, admin_port, true, certApprovalCallback); + } catch (Exception e) { + CMS.debug("SecurityDomainPanel: exception caught: " + + e.toString()); context.put("updateStatus", "validate-failure"); - throw new IOException( "Illegal SSL Admin HTTPS url value " - + "for the security domain" ); + throw new IOException("Illegal SSL Admin HTTPS url value " + + "for the security domain"); } if (r != null) { - CMS.debug("SecurityDomainPanel: pingAdminCS returns: " - + r ); - context.put( "sdomainURL", admin_url ); + CMS.debug("SecurityDomainPanel: pingAdminCS returns: " + r); + context.put("sdomainURL", admin_url); } else { - CMS.debug( "SecurityDomainPanel: pingAdminCS " - + "no successful response for SSL Admin HTTPS" ); - context.put( "sdomainURL", "" ); + CMS.debug("SecurityDomainPanel: pingAdminCS " + + "no successful response for SSL Admin HTTPS"); + context.put("sdomainURL", ""); } } } } - public void initParams(HttpServletRequest request, Context context) - throws IOException - { + public void initParams(HttpServletRequest request, Context context) + throws IOException { IConfigStore config = CMS.getConfigStore(); try { context.put("cstype", config.getString("cs.type")); @@ -306,7 +305,7 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("check_newdomain", "checked"); context.put("check_existingdomain", ""); } else if (select.equals("existingdomain")) { - context.put("check_newdomain", ""); + context.put("check_newdomain", ""); context.put("check_existingdomain", "checked"); } @@ -325,8 +324,7 @@ public class SecurityDomainPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { String errorString = ""; String select = HttpInput.getID(request, "choice"); @@ -340,29 +338,28 @@ public class SecurityDomainPanel extends WizardPanelBase { if (select.equals("newdomain")) { config.putString("preop.securitydomain.select", "new"); config.putString("securitydomain.select", "new"); - config.putString("preop.securitydomain.name", - HttpInput.getDomainName(request, "sdomainName")); - config.putString("securitydomain.name", - HttpInput.getDomainName(request, "sdomainName")); - config.putString("securitydomain.host", - CMS.getEENonSSLHost()); - config.putString("securitydomain.httpport", - CMS.getEENonSSLPort()); - config.putString("securitydomain.httpsagentport", - CMS.getAgentPort()); - config.putString("securitydomain.httpseeport", - CMS.getEESSLPort()); - config.putString("securitydomain.httpsadminport", - CMS.getAdminPort()); - - // make sure the subsystem certificate is issued by the security + config.putString("preop.securitydomain.name", + HttpInput.getDomainName(request, "sdomainName")); + config.putString("securitydomain.name", + HttpInput.getDomainName(request, "sdomainName")); + config.putString("securitydomain.host", CMS.getEENonSSLHost()); + config.putString("securitydomain.httpport", CMS.getEENonSSLPort()); + config.putString("securitydomain.httpsagentport", + CMS.getAgentPort()); + config.putString("securitydomain.httpseeport", CMS.getEESSLPort()); + config.putString("securitydomain.httpsadminport", + CMS.getAdminPort()); + + // make sure the subsystem certificate is issued by the security // domain config.putString("preop.cert.subsystem.type", "local"); - config.putString("preop.cert.subsystem.profile", "subsystemCert.profile"); - + config.putString("preop.cert.subsystem.profile", + "subsystemCert.profile"); + try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } String instanceRoot = ""; try { @@ -377,37 +374,38 @@ public class SecurityDomainPanel extends WizardPanelBase { // make sure the subsystem certificate is issued by the security // domain config.putString("preop.cert.subsystem.type", "remote"); - config.putString("preop.cert.subsystem.profile", "caInternalAuthSubsystemCert"); + config.putString("preop.cert.subsystem.profile", + "caInternalAuthSubsystemCert"); String admin_url = HttpInput.getURL(request, "sdomainURL"); String hostname = ""; int admin_port = -1; - if( admin_url != null ) { + if (admin_url != null) { try { - URL admin_u = new URL( admin_url ); + URL admin_u = new URL(admin_url); hostname = admin_u.getHost(); admin_port = admin_u.getPort(); - } catch( MalformedURLException e ) { + } catch (MalformedURLException e) { errorString = "Malformed SSL Admin HTTPS URL"; context.put("updateStatus", "failure"); - throw new IOException( errorString ); + throw new IOException(errorString); } - context.put( "sdomainURL", admin_url ); - config.putString( "securitydomain.host", hostname ); - config.putInteger( "securitydomain.httpsadminport", - admin_port ); + context.put("sdomainURL", admin_url); + config.putString("securitydomain.host", hostname); + config.putInteger("securitydomain.httpsadminport", admin_port); } try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChain( config, "securitydomain", hostname, admin_port, - true, context, certApprovalCallback ); + updateCertChain(config, "securitydomain", hostname, admin_port, + true, context, certApprovalCallback); } else { CMS.debug("SecurityDomainPanel: invalid choice " + select); errorString = "Invalid choice"; @@ -425,7 +423,8 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("wizardname", config.getString("preop.wizard.name")); context.put("panelname", "Security Domain Configuration"); context.put("systemname", config.getString("preop.system.name")); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } context.put("errorString", errorString); context.put("updateStatus", "success"); @@ -435,8 +434,7 @@ public class SecurityDomainPanel extends WizardPanelBase { * If validate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { IConfigStore config = CMS.getConfigStore(); String default_admin_url = ""; try { @@ -445,33 +443,35 @@ public class SecurityDomainPanel extends WizardPanelBase { } try { - default_admin_url = config.getString("preop.securitydomain.admin_url", ""); - } catch (Exception e) {} + default_admin_url = config.getString( + "preop.securitydomain.admin_url", ""); + } catch (Exception e) { + } - if( default_admin_url != null ) { + if (default_admin_url != null) { String r = null; try { // check to see if "default" security domain exists // on local machine - URL u = new URL( default_admin_url ); + URL u = new URL(default_admin_url); String hostname = u.getHost(); int port = u.getPort(); - ConfigCertApprovalCallback - certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS( hostname, port, true, certApprovalCallback ); - } catch (Exception e) {} - - if( r != null ) { + ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS(hostname, port, true, certApprovalCallback); + } catch (Exception e) { + } + + if (r != null) { // "default" security domain exists on local machine; // refill "sdomainURL" in with "default" security domain // as an initial "guess" - context.put( "sdomainURL", default_admin_url ); + context.put("sdomainURL", default_admin_url); } else { // "default" security domain does NOT exist on local machine; // leave "sdomainURL" blank - context.put( "sdomainURL", "" ); + context.put("sdomainURL", ""); } } @@ -482,20 +482,21 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("https_ee_port", CMS.getEESSLPort()); context.put("https_admin_port", CMS.getAdminPort()); context.put("sdomainAdminURL", - config.getString("preop.securitydomain.admin_url")); - } catch (EBaseException e) {} + config.getString("preop.securitydomain.admin_url")); + } catch (EBaseException e) { + } // Information for "existing" Security Domain CAs String initDaemon = "pki-cad"; String instanceId = "<security_domain_instance_name>"; - String os = System.getProperty( "os.name" ); - if( os.equalsIgnoreCase( "Linux" ) ) { - context.put( "initCommand", "/sbin/service " + initDaemon ); - context.put( "instanceId", instanceId ); + String os = System.getProperty("os.name"); + if (os.equalsIgnoreCase("Linux")) { + context.put("initCommand", "/sbin/service " + initDaemon); + context.put("instanceId", instanceId); } else { - /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put( "initCommand", "/etc/init.d/" + initDaemon ); - context.put( "instanceId", instanceId ); + /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ + context.put("initCommand", "/etc/init.d/" + initDaemon); + context.put("instanceId", instanceId); } context.put("title", "Security Domain"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java index 3d3530f2e..f881ba7cb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java @@ -27,8 +27,7 @@ import com.netscape.certsrv.base.ISecurityDomainSessionTable; /** * This object stores the values for IP, uid and group based on the cookie id. */ -public class SecurityDomainSessionTable - implements ISecurityDomainSessionTable { +public class SecurityDomainSessionTable implements ISecurityDomainSessionTable { private Hashtable m_sessions; private long m_timeToLive; @@ -38,8 +37,7 @@ public class SecurityDomainSessionTable m_timeToLive = timeToLive; } - public int addEntry(String sessionId, String ip, - String uid, String group) { + public int addEntry(String sessionId, String ip, String uid, String group) { Vector v = new Vector(); v.addElement(ip); v.addElement(uid); @@ -65,30 +63,30 @@ public class SecurityDomainSessionTable } public String getIP(String sessionId) { - Vector v = (Vector)m_sessions.get(sessionId); + Vector v = (Vector) m_sessions.get(sessionId); if (v != null) - return (String)v.elementAt(0); + return (String) v.elementAt(0); return null; } public String getUID(String sessionId) { - Vector v = (Vector)m_sessions.get(sessionId); + Vector v = (Vector) m_sessions.get(sessionId); if (v != null) - return (String)v.elementAt(1); + return (String) v.elementAt(1); return null; } public String getGroup(String sessionId) { - Vector v = (Vector)m_sessions.get(sessionId); + Vector v = (Vector) m_sessions.get(sessionId); if (v != null) - return (String)v.elementAt(2); + return (String) v.elementAt(2); return null; } public long getBeginTime(String sessionId) { - Vector v = (Vector)m_sessions.get(sessionId); - if (v != null) { - Long n = (Long)v.elementAt(3); + Vector v = (Vector) m_sessions.get(sessionId); + if (v != null) { + Long n = (Long) v.elementAt(3); if (n != null) return n.longValue(); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java index c3a1e325a..05769dc5c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java @@ -28,8 +28,7 @@ import com.netscape.certsrv.logging.ILogger; public class SessionTimer extends TimerTask { private ISecurityDomainSessionTable m_sessiontable = null; private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = - "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; public SessionTimer(ISecurityDomainSessionTable table) { super(); @@ -39,32 +38,27 @@ public class SessionTimer extends TimerTask { public void run() { Enumeration keys = m_sessiontable.getSessionIds(); while (keys.hasMoreElements()) { - String sessionId = (String)keys.nextElement(); + String sessionId = (String) keys.nextElement(); long beginTime = m_sessiontable.getBeginTime(sessionId); Date nowDate = new Date(); long nowTime = nowDate.getTime(); long timeToLive = m_sessiontable.getTimeToLive(); - if ((nowTime-beginTime) > timeToLive) { + if ((nowTime - beginTime) > timeToLive) { m_sessiontable.removeEntry(sessionId); CMS.debug("SessionTimer run: successfully remove the session id entry from the table."); - + // audit message - String auditParams = "operation;;expire_token+token;;" + sessionId; + String auditParams = "operation;;expire_token+token;;" + + sessionId; String auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, - "system", - ILogger.SUCCESS, - auditParams); + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, "system", + ILogger.SUCCESS, auditParams); - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - auditMessage); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, + ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, + auditMessage); - } } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java index 0e6a507a2..a096963cb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.security.KeyPair; import java.security.NoSuchAlgorithmException; @@ -54,13 +53,14 @@ public class SizePanel extends WizardPanelBase { private String default_rsa_key_size; private boolean mShowSigning = false; - public SizePanel() {} + public SizePanel() { + } /** * Initializes this panel. */ - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Key Pairs"); setId(id); @@ -69,25 +69,30 @@ public class SizePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, - "default,custom", null, /* no default parameter */ + + Descriptor choiceDesc = new Descriptor( + IDescriptor.CHOICE, + "default,custom", + null, /* no default parameter */ "If 'default', the key size will be configured automatically. If 'custom', the key size will be set to the value of the parameter 'custom_size'."); set.add("choice", choiceDesc); - - Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "Custom Key Size"); + + Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ + "Custom Key Size"); set.add("custom_size", customSizeDesc); - + return set; } public void cleanUp() throws IOException { IConfigStore cs = CMS.getConfigStore(); - /* clean up if necessary*/ + /* clean up if necessary */ try { boolean done = cs.getBoolean("preop.SizePanel.done"); cs.putBoolean("preop.SizePanel.done", false); @@ -105,7 +110,8 @@ public class SizePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -114,11 +120,10 @@ public class SizePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("SizePanel: display()"); try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } @@ -134,12 +139,14 @@ public class SizePanel extends WizardPanelBase { } try { - default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256"); + default_ecc_curve_name = config.getString("keys.ecc.curve.default", + "nistp256"); } catch (Exception e) { } try { - default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048"); + default_rsa_key_size = config.getString("keys.rsa.keysize.default", + "2048"); } catch (Exception e) { } @@ -152,12 +159,12 @@ public class SizePanel extends WizardPanelBase { while (st.hasMoreTokens()) { String certTag = st.nextToken(); - String nn = config.getString( - PCERT_PREFIX + certTag + ".nickname"); + String nn = config.getString(PCERT_PREFIX + certTag + + ".nickname"); Cert c = new Cert(token, nn, certTag); - String s = config.getString( - PCERT_PREFIX + certTag + ".keysize.select", "default"); + String s = config.getString(PCERT_PREFIX + certTag + + ".keysize.select", "default"); if (s.equals("default")) { c.setKeyOption("default"); @@ -166,26 +173,25 @@ public class SizePanel extends WizardPanelBase { c.setKeyOption("custom"); } - s = config.getString( - PCERT_PREFIX + certTag + ".keysize.custom_size", - default_rsa_key_size); + s = config.getString(PCERT_PREFIX + certTag + + ".keysize.custom_size", default_rsa_key_size); c.setCustomKeysize(s); - s = config.getString( - PCERT_PREFIX + certTag + ".curvename.custom_name", - default_ecc_curve_name); + s = config.getString(PCERT_PREFIX + certTag + + ".curvename.custom_name", default_ecc_curve_name); c.setCustomCurvename(s); - boolean signingRequired = config.getBoolean( - PCERT_PREFIX + certTag + ".signing.required", - false); + boolean signingRequired = config.getBoolean(PCERT_PREFIX + + certTag + ".signing.required", false); c.setSigningRequired(signingRequired); - if (signingRequired) mShowSigning = true; + if (signingRequired) + mShowSigning = true; - String userfriendlyname = config.getString( - PCERT_PREFIX + certTag + ".userfriendlyname"); + String userfriendlyname = config.getString(PCERT_PREFIX + + certTag + ".userfriendlyname"); c.setUserFriendlyName(userfriendlyname); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + + ".enable", true); c.setEnable(enable); mCerts.addElement(c); }// while @@ -206,16 +212,15 @@ public class SizePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException, NumberFormatException { + HttpServletResponse response, Context context) throws IOException, + NumberFormatException { CMS.debug("SizePanel: update()"); boolean hasErr = false; IConfigStore config = CMS.getConfigStore(); @@ -236,13 +241,15 @@ public class SizePanel extends WizardPanelBase { if (select1.equals("clone")) { // preset the sslserver dn for cloning case try { - String val = config.getString("preop.cert.sslserver.dn", ""); - config.putString("preop.cert.sslserver.dn", val+",o=clone"); + String val = config + .getString("preop.cert.sslserver.dn", ""); + config.putString("preop.cert.sslserver.dn", val + + ",o=clone"); } catch (Exception ee) { } } } - + String token = ""; try { token = config.getString(PRE_CONF_CA_TOKEN, ""); @@ -251,13 +258,17 @@ public class SizePanel extends WizardPanelBase { while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); String ct = cert.getCertTag(); - boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + ct + + ".enable", true); if (!enable) continue; - String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa or ecc + String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa + // or + // ecc - String keyalgorithm = HttpInput.getString(request, ct + "_keyalgorithm"); + String keyalgorithm = HttpInput.getString(request, ct + + "_keyalgorithm"); if (keyalgorithm == null) { if (keytype != null && keytype.equals("ecc")) { keyalgorithm = "SHA256withEC"; @@ -266,7 +277,8 @@ public class SizePanel extends WizardPanelBase { } } - String signingalgorithm = HttpInput.getString(request, ct + "_signingalgorithm"); + String signingalgorithm = HttpInput.getString(request, ct + + "_signingalgorithm"); if (signingalgorithm == null) { signingalgorithm = keyalgorithm; } @@ -275,114 +287,136 @@ public class SizePanel extends WizardPanelBase { if (select == null) { CMS.debug("SizePanel: " + ct + "_choice not found"); - throw new IOException( - "SizePanel: " + ct + "_choice not found"); + throw new IOException("SizePanel: " + ct + + "_choice not found"); } - CMS.debug( - "SizePanel: update() keysize choice selected:" + select); - String oldkeysize = - config.getString(PCERT_PREFIX+ct+".keysize.size", ""); - String oldkeytype = - config.getString(PCERT_PREFIX + ct + ".keytype", ""); - String oldkeyalgorithm = - config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); - String oldsigningalgorithm = - config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); - String oldcurvename = - config.getString(PCERT_PREFIX + ct + ".curvename.name", ""); + CMS.debug("SizePanel: update() keysize choice selected:" + + select); + String oldkeysize = config.getString(PCERT_PREFIX + ct + + ".keysize.size", ""); + String oldkeytype = config.getString(PCERT_PREFIX + ct + + ".keytype", ""); + String oldkeyalgorithm = config.getString(PCERT_PREFIX + ct + + ".keyalgorithm", ""); + String oldsigningalgorithm = config.getString(PCERT_PREFIX + ct + + ".signingalgorithm", ""); + String oldcurvename = config.getString(PCERT_PREFIX + ct + + ".curvename.name", ""); if (select.equals("default")) { // XXXrenaming these...keep for now just in case config.putString("preop.keysize.select", "default"); if (keytype != null && keytype.equals("ecc")) { - config.putString("preop.curvename.custom_name", - default_ecc_curve_name); - config.putString("preop.curvename.name", default_ecc_curve_name); + config.putString("preop.curvename.custom_name", + default_ecc_curve_name); + config.putString("preop.curvename.name", + default_ecc_curve_name); } else { - config.putString("preop.keysize.custom_size", - default_rsa_key_size); - config.putString("preop.keysize.size", default_rsa_key_size); + config.putString("preop.keysize.custom_size", + default_rsa_key_size); + config.putString("preop.keysize.size", + default_rsa_key_size); } config.putString(PCERT_PREFIX + ct + ".keytype", keytype); - config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm); - config.putString(PCERT_PREFIX + ct + ".signingalgorithm", signingalgorithm); + config.putString(PCERT_PREFIX + ct + ".keyalgorithm", + keyalgorithm); + config.putString(PCERT_PREFIX + ct + ".signingalgorithm", + signingalgorithm); config.putString(PCERT_PREFIX + ct + ".keysize.select", "default"); if (keytype != null && keytype.equals("ecc")) { - config.putString(PCERT_PREFIX + ct + - ".curvename.custom_name", - default_ecc_curve_name); - config.putString(PCERT_PREFIX + ct + ".curvename.name", - default_ecc_curve_name); + config.putString(PCERT_PREFIX + ct + + ".curvename.custom_name", + default_ecc_curve_name); + config.putString(PCERT_PREFIX + ct + ".curvename.name", + default_ecc_curve_name); } else { - config.putString(PCERT_PREFIX + ct + - ".keysize.custom_size", - default_rsa_key_size); - config.putString(PCERT_PREFIX + ct + ".keysize.size", - default_rsa_key_size); + config.putString(PCERT_PREFIX + ct + + ".keysize.custom_size", default_rsa_key_size); + config.putString(PCERT_PREFIX + ct + ".keysize.size", + default_rsa_key_size); } } else if (select.equals("custom")) { // XXXrenaming these...keep for now just in case config.putString("preop.keysize.select", "custom"); if (keytype != null && keytype.equals("ecc")) { - config.putString("preop.curvename.name", - HttpInput.getString(request, ct + "_custom_curvename")); - config.putString("preop.curvename.custom_name", - HttpInput.getString(request, ct + "_custom_curvename")); + config.putString( + "preop.curvename.name", + HttpInput.getString(request, ct + + "_custom_curvename")); + config.putString( + "preop.curvename.custom_name", + HttpInput.getString(request, ct + + "_custom_curvename")); } else { - config.putString("preop.keysize.size", - HttpInput.getKeySize(request, ct + "_custom_size", keytype)); - config.putString("preop.keysize.custom_size", - HttpInput.getKeySize(request, ct + "_custom_size", keytype)); + config.putString( + "preop.keysize.size", + HttpInput.getKeySize(request, ct + + "_custom_size", keytype)); + config.putString( + "preop.keysize.custom_size", + HttpInput.getKeySize(request, ct + + "_custom_size", keytype)); } config.putString(PCERT_PREFIX + ct + ".keytype", keytype); - config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm); - config.putString(PCERT_PREFIX + ct + ".signingalgorithm", signingalgorithm); + config.putString(PCERT_PREFIX + ct + ".keyalgorithm", + keyalgorithm); + config.putString(PCERT_PREFIX + ct + ".signingalgorithm", + signingalgorithm); config.putString(PCERT_PREFIX + ct + ".keysize.select", "custom"); if (keytype != null && keytype.equals("ecc")) { - config.putString(PCERT_PREFIX + ct + ".curvename.custom_name", - HttpInput.getString(request, ct + "_custom_curvename")); - config.putString(PCERT_PREFIX + ct + ".curvename.name", - HttpInput.getString(request, ct + "_custom_curvename")); + config.putString( + PCERT_PREFIX + ct + ".curvename.custom_name", + HttpInput.getString(request, ct + + "_custom_curvename")); + config.putString( + PCERT_PREFIX + ct + ".curvename.name", + HttpInput.getString(request, ct + + "_custom_curvename")); } else { - config.putString(PCERT_PREFIX + ct + ".keysize.custom_size", - HttpInput.getKeySize(request, ct + "_custom_size")); - config.putString(PCERT_PREFIX + ct + ".keysize.size", - HttpInput.getKeySize(request, ct + "_custom_size")); + config.putString( + PCERT_PREFIX + ct + ".keysize.custom_size", + HttpInput.getKeySize(request, ct + + "_custom_size")); + config.putString( + PCERT_PREFIX + ct + ".keysize.size", + HttpInput.getKeySize(request, ct + + "_custom_size")); } } else { CMS.debug("SizePanel: invalid choice " + select); throw new IOException("invalid choice " + select); } - String newkeysize = - config.getString(PCERT_PREFIX+ct+".keysize.size", ""); - String newkeytype = - config.getString(PCERT_PREFIX + ct + ".keytype", ""); - String newkeyalgorithm = - config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); - String newsigningalgorithm = - config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); - String newcurvename = - config.getString(PCERT_PREFIX+ct+".curvename.name", ""); - - if (!oldkeysize.equals(newkeysize) || - !oldkeytype.equals(newkeytype) || - !oldkeyalgorithm.equals(newkeyalgorithm) || - !oldsigningalgorithm.equals(newsigningalgorithm) || - !oldcurvename.equals(newcurvename)) + String newkeysize = config.getString(PCERT_PREFIX + ct + + ".keysize.size", ""); + String newkeytype = config.getString(PCERT_PREFIX + ct + + ".keytype", ""); + String newkeyalgorithm = config.getString(PCERT_PREFIX + ct + + ".keyalgorithm", ""); + String newsigningalgorithm = config.getString(PCERT_PREFIX + ct + + ".signingalgorithm", ""); + String newcurvename = config.getString(PCERT_PREFIX + ct + + ".curvename.name", ""); + + if (!oldkeysize.equals(newkeysize) + || !oldkeytype.equals(newkeytype) + || !oldkeyalgorithm.equals(newkeyalgorithm) + || !oldsigningalgorithm.equals(newsigningalgorithm) + || !oldcurvename.equals(newcurvename)) hasChanged = true; }// while try { config.commit(false); - } catch (EBaseException e) { - CMS.debug("SizePanel: update() Exception caught at config commit: " + e.toString()); + } catch (EBaseException e) { + CMS.debug("SizePanel: update() Exception caught at config commit: " + + e.toString()); } val1 = HttpInput.getID(request, "generateKeyPair"); @@ -393,19 +427,20 @@ public class SizePanel extends WizardPanelBase { context.put("updateStatus", "success"); return; } - } catch (IOException e) { + } catch (IOException e) { CMS.debug("SizePanel: update() IOException caught: " + e.toString()); context.put("updateStatus", "failure"); throw e; } catch (NumberFormatException e) { - CMS.debug("SizePanel: update() NumberFormatException caught: " + e.toString()); + CMS.debug("SizePanel: update() NumberFormatException caught: " + + e.toString()); context.put("updateStatus", "failure"); throw e; - } catch (Exception e) { + } catch (Exception e) { CMS.debug("SizePanel: update() Exception caught: " + e.toString()); } - // generate key pair + // generate key pair Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { @@ -414,8 +449,9 @@ public class SizePanel extends WizardPanelBase { String friendlyName = ct; boolean enable = true; try { - enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); - friendlyName = config.getString(PCERT_PREFIX + ct + ".userfriendlyname", ct); + enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true); + friendlyName = config.getString(PCERT_PREFIX + ct + + ".userfriendlyname", ct); } catch (Exception e) { } @@ -423,17 +459,19 @@ public class SizePanel extends WizardPanelBase { continue; try { - String keytype = config.getString(PCERT_PREFIX + ct + ".keytype"); - String keyalgorithm = config.getString(PCERT_PREFIX + ct + ".keyalgorithm"); - + String keytype = config.getString(PCERT_PREFIX + ct + + ".keytype"); + String keyalgorithm = config.getString(PCERT_PREFIX + ct + + ".keyalgorithm"); + if (keytype.equals("rsa")) { - int keysize = config.getInteger( - PCERT_PREFIX + ct + ".keysize.size"); + int keysize = config.getInteger(PCERT_PREFIX + ct + + ".keysize.size"); createRSAKeyPair(token, keysize, config, ct); } else { - String curveName = config.getString( - PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name); + String curveName = config.getString(PCERT_PREFIX + ct + + ".curvename.name", default_ecc_curve_name); createECCKeyPair(token, curveName, config, ct); } config.commit(false); @@ -441,40 +479,41 @@ public class SizePanel extends WizardPanelBase { CMS.debug(e); CMS.debug("SizePanel: key generation failure: " + e.toString()); context.put("updateStatus", "failure"); - throw new IOException("key generation failure for the certificate: " + friendlyName + - ". See the logs for details."); + throw new IOException( + "key generation failure for the certificate: " + + friendlyName + ". See the logs for details."); } } // while if (hasErr == false) { - config.putBoolean("preop.SizePanel.done", true); - try { - config.commit(false); - } catch (EBaseException e) { - CMS.debug( - "SizePanel: update() Exception caught at config commit: " - + e.toString()); - } - } + config.putBoolean("preop.SizePanel.done", true); + try { + config.commit(false); + } catch (EBaseException e) { + CMS.debug("SizePanel: update() Exception caught at config commit: " + + e.toString()); + } + } CMS.debug("SizePanel: update() done"); context.put("updateStatus", "success"); } - public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct) - throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException - { - CMS.debug("Generating ECC key pair with curvename="+ curveName + - ", token="+token); + public void createECCKeyPair(String token, String curveName, + IConfigStore config, String ct) throws NoSuchAlgorithmException, + NoSuchTokenException, TokenException, + CryptoManager.NotInitializedException { + CMS.debug("Generating ECC key pair with curvename=" + curveName + + ", token=" + token); KeyPair pair = null; /* - * default ssl server cert to ECDHE unless stated otherwise - * note: IE only supports "ECDHE", but "ECDH" is more efficient - * + * default ssl server cert to ECDHE unless stated otherwise note: IE + * only supports "ECDHE", but "ECDH" is more efficient + * * for "ECDHE", server.xml should have the following for ciphers: * +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, * -TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * + * * for "ECDH", server.xml should have the following for ciphers: * -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, * +TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA @@ -487,49 +526,45 @@ public class SizePanel extends WizardPanelBase { } // ECDHE needs "SIGN" but no "DERIVE" - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE - }; + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE }; // ECDH needs "DERIVE" but no any kind of "SIGN" org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, - }; + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, }; do { - if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) { - CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); - pair = CryptoUtil.generateECCKeyPair(token, curveName, - null, - ECDH_usages_mask); - } else { - if (ct.equals("sslserver")) { - CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); - } - pair = CryptoUtil.generateECCKeyPair(token, curveName, - null, - usages_mask); - } - - // XXX - store curve , w - byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); - String kid = CryptoUtil.byte2string(id); - config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); - - // try to locate the private key - org.mozilla.jss.crypto.PrivateKey privk = - CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); - if (privk == null) { - CMS.debug("Found bad ECC key id " + kid); - pair = null; + if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) { + CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); + pair = CryptoUtil.generateECCKeyPair(token, curveName, null, + ECDH_usages_mask); + } else { + if (ct.equals("sslserver")) { + CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); + } + pair = CryptoUtil.generateECCKeyPair(token, curveName, null, + usages_mask); + } + + // XXX - store curve , w + byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()) + .getUniqueID(); + String kid = CryptoUtil.byte2string(id); + config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); + + // try to locate the private key + org.mozilla.jss.crypto.PrivateKey privk = CryptoUtil + .findPrivateKeyFromID(CryptoUtil.string2byte(kid)); + if (privk == null) { + CMS.debug("Found bad ECC key id " + kid); + pair = null; } } while (pair == null); - CMS.debug("Public key class " + pair.getPublic().getClass().getName()); + CMS.debug("Public key class " + pair.getPublic().getClass().getName()); byte encoded[] = pair.getPublic().getEncoded(); config.putString(PCERT_PREFIX + ct + ".pubkey.encoded", - CryptoUtil.byte2string(encoded)); + CryptoUtil.byte2string(encoded)); String keyAlgo = ""; try { @@ -537,35 +572,39 @@ public class SizePanel extends WizardPanelBase { } catch (Exception e1) { } - setSigningAlgorithm(ct, keyAlgo, config); + setSigningAlgorithm(ct, keyAlgo, config); } - public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct) - throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException - { + public void createRSAKeyPair(String token, int keysize, + IConfigStore config, String ct) throws NoSuchAlgorithmException, + NoSuchTokenException, TokenException, + CryptoManager.NotInitializedException { /* generate key pair */ KeyPair pair = null; do { - pair = CryptoUtil.generateRSAKeyPair(token, keysize); - byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); - String kid = CryptoUtil.byte2string(id); - config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); - // try to locate the private key - org.mozilla.jss.crypto.PrivateKey privk = - CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); - if (privk == null) { - CMS.debug("Found bad RSA key id " + kid); - pair = null; + pair = CryptoUtil.generateRSAKeyPair(token, keysize); + byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()) + .getUniqueID(); + String kid = CryptoUtil.byte2string(id); + config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); + // try to locate the private key + org.mozilla.jss.crypto.PrivateKey privk = CryptoUtil + .findPrivateKeyFromID(CryptoUtil.string2byte(kid)); + if (privk == null) { + CMS.debug("Found bad RSA key id " + kid); + pair = null; } } while (pair == null); - byte modulus[] = ((RSAPublicKey) pair.getPublic()).getModulus().toByteArray(); - byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent().toByteArray(); + byte modulus[] = ((RSAPublicKey) pair.getPublic()).getModulus() + .toByteArray(); + byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent() + .toByteArray(); config.putString(PCERT_PREFIX + ct + ".pubkey.modulus", - CryptoUtil.byte2string(modulus)); + CryptoUtil.byte2string(modulus)); config.putString(PCERT_PREFIX + ct + ".pubkey.exponent", - CryptoUtil.byte2string(exponent)); + CryptoUtil.byte2string(exponent)); String keyAlgo = ""; try { @@ -573,41 +612,39 @@ public class SizePanel extends WizardPanelBase { } catch (Exception e1) { } - setSigningAlgorithm(ct, keyAlgo, config); + setSigningAlgorithm(ct, keyAlgo, config); } - public void setSigningAlgorithm(String ct, String keyAlgo, IConfigStore config) { + public void setSigningAlgorithm(String ct, String keyAlgo, + IConfigStore config) { String systemType = ""; try { - systemType = config.getString("preop.system.name"); + systemType = config.getString("preop.system.name"); } catch (Exception e1) { } if (systemType.equalsIgnoreCase("CA")) { - if (ct.equals("signing")) { - config.putString("ca.signing.defaultSigningAlgorithm", - keyAlgo); - config.putString("ca.crl.MasterCRL.signingAlgorithm", - keyAlgo); - } else if (ct.equals("ocsp_signing")) { - config.putString("ca.ocsp_signing.defaultSigningAlgorithm", - keyAlgo); - } + if (ct.equals("signing")) { + config.putString("ca.signing.defaultSigningAlgorithm", keyAlgo); + config.putString("ca.crl.MasterCRL.signingAlgorithm", keyAlgo); + } else if (ct.equals("ocsp_signing")) { + config.putString("ca.ocsp_signing.defaultSigningAlgorithm", + keyAlgo); + } } else if (systemType.equalsIgnoreCase("OCSP")) { - if (ct.equals("signing")) { - config.putString("ocsp.signing.defaultSigningAlgorithm", - keyAlgo); - } - } else if (systemType.equalsIgnoreCase("KRA") || - systemType.equalsIgnoreCase("DRM")) { - if (ct.equals("transport")) { + if (ct.equals("signing")) { + config.putString("ocsp.signing.defaultSigningAlgorithm", + keyAlgo); + } + } else if (systemType.equalsIgnoreCase("KRA") + || systemType.equalsIgnoreCase("DRM")) { + if (ct.equals("transport")) { config.putString("kra.transportUnit.signingAlgorithm", keyAlgo); - } + } } } public void initParams(HttpServletRequest request, Context context) - throws IOException - { + throws IOException { IConfigStore config = CMS.getConfigStore(); String s = ""; try { @@ -619,10 +656,13 @@ public class SizePanel extends WizardPanelBase { s = config.getString("preop.hierarchy.select", "root"); context.put("hselect", s); - s = config.getString("preop.ecc.algorithm.list", "SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC"); + s = config.getString("preop.ecc.algorithm.list", + "SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC"); context.put("ecclist", s); - s = config.getString("preop.rsa.algorithm.list", "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA"); + s = config + .getString("preop.rsa.algorithm.list", + "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA"); context.put("rsalist", s); s = config.getString("keys.ecc.curve.list", "nistp256"); @@ -635,7 +675,8 @@ public class SizePanel extends WizardPanelBase { context.put("subsystemtype", s); } catch (Exception e) { - CMS.debug("SizePanel(): initParams: unable to set all initial parameters:" + e); + CMS.debug("SizePanel(): initParams: unable to set all initial parameters:" + + e); } } @@ -643,10 +684,9 @@ public class SizePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java index cf59e07ce..b1c16d658 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java @@ -51,6 +51,7 @@ public class TokenAuthenticate extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -58,13 +59,14 @@ public class TokenAuthenticate extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String sessionId = httpReq.getParameter("sessionID"); CMS.debug("TokenAuthentication: sessionId=" + sessionId); @@ -85,9 +87,9 @@ public class TokenAuthenticate extends CMSServlet { CMS.debug("TokenAuthentication: found session"); if (checkIP) { String hostname = table.getIP(sessionId); - if (! hostname.equals(givenHost)) { - CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost=" - + givenHost + " are different"); + if (!hostname.equals(givenHost)) { + CMS.debug("TokenAuthentication: hostname=" + hostname + + " and givenHost=" + givenHost + " are different"); CMS.debug("TokenAuthenticate authenticate failed, wrong hostname."); outputError(httpResp, "Error: Failed Authentication"); return; @@ -122,7 +124,15 @@ public class TokenAuthenticate extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java index cf699c610..b71cbb3cf 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -45,7 +44,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class UpdateConnector extends CMSServlet { /** @@ -62,6 +60,7 @@ public class UpdateConnector extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -71,7 +70,7 @@ public class UpdateConnector extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateConnector: processing..."); @@ -85,9 +84,9 @@ public class UpdateConnector extends CMSServlet { CMS.debug("UpdateConnector authentication successful."); } catch (Exception e) { CMS.debug("UpdateConnector: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -100,19 +99,19 @@ public class UpdateConnector extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("UpdateConnector authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -125,33 +124,35 @@ public class UpdateConnector extends CMSServlet { Enumeration list = httpReq.getParameterNames(); while (list.hasMoreElements()) { - String name = (String)list.nextElement(); + String name = (String) list.nextElement(); String val = httpReq.getParameter(name); if (name != null && name.startsWith("ca.connector")) { - CMS.debug("Adding connector update name=" + name + " val=" + val); + CMS.debug("Adding connector update name=" + name + " val=" + + val); cs.putString(name, val); } else { - CMS.debug("Skipping connector update name=" + name + " val=" + val); + CMS.debug("Skipping connector update name=" + name + " val=" + + val); } } - - try { + + try { String nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); if (!tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + nickname = tokenname + ":" + nickname; cs.putString("ca.connector.KRA.nickName", nickname); cs.commit(false); } catch (Exception e) { } // start the connector - try { - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem("ca"); - ICAService caService = (ICAService)ca.getCAService(); - IConnector kraConnector = caService.getConnector( - cs.getSubStore("ca.connector.KRA")); + try { + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem("ca"); + ICAService caService = (ICAService) ca.getCAService(); + IConnector kraConnector = caService.getConnector(cs + .getSubStore("ca.connector.KRA")); caService.setKRAConnector(kraConnector); kraConnector.start(); } catch (Exception e) { @@ -173,14 +174,22 @@ public class UpdateConnector extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } - protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + protected void renderTemplate(CMSRequest cmsReq, String templateName, + ICMSTemplateFiller filler) throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java index c9fe27efa..57c58df3d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; @@ -55,7 +54,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class UpdateDomainXML extends CMSServlet { /** @@ -64,10 +62,8 @@ public class UpdateDomainXML extends CMSServlet { private static final long serialVersionUID = 4059169588555717548L; private final static String SUCCESS = "0"; private final static String FAILED = "1"; - private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = - "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = - "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; public UpdateDomainXML() { super(); @@ -75,6 +71,7 @@ public class UpdateDomainXML extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -101,20 +98,19 @@ public class UpdateDomainXML extends CMSServlet { status = FAILED; CMS.debug("Failed to delete entry" + e.toString()); } - } catch (Exception e) { - CMS.debug("Failed to delete entry" + e.toString()); - } finally { + } catch (Exception e) { + CMS.debug("Failed to delete entry" + e.toString()); + } finally { try { - if ((conn != null) && (connFactory!= null)) { + if ((conn != null) && (connFactory != null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } private String modify_ldap(String dn, LDAPModification mod) { @@ -135,23 +131,21 @@ public class UpdateDomainXML extends CMSServlet { status = FAILED; CMS.debug("Failed to modify entry" + e.toString()); } - } catch (Exception e) { + } catch (Exception e) { CMS.debug("Failed to modify entry" + e.toString()); - } finally { + } finally { try { - if ((conn != null) && (connFactory!= null)) { + if ((conn != null) && (connFactory != null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } - private String add_to_ldap(LDAPEntry entry, String dn) { CMS.debug("UpdateDomainXML: add_to_ldap: starting"); String status = SUCCESS; @@ -172,37 +166,38 @@ public class UpdateDomainXML extends CMSServlet { conn.delete(dn); conn.add(entry); } catch (LDAPException ee) { - CMS.debug("UpdateDomainXML: Error when replacing existing entry "+ee.toString()); + CMS.debug("UpdateDomainXML: Error when replacing existing entry " + + ee.toString()); status = FAILED; } } else { - CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: "+e.toString()); + CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: " + + e.toString()); status = FAILED; } } catch (Exception e) { CMS.debug("Failed to add entry" + e.toString()); } finally { try { - if ((conn != null) && (connFactory!= null)) { + if ((conn != null) && (connFactory != null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } - - /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -219,7 +214,7 @@ public class UpdateDomainXML extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -233,19 +228,18 @@ public class UpdateDomainXML extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - outputError(httpResp, - AUTH_FAILURE, - "Error: Encountered problem during authorization."); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + outputError(httpResp, AUTH_FAILURE, + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -272,7 +266,7 @@ public class UpdateDomainXML extends CMSServlet { String missing = ""; if ((host == null) || host.equals("")) { missing += " host "; - } + } if ((name == null) || name.equals("")) { missing += " name "; } @@ -286,20 +280,20 @@ public class UpdateDomainXML extends CMSServlet { clone = "false"; } - if (! missing.equals("")) { - CMS.debug("UpdateDomainXML process: required parameters:" + missing + - "not provided in request"); - outputError(httpResp, "Error: required parameters: " + missing + - "not provided in request"); + if (!missing.equals("")) { + CMS.debug("UpdateDomainXML process: required parameters:" + missing + + "not provided in request"); + outputError(httpResp, "Error: required parameters: " + missing + + "not provided in request"); return; } String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditParams = "host;;"+host+"+name;;"+name+"+sport;;"+sport+ - "+clone;;"+clone+"+type;;"+type; + String auditParams = "host;;" + host + "+name;;" + name + "+sport;;" + + sport + "+clone;;" + clone + "+type;;" + type; if (operation != null) { - auditParams += "+operation;;"+operation; + auditParams += "+operation;;" + operation; } else { auditParams += "+operation;;add"; } @@ -312,8 +306,7 @@ public class UpdateDomainXML extends CMSServlet { try { basedn = cs.getString("internaldb.basedn"); secstore = cs.getString("securitydomain.store"); - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Unable to determine security domain name or basedn. Please run the domaininfo migration script"); } @@ -326,13 +319,14 @@ public class UpdateDomainXML extends CMSServlet { String listName = type + "List"; String cn = host + ":"; - if ((adminsport!= null) && (adminsport != "")) { + if ((adminsport != null) && (adminsport != "")) { cn += adminsport; } else { cn += sport; } - String dn = "cn=" + cn + ",cn=" + listName + ",ou=Security Domain," + basedn; + String dn = "cn=" + cn + ",cn=" + listName + ",ou=Security Domain," + + basedn; CMS.debug("UpdateDomainXML: updating LDAP entry: " + dn); LDAPAttributeSet attrs = null; @@ -356,69 +350,69 @@ public class UpdateDomainXML extends CMSServlet { attrs.add(new LDAPAttribute("SecureEEClientAuthPort", eecaport)); } if ((domainmgr != null) && (!domainmgr.equals(""))) { - attrs.add(new LDAPAttribute("DomainManager", domainmgr.toUpperCase())); + attrs.add(new LDAPAttribute("DomainManager", domainmgr + .toUpperCase())); } attrs.add(new LDAPAttribute("clone", clone.toUpperCase())); attrs.add(new LDAPAttribute("SubsystemName", name)); entry = new LDAPEntry(dn, attrs); - - if ((operation != null) && (operation.equals("remove"))) { - status = remove_from_ldap(dn); - String adminUserDN; - if ((agentsport != null) && (!agentsport.equals(""))) { - adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + ",ou=People," + basedn; - } else { - adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn; - } - String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" + - "+resource;;"+adminUserDN; - if (status.equals(SUCCESS)) { - // remove the user for this subsystem's admin - status2 = remove_from_ldap(adminUserDN); + + if ((operation != null) && (operation.equals("remove"))) { + status = remove_from_ldap(dn); + String adminUserDN; + if ((agentsport != null) && (!agentsport.equals(""))) { + adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + + ",ou=People," + basedn; + } else { + adminUserDN = "uid=" + type + "-" + host + "-" + sport + + ",ou=People," + basedn; + } + String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" + + "+resource;;" + adminUserDN; + if (status.equals(SUCCESS)) { + // remove the user for this subsystem's admin + status2 = remove_from_ldap(adminUserDN); + if (status2.equals(SUCCESS)) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.SUCCESS, + userAuditParams); + audit(auditMessage); + + // remove this user from the subsystem group + userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" + + "+source;;UpdateDomainXML" + + "+resource;;Subsystem Group+user;;" + + adminUserDN; + dn = "cn=Subsystem Group, ou=groups," + basedn; + LDAPModification mod = new LDAPModification( + LDAPModification.DELETE, new LDAPAttribute( + "uniqueMember", adminUserDN)); + status2 = modify_ldap(dn, mod); if (status2.equals(SUCCESS)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - userAuditParams); - audit(auditMessage); - - // remove this user from the subsystem group - userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" + - "+source;;UpdateDomainXML" + - "+resource;;Subsystem Group+user;;"+adminUserDN; - dn = "cn=Subsystem Group, ou=groups," + basedn; - LDAPModification mod = new LDAPModification(LDAPModification.DELETE, - new LDAPAttribute("uniqueMember", adminUserDN)); - status2 = modify_ldap(dn, mod); - if (status2.equals(SUCCESS)) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - userAuditParams); - } else { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - userAuditParams); - } - audit(auditMessage); - } else { // error deleting user + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.SUCCESS, + userAuditParams); + } else { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - userAuditParams); - audit(auditMessage); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, + userAuditParams); } + audit(auditMessage); + } else { // error deleting user + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, + userAuditParams); + audit(auditMessage); } + } } else { - status = add_to_ldap(entry, dn); + status = add_to_ldap(entry, dn); } - } - else { + } else { // update the domain.xml file String path = CMS.getConfigStore().getString("instanceRoot", "") + "/conf/domain.xml"; @@ -430,7 +424,7 @@ public class UpdateDomainXML extends CMSServlet { CMS.debug("UpdateDomainXML: Inserting new domain info"); XMLObject parser = new XMLObject(new FileInputStream(path)); Node n = parser.getContainer(list); - int count =0; + int count = 0; if ((operation != null) && (operation.equals("remove"))) { // delete node @@ -440,15 +434,19 @@ public class UpdateDomainXML extends CMSServlet { for (int i = 0; i < len; i++) { Node nn = (Node) nodeList.item(i); - Vector v_name = parser.getValuesFromContainer(nn, "SubsystemName"); - Vector v_host = parser.getValuesFromContainer(nn, "Host"); - Vector v_adminport = parser.getValuesFromContainer(nn, "SecureAdminPort"); - if ((v_name.elementAt(0).equals(name)) && (v_host.elementAt(0).equals(host)) - && (v_adminport.elementAt(0).equals(adminsport))) { - Node parent = nn.getParentNode(); - Node remNode = parent.removeChild(nn); - count --; - break; + Vector v_name = parser.getValuesFromContainer(nn, + "SubsystemName"); + Vector v_host = parser.getValuesFromContainer(nn, + "Host"); + Vector v_adminport = parser.getValuesFromContainer(nn, + "SecureAdminPort"); + if ((v_name.elementAt(0).equals(name)) + && (v_host.elementAt(0).equals(host)) + && (v_adminport.elementAt(0).equals(adminsport))) { + Node parent = nn.getParentNode(); + Node remNode = parent.removeChild(nn); + count--; + break; } } } else { @@ -457,39 +455,44 @@ public class UpdateDomainXML extends CMSServlet { parser.addItemToContainer(parent, "SubsystemName", name); parser.addItemToContainer(parent, "Host", host); parser.addItemToContainer(parent, "SecurePort", sport); - parser.addItemToContainer(parent, "SecureAgentPort", agentsport); - parser.addItemToContainer(parent, "SecureAdminPort", adminsport); - parser.addItemToContainer(parent, "SecureEEClientAuthPort", eecaport); + parser.addItemToContainer(parent, "SecureAgentPort", + agentsport); + parser.addItemToContainer(parent, "SecureAdminPort", + adminsport); + parser.addItemToContainer(parent, "SecureEEClientAuthPort", + eecaport); parser.addItemToContainer(parent, "UnSecurePort", httpport); - parser.addItemToContainer(parent, "DomainManager", domainmgr.toUpperCase()); - parser.addItemToContainer(parent, "Clone", clone.toUpperCase()); - count ++; + parser.addItemToContainer(parent, "DomainManager", + domainmgr.toUpperCase()); + parser.addItemToContainer(parent, "Clone", + clone.toUpperCase()); + count++; } - //update count + // update count String countS = ""; NodeList nlist = n.getChildNodes(); Node countnode = null; - for (int i=0; i<nlist.getLength(); i++) { - Element nn = (Element)nlist.item(i); + for (int i = 0; i < nlist.getLength(); i++) { + Element nn = (Element) nlist.item(i); String tagname = nn.getTagName(); if (tagname.equals("SubsystemCount")) { countnode = nn; NodeList nlist1 = nn.getChildNodes(); Node nn1 = nlist1.item(0); - countS = nn1.getNodeValue(); + countS = nn1.getNodeValue(); break; } } - CMS.debug("UpdateDomainXML process: SubsystemCount="+countS); + CMS.debug("UpdateDomainXML process: SubsystemCount=" + countS); try { - count += Integer.parseInt(countS); + count += Integer.parseInt(countS); } catch (Exception ee) { } Node nn2 = n.removeChild(countnode); - parser.addItemToContainer(n, "SubsystemCount", ""+count); + parser.addItemToContainer(n, "SubsystemCount", "" + count); // recreate domain.xml CMS.debug("UpdateDomainXML: Recreating domain.xml"); @@ -503,28 +506,24 @@ public class UpdateDomainXML extends CMSServlet { } } - + if (status.equals(SUCCESS)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, - auditSubjectID, - ILogger.SUCCESS, - auditParams); + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + auditSubjectID, ILogger.SUCCESS, auditParams); } else { // what if already exists or already deleted auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, - auditSubjectID, - ILogger.FAILURE, - auditParams); + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + auditSubjectID, ILogger.FAILURE, auditParams); } audit(auditMessage); - if (status.equals(SUCCESS) && status2.equals(SUCCESS)) { - status = SUCCESS; - } else { - status = FAILED; - } + if (status.equals(SUCCESS) && status2.equals(SUCCESS)) { + status = SUCCESS; + } else { + status = FAILED; + } try { // send success status back to the requestor @@ -537,24 +536,34 @@ public class UpdateDomainXML extends CMSServlet { outputResult(httpResp, "application/xml", cb); } catch (Exception e) { - CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString()); + CMS.debug("UpdateDomainXML: Failed to send the XML output" + + e.toString()); } } protected String securityDomainXMLtoLDAP(String xmltag) { - if (xmltag.equals("Host")) return "host"; - else return xmltag; + if (xmltag.equals("Host")) + return "host"; + else + return xmltag; } + protected void setDefaultTemplates(ServletConfig sc) { + } - protected void setDefaultTemplates(ServletConfig sc) {} - - protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + protected void renderTemplate(CMSRequest cmsReq, String templateName, + ICMSTemplateFiller filler) throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java index 0a1787aa5..f563c9f6e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -45,7 +44,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class UpdateNumberRange extends CMSServlet { /** @@ -55,8 +53,7 @@ public class UpdateNumberRange extends CMSServlet { private final static String SUCCESS = "0"; private final static String FAILED = "1"; private final static String AUTH_FAILURE = "2"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER = - "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER = "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1"; public UpdateNumberRange() { super(); @@ -64,6 +61,7 @@ public class UpdateNumberRange extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -73,11 +71,13 @@ public class UpdateNumberRange extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -96,18 +96,18 @@ public class UpdateNumberRange extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -131,13 +131,13 @@ public class UpdateNumberRange extends CMSServlet { BigInteger oneNum = new BigInteger("1"); String endNumConfig = null; String cloneNumConfig = null; - String nextEndConfig = null; + String nextEndConfig = null; int radix = 10; IRepository repo = null; if (cstype.equals("KRA")) { - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem( - IKeyRecoveryAuthority.ID); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS + .getSubsystem(IKeyRecoveryAuthority.ID); if (type.equals("request")) { repo = kra.getRequestQueue().getRequestRepository(); } else if (type.equals("serialNo")) { @@ -146,8 +146,8 @@ public class UpdateNumberRange extends CMSServlet { repo = kra.getReplicaRepository(); } } else { // CA - ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( - ICertificateAuthority.ID); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(ICertificateAuthority.ID); if (type.equals("request")) { repo = ca.getRequestQueue().getRequestRepository(); } else if (type.equals("serialNo")) { @@ -157,26 +157,28 @@ public class UpdateNumberRange extends CMSServlet { } } - // checkRanges for replicaID - we do this each time a replica is created. - // This needs to be done beforehand to ensure that we always have enough + // checkRanges for replicaID - we do this each time a replica is + // created. + // This needs to be done beforehand to ensure that we always have + // enough // replica numbers if (type.equals("replicaId")) { - CMS.debug("Checking replica number ranges"); - repo.checkRanges(); + CMS.debug("Checking replica number ranges"); + repo.checkRanges(); } - + if (type.equals("request")) { radix = 10; endNumConfig = "dbs.endRequestNumber"; cloneNumConfig = "dbs.requestCloneTransferNumber"; nextEndConfig = "dbs.nextEndRequestNumber"; } else if (type.equals("serialNo")) { - radix=16; + radix = 16; endNumConfig = "dbs.endSerialNumber"; cloneNumConfig = "dbs.serialCloneTransferNumber"; nextEndConfig = "dbs.nextEndSerialNumber"; } else if (type.equals("replicaId")) { - radix=10; + radix = 10; endNumConfig = "dbs.endReplicaNumber"; cloneNumConfig = "dbs.replicaCloneTransferNumber"; nextEndConfig = "dbs.nextEndReplicaNumber"; @@ -192,11 +194,11 @@ public class UpdateNumberRange extends CMSServlet { String nextEndNumStr = cs.getString(nextEndConfig, ""); BigInteger endNum2 = new BigInteger(nextEndNumStr, radix); CMS.debug("Transferring from the end of on-deck range"); - String newValStr = endNum2.subtract(decrement).toString(radix); - repo.setNextMaxSerial(newValStr); - cs.putString(nextEndConfig, newValStr); - beginNum = endNum2.subtract(decrement).add(oneNum); - endNum = endNum2; + String newValStr = endNum2.subtract(decrement).toString(radix); + repo.setNextMaxSerial(newValStr); + cs.putString(nextEndConfig, newValStr); + beginNum = endNum2.subtract(decrement).add(oneNum); + endNum = endNum2; } else { CMS.debug("Transferring from the end of the current range"); String newValStr = beginNum.subtract(oneNum).toString(radix); @@ -204,22 +206,19 @@ public class UpdateNumberRange extends CMSServlet { cs.putString(endNumConfig, newValStr); } - - if( beginNum == null ) { - CMS.debug( "UpdateNumberRange::process() - " + - "beginNum is null!" ); + if (beginNum == null) { + CMS.debug("UpdateNumberRange::process() - " + + "beginNum is null!"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, - auditSubjectID, - ILogger.FAILURE, - auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, + auditSubjectID, ILogger.FAILURE, auditParams); audit(auditMessage); return; } // Enable serial number management in master for certs and requests if (type.equals("replicaId")) { - repo.setEnableSerialMgmt(true); + repo.setEnableSerialMgmt(true); } // insert info @@ -230,45 +229,51 @@ public class UpdateNumberRange extends CMSServlet { Node root = xmlObj.createRoot("XMLResponse"); xmlObj.addItemToContainer(root, "Status", SUCCESS); - xmlObj.addItemToContainer(root, "beginNumber", beginNum.toString(radix)); + xmlObj.addItemToContainer(root, "beginNumber", + beginNum.toString(radix)); xmlObj.addItemToContainer(root, "endNumber", endNum.toString(radix)); byte[] cb = xmlObj.toByteArray(); outputResult(httpResp, "application/xml", cb); cs.commit(false); - auditParams += "+beginNumber;;" + beginNum.toString(radix) + - "+endNumber;;" + endNum.toString(radix); + auditParams += "+beginNumber;;" + beginNum.toString(radix) + + "+endNumber;;" + endNum.toString(radix); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, - auditSubjectID, - ILogger.SUCCESS, - auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, auditSubjectID, + ILogger.SUCCESS, auditParams); audit(auditMessage); } catch (Exception e) { - CMS.debug("UpdateNumberRange: Failed to update number range. Exception: "+e.toString()); + CMS.debug("UpdateNumberRange: Failed to update number range. Exception: " + + e.toString()); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, - auditSubjectID, - ILogger.FAILURE, - auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, auditSubjectID, + ILogger.FAILURE, auditParams); audit(auditMessage); outputError(httpResp, "Error: Failed to update number range."); } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } - protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + protected void renderTemplate(CMSRequest cmsReq, String templateName, + ICMSTemplateFiller filler) throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java index 2339c4c7c..266633cb3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java @@ -40,7 +40,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class UpdateOCSPConfig extends CMSServlet { /** @@ -57,6 +56,7 @@ public class UpdateOCSPConfig extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -81,18 +81,18 @@ public class UpdateOCSPConfig extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -107,32 +107,38 @@ public class UpdateOCSPConfig extends CMSServlet { try { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + if (!tokenname.equals("internal") + && !tokenname.equals("Internal Key Storage Token")) + nickname = tokenname + ":" + nickname; } catch (Exception e) { } - CMS.debug("UpdateOCSPConfig process: nickname="+nickname); + CMS.debug("UpdateOCSPConfig process: nickname=" + nickname); String ocsphost = httpReq.getParameter("ocsp_host"); String ocspport = httpReq.getParameter("ocsp_port"); try { cs.putString("ca.publish.enable", "true"); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.host", - ocsphost); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.port", - ocspport); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName", - nickname); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.host", + ocsphost); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.port", + ocspport); + cs.putString( + "ca.publish.publisher.instance.OCSPPublisher.nickName", + nickname); cs.putString("ca.publish.publisher.instance.OCSPPublisher.path", - "/ocsp/agent/ocsp/addCRL"); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.pluginName", "OCSPPublisher"); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.enableClientAuth", "true"); + "/ocsp/agent/ocsp/addCRL"); + cs.putString( + "ca.publish.publisher.instance.OCSPPublisher.pluginName", + "OCSPPublisher"); + cs.putString( + "ca.publish.publisher.instance.OCSPPublisher.enableClientAuth", + "true"); cs.putString("ca.publish.rule.instance.ocsprule.enable", "true"); cs.putString("ca.publish.rule.instance.ocsprule.mapper", "NoMap"); cs.putString("ca.publish.rule.instance.ocsprule.pluginName", "Rule"); - cs.putString("ca.publish.rule.instance.ocsprule.publisher", - "OCSPPublisher"); + cs.putString("ca.publish.rule.instance.ocsprule.publisher", + "OCSPPublisher"); cs.putString("ca.publish.rule.instance.ocsprule.type", "crl"); cs.commit(false); // insert info @@ -147,19 +153,28 @@ public class UpdateOCSPConfig extends CMSServlet { outputResult(httpResp, "application/xml", cb); } catch (Exception e) { - CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: "+e.toString()); + CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: " + + e.toString()); outputError(httpResp, "Error: Failed to update OCSP configuration."); } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } - protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + protected void renderTemplate(CMSRequest cmsReq, String templateName, + ICMSTemplateFiller filler) throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java index 7b1c99598..ff545b710 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -35,13 +34,14 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class WelcomePanel extends WizardPanelBase { - public WelcomePanel() {} + public WelcomePanel() { + } /** * Initializes this panel. */ - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Welcome"); setId(id); @@ -52,19 +52,20 @@ public class WelcomePanel extends WizardPanelBase { cs.putBoolean("preop.welcome.done", false); } - public boolean isPanelDone() { + public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { return cs.getBoolean("preop.welcome.done"); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -72,25 +73,21 @@ public class WelcomePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { IConfigStore cs = CMS.getConfigStore(); CMS.debug("WelcomePanel: display()"); context.put("title", "Welcome"); try { context.put("cstype", cs.getString("cs.type")); context.put("wizardname", cs.getString("preop.wizard.name")); - context.put("panelname", - cs.getString("preop.system.fullname") + " Configuration Wizard"); - context.put("systemname", - cs.getString("preop.system.name")); - context.put("fullsystemname", - cs.getString("preop.system.fullname")); - context.put("productname", - cs.getString("preop.product.name")); - context.put("productversion", - cs.getString("preop.product.version")); - } catch (EBaseException e) {} + context.put("panelname", cs.getString("preop.system.fullname") + + " Configuration Wizard"); + context.put("systemname", cs.getString("preop.system.name")); + context.put("fullsystemname", cs.getString("preop.system.fullname")); + context.put("productname", cs.getString("preop.product.name")); + context.put("productversion", cs.getString("preop.product.version")); + } catch (EBaseException e) { + } context.put("panel", "admin/console/config/welcomepanel.vm"); } @@ -98,27 +95,29 @@ public class WelcomePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); try { cs.putBoolean("preop.welcome.done", true); cs.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) {/* This should never be called */} + HttpServletResponse response, Context context) {/* + * This should never + * be called + */ + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java index 06eb63ff3..1faca0f87 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class WelcomeServlet extends BaseServlet { /** @@ -34,8 +32,7 @@ public class WelcomeServlet extends BaseServlet { private static final long serialVersionUID = 1179761802633506502L; public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java index a2a7d5df5..570c51586 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.net.ConnectException; @@ -79,8 +78,8 @@ public class WizardPanelBase implements IWizardPanel { public static final String PRE_CONF_AGENT_GROUP = "preop.admin.group"; /** - * Definition for "preop" static variables in CS.cfg - * -- "preop" config parameters should not assumed to exist after configuation + * Definition for "preop" static variables in CS.cfg -- "preop" config + * parameters should not assumed to exist after configuation */ public static final String PRE_CONF_CA_TOKEN = "preop.module.token"; @@ -95,15 +94,12 @@ public class WizardPanelBase implements IWizardPanel { /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException - { + public void init(ServletConfig config, int panelno) throws ServletException { mPanelNo = panelno; } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException - { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { mPanelNo = panelno; } @@ -142,7 +138,7 @@ public class WizardPanelBase implements IWizardPanel { return set; } - + /** * Should we skip this panel? */ @@ -186,30 +182,29 @@ public class WizardPanelBase implements IWizardPanel { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) {} + HttpServletResponse response, Context context) { + } /** * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException {} + HttpServletResponse response, Context context) throws IOException { + } /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) {} + HttpServletResponse response, Context context) { + } /** * Retrieves locale based on the request. @@ -233,15 +228,17 @@ public class WizardPanelBase implements IWizardPanel { try { instanceID = config.getString("instanceId", ""); - } catch (Exception e) {} + } catch (Exception e) { + } String nickname = certTag + "Cert cert-" + instanceID; String preferredNickname = null; try { - preferredNickname = config.getString( - PCERT_PREFIX + certTag + ".nickname", null); - } catch (Exception e) {} + preferredNickname = config.getString(PCERT_PREFIX + certTag + + ".nickname", null); + } catch (Exception e) { + } if (preferredNickname != null) { nickname = preferredNickname; @@ -250,37 +247,41 @@ public class WizardPanelBase implements IWizardPanel { } public void updateDomainXML(String hostname, int port, boolean https, - String servlet, String uri) throws IOException { - CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname + " port=" + port); + String servlet, String uri) throws IOException { + CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname + + " port=" + port); IConfigStore cs = CMS.getConfigStore(); String nickname = ""; String tokenname = ""; try { nickname = cs.getString("preop.cert.subsystem.nickname", ""); tokenname = cs.getString("preop.module.token", ""); - } catch (Exception e) {} + } catch (Exception e) { + } - if (!tokenname.equals("") && - !tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) { - nickname = tokenname+":"+nickname; + if (!tokenname.equals("") + && !tokenname.equals("Internal Key Storage Token") + && !tokenname.equals("internal")) { + nickname = tokenname + ":" + nickname; } CMS.debug("WizardPanelBase updateDomainXML nickname=" + nickname); CMS.debug("WizardPanelBase: start sending updateDomainXML request"); - String c = getHttpResponse(hostname, port, https, servlet, uri, nickname); + String c = getHttpResponse(hostname, port, https, servlet, uri, + nickname); CMS.debug("WizardPanelBase: done sending updateDomainXML request"); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject obj = null; try { obj = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateDomainXML() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateDomainXML() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = obj.getValue("Status"); @@ -291,7 +292,7 @@ public class WizardPanelBase implements IWizardPanel { } else { String error = obj.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: updateDomainXML: " + e.toString()); throw e; @@ -302,21 +303,21 @@ public class WizardPanelBase implements IWizardPanel { } } - public int getSubsystemCount( String hostname, int https_admin_port, - boolean https, String type ) - throws IOException { + public int getSubsystemCount(String hostname, int https_admin_port, + boolean https, String type) throws IOException { CMS.debug("WizardPanelBase getSubsystemCount start"); String c = getDomainXML(hostname, https_admin_port, true); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject obj = new XMLObject(bis); - String containerName = type+"List"; + String containerName = type + "List"; Node n = obj.getContainer(containerName); NodeList nlist = n.getChildNodes(); String countS = ""; - for (int i=0; i<nlist.getLength(); i++) { - Element nn = (Element)nlist.item(i); + for (int i = 0; i < nlist.getLength(); i++) { + Element nn = (Element) nlist.item(i); String tagname = nn.getTagName(); if (tagname.equals("SubsystemCount")) { NodeList nlist1 = nn.getChildNodes(); @@ -325,7 +326,8 @@ public class WizardPanelBase implements IWizardPanel { break; } } - CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount="+countS); + CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount=" + + countS); int num = 0; if (countS != null && !countS.equals("")) { @@ -337,7 +339,7 @@ public class WizardPanelBase implements IWizardPanel { return num; } catch (Exception e) { - CMS.debug("WizardPanelBase: getSubsystemCount: "+e.toString()); + CMS.debug("WizardPanelBase: getSubsystemCount: " + e.toString()); throw new IOException(e.toString()); } } @@ -345,23 +347,23 @@ public class WizardPanelBase implements IWizardPanel { return -1; } - public String getDomainXML( String hostname, int https_admin_port, - boolean https ) - throws IOException { + public String getDomainXML(String hostname, int https_admin_port, + boolean https) throws IOException { CMS.debug("WizardPanelBase getDomainXML start"); - String c = getHttpResponse( hostname, https_admin_port, https, - "/ca/admin/ca/getDomainXML", null, null ); + String c = getHttpResponse(hostname, https_admin_port, https, + "/ca/admin/ca/getDomainXML", null, null); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getDomainXML() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getDomainXML() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -371,15 +373,14 @@ public class WizardPanelBase implements IWizardPanel { if (status.equals(SUCCESS)) { String domainInfo = parser.getValue("DomainInfo"); - CMS.debug( - "WizardPanelBase getDomainXML: domainInfo=" - + domainInfo); - return domainInfo; + CMS.debug("WizardPanelBase getDomainXML: domainInfo=" + + domainInfo); + return domainInfo; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: getDomainXML: " + e.toString()); throw e; @@ -392,29 +393,29 @@ public class WizardPanelBase implements IWizardPanel { return null; } - public String getSubsystemCert(String host, int port, boolean https) - throws IOException { + public String getSubsystemCert(String host, int port, boolean https) + throws IOException { CMS.debug("WizardPanelBase getSubsystemCert start"); - String c = getHttpResponse(host, port, https, - "/ca/admin/ca/getSubsystemCert", null, null); + String c = getHttpResponse(host, port, https, + "/ca/admin/ca/getSubsystemCert", null, null); if (c != null) { try { - ByteArrayInputStream bis = - new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getSubsystemCert() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getSubsystemCert() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); if (status.equals(SUCCESS)) { String s = parser.getValue("Cert"); return s; } else - return null; + return null; } catch (Exception e) { } } @@ -423,87 +424,90 @@ public class WizardPanelBase implements IWizardPanel { } public void updateConnectorInfo(String host, int port, boolean https, - String content) throws IOException { + String content) throws IOException { CMS.debug("WizardPanelBase updateConnectorInfo start"); - String c = getHttpResponse(host, port, https, - "/ca/admin/ca/updateConnector", content, null); + String c = getHttpResponse(host, port, https, + "/ca/admin/ca/updateConnector", content, null); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateConnectorInfo() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateConnectorInfo() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); - CMS.debug("WizardPanelBase updateConnectorInfo: status=" + status); + CMS.debug("WizardPanelBase updateConnectorInfo: status=" + + status); if (!status.equals(SUCCESS)) { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { - CMS.debug("WizardPanelBase: updateConnectorInfo: " + e.toString()); + CMS.debug("WizardPanelBase: updateConnectorInfo: " + + e.toString()); throw e; } catch (Exception e) { - CMS.debug("WizardPanelBase: updateConnectorInfo: " + e.toString()); + CMS.debug("WizardPanelBase: updateConnectorInfo: " + + e.toString()); throw new IOException(e.toString()); } } } - public String getCertChainUsingSecureAdminPort( String hostname, - int https_admin_port, - boolean https, - ConfigCertApprovalCallback - certApprovalCallback ) - throws IOException { + public String getCertChainUsingSecureAdminPort(String hostname, + int https_admin_port, boolean https, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort start"); - String c = getHttpResponse( hostname, https_admin_port, https, - "/ca/admin/ca/getCertChain", null, null, - certApprovalCallback ); + String c = getHttpResponse(hostname, https_admin_port, https, + "/ca/admin/ca/getCertChain", null, null, certApprovalCallback); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getCertChainUsingSecureAdminPort() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getCertChainUsingSecureAdminPort() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); - CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort: status=" + status); + CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort: status=" + + status); if (status.equals(SUCCESS)) { String certchain = parser.getValue("ChainBase64"); certchain = CryptoUtil.normalizeCertStr(certchain); - CMS.debug( - "WizardPanelBase getCertChainUsingSecureAdminPort: certchain=" - + certchain); - return certchain; + CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort: certchain=" + + certchain); + return certchain; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { - CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString()); + CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + + e.toString()); throw e; } catch (Exception e) { - CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString()); + CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + + e.toString()); throw new IOException(e.toString()); } } @@ -511,52 +515,51 @@ public class WizardPanelBase implements IWizardPanel { return null; } - public String getCertChainUsingSecureEEPort( String hostname, - int https_ee_port, - boolean https, - ConfigCertApprovalCallback - certApprovalCallback ) - throws IOException { + public String getCertChainUsingSecureEEPort(String hostname, + int https_ee_port, boolean https, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort start"); - String c = getHttpResponse( hostname, https_ee_port, https, - "/ca/ee/ca/getCertChain", null, null, - certApprovalCallback ); + String c = getHttpResponse(hostname, https_ee_port, https, + "/ca/ee/ca/getCertChain", null, null, certApprovalCallback); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getCertChainUsingSecureEEPort() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getCertChainUsingSecureEEPort() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); - CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort: status=" + status); + CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort: status=" + + status); if (status.equals(SUCCESS)) { String certchain = parser.getValue("ChainBase64"); certchain = CryptoUtil.normalizeCertStr(certchain); - CMS.debug( - "WizardPanelBase getCertChainUsingSecureEEPort: certchain=" - + certchain); - return certchain; + CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort: certchain=" + + certchain); + return certchain; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { - CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + e.toString()); + CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + + e.toString()); throw e; } catch (Exception e) { - CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + e.toString()); + CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + + e.toString()); throw new IOException(e.toString()); } } @@ -564,41 +567,44 @@ public class WizardPanelBase implements IWizardPanel { return null; } - public boolean updateConfigEntries(String hostname, int port, boolean https, - String servlet, String uri, IConfigStore config, - HttpServletResponse response) throws IOException { + public boolean updateConfigEntries(String hostname, int port, + boolean https, String servlet, String uri, IConfigStore config, + HttpServletResponse response) throws IOException { CMS.debug("WizardPanelBase updateConfigEntries start"); String c = getHttpResponse(hostname, port, https, servlet, uri, null); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateConfigEntries() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateConfigEntries() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); - CMS.debug("WizardPanelBase updateConfigEntries: status=" + status); + CMS.debug("WizardPanelBase updateConfigEntries: status=" + + status); if (status.equals(SUCCESS)) { String cstype = ""; try { cstype = config.getString("cs.type", ""); } catch (Exception e) { - CMS.debug("WizardPanelBase::updateConfigEntries() - unable to get cs.type: " + e.toString()); + CMS.debug("WizardPanelBase::updateConfigEntries() - unable to get cs.type: " + + e.toString()); } - - Document doc = parser.getDocument(); + + Document doc = parser.getDocument(); NodeList list = doc.getElementsByTagName("name"); int len = list.getLength(); - for (int i=0; i<len; i++) { + for (int i = 0; i < len; i++) { Node n = list.item(i); NodeList nn = n.getChildNodes(); String name = nn.item(0).getNodeValue(); @@ -606,73 +612,104 @@ public class WizardPanelBase implements IWizardPanel { nn = parent.getChildNodes(); int len1 = nn.getLength(); String v = ""; - for (int j=0; j<len1; j++) { + for (int j = 0; j < len1; j++) { Node nv = nn.item(j); String val = nv.getNodeName(); if (val.equals("value")) { NodeList n2 = nv.getChildNodes(); if (n2.getLength() > 0) - v = n2.item(0).getNodeValue(); - break; + v = n2.item(0).getNodeValue(); + break; } } if (name.equals("internaldb.ldapconn.host")) { - config.putString("preop.internaldb.master.hostname", v); + config.putString( + "preop.internaldb.master.hostname", v); } else if (name.equals("internaldb.ldapconn.port")) { config.putString("preop.internaldb.master.port", v); } else if (name.equals("internaldb.ldapauth.bindDN")) { - config.putString("preop.internaldb.master.binddn", v); + config.putString("preop.internaldb.master.binddn", + v); } else if (name.equals("internaldb.basedn")) { config.putString(name, v); - config.putString("preop.internaldb.master.basedn", v); + config.putString("preop.internaldb.master.basedn", + v); } else if (name.equals("internaldb.ldapauth.password")) { - config.putString("preop.internaldb.master.bindpwd", v); - } else if (name.equals("internaldb.replication.password")) { - config.putString("preop.internaldb.master.replicationpwd", v); + config.putString("preop.internaldb.master.bindpwd", + v); + } else if (name + .equals("internaldb.replication.password")) { + config.putString( + "preop.internaldb.master.replicationpwd", v); } else if (name.equals("instanceId")) { config.putString("preop.master.instanceId", v); } else if (name.equals("cloning.cert.signing.nickname")) { config.putString("preop.master.signing.nickname", v); config.putString("preop.cert.signing.nickname", v); } else if (name.equals("cloning.ocsp_signing.nickname")) { - config.putString("preop.master.ocsp_signing.nickname", v); - config.putString("preop.cert.ocsp_signing.nickname", v); + config.putString( + "preop.master.ocsp_signing.nickname", v); + config.putString( + "preop.cert.ocsp_signing.nickname", v); } else if (name.equals("cloning.subsystem.nickname")) { - config.putString("preop.master.subsystem.nickname", v); + config.putString("preop.master.subsystem.nickname", + v); config.putString("preop.cert.subsystem.nickname", v); } else if (name.equals("cloning.transport.nickname")) { - config.putString("preop.master.transport.nickname", v); + config.putString("preop.master.transport.nickname", + v); config.putString("kra.transportUnit.nickName", v); config.putString("preop.cert.transport.nickname", v); } else if (name.equals("cloning.storage.nickname")) { config.putString("preop.master.storage.nickname", v); config.putString("kra.storageUnit.nickName", v); config.putString("preop.cert.storage.nickname", v); - } else if (name.equals("cloning.audit_signing.nickname")) { - config.putString("preop.master.audit_signing.nickname", v); - config.putString("preop.cert.audit_signing.nickname", v); + } else if (name + .equals("cloning.audit_signing.nickname")) { + config.putString( + "preop.master.audit_signing.nickname", v); + config.putString( + "preop.cert.audit_signing.nickname", v); config.putString(name, v); } else if (name.startsWith("cloning.ca")) { - config.putString(name.replaceFirst("cloning", "preop"), v); + config.putString( + name.replaceFirst("cloning", "preop"), v); } else if (name.equals("cloning.signing.keyalgorithm")) { - config.putString(name.replaceFirst("cloning", "preop.cert"), v); + config.putString( + name.replaceFirst("cloning", "preop.cert"), + v); if (cstype.equals("CA")) { - config.putString("ca.crl.MasterCRL.signingAlgorithm", v); - config.putString("ca.signing.defaultSigningAlgorithm", v); + config.putString( + "ca.crl.MasterCRL.signingAlgorithm", v); + config.putString( + "ca.signing.defaultSigningAlgorithm", v); } else if (cstype.equals("OCSP")) { - config.putString("ocsp.signing.defaultSigningAlgorithm", v); + config.putString( + "ocsp.signing.defaultSigningAlgorithm", + v); } - } else if (name.equals("cloning.transport.keyalgorithm")) { - config.putString(name.replaceFirst("cloning", "preop.cert"), v); - config.putString("kra.transportUnit.signingAlgorithm", v); - } else if (name.equals("cloning.ocsp_signing.keyalgorithm")) { - config.putString(name.replaceFirst("cloning", "preop.cert"), v); + } else if (name + .equals("cloning.transport.keyalgorithm")) { + config.putString( + name.replaceFirst("cloning", "preop.cert"), + v); + config.putString( + "kra.transportUnit.signingAlgorithm", v); + } else if (name + .equals("cloning.ocsp_signing.keyalgorithm")) { + config.putString( + name.replaceFirst("cloning", "preop.cert"), + v); if (cstype.equals("CA")) { - config.putString("ca.ocsp_signing.defaultSigningAlgorithm", v); + config.putString( + "ca.ocsp_signing.defaultSigningAlgorithm", + v); } } else if (name.startsWith("cloning")) { - config.putString(name.replaceFirst("cloning", "preop.cert"), v); + config.putString( + name.replaceFirst("cloning", "preop.cert"), + v); } else { config.putString(name, v); } @@ -686,12 +723,14 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { - CMS.debug("WizardPanelBase: updateConfigEntries: " + e.toString()); + CMS.debug("WizardPanelBase: updateConfigEntries: " + + e.toString()); throw e; } catch (Exception e) { - CMS.debug("WizardPanelBase: updateConfigEntries: " + e.toString()); + CMS.debug("WizardPanelBase: updateConfigEntries: " + + e.toString()); throw new IOException(e.toString()); } } @@ -707,15 +746,16 @@ public class WizardPanelBase implements IWizardPanel { if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::authenticate() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::authenticate() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -729,7 +769,7 @@ public class WizardPanelBase implements IWizardPanel { } else { String error = parser.getValue("Error"); return false; - } + } } catch (Exception e) { CMS.debug("WizardPanelBase: authenticate: " + e.toString()); throw new IOException(e.toString()); @@ -739,26 +779,27 @@ public class WizardPanelBase implements IWizardPanel { return false; } - public void updateOCSPConfig(String hostname, int port, boolean https, - String content, HttpServletResponse response) - throws IOException { + public void updateOCSPConfig(String hostname, int port, boolean https, + String content, HttpServletResponse response) throws IOException { CMS.debug("WizardPanelBase updateOCSPConfig start"); - String c = getHttpResponse(hostname, port, https, - "/ca/ee/ca/updateOCSPConfig", content, null); + String c = getHttpResponse(hostname, port, https, + "/ca/ee/ca/updateOCSPConfig", content, null); if (c == null || c.equals("")) { CMS.debug("WizardPanelBase updateOCSPConfig: content is null."); - throw new IOException("The server you want to contact is not available"); + throw new IOException( + "The server you want to contact is not available"); } else { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateOCSPConfig() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateOCSPConfig() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -774,7 +815,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase updateOCSPConfig: " + e.toString()); throw e; @@ -785,11 +826,11 @@ public class WizardPanelBase implements IWizardPanel { } } - public void updateNumberRange(String hostname, int port, boolean https, - String content, String type, HttpServletResponse response) - throws IOException { - CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname + - " port=" + port); + public void updateNumberRange(String hostname, int port, boolean https, + String content, String type, HttpServletResponse response) + throws IOException { + CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname + + " port=" + port); IConfigStore cs = CMS.getConfigStore(); String cstype = ""; try { @@ -798,23 +839,25 @@ public class WizardPanelBase implements IWizardPanel { } cstype = toLowerCaseSubsystemType(cstype); - String c = getHttpResponse(hostname, port, https, - "/"+cstype+"/ee/"+cstype+"/updateNumberRange", content, null); + String c = getHttpResponse(hostname, port, https, "/" + cstype + "/ee/" + + cstype + "/updateNumberRange", content, null); if (c == null || c.equals("")) { CMS.debug("WizardPanelBase updateNumberRange: content is null."); - throw new IOException("The server you want to contact is not available"); + throw new IOException( + "The server you want to contact is not available"); } else { - CMS.debug("content="+c); + CMS.debug("content=" + c); try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateNumberRange() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateNumberRange() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -843,7 +886,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: updateNumberRange: " + e.toString()); CMS.debug(e); @@ -856,24 +899,24 @@ public class WizardPanelBase implements IWizardPanel { } } - public int getPort(String hostname, int port, boolean https, - String portServlet, boolean sport) - throws IOException { + public int getPort(String hostname, int port, boolean https, + String portServlet, boolean sport) throws IOException { CMS.debug("WizardPanelBase getPort start"); String c = getHttpResponse(hostname, port, https, portServlet, "secure=" + sport, null); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getPort() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getPort() - " + "Exception=" + + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -889,7 +932,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: getPort: " + e.toString()); throw e; @@ -903,14 +946,16 @@ public class WizardPanelBase implements IWizardPanel { } public String getHttpResponse(String hostname, int port, boolean secure, - String uri, String content, String clientnickname) throws IOException { - return getHttpResponse(hostname, port, secure, uri, content, clientnickname, null); + String uri, String content, String clientnickname) + throws IOException { + return getHttpResponse(hostname, port, secure, uri, content, + clientnickname, null); } - public String getHttpResponse(String hostname, int port, boolean secure, - String uri, String content, String clientnickname, - SSLCertificateApprovalCallback certApprovalCallback) - throws IOException { + public String getHttpResponse(String hostname, int port, boolean secure, + String uri, String content, String clientnickname, + SSLCertificateApprovalCallback certApprovalCallback) + throws IOException { HttpClient httpclient = null; String c = null; @@ -939,7 +984,8 @@ public class WizardPanelBase implements IWizardPanel { if (content != null && content.length() > 0) { String content_c = content; - httprequest.setHeader("content-length", "" + content_c.length()); + httprequest + .setHeader("content-length", "" + content_c.length()); httprequest.setContent(content_c); } HttpResponse httpresponse = httpclient.send(httprequest); @@ -947,7 +993,8 @@ public class WizardPanelBase implements IWizardPanel { c = httpresponse.getContent(); } catch (ConnectException e) { CMS.debug("WizardPanelBase getHttpResponse: " + e.toString()); - throw new IOException("The server you tried to contact is not running."); + throw new IOException( + "The server you tried to contact is not running."); } catch (Exception e) { CMS.debug("WizardPanelBase getHttpResponse: " + e.toString()); throw new IOException(e.toString()); @@ -960,56 +1007,55 @@ public class WizardPanelBase implements IWizardPanel { return c; } - public boolean isSDHostDomainMaster (IConfigStore config) { - String dm="false"; + public boolean isSDHostDomainMaster(IConfigStore config) { + String dm = "false"; try { String hostname = config.getString("securitydomain.host"); - int httpsadminport = config.getInteger("securitydomain.httpsadminport"); + int httpsadminport = config + .getInteger("securitydomain.httpsadminport"); CMS.debug("Getting domain.xml from CA..."); String c = getDomainXML(hostname, httpsadminport, true); CMS.debug("Getting DomainMaster from security domain"); - ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); - XMLObject parser = new XMLObject( bis ); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = new XMLObject(bis); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName( "CA" ); + NodeList nodeList = doc.getElementsByTagName("CA"); int len = nodeList.getLength(); - for( int i = 0; i < len; i++ ) { - Vector v_hostname = - parser.getValuesFromContainer( nodeList.item(i), - "Host" ); - - Vector v_https_admin_port = - parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); - - Vector v_domain_mgr = - parser.getValuesFromContainer( nodeList.item(i), - "DomainManager" ); - - if( v_hostname.elementAt( 0 ).equals( hostname ) && - v_https_admin_port.elementAt( 0 ).equals( Integer.toString(httpsadminport) ) ) { - dm = v_domain_mgr.elementAt( 0 ).toString(); + for (int i = 0; i < len; i++) { + Vector v_hostname = parser.getValuesFromContainer( + nodeList.item(i), "Host"); + + Vector v_https_admin_port = parser.getValuesFromContainer( + nodeList.item(i), "SecureAdminPort"); + + Vector v_domain_mgr = parser.getValuesFromContainer( + nodeList.item(i), "DomainManager"); + + if (v_hostname.elementAt(0).equals(hostname) + && v_https_admin_port.elementAt(0).equals( + Integer.toString(httpsadminport))) { + dm = v_domain_mgr.elementAt(0).toString(); break; } } } catch (Exception e) { - CMS.debug( e.toString() ); + CMS.debug(e.toString()); } return dm.equalsIgnoreCase("true"); } - - public Vector getMasterUrlListFromSecurityDomain( IConfigStore config, - String type, - String portType ) { + + public Vector getMasterUrlListFromSecurityDomain(IConfigStore config, + String type, String portType) { Vector v = new Vector(); try { String hostname = config.getString("securitydomain.host"); - int httpsadminport = config.getInteger("securitydomain.httpsadminport"); + int httpsadminport = config + .getInteger("securitydomain.httpsadminport"); CMS.debug("Getting domain.xml from CA..."); String c = getDomainXML(hostname, httpsadminport, true); @@ -1026,13 +1072,13 @@ public class WizardPanelBase implements IWizardPanel { list = "TKSList"; } - CMS.debug( "Getting " + portType + " from Security Domain ..." ); - if( !portType.equals( "UnSecurePort" ) && - !portType.equals( "SecureAgentPort" ) && - !portType.equals( "SecurePort" ) && - !portType.equals( "SecureAdminPort" ) ) { - CMS.debug( "getPortFromSecurityDomain: " + - "unknown port type " + portType ); + CMS.debug("Getting " + portType + " from Security Domain ..."); + if (!portType.equals("UnSecurePort") + && !portType.equals("SecureAgentPort") + && !portType.equals("SecurePort") + && !portType.equals("SecureAdminPort")) { + CMS.debug("getPortFromSecurityDomain: " + "unknown port type " + + portType); return v; } @@ -1042,16 +1088,15 @@ public class WizardPanelBase implements IWizardPanel { NodeList nodeList = doc.getElementsByTagName(type); // save domain name in cfg - config.putString("securitydomain.name", - parser.getValue("Name")); + config.putString("securitydomain.name", parser.getValue("Name")); int len = nodeList.getLength(); CMS.debug("Len " + len); for (int i = 0; i < len; i++) { - Vector v_clone = parser.getValuesFromContainer(nodeList.item(i), - "Clone"); - String clone = (String)v_clone.elementAt(0); + Vector v_clone = parser.getValuesFromContainer( + nodeList.item(i), "Clone"); + String clone = (String) v_clone.elementAt(0); if (clone.equalsIgnoreCase("true")) continue; Vector v_name = parser.getValuesFromContainer(nodeList.item(i), @@ -1061,11 +1106,8 @@ public class WizardPanelBase implements IWizardPanel { Vector v_port = parser.getValuesFromContainer(nodeList.item(i), portType); - v.addElement( v_name.elementAt(0) - + " - https://" - + v_host.elementAt(0) - + ":" - + v_port.elementAt(0) ); + v.addElement(v_name.elementAt(0) + " - https://" + + v_host.elementAt(0) + ":" + v_port.elementAt(0)); } } catch (Exception e) { CMS.debug(e.toString()); @@ -1074,14 +1116,14 @@ public class WizardPanelBase implements IWizardPanel { return v; } - public Vector getUrlListFromSecurityDomain( IConfigStore config, - String type, - String portType ) { + public Vector getUrlListFromSecurityDomain(IConfigStore config, + String type, String portType) { Vector v = new Vector(); try { String hostname = config.getString("securitydomain.host"); - int httpsadminport = config.getInteger("securitydomain.httpsadminport"); + int httpsadminport = config + .getInteger("securitydomain.httpsadminport"); CMS.debug("Getting domain.xml from CA..."); String c = getDomainXML(hostname, httpsadminport, true); @@ -1098,13 +1140,13 @@ public class WizardPanelBase implements IWizardPanel { list = "TKSList"; } - CMS.debug( "Getting " + portType + " from Security Domain ..." ); - if( !portType.equals( "UnSecurePort" ) && - !portType.equals( "SecureAgentPort" ) && - !portType.equals( "SecurePort" ) && - !portType.equals( "SecureAdminPort" ) ) { - CMS.debug( "getPortFromSecurityDomain: " + - "unknown port type " + portType ); + CMS.debug("Getting " + portType + " from Security Domain ..."); + if (!portType.equals("UnSecurePort") + && !portType.equals("SecureAgentPort") + && !portType.equals("SecurePort") + && !portType.equals("SecureAdminPort")) { + CMS.debug("getPortFromSecurityDomain: " + "unknown port type " + + portType); return v; } @@ -1114,8 +1156,7 @@ public class WizardPanelBase implements IWizardPanel { NodeList nodeList = doc.getElementsByTagName(type); // save domain name in cfg - config.putString("securitydomain.name", - parser.getValue("Name")); + config.putString("securitydomain.name", parser.getValue("Name")); int len = nodeList.getLength(); @@ -1127,22 +1168,20 @@ public class WizardPanelBase implements IWizardPanel { "Host"); Vector v_port = parser.getValuesFromContainer(nodeList.item(i), portType); - Vector v_admin_port = parser.getValuesFromContainer(nodeList.item(i), - "SecureAdminPort"); + Vector v_admin_port = parser.getValuesFromContainer( + nodeList.item(i), "SecureAdminPort"); - if (v_host.elementAt(0).equals(hostname) && v_admin_port.elementAt(0).equals(new Integer(httpsadminport).toString())) { + if (v_host.elementAt(0).equals(hostname) + && v_admin_port.elementAt(0).equals( + new Integer(httpsadminport).toString())) { // add security domain CA to the beginning of list - v.add( 0, v_name.elementAt(0) - + " - https://" - + v_host.elementAt(0) - + ":" - + v_port.elementAt(0) ); + v.add(0, + v_name.elementAt(0) + " - https://" + + v_host.elementAt(0) + ":" + + v_port.elementAt(0)); } else { - v.addElement( v_name.elementAt(0) - + " - https://" - + v_host.elementAt(0) - + ":" - + v_port.elementAt(0) ); + v.addElement(v_name.elementAt(0) + " - https://" + + v_host.elementAt(0) + ":" + v_port.elementAt(0)); } } } catch (Exception e) { @@ -1154,155 +1193,147 @@ public class WizardPanelBase implements IWizardPanel { // Given an HTTPS Hostname and EE port, // retrieve the associated HTTPS Admin port - public String getSecurityDomainAdminPort( IConfigStore config, - String hostname, - String https_ee_port, - String cstype ) { + public String getSecurityDomainAdminPort(IConfigStore config, + String hostname, String https_ee_port, String cstype) { String https_admin_port = new String(); try { - String sd_hostname = config.getString( "securitydomain.host" ); - int sd_httpsadminport = - config.getInteger( "securitydomain.httpsadminport" ); - - CMS.debug( "Getting domain.xml from CA ..." ); - String c = getDomainXML( sd_hostname, sd_httpsadminport, true ); - - CMS.debug( "Getting associated HTTPS Admin port from " + - "HTTPS Hostname '" + hostname + - "' and EE port '" + https_ee_port + "'" ); - ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); - XMLObject parser = new XMLObject( bis ); + String sd_hostname = config.getString("securitydomain.host"); + int sd_httpsadminport = config + .getInteger("securitydomain.httpsadminport"); + + CMS.debug("Getting domain.xml from CA ..."); + String c = getDomainXML(sd_hostname, sd_httpsadminport, true); + + CMS.debug("Getting associated HTTPS Admin port from " + + "HTTPS Hostname '" + hostname + "' and EE port '" + + https_ee_port + "'"); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = new XMLObject(bis); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName( cstype.toUpperCase() ); + NodeList nodeList = doc.getElementsByTagName(cstype.toUpperCase()); int len = nodeList.getLength(); - for( int i = 0; i < len; i++ ) { - Vector v_hostname = - parser.getValuesFromContainer( nodeList.item(i), - "Host" ); - - Vector v_https_ee_port = - parser.getValuesFromContainer( nodeList.item(i), - "SecurePort" ); - - Vector v_https_admin_port = - parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); - - if( v_hostname.elementAt( 0 ).equals( hostname ) && - v_https_ee_port.elementAt( 0 ).equals( https_ee_port ) ) { - https_admin_port = - v_https_admin_port.elementAt( 0 ).toString(); + for (int i = 0; i < len; i++) { + Vector v_hostname = parser.getValuesFromContainer( + nodeList.item(i), "Host"); + + Vector v_https_ee_port = parser.getValuesFromContainer( + nodeList.item(i), "SecurePort"); + + Vector v_https_admin_port = parser.getValuesFromContainer( + nodeList.item(i), "SecureAdminPort"); + + if (v_hostname.elementAt(0).equals(hostname) + && v_https_ee_port.elementAt(0).equals(https_ee_port)) { + https_admin_port = v_https_admin_port.elementAt(0) + .toString(); break; } } } catch (Exception e) { - CMS.debug( e.toString() ); + CMS.debug(e.toString()); } - return( https_admin_port ); + return (https_admin_port); } - public String getSecurityDomainPort( IConfigStore config, - String portType ) { + public String getSecurityDomainPort(IConfigStore config, String portType) { String port = new String(); try { - String hostname = config.getString( "securitydomain.host" ); - int httpsadminport = - config.getInteger( "securitydomain.httpsadminport" ); - - CMS.debug( "Getting domain.xml from CA ..." ); - String c = getDomainXML( hostname, httpsadminport, true ); - - CMS.debug( "Getting " + portType + " from Security Domain ..." ); - if( !portType.equals( "UnSecurePort" ) && - !portType.equals( "SecureAgentPort" ) && - !portType.equals( "SecurePort" ) && - !portType.equals( "SecureAdminPort" ) ) { - CMS.debug( "getPortFromSecurityDomain: " + - "unknown port type " + portType ); + String hostname = config.getString("securitydomain.host"); + int httpsadminport = config + .getInteger("securitydomain.httpsadminport"); + + CMS.debug("Getting domain.xml from CA ..."); + String c = getDomainXML(hostname, httpsadminport, true); + + CMS.debug("Getting " + portType + " from Security Domain ..."); + if (!portType.equals("UnSecurePort") + && !portType.equals("SecureAgentPort") + && !portType.equals("SecurePort") + && !portType.equals("SecureAdminPort")) { + CMS.debug("getPortFromSecurityDomain: " + "unknown port type " + + portType); return ""; } - ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); - XMLObject parser = new XMLObject( bis ); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = new XMLObject(bis); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName( "CA" ); + NodeList nodeList = doc.getElementsByTagName("CA"); int len = nodeList.getLength(); - for( int i = 0; i < len; i++ ) { - Vector v_admin_port = - parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + for (int i = 0; i < len; i++) { + Vector v_admin_port = parser.getValuesFromContainer( + nodeList.item(i), "SecureAdminPort"); Vector v_port = null; - if( portType.equals( "UnSecurePort" ) ) { - v_port = parser.getValuesFromContainer( nodeList.item(i), - "UnSecurePort" ); - } else if( portType.equals( "SecureAgentPort" ) ) { - v_port = parser.getValuesFromContainer( nodeList.item(i), - "SecureAgentPort" ); - } else if( portType.equals( "SecurePort" ) ) { - v_port = parser.getValuesFromContainer( nodeList.item(i), - "SecurePort" ); - } else if( portType.equals( "SecureAdminPort" ) ) { - v_port = parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + if (portType.equals("UnSecurePort")) { + v_port = parser.getValuesFromContainer(nodeList.item(i), + "UnSecurePort"); + } else if (portType.equals("SecureAgentPort")) { + v_port = parser.getValuesFromContainer(nodeList.item(i), + "SecureAgentPort"); + } else if (portType.equals("SecurePort")) { + v_port = parser.getValuesFromContainer(nodeList.item(i), + "SecurePort"); + } else if (portType.equals("SecureAdminPort")) { + v_port = parser.getValuesFromContainer(nodeList.item(i), + "SecureAdminPort"); } - if( ( v_port != null ) && - ( v_admin_port.elementAt( 0 ).equals( - Integer.toString( httpsadminport ) ) ) ) { - port = v_port.elementAt( 0 ).toString(); + if ((v_port != null) + && (v_admin_port.elementAt(0).equals(Integer + .toString(httpsadminport)))) { + port = v_port.elementAt(0).toString(); break; } } } catch (Exception e) { - CMS.debug( e.toString() ); + CMS.debug(e.toString()); } - return( port ); + return (port); } - public String pingCS( String hostname, int port, boolean https, - SSLCertificateApprovalCallback certApprovalCallback ) - throws IOException { - CMS.debug( "WizardPanelBase pingCS: started" ); + public String pingCS(String hostname, int port, boolean https, + SSLCertificateApprovalCallback certApprovalCallback) + throws IOException { + CMS.debug("WizardPanelBase pingCS: started"); - String c = getHttpResponse( hostname, port, https, - "/ca/admin/ca/getStatus", - null, null, certApprovalCallback ); + String c = getHttpResponse(hostname, port, https, + "/ca/admin/ca/getStatus", null, null, certApprovalCallback); - if( c != null ) { + if (c != null) { try { - ByteArrayInputStream bis = new - ByteArrayInputStream( c.getBytes() ); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; String state = null; try { - parser = new XMLObject( bis ); - CMS.debug( "WizardPanelBase pingCS: got XML parsed" ); - state = parser.getValue( "State" ); + parser = new XMLObject(bis); + CMS.debug("WizardPanelBase pingCS: got XML parsed"); + state = parser.getValue("State"); - if( state != null ) { - CMS.debug( "WizardPanelBase pingCS: state=" + state ); + if (state != null) { + CMS.debug("WizardPanelBase pingCS: state=" + state); } } catch (Exception e) { - CMS.debug( "WizardPanelBase: pingCS: parser failed" - + e.toString() ); + CMS.debug("WizardPanelBase: pingCS: parser failed" + + e.toString()); } return state; - } catch( Exception e ) { - CMS.debug( "WizardPanelBase: pingCS: " + e.toString() ); - throw new IOException( e.toString() ); + } catch (Exception e) { + CMS.debug("WizardPanelBase: pingCS: " + e.toString()); + throw new IOException(e.toString()); } } - CMS.debug( "WizardPanelBase pingCS: stopped" ); + CMS.debug("WizardPanelBase pingCS: stopped"); return null; } @@ -1311,7 +1342,7 @@ public class WizardPanelBase implements IWizardPanel { if (s.equals("CA")) { x = "ca"; } else if (s.equals("KRA")) { - x = "kra"; + x = "kra"; } else if (s.equals("OCSP")) { x = "ocsp"; } else if (s.equals("TKS")) { @@ -1321,25 +1352,26 @@ public class WizardPanelBase implements IWizardPanel { return x; } - public void getTokenInfo(IConfigStore config, String type, String host, - int https_ee_port, boolean https, Context context, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { + public void getTokenInfo(IConfigStore config, String type, String host, + int https_ee_port, boolean https, Context context, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { CMS.debug("WizardPanelBase getTokenInfo start"); - String uri = "/"+type+"/ee/"+type+"/getTokenInfo"; - CMS.debug("WizardPanelBase getTokenInfo: uri="+uri); + String uri = "/" + type + "/ee/" + type + "/getTokenInfo"; + CMS.debug("WizardPanelBase getTokenInfo: uri=" + uri); String c = getHttpResponse(host, https_ee_port, https, uri, null, null, - certApprovalCallback); + certApprovalCallback); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getTokenInfo() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getTokenInfo() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -1350,7 +1382,7 @@ public class WizardPanelBase implements IWizardPanel { Document doc = parser.getDocument(); NodeList list = doc.getElementsByTagName("name"); int len = list.getLength(); - for (int i=0; i<len; i++) { + for (int i = 0; i < len; i++) { Node n = list.item(i); NodeList nn = n.getChildNodes(); String name = nn.item(0).getNodeValue(); @@ -1358,30 +1390,35 @@ public class WizardPanelBase implements IWizardPanel { nn = parent.getChildNodes(); int len1 = nn.getLength(); String v = ""; - for (int j=0; j<len1; j++) { + for (int j = 0; j < len1; j++) { Node nv = nn.item(j); String val = nv.getNodeName(); if (val.equals("value")) { NodeList n2 = nv.getChildNodes(); if (n2.getLength() > 0) v = n2.item(0).getNodeValue(); - break; + break; } } - if (name.equals("cloning.signing.nickname")) { + if (name.equals("cloning.signing.nickname")) { config.putString("preop.master.signing.nickname", v); config.putString(type + ".cert.signing.nickname", v); config.putString(name, v); } else if (name.equals("cloning.ocsp_signing.nickname")) { - config.putString("preop.master.ocsp_signing.nickname", v); - config.putString(type + ".cert.ocsp_signing.nickname", v); + config.putString( + "preop.master.ocsp_signing.nickname", v); + config.putString(type + + ".cert.ocsp_signing.nickname", v); config.putString(name, v); } else if (name.equals("cloning.subsystem.nickname")) { - config.putString("preop.master.subsystem.nickname", v); - config.putString(type + ".cert.subsystem.nickname", v); + config.putString("preop.master.subsystem.nickname", + v); + config.putString(type + ".cert.subsystem.nickname", + v); config.putString(name, v); } else if (name.equals("cloning.transport.nickname")) { - config.putString("preop.master.transport.nickname", v); + config.putString("preop.master.transport.nickname", + v); config.putString("kra.transportUnit.nickName", v); config.putString("kra.cert.transport.nickname", v); config.putString(name, v); @@ -1390,35 +1427,45 @@ public class WizardPanelBase implements IWizardPanel { config.putString("kra.storageUnit.nickName", v); config.putString("kra.cert.storage.nickname", v); config.putString(name, v); - } else if (name.equals("cloning.audit_signing.nickname")) { - config.putString("preop.master.audit_signing.nickname", v); - config.putString(type + ".cert.audit_signing.nickname", v); + } else if (name + .equals("cloning.audit_signing.nickname")) { + config.putString( + "preop.master.audit_signing.nickname", v); + config.putString(type + + ".cert.audit_signing.nickname", v); config.putString(name, v); } else if (name.equals("cloning.module.token")) { config.putString("preop.module.token", v); } else if (name.startsWith("cloning.ca")) { - config.putString(name.replaceFirst("cloning", "preop"), v); + config.putString( + name.replaceFirst("cloning", "preop"), v); } else if (name.startsWith("cloning")) { - config.putString(name.replaceFirst("cloning", "preop.cert"), v); + config.putString( + name.replaceFirst("cloning", "preop.cert"), + v); } else { config.putString(name, v); } } // reset nicknames for system cert verification - String token = config.getString("preop.module.token", - "Internal Key Storage Token"); - if (! token.equals("Internal Key Storage Token")) { + String token = config.getString("preop.module.token", + "Internal Key Storage Token"); + if (!token.equals("Internal Key Storage Token")) { String certlist = config.getString("preop.cert.list"); StringTokenizer t1 = new StringTokenizer(certlist, ","); while (t1.hasMoreTokens()) { String tag = t1.nextToken(); - if (tag.equals("sslserver")) continue; - config.putString(type + ".cert." + tag + ".nickname", - token + ":" + - config.getString(type + ".cert." + tag + ".nickname", "")); - } + if (tag.equals("sslserver")) + continue; + config.putString( + type + ".cert." + tag + ".nickname", + token + + ":" + + config.getString(type + ".cert." + + tag + ".nickname", "")); + } } } else { String error = parser.getValue("Error"); @@ -1431,7 +1478,7 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug("WizardPanelBase: getTokenInfo: " + e.toString()); throw new IOException(e.toString()); } - } + } } public void importCertChain(String id) throws IOException { @@ -1442,31 +1489,32 @@ public class WizardPanelBase implements IWizardPanel { try { pkcs7 = config.getString(configName, ""); - } catch (Exception e) {} + } catch (Exception e) { + } if (pkcs7.length() > 0) { try { CryptoUtil.importCertificateChain(pkcs7); } catch (Exception e) { - CMS.debug("DisplayCertChainPanel importCertChain: Exception: "+e.toString()); + CMS.debug("DisplayCertChainPanel importCertChain: Exception: " + + e.toString()); } } } public void updateCertChain(IConfigStore config, String name, String host, - int https_admin_port, boolean https, Context context) throws IOException { - updateCertChain( config, name, host, https_admin_port, - https, context, null ); + int https_admin_port, boolean https, Context context) + throws IOException { + updateCertChain(config, name, host, https_admin_port, https, context, + null); } public void updateCertChain(IConfigStore config, String name, String host, - int https_admin_port, boolean https, Context context, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { - String certchain = getCertChainUsingSecureAdminPort( host, - https_admin_port, - https, - certApprovalCallback ); - config.putString("preop."+name+".pkcs7", certchain); + int https_admin_port, boolean https, Context context, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { + String certchain = getCertChainUsingSecureAdminPort(host, + https_admin_port, https, certApprovalCallback); + config.putString("preop." + name + ".pkcs7", certchain); byte[] decoded = CryptoUtil.base64Decode(certchain); java.security.cert.X509Certificate[] b_certchain = null; @@ -1474,8 +1522,7 @@ public class WizardPanelBase implements IWizardPanel { try { b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); } catch (Exception e) { - context.put("errorString", - "Failed to get the certificate chain."); + context.put("errorString", "Failed to get the certificate chain."); return; } @@ -1483,7 +1530,7 @@ public class WizardPanelBase implements IWizardPanel { if (b_certchain != null) { size = b_certchain.length; } - config.putInteger("preop."+name+".certchain.size", size); + config.putInteger("preop." + name + ".certchain.size", size); for (int i = 0; i < size; i++) { byte[] bb = null; @@ -1491,11 +1538,11 @@ public class WizardPanelBase implements IWizardPanel { bb = b_certchain[i].getEncoded(); } catch (Exception e) { context.put("errorString", - "Failed to get the der-encoded certificate chain."); + "Failed to get the der-encoded certificate chain."); return; } - config.putString("preop."+name+".certchain." + i, - CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); + config.putString("preop." + name + ".certchain." + i, + CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); } try { @@ -1504,16 +1551,13 @@ public class WizardPanelBase implements IWizardPanel { } } - public void updateCertChainUsingSecureEEPort( IConfigStore config, - String name, String host, - int https_ee_port, - boolean https, - Context context, - ConfigCertApprovalCallback certApprovalCallback ) throws IOException { - String certchain = getCertChainUsingSecureEEPort( host, https_ee_port, - https, - certApprovalCallback); - config.putString("preop."+name+".pkcs7", certchain); + public void updateCertChainUsingSecureEEPort(IConfigStore config, + String name, String host, int https_ee_port, boolean https, + Context context, ConfigCertApprovalCallback certApprovalCallback) + throws IOException { + String certchain = getCertChainUsingSecureEEPort(host, https_ee_port, + https, certApprovalCallback); + config.putString("preop." + name + ".pkcs7", certchain); byte[] decoded = CryptoUtil.base64Decode(certchain); java.security.cert.X509Certificate[] b_certchain = null; @@ -1521,8 +1565,7 @@ public class WizardPanelBase implements IWizardPanel { try { b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); } catch (Exception e) { - context.put("errorString", - "Failed to get the certificate chain."); + context.put("errorString", "Failed to get the certificate chain."); return; } @@ -1530,7 +1573,7 @@ public class WizardPanelBase implements IWizardPanel { if (b_certchain != null) { size = b_certchain.length; } - config.putInteger("preop."+name+".certchain.size", size); + config.putInteger("preop." + name + ".certchain.size", size); for (int i = 0; i < size; i++) { byte[] bb = null; @@ -1538,11 +1581,11 @@ public class WizardPanelBase implements IWizardPanel { bb = b_certchain[i].getEncoded(); } catch (Exception e) { context.put("errorString", - "Failed to get the der-encoded certificate chain."); + "Failed to get the der-encoded certificate chain."); return; } - config.putString("preop."+name+".certchain." + i, - CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); + config.putString("preop." + name + ".certchain." + i, + CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); } try { @@ -1557,27 +1600,28 @@ public class WizardPanelBase implements IWizardPanel { CryptoToken tok = cm.getTokenByName(tokenname); CryptoStore store = tok.getCryptoStore(); String fullnickname = nickname; - if (!tokenname.equals("") && - !tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) - fullnickname = tokenname+":"+nickname; + if (!tokenname.equals("") + && !tokenname.equals("Internal Key Storage Token") + && !tokenname.equals("internal")) + fullnickname = tokenname + ":" + nickname; - CMS.debug("WizardPanelBase deleteCert: nickname="+fullnickname); - org.mozilla.jss.crypto.X509Certificate cert = cm.findCertByNickname(fullnickname); + CMS.debug("WizardPanelBase deleteCert: nickname=" + fullnickname); + org.mozilla.jss.crypto.X509Certificate cert = cm + .findCertByNickname(fullnickname); if (store instanceof PK11Store) { CMS.debug("WizardPanelBase deleteCert: this is pk11store"); - PK11Store pk11store = (PK11Store)store; + PK11Store pk11store = (PK11Store) store; pk11store.deleteCertOnly(cert); CMS.debug("WizardPanelBase deleteCert: cert deleted successfully"); } } catch (Exception e) { - CMS.debug("WizardPanelBase deleteCert: Exception="+e.toString()); + CMS.debug("WizardPanelBase deleteCert: Exception=" + e.toString()); } } public void deleteEntries(LDAPSearchResults res, LDAPConnection conn, - String dn, String[] entries) { + String dn, String[] entries) { String[] attrs = null; LDAPSearchConstraints cons = null; String filter = "objectclass=*"; @@ -1589,29 +1633,32 @@ public class WizardPanelBase implements IWizardPanel { while (res.hasMoreElements()) { LDAPEntry entry = res.next(); String dn1 = entry.getDN(); - LDAPSearchResults res1 = conn.search(dn1, 1, filter, attrs, true, cons); + LDAPSearchResults res1 = conn.search(dn1, 1, filter, attrs, + true, cons); deleteEntries(res1, conn, dn1, entries); deleteEntry(conn, dn1, entries); } } } catch (Exception ee) { - CMS.debug("WizardPanelBase deleteEntries: Exception="+ee.toString()); + CMS.debug("WizardPanelBase deleteEntries: Exception=" + + ee.toString()); } } public void deleteEntry(LDAPConnection conn, String dn, String[] entries) { try { - for (int i=0; i<entries.length; i++) { + for (int i = 0; i < entries.length; i++) { if (LDAPDN.equals(dn, entries[i])) { - CMS.debug("WizardPanelBase deleteEntry: entry with this dn "+dn+" is not deleted."); + CMS.debug("WizardPanelBase deleteEntry: entry with this dn " + + dn + " is not deleted."); return; } } - CMS.debug("WizardPanelBase deleteEntry: deleting dn="+dn); + CMS.debug("WizardPanelBase deleteEntry: deleting dn=" + dn); conn.delete(dn); } catch (Exception e) { - CMS.debug("WizardPanelBase deleteEntry: Exception="+e.toString()); + CMS.debug("WizardPanelBase deleteEntry: Exception=" + e.toString()); } } @@ -1624,12 +1671,17 @@ public class WizardPanelBase implements IWizardPanel { int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1); int panel = getPanelNo(); String subsystem = cs.getString("cs.type", ""); - String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem; + String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + + toLowerCaseSubsystemType(subsystem) + + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + + subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); - String sdurl = "https://"+hostname+":"+port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue; + String sdurl = "https://" + hostname + ":" + port + + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue; response.sendRedirect(sdurl); } catch (Exception e) { - CMS.debug("WizardPanelBase reloginSecurityDomain: Exception="+e.toString()); + CMS.debug("WizardPanelBase reloginSecurityDomain: Exception=" + + e.toString()); } } } |