diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java | 258 |
1 files changed, 128 insertions, 130 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java index edcd2bdf6..8abafa155 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Hashtable; @@ -51,7 +50,7 @@ import com.netscape.cmsutil.util.Cert; /** * A class representing a recoverBySerial servlet. - * + * * @version $Revision$, $Date$ */ public class RecoverBySerial extends CMSServlet { @@ -108,22 +107,22 @@ public class RecoverBySerial extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Serves HTTP request. The format of this request is as follows: - * recoverBySerial? - * [serialNumber=<number>] - * [uid#=<uid>] - * [pwd#=<password>] - * [localAgents=yes|null] - * [recoveryID=recoveryID] - * [pkcs12Password=<password of pkcs12>] - * [pkcs12PasswordAgain=<password of pkcs12>] - * [pkcs12Delivery=<delivery mechanism for pkcs12>] - * [cert=<encryption certificate>] + * recoverBySerial? + * [serialNumber=<number>] + * [uid#=<uid>] + * [pwd#=<password>] + * [localAgents=yes|null] + * [recoveryID=recoveryID] + * [pkcs12Password=<password of pkcs12>] + * [pkcs12PasswordAgain=<password of pkcs12>] + * [pkcs12Delivery=<delivery mechanism for pkcs12>] + * [cert=<encryption certificate>] */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -138,10 +137,10 @@ public class RecoverBySerial extends CMSServlet { mAuthzResourceName, "recover"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -156,9 +155,9 @@ public class RecoverBySerial extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -197,46 +196,46 @@ public class RecoverBySerial extends CMSServlet { also be listed in the request. */ if ((initAsyncRecovery != null) && - initAsyncRecovery.equalsIgnoreCase("ON")) { - process(form, argSet, header, - req.getParameter(IN_SERIALNO), - req.getParameter(IN_CERT), - req, resp, locale[0]); - - int requiredNumber = mService.getNoOfRequiredAgents(); - header.addIntegerValue("noOfRequiredAgents", requiredNumber); + initAsyncRecovery.equalsIgnoreCase("ON")) { + process(form, argSet, header, + req.getParameter(IN_SERIALNO), + req.getParameter(IN_CERT), + req, resp, locale[0]); + + int requiredNumber = mService.getNoOfRequiredAgents(); + header.addIntegerValue("noOfRequiredAgents", requiredNumber); } else { String recoveryID = req.getParameter("recoveryID"); if (recoveryID != null && !recoveryID.equals("")) { - ctx.put(SessionContext.RECOVERY_ID, - req.getParameter("recoveryID")); + ctx.put(SessionContext.RECOVERY_ID, + req.getParameter("recoveryID")); + } + byte pkcs12[] = process(form, argSet, header, + req.getParameter(IN_SERIALNO), + req.getParameter("localAgents"), + req.getParameter(IN_PASSWORD), + req.getParameter(IN_PASSWORD_AGAIN), + req.getParameter(IN_CERT), + req.getParameter(IN_DELIVERY), + req.getParameter(IN_NICKNAME), + req, resp, locale[0]); + + if (pkcs12 != null) { + //resp.setStatus(HttpServletResponse.SC_OK); + resp.setContentType("application/x-pkcs12"); + //resp.setContentLength(pkcs12.length); + resp.getOutputStream().write(pkcs12); + mRenderResult = false; + return; } - byte pkcs12[] = process(form, argSet, header, - req.getParameter(IN_SERIALNO), - req.getParameter("localAgents"), - req.getParameter(IN_PASSWORD), - req.getParameter(IN_PASSWORD_AGAIN), - req.getParameter(IN_CERT), - req.getParameter(IN_DELIVERY), - req.getParameter(IN_NICKNAME), - req, resp, locale[0]); - - if (pkcs12 != null) { - //resp.setStatus(HttpServletResponse.SC_OK); - resp.setContentType("application/x-pkcs12"); - //resp.setContentLength(pkcs12.length); - resp.getOutputStream().write(pkcs12); - mRenderResult = false; - return; - } } } catch (NumberFormatException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (IOException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } finally { SessionContext.releaseContext(); } @@ -249,9 +248,9 @@ public class RecoverBySerial extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -260,10 +259,10 @@ public class RecoverBySerial extends CMSServlet { /** * Async Key Recovery - request initiation */ - private void process(CMSTemplate form, CMSTemplateParams argSet, - IArgBlock header, String seq, String cert, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + private void process(CMSTemplate form, CMSTemplateParams argSet, + IArgBlock header, String seq, String cert, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { // seq is the key id if (seq == null) { @@ -291,22 +290,22 @@ public class RecoverBySerial extends CMSServlet { try { String reqID = mService.initAsyncKeyRecovery( - new BigInteger(seq), x509cert, + new BigInteger(seq), x509cert, (String) sContext.get(SessionContext.USER_ID)); header.addStringValue(OUT_SERIALNO, req.getParameter(IN_SERIALNO)); header.addStringValue("requestID", reqID); } catch (EBaseException e) { String error = - "Failed to recover key for key id " + - seq + ".\nException: " + e.toString(); + "Failed to recover key for key id " + + seq + ".\nException: " + e.toString(); CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); + ILogger.S_KRA, ILogger.LL_FAILURE, error); try { ((IKeyRecoveryAuthority) mService).createError(seq, error); } catch (EBaseException eb) { CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); + ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); } } return; @@ -317,11 +316,11 @@ public class RecoverBySerial extends CMSServlet { * provided by the administrator. */ private byte[] process(CMSTemplate form, CMSTemplateParams argSet, - IArgBlock header, String seq, String localAgents, - String password, String passwordAgain, - String cert, String delivery, String nickname, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, String seq, String localAgents, + String password, String passwordAgain, + String cert, String delivery, String nickname, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { if (seq == null) { header.addStringValue(OUT_ERROR, "sequence number not found"); return null; @@ -360,65 +359,65 @@ public class RecoverBySerial extends CMSServlet { if (sContext != null) { agent = (String) sContext.get(SessionContext.USER_ID); } - if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { - if (localAgents == null) { - String recoveryID = req.getParameter("recoveryID"); + if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { + if (localAgents == null) { + String recoveryID = req.getParameter("recoveryID"); - if (recoveryID == null || recoveryID.equals("")) { - header.addStringValue(OUT_ERROR, "No recovery ID specified"); - return null; - } - Hashtable params = mService.createRecoveryParams(recoveryID); + if (recoveryID == null || recoveryID.equals("")) { + header.addStringValue(OUT_ERROR, "No recovery ID specified"); + return null; + } + Hashtable params = mService.createRecoveryParams(recoveryID); - params.put("keyID", req.getParameter(IN_SERIALNO)); + params.put("keyID", req.getParameter(IN_SERIALNO)); - header.addStringValue("recoveryID", recoveryID); + header.addStringValue("recoveryID", recoveryID); - params.put("agent", agent); + params.put("agent", agent); - // new thread to wait for pk12 - Thread waitThread = new WaitApprovalThread(recoveryID, - seq, password, x509cert, delivery, nickname, - SessionContext.getContext()); + // new thread to wait for pk12 + Thread waitThread = new WaitApprovalThread(recoveryID, + seq, password, x509cert, delivery, nickname, + SessionContext.getContext()); - waitThread.start(); - return null; - } else { - Vector v = new Vector(); - - for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) { - String uid = req.getParameter(IN_UID + i); - String pwd = req.getParameter(IN_PWD + i); - - if (uid != null && pwd != null && !uid.equals("") && - !pwd.equals("")) { - v.addElement(new Credential(uid, pwd)); - } else { + waitThread.start(); + return null; + } else { + Vector v = new Vector(); + + for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) { + String uid = req.getParameter(IN_UID + i); + String pwd = req.getParameter(IN_PWD + i); + + if (uid != null && pwd != null && !uid.equals("") && + !pwd.equals("")) { + v.addElement(new Credential(uid, pwd)); + } else { + header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); + return null; + } + } + if (v.size() != mService.getNoOfRequiredAgents()) { header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); return null; } + creds = new Credential[v.size()]; + v.copyInto(creds); } - if (v.size() != mService.getNoOfRequiredAgents()) { - header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); - return null; - } - creds = new Credential[v.size()]; - v.copyInto(creds); - } - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addIntegerValue(OUT_SERIALNO, - Integer.parseInt(seq)); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - byte pkcs12[] = mService.doKeyRecovery( - new BigInteger(seq), - creds, password, x509cert, - delivery, nickname, agent); - - return pkcs12; - } else { + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addIntegerValue(OUT_SERIALNO, + Integer.parseInt(seq)); + header.addStringValue(OUT_SERVICE_URL, + req.getRequestURI()); + byte pkcs12[] = mService.doKeyRecovery( + new BigInteger(seq), + creds, password, x509cert, + delivery, nickname, agent); + + return pkcs12; + } else { String recoveryID = req.getParameter("recoveryID"); if (recoveryID == null || recoveryID.equals("")) { @@ -440,7 +439,7 @@ public class RecoverBySerial extends CMSServlet { waitThread.start(); return null; - } + } } catch (EBaseException e) { header.addStringValue(OUT_ERROR, e.toString(locale)); } catch (Exception e) { @@ -462,24 +461,24 @@ public class RecoverBySerial extends CMSServlet { String theNickname = null; SessionContext theSc = null; - /** + /** * Wait approval thread constructor including thread name */ public WaitApprovalThread(String recoveryID, String seq, - String password, X509CertImpl cert, - String delivery, String nickname, SessionContext sc) { + String password, X509CertImpl cert, + String delivery, String nickname, SessionContext sc) { super(); - super.setName("waitApproval." + recoveryID + "-" + - (Thread.activeCount() + 1)); + super.setName("waitApproval." + recoveryID + "-" + + (Thread.activeCount() + 1)); theRecoveryID = recoveryID; theSeq = seq; thePassword = password; theCert = cert; theDelivery = delivery; theNickname = nickname; - theSc = sc; + theSc = sc; } - + public void run() { SessionContext.setContext(theSc); Credential creds[] = null; @@ -487,17 +486,17 @@ public class RecoverBySerial extends CMSServlet { try { creds = mService.getDistributedCredentials(theRecoveryID); } catch (EBaseException e) { - String error = - "Failed to get required approvals for recovery id " + - theRecoveryID + ".\nException: " + e.toString(); + String error = + "Failed to get required approvals for recovery id " + + theRecoveryID + ".\nException: " + e.toString(); CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); + ILogger.S_KRA, ILogger.LL_FAILURE, error); try { ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error); } catch (EBaseException eb) { CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); + ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); } return; } @@ -514,16 +513,16 @@ public class RecoverBySerial extends CMSServlet { ((IKeyRecoveryAuthority) mService).createPk12(theRecoveryID, pkcs12); } catch (EBaseException e) { String error = - "Failed to recover key for recovery id " + - theRecoveryID + ".\nException: " + e.toString(); + "Failed to recover key for recovery id " + + theRecoveryID + ".\nException: " + e.toString(); CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); + ILogger.S_KRA, ILogger.LL_FAILURE, error); try { ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error); } catch (EBaseException eb) { CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); + ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); } } return; @@ -531,4 +530,3 @@ public class RecoverBySerial extends CMSServlet { } } - |